当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0104993

漏洞标题:大麦网OA系统弱口令导致大量内部敏感信息泄露

相关厂商:大麦网

漏洞作者: milan

提交时间:2015-04-01 09:30

修复时间:2015-05-18 20:38

公开时间:2015-05-18 20:38

漏洞类型:后台弱口令

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-04-01: 细节已通知厂商并且等待厂商处理中
2015-04-03: 厂商已经确认,细节仅向厂商公开
2015-04-13: 细节向核心白帽子及相关领域专家公开
2015-04-23: 细节向普通白帽子公开
2015-05-03: 细节向实习白帽子公开
2015-05-18: 细节向公众公开

简要描述:

大麦网oa弱口令

详细说明:

http://oa.damai.cn/


大麦网oa弱口令

POST /login.action HTTP/1.1
Host: oa.damai.cn
Proxy-Connection: keep-alive
Content-Length: 40
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://oa.damai.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://oa.damai.cn/index.jsp?error=3
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: PHPStat_First_Time_10000001=1425269467204; PHPStat_Cookie_Global_User_Id=_ck15030212110712341098245205187; pgv_pvi=8005335040; PHPStat_Msrc_First_10000001=%3A%3Amarket_type_free_search%3A%3A%3A%3Abaidu%3A%3A%25e5%25a4%25a7%25e9%25ba%25a6%25e7%25bd%2591%3A%3A%3A%3A%3A%3Awww.baidu.com%3A%3A%3A%3Apmf_from_free_search; PHPStat_First_Time_10000042=1425280103500; PHPStat_Msrc_10000001=%3A%3Amarket_type_free_search%3A%3A%3A%3Abaidu%3A%3A%25e5%25a4%25a7%25e9%25ba%25a6%25e7%25bd%2591%3A%3A%3A%3A%3A%3Awww.baidu.com%3A%3A%3A%3Apmf_from_free_search; PHPStat_Msrc_Type_10000001=pmf_from_free_search; PHPStat_First_Time_10000093=1425982632688; PHPStat_Return_Time_10000093=1425982632688; PHPStat_Return_Count_10000042=1; PHPStat_Return_Time_10000042=1426502112644; _ga=GA1.2.264839529.1425279960; PHPStat_From_Id_10000001=681623; cporder=ordervalue=1P0Uothr2NlkIEv03GsEYn%2bM4stuw2sx%2f%2fyvtAi4MWMPu869qxGwVc%2f0TBfIr9hO717aN13zb0rADAxKpkp0RV3p3yDhbK8reWbVD6gjbvRM6Jop15th7Q%3d%3d; PHPStat_Return_Count_10000001=6; PHPStat_Return_Time_10000001=1426674340814; visitCount=38; damai.cn_email=15510785834; damai.cn_nickName=%e7%bd%91%e5%ad%90%e7%82%b9; movue_ctiy_name=%25E5%258C%2597%25E4%25BA%25AC; PHPStat_First_Time_10000104=1426674845999; PHPStat_Return_Time_10000104=1426674845999; __utma=143517098.264839529.1425279960.1426579992.1426674341.3; __utmz=143517098.1426674341.3.3.utmcsr=appapi.damai.cn|utmccn=(referral)|utmcmd=referral|utmcct=/damaiapi/gotodamai.aspx; __utmv=143517098.|2=CityStation=bj=1; JSESSIONID=E746458EFFCFD3E778522A097B94BA03
_loginname=zhoujinglong&_password=§123123§


1.jpg


1.jpg


1.png


漏洞证明:

http://oa.damai.cn/


大麦网oa弱口令

POST /login.action HTTP/1.1
Host: oa.damai.cn
Proxy-Connection: keep-alive
Content-Length: 40
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://oa.damai.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://oa.damai.cn/index.jsp?error=3
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: PHPStat_First_Time_10000001=1425269467204; PHPStat_Cookie_Global_User_Id=_ck15030212110712341098245205187; pgv_pvi=8005335040; PHPStat_Msrc_First_10000001=%3A%3Amarket_type_free_search%3A%3A%3A%3Abaidu%3A%3A%25e5%25a4%25a7%25e9%25ba%25a6%25e7%25bd%2591%3A%3A%3A%3A%3A%3Awww.baidu.com%3A%3A%3A%3Apmf_from_free_search; PHPStat_First_Time_10000042=1425280103500; PHPStat_Msrc_10000001=%3A%3Amarket_type_free_search%3A%3A%3A%3Abaidu%3A%3A%25e5%25a4%25a7%25e9%25ba%25a6%25e7%25bd%2591%3A%3A%3A%3A%3A%3Awww.baidu.com%3A%3A%3A%3Apmf_from_free_search; PHPStat_Msrc_Type_10000001=pmf_from_free_search; PHPStat_First_Time_10000093=1425982632688; PHPStat_Return_Time_10000093=1425982632688; PHPStat_Return_Count_10000042=1; PHPStat_Return_Time_10000042=1426502112644; _ga=GA1.2.264839529.1425279960; PHPStat_From_Id_10000001=681623; cporder=ordervalue=1P0Uothr2NlkIEv03GsEYn%2bM4stuw2sx%2f%2fyvtAi4MWMPu869qxGwVc%2f0TBfIr9hO717aN13zb0rADAxKpkp0RV3p3yDhbK8reWbVD6gjbvRM6Jop15th7Q%3d%3d; PHPStat_Return_Count_10000001=6; PHPStat_Return_Time_10000001=1426674340814; visitCount=38; damai.cn_email=15510785834; damai.cn_nickName=%e7%bd%91%e5%ad%90%e7%82%b9; movue_ctiy_name=%25E5%258C%2597%25E4%25BA%25AC; PHPStat_First_Time_10000104=1426674845999; PHPStat_Return_Time_10000104=1426674845999; __utma=143517098.264839529.1425279960.1426579992.1426674341.3; __utmz=143517098.1426674341.3.3.utmcsr=appapi.damai.cn|utmccn=(referral)|utmcmd=referral|utmcct=/damaiapi/gotodamai.aspx; __utmv=143517098.|2=CityStation=bj=1; JSESSIONID=E746458EFFCFD3E778522A097B94BA03
_loginname=zhoujinglong&_password=§123123§


1.jpg


1.jpg


修复方案:

你们最专业

版权声明:转载请注明来源 milan@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-04-03 20:37

厂商回复:

感谢提供的漏洞信息

最新状态:

暂无