当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0142749

漏洞标题:中信证券近300账户存在弱口令可导致大量内部敏感信息

相关厂商:中信证券

漏洞作者: 路人甲

提交时间:2015-09-24 12:58

修复时间:2015-11-06 15:04

公开时间:2015-11-06 15:04

漏洞类型:服务弱口令

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-24: 细节已通知厂商并且等待厂商处理中
2015-09-22: 厂商已经确认,细节仅向厂商公开
2015-10-02: 细节向核心白帽子及相关领域专家公开
2015-10-12: 细节向普通白帽子公开
2015-10-22: 细节向实习白帽子公开
2015-11-06: 细节向公众公开

简要描述:

中信证券
简单看看

详细说明:

1.png


2.png


3.png


4.png


5.png


6.png


7.png


就登录了2-3个用户邮箱,太多了反而不想看
附:

Payload1	Payload2
print	123456
zhangbin1	123456
zhanglei6	123456
caili	123456		caili123456
wangyun	123456		wangyun123456
Payload1	Payload2
060dnb	123456
060dnb	123456
062cwb	123456
071CWB	123456
319cwb	123456
401dnb	123456
409cwb	123456
409zhb	123456
413cwb	123456
422cwb	123456
422zhb	123456
427zhb	123456
428zhb	123456
440cwb	123456
440dnb	123456
441dnb	123456
442dnb	123456
447cwb	123456
447zhb	123456
450cwb	123456
465zhb	123456
466zhb	123456
467dnb	123456
467zhb	123456
516cwb	123456
516cwb	123456
caoc	123456
cvms	123456
ex_apex	123456
Forum	123456
060dnb	123456
060dnb	123456
062cwb	123456
071CWB	123456
319cwb	123456
401dnb	123456
409cwb	123456
409zhb	123456
413cwb	123456
422cwb	123456
422zhb	123456
427zhb	123456
428zhb	123456
440cwb	123456
440dnb	123456
441dnb	123456
442dnb	123456
447cwb	123456
447zhb	123456
450cwb	123456
465zhb	123456
466zhb	123456
467dnb	123456
467zhb	123456
516cwb	123456
caoc	123456
aliyun_dev	123456
aliyun_prod	123456
ali_cloud_dev	123456
ali_cloud_prod	123456
chengrui	123456
citicsserver	123456
custodiandata	123456
evaluation	123456
ex_caidong	123456
ex_chenhuashan	123456
ex_chiweisu	123456
ex_daichangqing	123456
ex_daixiaowei	123456
ex_duanjing	123456
ex_fengqibing	123456
ex_fuxuegang	123456
ex_gaofan	123456
ex_gumeng	123456
ex_guohuiming	123456
ex_haozhuo	123456
ex_huangronghui	123456
ex_huangronghui	123456
ex_hulun	123456
ex_huyaoxue	123456
ex_jiangying	123456
ex_jinshi	123456
ex_liaojunfu	123456
ex_lihailiang	123456
ex_lijiaxiang	123456
ex_liujidong	123456
ex_liupin	123456
ex_liushaoxiong	123456
ex_liuxiwu	123456
ex_liuyan	123456
ex_lixiong	123456
ex_liyongjin	123456
ex_maoqiang	123456
ex_menglinglong	123456
ex_miaoyu	123456
ex_qianjing	123456
ex_qilin	123456
ex_ququnjiang	123456
ex_shaoxuecheng	123456
ex_shiyu	123456
ex_sunlingshuai	123456
ex_sunzhenhua	123456
ex_suxiuhu	123456
ex_tanglei	123456
ex_tianchuan	123456
ex_wanggang	123456
ex_wangh	123456
ex_wangjian	123456
ex_wangjing	123456
ex_wangkp	123456
ex_wanglina	123456
ex_wanglong	123456
ex_wangruiming	123456
ex_wangyuxiu	123456
ex_wangzhiwei	123456
ex_wanyao	123456
ex_wujiangbin	123456
ex_xiaopei	123456
ex_xiehy	123456
ex_xieliang	123456
ex_xujingwei	123456
ex_xujinliang	123456
ex_yanglb	123456
ex_yankunpeng	123456
ex_yejinhua	123456
ex_yeshengqiang	123456
ex_yuhong	123456
