当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0102461

漏洞标题:中国石化某站文件下载数据库连接信息泄露

相关厂商:中国石油化工股份有限公司

漏洞作者: 独孤求败

提交时间:2015-03-20 09:40

修复时间:2015-03-25 09:42

公开时间:2015-03-25 09:42

漏洞类型:任意文件遍历/下载

危害等级:低

自评Rank:1

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-03-20: 细节已通知厂商并且等待厂商处理中
2015-03-25: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

中国石化某站文件下载数据库连接信息泄露

详细说明:

中国石化某站文件下载数据库连接信息泄露。
地址:http://218.58.78.123:8080/web.rar

QQ图片20150319215320.png

QQ图片20150319215351.png


数据库信息:

QQ图片20150319220547.png

漏洞证明:

数据库信息代码如下:

<?xml version="1.0"?><!--2008-09-24 portal--><configuration>
	<!--AJAX begin-->
	<configSections>
		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication"/>
				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="Everywhere"/>
					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication"/>
				</sectionGroup>
			</sectionGroup>
		</sectionGroup>
 </configSections>
	<!--AJAX end-->
	<appSettings>
		<add key="ConnCountInPool" value="5"/>
		<add key="ConnectionString" value="Data Source=orcl;User ID=hsejwbx;Password=hsejwbx;"/>
		<add key="FCKeditor:BasePath" value="~/fckEditor/"/>
		<add key="FCKeditor:UserFilesPath" value="/SlnPortal/KnowledgeArt/xkziArticle/UserFiles"/>
		<add key="IsRoleLoadAll" value="0"/>
    <!--菜单是否折叠兄弟节点-->
    <add key="IsMenuCollapseBrothers" value="1"/>
    <!--菜单路径为空时main框架是否显示其子菜单页面-->
    <add key="IsDisplayChildMenu" value="1"/>
    <!--是否中石化提升系统-->
    <!--<add key="IsPtscts" value="1"/>-->
		<!--是否角色委托-->
		<add key="IsUserDelegate" value="0"/>
		<add key="EncryptMode" value="1"/>
		<add key="--ValidationExpression" value="(?!^[0-9]*$)(?!^[\Wa-zA-Z]*$)^([\W0-9A-Za-z]{6,6})$"/>
		<add key="--ErrorMessage" value="密码格式不正确!"/>
		<add key="--EnableImport" value="1"/>
		<!--密码失效日期:以月为单位-->
		<add key="--ExpiryDate" value="3"/>
		<!--密码重置为1,需要登录时重新设置密码-->
		<add key="--LoginReset" value="1"/>
		<!--设置桌面快捷方式显示图片的大小-->
		<add key="QuickLinkWidth" value="128"/>
		<add key="QuickLinkHeight" value="95"/>
    <add key="TopMenuCount" value="20"/><!--header顶部横向一级菜单显示个数-->
		<add key="IsDomainUserLogin" value="2"/><!--0普通登录;1域用户登录;2既可以域用户登录,也可以普通用户登录-->
		<add key="DomainServerIP" value="192.168.100.1"/>
		<!--用salien.com必须web服务器也在域里,用ip地址就不用在域里。-->
    <add key="WebSeriveSSO" value="http://localhost:14338/SSOService2/OThinkerSSO.asmx"/>
		<!--公共密码-->
		<add key="--CommonPassword" value="111"/>
		<!--是否绑定IP-->
		<add key="--IsBandIP" value="1"/>
		<!-- 班次个数  -->
		<add key="--ShiftCount" value="3"/>
		<!-- 班次时间点 -->
		<add key="--Shift_TIME_0" value="06:00:00"/>
		<add key="--Shift_TIME_1" value="14:00:00"/>
		<add key="--Shift_TIME_2" value="22:00:00"/>
		<add key="ChartHttpHandler" value="Storage=memory;Timeout=180;Url=~/temp/;"/>
		<!-- 菜单是否加密 -->
		<add key="IsMenuEncrypt" value="0"/>
    <!--下拉框显示样式1 旧版 2 新版-->
    <!--<add key="DropDownListVersion" value ="2"/>-->
    <!--add zxm 090508 查询时错误提示方式("Off" 错误明细; "On" 错误简单提示 )-->
    <add key="customErrors" value="On"/>
    <!--<add key="PrintPagePath" value ="../../report/generates/printpage.aspx"/>-->
    <!--add zxm 0906(true 弹出打印对话框; false 不弹出打印对话框)-->
    <!--<add key="DirectPrint" value ="true"/>-->
    <!--add 090616(审批:1 旧版; 2 新版 ;默认为2)-->
    <add key="WorkFlowVersion" value="2"/>
    <!--add 090619(打印注册:1 脚本; 2 cookie ;默认为1)-->
    <add key="PrintRegister" value="2"/>
    <add key="afc" value="../../masterkey/slnmesflowchart2.html"/>
    <!--是否工程分类;瓦斯不分类,镇海分类-->
    <add key="isPrjSort" value="true"/>
    <!--是否存在属性分组-->
    <add key="isGroupP" value="false"/>
	</appSettings>
	<!--Web Parts Connection-->
	<connectionStrings>
		<clear/>
		<add name="LocalSQLServer" connectionString="Server=.;Database=aspnetdb;trusted_connection=yes"/>
		<add name="OraAspNetConString" connectionString="Data Source=221;User ID=ptsb_zh;Password=ptsb_zh;"/>
	</connectionStrings>
	<system.web>
    <pages enableEventValidation="false" enableSessionState="true" validateRequest="false"><!--theme="Blue"-->
			<controls>
				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
			</controls>
		</pages>
		<httpHandlers>
			<add path="ChartAxd.axd" verb="*" type="Dundas.Charting.WebControl.ChartHttpHandler" validate="false"/>
      <add path="*.aspx" verb="*" type="SlnPortal.Utility.MyHandlerFactory"/>
      
