当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-019393

漏洞标题:大众点评内网被渗透,涉及数百台服务器

相关厂商:大众点评

漏洞作者: m0r5

提交时间:2013-03-01 21:33

修复时间:2013-04-15 21:34

公开时间:2013-04-15 21:34

漏洞类型:内部绝密信息泄漏

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-03-01: 细节已通知厂商并且等待厂商处理中
2013-03-02: 厂商已经确认,细节仅向厂商公开
2013-03-12: 细节向核心白帽子及相关领域专家公开
2013-03-22: 细节向普通白帽子公开
2013-04-01: 细节向实习白帽子公开
2013-04-15: 细节向公众公开

简要描述:

点评SSLVPN系统由于员工访问权限控制不严,从而使黑客能够以合法用户身份登录系统进行渗透内网。内网安全十分脆弱,员工电脑,以及服务器各种弱口令。其中涉及到数据库、源码、移动客户端等一些重要敏感信息。

详细说明:

1.点评SSLVPN系统员工密码安全问题,网上泄露的数据库可查询,建议定期经常更换较复杂密码
2.内网存在常见的严重的安全问题,FTP,MYSQL,MSSQL,服务器弱口令,SVN泄露 等。。

漏洞证明:


Email
mail.dianping.com
info@dianping.com chinese1

点评团购:
SMTPServer 10.1.1.56
tuan@tmail.dianping.com 6yjm4rgb
tuan@dianping.com

MSSQL
192.168.8.61 sys.dianping a!$)!QAZvfr4A
192.168.7.104 aspnet_tgmail tg_mail!@ecedixEd
192.168.7.104 aspnet_group dp!@GHJGroup
192.168.7.106 aspnet_sys dp!@RTYuio
192.168.7.104 aspnet_cms dp!@Z9cbGtN0z
192.168.8.61 ASPNET_zSurvey zsurvEy@D1aN#91ng
192.168.8.47
10.1.1.238 sys.dianping a!$)!QAZvfr4A
192.168.8.5 sa
192.168.8.30 ASPNET_zSurvey zsurveyoftest
192.168.8.246 sa sa
MYSQL
192.168.7.104 aspnet_cms dp!@Z9cbGtN0z DianPing_Main
192.168.7.104 aspnet_group dp!@GHJGroup DianPing_Group
192.168.7.104:3309 aspnet_tgmail tg_mail!@ecedixEd EdmDB
192.168.7.106 aspnet_sys dp!@RTYuio DianPing_Group
10.1.77.22 aspnet_kv dp!@vbnmHJkl DianPingKV
10.1.77.22 aspnet_log dp!@qwerTY DianPingLog
192.168.7.105 aspnet_Mobile dp!@OI1p7Y1XL DianPingMobile
192.168.8.44 DianPing_TuanGou dp!123456
192.168.8.68 root root
192.168.8.97 tg_test tgtest123
192.168.6.233 root aix
FTP
192.168.8.56 test 123456
192.168.7.101 test test
192.168.7.101 admin admin
192.168.7.47 test test
192.168.7.9 ftp ftp@ftp.net
192.168.26.117 admin admin
192.168.26.90 ftp ftp@ftp.net
192.168.26.44 test test
192.168.5.19 ftp ftp@ftp.net
<add key="mongoConnection" value="mongodb://192.168.7.41:27017"/>
#sender mail
SenderAccount=job@51ping.com
#sender password
SenderPassword=dianping.com
#mail server
SmtpServer=mail.51ping.com
http://192.168.7.61:8080/ 接口测试
http://192.168.7.86/ testswarm
http://192.168.7.86/phpmyadmin/
http://192.168.7.84/ sonar,源码
http://192.168.5.6/ 默认apache2,centos
http://192.168.7.147/otrs/customer.pl
https://192.168.5.5/ VMware ESX 4数据存储浏览器
https://192.168.5.18/
https://192.168.5.20/
https://192.168.5.25/
http://freedom.dianpingoa.com/ 在线修改各种信息
http://192.168.5.145/ Phabricator
http://192.168.5.147/ jenkins 可以打包下载源码
http://192.168.5.149:8080/ tomcat