ex_zhangbaihong	123456
ex_zhangnengjie	123456
ex_zhangquan	123456
ex_zhangxiaohui	123456
ex_zhangxu	123456
ex_zhaokan	123456
ex_zhaox	123456
ex_zhenghongen	123456
ex_zhouyuming	123456
ex_zouzhicai	123456
GB_Project	123456
aliyun_dev	123456
aliyun_prod	123456
ali_cloud_dev	123456
ali_cloud_prod	123456
ex_chengzhiqiang	123456
ex_fanxiqiantest	123456
ex_pengxianliang	123456
ex_yanghongzhang	123456
ex_zhongchonglong	123456
030CWB	123456
074dnb	123456
1082cwb	123456
319dnb	123456
320dnb	123456
320dnb	123456
419cwb	123456
420cwb	123456
bfcj	123456
bjjgm	123456
CCRS	123456
cgwl	123456
chengq	123456
CRMP	123456
ex_dffu	123456
ex_hil	123456
ex_rm	123456
ex_wl	123456
ex_yfxu	123456
030CWB	123456
074dnb	123456
1082cwb	123456
319dnb	123456
320dnb	123456
320dnb	123456
419cwb	123456
420cwb	123456
bfcj	123456
bjjgm	123456
CCRS	123456
admindpt	123456
chenzhiquan	123456
custodiandate	123456
custodiandate	123456
ex_caolijun	123456
ex_daixz	123456
ex_fanlibo	123456
ex_fanshigang	123456
ex_fengxiuxiu	123456
ex_fuzhaowei	123456
ex_guojuanjuan	123456
ex_guolin	123456
ex_haoquanwei	123456
ex_huruihai	123456
ex_kangweili	123456
ex_kongzaifu	123456
ex_liangyan	123456
ex_libing	123456
ex_lihang	123456
ex_lihengyu	123456
ex_liruifeng	123456
ex_liuqian	123456
ex_liuwei	123456
ex_liuyi	123456
ex_liuzhiquan	123456
ex_liuzhiying	123456
ex_liwei	123456
ex_lixuezheng	123456
ex_luhao	123456
ex_luzhenbo	123456
ex_mabin	123456
ex_maxiaoyue	123456
ex_menglingkui	123456
ex_qianyun	123456
ex_renmeng	123456
ex_shenli	123456
ex_shifeng	123456
ex_shushi	123456
ex_songxiaojuan	123456
ex_sunqiang	123456
ex_sunquan	123456
ex_sunyidong	123456
ex_tanleliang	123456
ex_wangbaoyue	123456
ex_wangruibo	123456
ex_wangshaohui	123456
ex_wangxianwen	123456
ex_wangyd	123456
ex_weiwang	123456
ex_wenjun	123456
ex_wuguohong	123456
ex_wukeding	123456
ex_xingshiwu	123456
ex_xuqiang	123456
ex_xuyuanfei	123456
ex_yangdongyue	123456
ex_yanghong	123456
ex_yangxiaolin	123456
ex_yangz	123456
ex_yeyunxi	123456
ex_yuhaoyang	123456
ex_zhanghui	123456
ex_zhangke	123456
ex_zhangxiao	123456
ex_zhangxiao	123456
ex_zhangxiaobo	123456
ex_zhangyuan	123456
ex_zhangzhipeng	123456
ex_zhaowenjie	123456
ex_zhaoyingjie	123456
ex_zhengxin	123456
ex_zhuyong	123456
fanxiqian	123456
admindpt	123456
caifuguanlilianmeng	123456
Equityderivatives1	123456
Equityderivatives1	123456
Equityderivatives2	123456
Equityderivatives3	123456
Equityderivatives4	123456
Equityderivatives5	123456
caifuguanlilianmeng	123456
Payload1	Payload2
byy	a123456
byy	a123456
dyt	abc123
cx	citics123
edg	citics123
chenjunting	123qwe
chenyuxin	a123456
citics_webex_test01	citics
citics_webex_test02	citics
citics_webex_test03	citics
citics_webex_test05	citics
citics_webex_test06	citics


漏洞证明:

真该整顿一下了

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-09-22 15:03

厂商回复:

已通知处理

最新状态:

暂无