			<!--AJAX begin-->
			<remove verb="*" path="*.asmx"/>
      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
			<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
			<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
		</httpHandlers>
		<httpModules>
			<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
		</httpModules>
		<!--AJAX end-->
		<httpRuntime maxRequestLength="1048576" executionTimeout="3600"/>
		<compilation debug="true">
			<assemblies>
				<add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
			
				<add assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
				<add assembly="System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				<add assembly="System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
				<add assembly="System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
				<add assembly="System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				<add assembly="System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				<add assembly="System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
				<add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
				<add assembly="System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
				<add assembly="System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
				<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
				<add assembly="System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
				<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				<add assembly="System.Web.RegularExpressions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies>
		</compilation>
		<customErrors mode="Off"/>
		<authentication mode="Forms">
			<forms name="SlnPortalUserCookie" loginUrl="Login.aspx" defaultUrl="default.aspx" protection="Encryption" path="/"><!--Login_NJ.aspx-menutop_NJ.aspx-menutop_zhy.aspx-->
			</forms>
		</authentication>
		<webParts enableExport="true">
			<personalization defaultProvider="CustomOraclePersonalizationProvider">
				<providers>
					<add connectionStringName="OraAspNetConString" applicationName="PortalTest" name="CustomOraclePersonalizationProvider" type="SlnPortal.Utility.Personalization.SlnOraclePersonalizationProvider,SlnPortal, Version=3.0.0.3, Culture=neutral"/>
				</providers>
				<authorization>
					<allow users="*" verbs="enterSharedScope"/>
					<allow users="*" verbs="modifyState"/>
				</authorization>
			</personalization>
		</webParts>
		<!---负载平衡的环境需要设置machineKey-->
		<!--<machineKey validationKey="90CBB9B2FAD04C6F869A58D6A42AED0D13F3440227CD725F6008BC4835B7C0BFBEFFAE214DC81DAE3CD7E395A70B0D6C492EFB8C8BE69F9E86D006D2320FE524"
decryptionKey="69A5A438452FCB3C031FEA245DEF770191A16609E9E4A62F" validation="SHA1" decryption="3DES" />-->
		<!--StateServer:Session can not invalidation,InProc;timeout的单位是分-->
		<sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="240"/>
		<globalization requestEncoding="gb2312" responseEncoding="gb2312"/><!--utf-8-->
		<xhtmlConformance mode="Legacy"/>
	</system.web>
	<!--AJAX begin-->
 <system.webServer>
		<validation validateIntegratedModeConfiguration="false"/>
		<modules>
			<add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
		</modules>
		<handlers>
			<remove name="WebServiceHandlerFactory-Integrated"/>
			<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
			<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
			<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
		</handlers>
	</system.webServer>
	<!--AJAX end-->
</configuration>

修复方案:

。。。

版权声明:转载请注明来源 独孤求败@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-03-25 09:42

厂商回复:

最新状态:

2015-03-25:谢谢