http://sys.www.dianping.com/ DP后台管理系统
http://192.168.5.80:8080/jmx-console/ jboss
http://192.168.5.81:8080/
http://192.168.5.82:8080/
http://192.168.5.86:8080/
http://192.168.5.91:8080/
http://192.168.5.99:8080/ User web
http://192.168.5.94/ ???
http://192.168.9.88:8080 产品中心
http://192.168.26.1/en/login.html
http://192.168.26.38:8080/ Alpaca admin
http://192.168.26.91/svn/ SVN服务器
http://192.168.26.135/ 众包系统
http://192.168.30.45/ 默认的xampp
app.t.dianping.com
http://192.168.30.38/
http://192.168.30.78:8080/ 默认tomcat
http://192.168.30.130/
http://192.168.31.59:8080/
http://192.168.31.67/phpMyAdmin/ 若口令 root root
http://192.168.31.130:8080/index.html 移动客户端稳定性实验室
http://192.168.30.130:8080/ APP的jenkins
http://192.168.31.33/ netgear路由
http://192.168.30.84/ IIS7.5默认
http://192.168.31.144/ 前端服务器
http://192.168.31.139/users/sign_in gitlab
SSH:
机器名,IP,端口,账号,密码
checkin-web showInfo('192.168.7.14',58422,'root','!@qwaszx');
checkin-mq showInfo('192.168.7.15',58422,'root','!@qwaszx');
adwords-web showInfo('192.168.7.15',58422,'root','!@qwaszx');
promo-web showInfo('192.168.7.16',58422,'root','123456');
usercard-web showInfo('192.168.7.16',58422,'root','123456');
event-service showInfo('192.168.7.17',58422,'root','!@qwaszx');
eventsys-web showInfo('192.168.7.17',58422,'root','!@qwaszx');
eventb-web showInfo('192.168.7.18',58422,'root','!@qwaszx');
eventa-web showInfo('192.168.7.18',58422,'root','!@qwaszx');
promo-server showInfo('192.168.7.38',58422,'root','!@qwaszx');
autoaudit-m.. showInfo('192.168.7.38',58422,'root','!@qwaszx');
citytone-se.. showInfo('192.168.7.12',58422,'root','!@qwaszx');
saleproduct.. showInfo('192.168.7.12',58422,'root','!@qwaszx');
shoppic-ser.. showInfo('192.168.7.19',58422,'root','!@qwaszx');
shoppic-web showInfo('192.168.7.19',58422,'root','!@qwaszx');
shop-servic.. showInfo('192.168.7.20',58422,'root','!@qwaszx');
shop-web showInfo('192.168.7.20',58422,'root','!@qwaszx');
piccenter-s.. showInfo('192.168.7.21',58422,'root','!@qwaszx');
shopsearch-.. showInfo('192.168.7.21',58422,'root','!@qwaszx');
review-serv.. showInfo('192.168.7.37',58422,'root','!@qwaszx');
dpindex-web showInfo('192.168.7.37',58422,'root','!@qwaszx');
smssender-w.. showInfo('192.168.7.60',58422,'root','!@qwaszx');
piccenter-w.. showInfo('192.168.7.60',58422,'root','!@qwaszx');
group-servi.. showInfo('192.168.7.22',58422,'root','!@qwaszx');
group-web showInfo('192.168.7.22',58422,'root','!@qwaszx');
groupback-s.. showInfo('192.168.7.23',58422,'root','!@qwaszx');
