当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0147103

漏洞标题:本来生活网数据库+支付key等信息一枚

相关厂商:本来生活网

漏洞作者: 爱上平顶山

提交时间:2015-10-16 09:59

修复时间:2015-11-30 11:22

公开时间:2015-11-30 11:22

漏洞类型:重要敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-16: 细节已通知厂商并且等待厂商处理中
2015-10-16: 厂商已经确认,细节仅向厂商公开
2015-10-26: 细节向核心白帽子及相关领域专家公开
2015-11-05: 细节向普通白帽子公开
2015-11-15: 细节向实习白帽子公开
2015-11-30: 细节向公众公开

简要描述:

...

详细说明:

本来生活网
数据库+mail+支付key
http://interface.benlai.com/Web.config.bak

mask 区域
*****ode*****
*****ot; encoding=&q*****
*****ration*****
*****ection*****
*****onfiguration.UnityConfigurationSection,*****
*****igSect*****
*****tings&*****
*****Password=YmVubGFpJTY2Nl84MyQyNTgzQCNiZW5sYWk=;databas*****
*****donly;Password=YmVubGFpJTY2Nl84MyQyMDE2QFhTV0A=;databas*****
*****donly;Password=YmVubGFpJTY2Nl84MyQyMDE2QFhTV0A=;databa*****
*****ter;Password=YmVubGFpJTY2Nl84MyQyNTgzQCNiZW5sYWk=;database*****
**********
*****og" value=&qu*****
*****Log" value=&q*****
*****InfoLog" value*****
*****ild" value=&q*****
***** *****
*****t; value="www.*****
*****^置文件^*****
***** value="D:\Interfa*****
*****^^示站点1为华北,2为^*****
*****ervice" value=*****
**********
*****="benlai.com@192.*****
*****" value=&*****
*****code" valu*****
1.://**.**.**//10.4.5.8:8881" />_
*****^口Servi*****
2.://**.**.**//10.4.5.8:8880" />_
*****商Servi*****
3.://**.**.**//10.4.5.8:8882" />_
*****^息Servi*****
4.://**.**.**//10.4.5.8:8883" />_
*****^^信息Se*****
**********
*****品搜索 W*****
5.://**.**.**//m.benlai.com/BenlaiWap/service/searchA/" />_
*****^^地^*****
6.://**.**.**//172.168.1.1" />_
*****^多添加^*****
*****eeCount" valu*****
***** *****
*****^行--*****
***** value="30111*****
*****quot; value=&quot*****
*****t" value=&qu*****
***** *****
*****^^地^*****
*****quot; value=&q*****
**********
*****^否计算商*****
*****DirectSend" val*****
**********
*****SService相^*****
*****ce" value=&q*****
**********
*****" value=&q*****
*****n" value=&*****
*****^^配^*****
*****^^送优惠券******
*****^券开始时^*****
*****Date" value=&quo*****
*****D):结束日期系统以输^*****
*****Date" value=&qu*****
*****^^英文半角的';*****
*****erBatchNos" valu*****
************************
***** *****
*****nionpa*****
*****t;D:\AutoJob\Config\uni*****
7.://**.**.**//unionpaysecure.com/api/Pay.action" />_
*****交易^*****
8.://**.**.**//unionpaysecure.com/api/BSPay.action" />_
*****查询^*****
9.://**.**.**//unionpaysecure.com/api/Query.action" />_
*****
*****
*****nPayIn*****
*****uot; value="1*****
*****quot;e84946d3581a507fa*****
*****t; value="1109*****
***** *****
*****宝商^*****
***** value="20888*****
*****宝商^*****
*****quot;7lf20wfp3u6olhqj0*****
*****uot; value="cfo*****
*****efix" value=*****
*****tPwd" value=*****
*****lue="D:\\Temp\\In*****
*****件模^*****
*****"D:\\MailTemplates\\*****
*****货通^*****
*****="D:\\MailTemplates\\Ma*****
*****^^通知^*****
*****ue="D:\\MailTemplates\\M*****
*****^^域名^*****
10.://**.**.**//www.benlai.com" />_
*****^前台域^*****
11.://**.**.**//www.benlai.com" />_
*****^件模^*****
*****t;..\\wxws\\Icson.IAS\\Sal*****
*****"D:\\MailTemplates\\Mai*****
*****"D:\\MailTemplates*****
*****quot;D:\\MailTemplates*****
**********
***** value="D:\\MailTemplat*****
*****; value="admin:*****
*****ion" value*****
*****="admin:ias:Emin:L*****
*****quot; value=&quot*****
12.://**.**.**//www.benlai.com" />_
*****^^名 *****
**********
*****et" value=&qu*****
*****lue="backstage*****
*****; value="本^*****
*****; value="smtp*****
*****value="backstag*****
*****ot; value="pass*****
*****; value="Web*****
**********
*****^^默认^*****
*****ysNo" value=*****
*****^^默认^*****
*****ysNo2B" valu*****
*****^^默认^*****
*****ysNo2G" valu*****
**********
*****^^单例^*****
*****b" value=&qu*****
**********
*****ot; value="*****
*****rver发出来^*****
**********
*****ring" value*****
*****^^发^*****
**********
*****quot; value=&qu*****
*****^, true:false 不*****
*****t; value="*****
*****elaypoint, sale trend, tru*****
*****lue="qianrongmi*****
*****管理员e*****
**********
*****" value=&qu*****
*****ue:false 不区*****
*****e" value=&q*****
*****^后,一定是false。 true:f*****
**********
13.://**.**.**//www.baby1one.com.cn/IcsonPic/" />_
