当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0102156

漏洞标题:某第三方支付网站框架漏洞未修复导致沦陷

相关厂商:tddpay.com

漏洞作者: 路人甲

提交时间:2015-03-30 15:29

修复时间:2015-05-14 16:00

公开时间:2015-05-14 16:00

漏洞类型:系统/服务补丁不及时

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-03-30: 细节已通知厂商并且等待厂商处理中
2015-03-30: 厂商已经确认,细节仅向厂商公开
2015-04-09: 细节向核心白帽子及相关领域专家公开
2015-04-19: 细节向普通白帽子公开
2015-04-29: 细节向实习白帽子公开
2015-05-14: 细节向公众公开

简要描述:

某第三方支付网站框架漏洞未修复导致沦陷

详细说明:

三维度引领支付新时代,移动支付的领跑者!
漏洞页面:http://www.tddpay.com/proUI/prosellerUI_updateTerminalRate.action
测试发现存在2010 s2-005漏洞。可导致全站沦陷。
====================================================================================================================================
Target: http://www.tddpay.com/proUI/prosellerUI_updateTerminalRate.action
Useage: S2-005
Whoami: vcserver01\javaserveruser
WebPath: D:\Tomcat8324\webapps\TddpayWeb
OS.Name: Windows Server 2008 R2
OS.Version: 6.1
Java.Home: C:\glassfish4\jdk7\jre
Java.Version: 1.7.0_45
OS.arch: amd64
User.Name: JavaServerUser
User.Home: C:\Users\JavaServerUser
User.Dir: D:\Tomcat8324
Java.Class.Path: D:\Tomcat8324\bin\bootstrap.jar;D:\Tomcat8324\bin\tomcat-juli.jar
Java.IO.Tmpdir: D:\Tomcat8324\temp
====================================================================================================================================
====================================================================================================================================
???: VCSERVER01
OS ??: Microsoft Windows Server 2008 R2 Standard
OS ??: 6.1.7601 Service Pack 1 Build 7601
OS ???: Microsoft Corporation
OS ??: ?????
OS ????: Multiprocessor Free
??????: Windows ??
?????:
?? ID: 00477-001-0000421-84376
??????: 2013/6/27, 17:14:43
??????: 2015/3/15, 20:56:17
?????: Xen
????: HVM domU
????: x64-based PC
???: ??? 1 ?????
[01]: Intel64 Family 6 Model 45 Stepping 7 GenuineIntel ~2294 Mhz
BIOS ??: Xen 4.0.1, 2014/12/16
Windows ??: C:\Windows
????: C:\Windows\system32
????: \Device\HarddiskVolume1
??????: zh-cn;??(??)
???????: zh-cn;??(??)
??: (UTC+08:00)??????????????????
??????: 8,192 MB
???????: 2,504 MB
????: ???: 8,190 MB
????: ??: 1,101 MB
????: ???: 7,089 MB
??????: ??
?: WORKGROUP
?????: ??
????: ??? 211 ??????
[01]: KB981391
[02]: KB981392
[03]: KB977236
[04]: KB981111
[05]: KB977238
[06]: KB2849697
[07]: KB2849696
[08]: KB2841134
[09]: KB2841134
[10]: KB977239
[11]: KB2670838
[12]: KB2592687
[13]: KB981390
[14]: KB2386667
[15]: KB2425227
[16]: KB2506014
[17]: KB2506212
[18]: KB2506928
[19]: KB2509553
[20]: KB2511455
[21]: KB2515325
[22]: KB2529073
[23]: KB2533552
[24]: KB2536275
[25]: KB2536276
[26]: KB2541014
[27]: KB2544893
[28]: KB2545698
[29]: KB2547666
[30]: KB2552343
[31]: KB2560656
[32]: KB2563227
[33]: KB2564958
[34]: KB2570947
[35]: KB2574819
[36]: KB2584146
[37]: KB2585542
[38]: KB2603229
[39]: KB2604115
[40]: KB2607047
[41]: KB2608658
[42]: KB2618451
[43]: KB2620704
[44]: KB2621440
[45]: KB2631813
[46]: KB2636573
[47]: KB2640148
[48]: KB2643719
[49]: KB2644615
[50]: KB2645640
[51]: KB2647753
[52]: KB2653956
[53]: KB2654428
[54]: KB2655992
[55]: KB2656356
[56]: KB2658846
[57]: KB2659262
[58]: KB2660075
[59]: KB2667402
[60]: KB2676562
[61]: KB2685811