groupback-w.. showInfo('192.168.7.23',58422,'root','!@qwaszx');
user-servic.. showInfo('192.168.7.24',58422,'root','123456');
user-web showInfo('192.168.7.24',58422,'root','123456');
user-admin-.. showInfo('192.168.7.55',58422,'root','!@qwaszx');
user-admin-.. showInfo('192.168.7.55',58422,'root','!@qwaszx');
goldegg-web showInfo('192.168.7.31',58422,'root','!@qwaszx');
mailsms-adm.. showInfo('192.168.7.31',58422,'root','!@qwaszx');
auditback-s.. showInfo('192.168.7.53',58422,'root','!@qwaszx');
auditback-w.. showInfo('192.168.7.53',58422,'root','!@qwaszx');
badge-mq showInfo('192.168.7.54',58422,'root','!@qwaszx');
autoaudit-m.. showInfo('192.168.7.54',58422,'root','!@qwaszx');
user-action.. showInfo('192.168.7.39',58422,'root','!@qwaszx');
user-base-s.. showInfo('192.168.7.39',58422,'root','!@qwaszx');
feed-mq showInfo('192.168.7.25',58422,'root','!@qwaszx');
feed-server showInfo('192.168.7.25',58422,'root','!@qwaszx');.
mail-server showInfo('192.168.7.26',58422,'root','!@qwaszx');
cms-service showInfo('192.168.7.26',58422,'root','!@qwaszx');
sms-server showInfo('192.168.7.27',58422,'root','!@qwaszx');
social-feed.. showInfo('192.168.7.27',58422,'root','!@qwaszx');
centipede-s.. showInfo('192.168.7.28',58422,'root','!@qwaszx');
social-feed.. showInfo('192.168.7.28',58422,'root','!@qwaszx');
account-mq showInfo('192.168.7.36',58422,'root','!@qwaszx');
account-ser.. showInfo('192.168.7.36',58422,'root','!@qwaszx');
social-rela.. showInfo('192.168.7.29',58422,'root','!@qwaszx');
account-web showInfo('192.168.7.29',58422,'root','!@qwaszx');
mobile-api-.. showInfo('192.168.7.30',58422,'root','!@qwaszx');
tuangou-wap showInfo('192.168.7.30',58422,'root','!@qwaszx');
shopaccount.. showInfo('192.168.7.32',58422,'root','12qwaszx');
shopaccount.. showInfo('192.168.7.32',58422,'root','12qwaszx');
picture-ope.. showInfo('192.168.7.50',58422,'root','!@qwaszx');
shop-admin-.. showInfo('192.168.7.50',58422,'root','!@qwaszx');
reply-opera.. showInfo('192.168.7.51',58422,'root','!@qwaszx');
misc-operat.. showInfo('192.168.7.51',58422,'root','!@qwaszx');
commons-adm.. showInfo('192.168.7.52',58422,'root','!@qwaszx');
quality-adm.. showInfo('192.168.7.52',58422,'root','!@qwaszx');
decorator-s.. showInfo('192.168.7.33',58422,'root','!@qwaszx');
mstar-web showInfo('192.168.7.33',58422,'root','!@qwaszx');
kangaroo-se.. showInfo('192.168.7.34',58422,'root','!@qwaszx');
other-serve.. showInfo('192.168.7.34',58422,'root','!@qwaszx');
hawk showInfo('192.168.7.40',58422,'root','!@qwaszx');