*****^^后做图^*****
*****ath" value=*****
*****时候用,其他地^*****
*****ue="qianrongmin*****
*****ot; value="er*****
*****lue="D:\\temp\\Pri*****
*****h" value=&quot*****
*****" value="/Ic*****
**********
*****ysNo" value=*****
*****ysNo" value*****
*****yTypeSysNo" v*****
**********
*****^^配送^*****
*****SysNo" valu*****
*****^^支付^*****
*****ysNo" value*****
*****^^配送^*****
*****sNo" value=&*****
*****^^支付^*****
*****ysNo" value*****
*****^^配送^*****
*****sNo" value=&*****
*****^^支付^*****
*****ysNo" value*****
*****^^支付^*****
*****peSysNo" valu*****
**********
14.://**.**.**//www.benlai.com" />_
**********
*****imer" value=*****
*****为分^*****
*****ount" value=*****
*****^^加的最^*****
**********
*****dProductPrice" v*****
*****uot; value=&quot*****
*****^^ip段*****
*****ot; value=&quot*****
*****it" value=&*****
15.://**.**.**//localhost:85/clearcache/cache.aspx,http://localhost:85/clearcache/cache.aspx" />_
**********
*****ilyClick" value*****
*****iceChange" valu*****
*****ot; value="qianron*****
*****uot; value="qianro*****
***** value="qianrongm*****
*****ot; value="qianron*****
16.://**.**.**//pic.anport-e.com.cn/" />_
*****间(小时)和颜色(color值)以*****
*****ot; value="48_*****
*****^^类ID,多个^*****
*****alue="100115;10*****
*****^数 如-7^*****
*****ys" value=*****
*****^单配^*****
*****t; value="本^*****
*****hName" value=*****
17.://**.**.**//www.benlai.com" />_
*****北京市朝阳区安定路3*****
*****quot; value=&quot*****
*****e="010-84109513 ,*****
*****ot; value="07*****
*****^顺义区李桥镇头二营村*****
*****e="仓库(张川*****
*****^霞):010-84109513,原产地部(管聪):010-84*****
*****ot; value="1*****
*****^^京市朝阳区安定路*****
*****quot; value=&quot*****
*****me" value=&q*****
*****货相^*****
*****value="0755-*****
*****^^京市朝阳区安定路3*****
*****er" value=&qu*****
*****t; value="010*****
*****uot; value=&quot*****
*****关设置:是^*****
*****" value=&qu*****
*****^^平靠左 5:居中 6:垂直居中水平靠^*****
*****os" value=*****
*****^大小:高*****
*****ize" value=&*****
*****ize" value=&*****
*****ze" value=&qu*****
*****quot; value="*****
*****ze" value=&qu*****
**********
*****txt:文字*****
*****e" value=&q*****
*****; value="本^*****
*****" value=&quo*****
*****quot; value=&quot*****
*****e" value=&q*****
*****t; value="wat*****
*****^度值只能在0*****
*****parence" valu*****
*****^保价^*****
*****quot; value=&qu*****
*****保价^*****
*****uot; value=&quot*****
*****^^时间间隔^*****
*****me" value=&*****
*****xml存放*****
18.://**.**.**/paihangbang.xml" />_
19.://**.**.**//image.benlai.com/ProductImage/" />_
20.://**.**.**//www.benlai.com/item-" />_
*****^^式平*****
21.://**.**.**//gw.api.360buy.com/routerjson" />_
*****; value="jd_7*****
*****quot; value=&quot*****
*****"C9D6735AC988033F*****
*****="f19f7fe97c304ba7*****
*****="4d7eb177-3f34-410*****
*****^^式平*****
*****uot; value="*****
*****e="cb57692fea315b7*****
*****式平台*****
*****ot; value="2*****
*****="3a6bcde551943dbf*****
**********
*****^^站点编码 ^*****
*****sNo" value=&*****
**********
*****站地^*****
*****000-917|北京市顺义区李桥镇头二*****
*****^地区^*****
*****" value=&qu*****
*****^^风支^*****
*****e="付款方式^*****
*****;0210359649,Z_F7hIlkS21S*****
**********
*****站地^*****
*****008-000-917|广州经济开发区埔北*****
*****^地区^*****
*****" value=&qu*****
*****^^风支^*****
*****e="付款方式^*****
*****;0210359649,Z_F7hIlkS21S*****
**********
*****站地^*****
***** 4008-000-917|上海市青浦区*****
*****^地区^*****
*****" value=&qu*****
*****^^风支^*****
*****e="付款方式^*****
*****;0210359649,Z_F7hIlkS21S*****
*****lue="a6c2a265dddfe*****
22.://**.**.**//192.168.1.130:4254" />_
23.://**.**.**//www.benlai.com" />_
