当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0138864

漏洞标题:优美世界官方敏感数据泄漏(内部工资/身份证等数据)

相关厂商:优美世界

漏洞作者: 八神

提交时间:2015-09-04 12:28

修复时间:2015-10-19 12:30

公开时间:2015-10-19 12:30

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-04: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-10-19: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

官方 www.casagroup.com.cn
订单系统 http://order.casagroup.com.cn
后台地址 http://home.casagroup.com.cn
注册会员 更改会员头像处任意上传文件
上传或得大马地址
http://vip.umisky.com/UploadFiles/Users/U1000025007/adefbb25-4ce8-45b7-924f-116bd50cd7e8.aspx
安全检测并成功添加管理帐号Administratos 服务器Ip为192.168.2.50、192.168.2.51、192.168.2.49
-----------------------------------以下是官方所有内部数据库帐号密码

<add key="ConnectionString" value="User ID=dnt2;Initial Catalog=dnt2;Data Source=sr-db-08.casagroup.com.cn;Password=X\ckkuUK5J" />
<add key="ConnectionStringVip" value="Data Source=sr-db-02.casagroup.com.cn;Initial Catalog=jxcdb;User ID=webapp;Password=W#e2b1" />
<add name="QXDBConnectionString" connectionString="Data Source=9YV8VGFZ6VPKSFI\AAA;Initial Catalog=QXDB;UID=sa;Password=88888888;" providerName="System.Data.SqlClient"/>-->
<add name="QXDBConnectionString" connectionString="Data Source=sr-db-08.casagroup.com.cn;Initial Catalog=QXDB;UID=qxdb;Password=KINH+%C9;"
<add name="QXDBConnectionString" connectionString="Data Source=.;Initial Catalog=QXDB;UID=sa;Password=88888888;" providerName="System.Data.SqlClient"/>-->
<add name="connstr" connectionString="Data Source=sr-db-02.casagroup.com.cn;Initial Catalog=ERP_PRODUCT;Persist Security Info=True;User ID=webapp;Password=W#e2b1"
<add name="connstr_casagroup" connectionString="Data Source=sr-db-02.casagroup.com.cn;Initial Catalog=ERP_PRODUCT;Persist Security Info=True;User ID=webapp;Password=W#e2b1"
<add name="connstr_oa" connectionString="Data Source=sr-db-02.casagroup.com.cn;Initial Catalog=jxcdb;Persist Security Info=True;User ID=webapp;Password=W#e2b1"
<add name="connstr_sms" connectionString="Data Source=sr-sms-02.casagroup.com.cn;Initial Catalog=CasaSMS;Persist Security Info=True;User ID=sms;Password=smsadmin"
<!-- <add name="SQLConnString1" connectionString="server=20101223-1300\SQLSERVER2008;database=HQBCMSDB;uid=sa;pwd=sa" />-->
<!--<add name="SQLConnString1" connectionString="server=.;database=sz_umisky;uid=sa;pwd=sa"/>-->
<add name="SQLConnString1" connectionString="server=sr-db-08.casagroup.com.cn;database=vip;uid=vip;pwd=KINH+%C9" />
<add key="ConnectionString" value="server=sr-db-08.casagroup.com.cn;uid=Umisky;pwd=casa1234;database=Umisky" />
<dataSource name="SqlServer" connectionString="data source=192.168.108.157;database=Portal;user id=sa;password=sa;" />
<add key="email_user" value="lhjz09@163.com" />
<add key="email_pwd" value="204043" />
<add key="ConnectionString" value="User ID=dnt2;Initial Catalog=dnt2;Data Source=sr-db-08.casagroup.com.cn;Password=X\ckkuUK5J" />
<add key="ConnectionStringVip" value="Data Source=sr-db-02.casagroup.com.cn;Initial Catalog=jxcdb;User ID=webapp;Password=W#e2b1" />
<add name="SQLConnString1" connectionString="Data Source=sr-db-08.casagroup.com.cn;Initial Catalog=Image;UID=image;Password=im@gE123;" providerName="System.Data.SqlClient"/>
<!--add name="SQLConnString1" connectionString="Data Source=sr-db-08.casagroup.com.cn;Initial Catalog=ImageWebsite;UID=imagewebsite;Password=Image@website123;"
<!--add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
<!--<dataSource name="SqlServer" connectionString="data source=localhost;database=Job;user id=sa;password=sa;" />-->
<dataSource name="SqlServer" connectionString="data source=sr-db-08.casagroup.com.cn;database=Job;user id=job;password=VmnjtRESB9;" />


----------------------------------------------------------------------------------------------------------------------------

漏洞证明:

a.png


a.png


a.png


a.png


a.png


a.png


a.png


a.png


a.png


a.png


a.png


a.png


修复方案:

修复代码 修复权限 降低权限
我一直在求来个礼物

版权声明:转载请注明来源 八神@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)