edm-web showInfo('192.168.7.66',58422,'root','123456');
pay-unipay showInfo('192.168.7.75',58422,'root','123456');
usercard-we.. showInfo('10.1.77.214',58422,'root','!@qwaszx');
user-web showInfo('10.1.77.180',58422,'root','!@qwaszx');
user-servic.. showInfo('10.1.77.180',58422,'root','!@qwaszx');
user-admin showInfo('10.1.77.222',58422,'root','!@qwaszx');
user-base-s.. showInfo('10.1.77.174',58422,'root','!@qwaszx');
mstar-web showInfo('10.1.77.101',58422,'root','!@qwaszx');
account-web showInfo('10.1.77.177',58422,'root','!@qwaszx');
account-ser.. showInfo('10.1.77.239',58422,'root','!@qwaszx');
account-mq showInfo('10.1.77.239',58422,'root','!@qwaszx');
oss2-web showInfo('10.1.77.194',58422,'root','!@qwaszx');
192.168.7.101 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1m/qyxQfGc0pR+lM1z+MyFR3/kn6CH/jtQFlqVNv2X4l3dfFN/wpp6xQUPbyjd0DVqMkKOtcMB9Bi7vEUPzu5jN2BgtHwgn6zRXayAtOsvaAWXAKi2XW4gp27iQpxnR0y5WqrHGpw6pamyoDS0U8OOetvC+ks/Oc5Gx+gOPhVdPotSE7Sfavs7+Ejew9Uoqh4frsOdvdnhCkR19I0HiProOkMr5hZoJveueiq1ftMfQ7fqD/IFCy7KGDE3GcGLuQdIq6ZevD/oqLiJDfmB2EfVsOQ2gsMBtGkr/DbmdF2x+RuvuUzZLA4bl5lazlePCx4Y9uCIeKvYqSNorcrN79vw==
192.168.7.102 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1m/qyxQfGc0pR+lM1z+MyFR3/kn6CH/jtQFlqVNv2X4l3dfFN/wpp6xQUPbyjd0DVqMkKOtcMB9Bi7vEUPzu5jN2BgtHwgn6zRXayAtOsvaAWXAKi2XW4gp27iQpxnR0y5WqrHGpw6pamyoDS0U8OOetvC+ks/Oc5Gx+gOPhVdPotSE7Sfavs7+Ejew9Uoqh4frsOdvdnhCkR19I0HiProOkMr5hZoJveueiq1ftMfQ7fqD/IFCy7KGDE3GcGLuQdIq6ZevD/oqLiJDfmB2EfVsOQ2gsMBtGkr/DbmdF2x+RuvuUzZLA4bl5lazlePCx4Y9uCIeKvYqSNorcrN79vw==
192.168.8.96 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAy7qj1n1/E2BcoYGp/Ayc+17mQLjM0Cdvm5Th7FHQ9a/bDvUPGPtJ2p5XyNJ2PkuzDNGYiVuFsmLrm0qfHKpjEVps448MNCqEXItk8TTjFExwRX8oe2d33Zp66F9D/yvlCvPLjQPflMusVVFNTj2w9DPKEEtgcpZL9ozXJOENjjyipeQBnHQU1w2ebxi24MehIPmmiDcjmVZJib0lw8c+w/l5qdD3D+a23ZxwanPsQU9Wq41k40BO7xMa4uwGSJgQBxk4cAgXvxLKDeowViulnLfPDxbXnRSpAeeAFXXZn0g9v2yzjx7xG2VgxKu1tnVMPtJWE0POup30XIdEr1i/sQ==
localhost ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1m/qyxQfGc0pR+lM1z+MyFR3/kn6CH/jtQFlqVNv2X4l3dfFN/wpp6xQUPbyjd0DVqMkKOtcMB9Bi7vEUPzu5jN2BgtHwgn6zRXayAtOsvaAWXAKi2XW4gp27iQpxnR0y5WqrHGpw6pamyoDS0U8OOetvC+ks/Oc5Gx+gOPhVdPotSE7Sfavs7+Ejew9Uoqh4frsOdvdnhCkR19I0HiProOkMr5hZoJveueiq1ftMfQ7fqD/IFCy7KGDE3GcGLuQdIq6ZevD/oqLiJDfmB2EfVsOQ2gsMBtGkr/DbmdF2x+RuvuUzZLA4bl5lazlePCx4Y9uCIeKvYqSNorcrN79vw==
