当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0138765

漏洞标题:某集团股份公司系统设计缺陷可撞库爆破(已进后台)

相关厂商:cncert国家互联网应急中心

漏洞作者: 班尼路

提交时间:2015-09-11 23:27

修复时间:2015-10-29 09:12

公开时间:2015-10-29 09:12

漏洞类型:设计缺陷/逻辑错误

危害等级:低

自评Rank:5

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-11: 细节已通知厂商并且等待厂商处理中
2015-09-14: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-09-24: 细节向核心白帽子及相关领域专家公开
2015-10-04: 细节向普通白帽子公开
2015-10-14: 细节向实习白帽子公开
2015-10-29: 细节向公众公开

简要描述:

RT

详细说明:

三主粮集团股份公司OA、邮箱系统设计缺陷,登陆口无验证码限制,可爆破。

http://**.**.**.**/login.aspx 三主粮OA协同办公管理平台


OA1.jpg


burp_OA.jpg


txl.jpg


brupsite抓包,导入top500姓名,密码123456,成功破解出几个弱口令账号,任意登录一个账户,从通讯录可以导出该集团所有员工账号,将导出的账号整理,再次导入批量测试,发现OA弱口令账户多达205个,以下为OA弱口令账户列表。

hubin
sunyu
guoxiaog
dingyi
fanhua
panjie
wuling
xuepei
yuping
wangye
guoyi
yuxin
liumeigui
wuwenjuan
weiyanbin
chenyan
houfeng
nijing
xiayan
tanglin
wangwenhui
chuqian
lantian
linglan
shenlan
zhangping
hutianxi
huyuxing
liugexin
xubichan
zhangyan
caiyudi
tundafu
gerujin
humeiyu
lishuyi
yelinna
baina
lujianfei
dingwenli
hujianhua
huaxinkun
lizhifang
liumeiyan
maguiying
wangzhiguang
xuyingjin
yanwenqin
yinmeizhi
yinxiaole
zhaoziqin
fuyaowei
heshunle
kangqiyu
lihaixia
liyuting
panyumei
yeyuping
yuweichi
dongjunwei
niuguirong
shenglimin
shijinghua
shijuanhua
wuqinli
caixinmei
fanlihong
gehaifang
gouchunhu
helianhui
huqinghua
huiliying
lanxiaodi
lishiping
pengkunyu
sunxianfu
wanganjun
xujianhua
yangliqun
yangyumei
yaoweifei
zhouyuhua
zoujihuan
bianzhixian
chenxiujuan
donglinjuan
fengyuejuan
hanxiaoping
lixiangping
mengfanping
zhanggenmei
zhangtianfa
baifufu
lihaina
bianwenkai
chenliping
fanghuaqin
liyongning
linxiaomei
linyuanjun
panxiaoyan
pengxiafen
songshuqin
dongyunhua
dongzechun
wangjihong
wudonghong
xujianfang
yingxueqin
yuzaisheng
zengmeizhu
zhangyulan
zhanglimin
zhulipoing
zhoujianying
zhouxiaoping
xiehuanzhong
chenweizhou
chenxiaoyan
dongjianlin
fangshiying
gechunxiang
tangwenjuan
wanghaiying
wanggending
xiejinliang
zhangxueqin
zhengchunye
zhengxueyan
jinli
zhoumeiqing
weibin
liangbin
chenfengjuan
chenxiaofeng
jiangzhijuan
luoguangping
terigele
xinghuicheng
zhangjinling
zhangxueling
zhaojinliang
zhoujinsheng
zhuxiangzhen
sunchunrui
huangyuanjing
zhaosuning
lianna
lujing
maozhiqing
zhaohai
chenbangsong
lidongsheng
hexuefeng
zhanghongguang
sunyuehou
tianciwen
niuzhigao
likun
ruoxin
luobin
sunzuobang
zhangzhi
wanglh
liuxiaojing
wangyingwei
luyumei
sunzhi
wuyiheng
houguanxi
wangyuanfa
zhangyang
liyuzhen
liyongqiang
baiyanming
liangtuya
zhanghongwei
wangzhanzhong
liulinglin
houwenjian
libingbing
wangwenyi
liuhuifang
yuanfengli
zhaolimei
wushaoshuai
panchaowen
liuyan
fanwanxiang
zhangbin
wuwenjin
zhaolonglong
liuwusheng
tianxuanrui
yaoyanmin
songqinghua
daijianmin
yaojingping
zhangwenjie
chenjingjun
zhouxiang
lishuming
liuyujing
tanghaidong


包括该集团董事长孙治的账号,该账号为高权限账户,拥有、系统管理、短信群发、公告发布等权限。

OA.jpg


sunzhi.jpg


使用同样的方法测试邮箱系统

mail1.jpg


brup_mail.jpg


发现邮箱弱口令账户多达47个,以下为邮箱弱口令账户列表。

chenchen
chenjingjun
dingyi
fanhua
houzhanjun
houwenjian
jiangmingcai
jiaoxiping
jinli
lianna
liwenjun
lixiangping
liyongqiang
linxiaomei
liulinglin
liuwusheng
liuxiaojing
liuyan
liuyujing
luxiangyu
lujianfei
lujing
pangyuehua
peijiayuan
shangshihui
songqinghua
subo
sunzuobang
wangjianjun
wanglh
wangwenyi
wangxiaohui
wangyuanfa
wuwenjin
wushaoshuai
xiaogt
yanyafei
yaojingping
yeyuping
yinxiaole
yuanfengli
zhangbin
zhangyang
zhangzq
zhoumeiqing
zhouxiang


包括董事会秘书陈晨的邮箱

mail.jpg

漏洞证明:

OA1.jpg


burp_OA.jpg


txl.jpg


mail.jpg


修复方案:

1、为OA、邮箱系统增加验证码功能。
2、通知有关员工及时修改登录密码。
3、加强员工安全意识。

版权声明:转载请注明来源 班尼路@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-09-14 09:11

厂商回复:


CNVD确认并复现所述情况,已经由CNVD通过网站公开联系方式向网站管理单位通报。

最新状态:

暂无