[62]: KB2685813
[63]: KB2685939
[64]: KB2690533
[65]: KB2691442
[66]: KB2698365
[67]: KB2699779
[68]: KB2705219
[69]: KB2706045
[70]: KB2709630
[71]: KB2709981
[72]: KB2712808
[73]: KB2718704
[74]: KB2719033
[75]: KB2719857
[76]: KB2726535
[77]: KB2729094
[78]: KB2729452
[79]: KB2732059
[80]: KB2736422
[81]: KB2742599
[82]: KB2743555
[83]: KB2749655
[84]: KB2750841
[85]: KB2753842
[86]: KB2757638
[87]: KB2758857
[88]: KB2761217
[89]: KB2763523
[90]: KB2765809
[91]: KB2770660
[92]: KB2779562
[93]: KB2785220
[94]: KB2786081
[95]: KB2786400
[96]: KB2789645
[97]: KB2790113
[98]: KB2791765
[99]: KB2798162
[100]: KB2800095
[101]: KB2804579
[102]: KB2807986
[103]: KB2808679
[104]: KB2813170
[105]: KB2813347
[106]: KB2813430
[107]: KB2820197
[108]: KB2820331
[109]: KB2829361
[110]: KB2830290
[111]: KB2832414
[112]: KB2834140
[113]: KB2834886
[114]: KB2835361
[115]: KB2836502
[116]: KB2836942
[117]: KB2836943
[118]: KB2838727
[119]: KB2839894
[120]: KB2840149
[121]: KB2840631
[122]: KB2843630
[123]: KB2844286
[124]: KB2845690
[125]: KB2847311
[126]: KB2849470
[127]: KB2850851
[128]: KB2852386
[129]: KB2853952
[130]: KB2859537
[131]: KB2861191
[132]: KB2861698
[133]: KB2862152
[134]: KB2862330
[135]: KB2862335
[136]: KB2862966
[137]: KB2862973
[138]: KB2864058
[139]: KB2864202
[140]: KB2868038
[141]: KB2868116
[142]: KB2868623
[143]: KB2868626
[144]: KB2871997
[145]: KB2872339
[146]: KB2876284
[147]: KB2882822
[148]: KB2884256
[149]: KB2887069
[150]: KB2888049
[151]: KB2891804
[152]: KB2892074
[153]: KB2893294
[154]: KB2893519
[155]: KB2894844
[156]: KB2898857
[157]: KB2900986
[158]: KB2901112
[159]: KB2908783
[160]: KB2911501
[161]: KB2912390
[162]: KB2913152
[163]: KB2913602
[164]: KB2918614
[165]: KB2919469
[166]: KB2922229
[167]: KB2926765
[168]: KB2928562
[169]: KB2929733
[170]: KB2929755
[171]: KB2931356
[172]: KB2937610
[173]: KB2939576
[174]: KB2943357
[175]: KB2957189
[176]: KB2957503
[177]: KB2957509
[178]: KB2961072
[179]: KB2966583
[180]: KB2968294
[181]: KB2972100
[182]: KB2972211
[183]: KB2973112
[184]: KB2973201
[185]: KB2973351
[186]: KB2976627
[187]: KB2976897
[188]: KB2977292
[189]: KB2977728
[190]: KB2978120
[191]: KB2978668
[192]: KB2979570
[193]: KB2980245
[194]: KB2984972
[195]: KB2984976
[196]: KB2985461
[197]: KB2991963
[198]: KB2992611
[199]: KB2993651
[200]: KB2993958
[201]: KB2998527
[202]: KB3002885
[203]: KB3003057
[204]: KB3003743
[205]: KB3005607
[206]: KB3006226
[207]: KB3008627
[208]: KB3010788
[209]: KB3018238
[210]: KB976902
[211]: KB982018
??: ??? 3 ? NIC?
[01]: Microsoft Loopback Adapter
???: loopback
?? DHCP: ?
DHCP ???: 255.255.255.255
IP ??
[01]: 169.254.114.140
[02]: fe80::8074:78b9:934f:728c
[02]: Net Device PV Driver
???: ????
?? DHCP: ?
IP ??
[01]: 10.161.232.193
[02]: fe80::4cef:b145:24a3:7100
[03]: Net Device PV Driver
???: ???? 2
?? DHCP: ?
IP ??
[01]: 114.215.204.166
[02]: fe80::8151:1878:5b6:eb43
====================================================================================================================================

漏洞证明:

1.png


2.png


3.png

修复方案:

请自行查找官方文档修复

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-03-30 15:59

厂商回复:

非常感谢 我们会进行升级处理

最新状态:

暂无