192.168.8.98 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAw9iW0XW1/lWbPHUg2avIOmJfqjTln4qpM1FPAH6CNle6Z2rr5IbyomIciMSoyN25C6kS5hv08tzHAGovzRG2tOMJJKFzQE5X5+0/F4WxESu8sfEV43ZdLLzbUuxqZGLxJy0V5d1RizBCMxoSEVvKbs9DIhbn1DSdxOl/ccYXqTZ8m1nPUhLX3zyq9mmm+rFw+atDUD2mMbpcSP87Mpd+8tSA9VeDyoJHV/xL/w2jNpC2KEVYO76ESMhPpEeGMvLMG6VP/kbTW1yIyNI4jQtXuXRqwqQJqCygtkX+2BzntGbmOZIGhH+fpiq8f/xuHSs3s70Lr7QogeN8o/CZOdqljQ==
code.dianpingoa.com,192.168.7.108 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIlfkiRfnyYGIqTgxRmx/KpIlL7Gu+UsSKUjWh98ACwWpSKr0PRHfngLXTJiF6hQtofQyBbifasAohdOaRNcwzD7kv0gHFhlM+CI9EmfOxcFLfVFpoBhhpXWaqrN9jq5x4PONfQxjL9HrBYVAiIQ8xIO34ygBmgZKa7LsI2gh85dDnQDyXwqLIl48gnf0TDZPhhisUizz6Aptbm6QpH302kscAPc/tV3DObu5Ws0vD+aa4dlU1Pe7CdLWGED8wdTMsKmCMNQkfji+HPrreX2odFFj//9uNESyI7H8NuXEZXCpZt5x2rtD3/jbERHFPA6VjTs5cKSFnI5eWxlTRyZZ7
192.168.26.116 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmWFxcw8aA44Ff+KsYHq1MkEVI8pG9MDdyKMVdOiTerHLk2IO57EMsNHu2Ms7ij1QulVm0OVW3G7xbLsHkKKfrjfZj22Gqhs6/ynXrGU6fsK/UnfRFlRuQ4dFkZOANgAFecdKi6LbGg5sjsUwueN+nQTIn9rQeccuK2QqjJ2/ZAn9EUuQKeach6V7+bxxZHQPna/37kidbg9mF0KcoxaH//j9sksNOqhigvrb92xDz8DZY289nJkfogsPaQnKasTudHicVtGQYNZq+DZUIWfJ9F549cHhFqyE1hDZYSU1jbOjIiIAJH5Q+c0q8g4VatWs6LAGyV9WXy+UCTEu3du/5
192.168.7.101 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1m/qyxQfGc0pR+lM1z+MyFR3/kn6CH/jtQFlqVNv2X4l3dfFN/wpp6xQUPbyjd0DVqMkKOtcMB9Bi7vEUPzu5jN2BgtHwgn6zRXayAtOsvaAWXAKi2XW4gp27iQpxnR0y5WqrHGpw6pamyoDS0U8OOetvC+ks/Oc5Gx+gOPhVdPotSE7Sfavs7+Ejew9Uoqh4frsOdvdnhCkR19I0HiProOkMr5hZoJveueiq1ftMfQ7fqD/IFCy7KGDE3GcGLuQdIq6ZevD/oqLiJDfmB2EfVsOQ2gsMBtGkr/DbmdF2x+RuvuUzZLA4bl5lazlePCx4Y9uCIeKvYqSNorcrN79vw==
code.dianpingoa.com,192.168.7.108 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIlfkiRfnyYGIqTgxRmx/KpIlL7Gu+UsSKUjWh98ACwWpSKr0PRHfngLXTJiF6hQtofQyBbifasAohdOaRNcwzD7kv0gHFhlM+CI9EmfOxcFLfVFpoBhhpXWaqrN9jq5x4PONfQxjL9HrBYVAiIQ8xIO34ygBmgZKa7LsI2gh85dDnQDyXwqLIl48gnf0TDZPhhisUizz6Aptbm6QpH302kscAPc/tV3DObu5Ws0vD+aa4dlU1Pe7CdLWGED8wdTMsKmCMNQkfji+HPrreX2odFFj//9uNESyI7H8NuXEZXCpZt5x2rtD3/jbERHFPA6VjTs5cKSFnI5eWxlTRyZZ7
[192.168.5.19]:58422 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzOC81Wl4IVlGCUsjKAhFkz8L0DtRroDx+aMbQ9LwlB1WU043isG/j/ZtlrXo70DO4YUovC2mn9XdsgwN7tt2sL61tV0jRORoRG41D891g7Dc+iKHnNhcHbV1hevsqs4eLhh6OohPldXuUhQVvoJakGgpUU49cf9ZZ2e7wlxmIf9JhYmhGVAB9AMtbmArGiYiASt5ZHcEXovFmKdRXo/FbMVQUicakKZiRoLLriYNi9YYvcNvy5i3X/payOM6luLZAaNWYWBc+QXIZoCg7DbyW5mLhAhYJV7mJfgshZX+Vj8UuaZa05BAtT32B6rkjk/salsgz9lPYuS6jMyLNOoqLw==

修复方案:

太多了。慢慢修复吧

版权声明:转载请注明来源 m0r5@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:9

确认时间:2013-03-02 01:26

厂商回复:

的确是通过员工弱口令进入到内网的。

最新状态:

暂无