*****uot; value=&qu*****
*****.28(电信IP)112.*****
24.://**.**.**//112.91.147.38:9703/MWGate/wmgw.asmx/MongateCsSpSendSmsNew" />_
25.://**.**.**//backstage.benlai.com" />_
*****SysNo" valu*****
*****库区,站点_库区,站^*****
*****货库^*****
*****" value="1_*****
*****库库^*****
*****uot; value="1_7,*****
*****货库^*****
*****" value="1_*****
*****验库^*****
*****quot; value="1_7,*****
*****接库^*****
*****No" value="1*****
*****货库^*****
*****quot; value="1_7*****
*****库区 *****
*****quot; value="1_1*****
*****拟区 *****
*****o" value="1_*****
**********
*****No" value="1*****
*****ysNo" value=&*****
*****ysNo" value=&*****
26.://**.**.**//ditu.weitepai.com/wtperp/duijie/dj_interface_materiel.phpr=1" />_
**********
**********
*****ysNo" value*****
*****yTypeSysNo" v*****
**********
*****benlai.com@192.168.1.189:6379,*****
*****;benlai.com@192.168.1.188:6679,*****
*****lai.com@192.168.1.166:6379,be*****
*****t;benlai.com@192.168.1.188:6779*****
*****benlai.com@192.168.1.188:6579,b*****
*****写数^*****
*****ize" value=&*****
*****读数^*****
*****Size" value*****
*****口的地*****
27.://**.**.**//netpay.benlai.com/PayRequest/Refund.ashx"/>_
*****ttings*****
*****^^接口配^*****
28.://**.**.**//schemas.microsoft.com/practices/2010/unity">_
*****enlai.Inventory*****
*****Benlai.Inventor*****
*****ration.InterceptionConfigurationExtension,Micr*****
*****containerInvent*****
*****t; mapTo="Benlai.Inventory.Library.I*****
*****;singleton"*****
*****regist*****
*****ntaine*****
*****tainer*****
*****ntaine*****
*****unit*****
*****em.we*****
***** maintainScrollPositionOnPostBack="true" controlRen*****
*****rols&*****
*****t;BIStudio.UI.Pager"*****
*****trols*****
*****ages*****
*****true" batch="false&qu*****
*****mblies*****
*****0.0.0, Culture=neutral, Public*****
*****.0, Culture=neutral, PublicK*****
*****0, Culture=neutral, PublicK*****
***** Culture=neutral, PublicKe*****
*****0.0.0, Culture=neutral, Public*****
*****0.0, Culture=neutral, Public*****
*****0, Culture=neutral, PublicK*****
*****, Culture=neutral, PublicKey*****
*****.0.0.0, Culture=neutral, Publ*****
*****4.0.0.0, Culture=neutral, Publi*****
*****rsion=4.0.0.0, Culture=neutral, P*****
*****=4.0.0.0, Culture=neutral, Publ*****
*****.0.0.0, Culture=neutral, Publi*****
*****on=4.0.0.0, Culture=neutral, Pub*****
*****sion=10.0.0.0, Culture=neutral, *****
*****on=10.0.0.0, Culture=neutral, Pu*****
*****=4.0.0.0, Culture=neutral, Publ*****
*****
*****
*****emblie*****
*****ilatio*****
***** *****
**********
*****C DEBUG C*****
***** enable ASPX debugging. O*****
*****ime performance o*****
*****ot; to insert debugging*****
*****se this creates a la*****
*****his value to true on*****
*****ore information, refe*****
*****ng ASP.NE*****
*****-&g*****
*****OM ERROR*****
*****nly" to enable custom error*****
*****r each of the erro*****
**********
***** display custom *****
*****splay detailed ASP*****
*****stom (friendly) messag*****
*****setting is recommende*****
*****ication detail infor*****
*****-&g*****
*****de="Of*****
*****THENTIC*****
*****es of the application. Poss*****
*****t;Passport" *****
**********
*****No authenticat*****
*****cation (Basic, Digest, or *****
*****on. Anonymous access *****
*****rm (Web page) for users to*****
*****ation. A user credential*****
*****rformed via a centralized *****
*****e logon and core profi*****
*****-&g*****
*****de="Win*****
*****AUTHOR*****
*****olicies of the applicati*****
*****ards: "*" mean ever*****
*****enticated*****
*****-&g*****
*****rizati*****
*****s="******
*****w all us*****
*****ot;[comma separate*****
*****t;[comma separated l*****
*****="[comma separ*****
*****t;[comma separated l*****
***** --*****
*****orizat*****
*****ION-LEVEL *****
*****race log output for eve*****
*****application trace logging. *****
*****t the bottom of each pag*****
***** "trace.axd" p*****
***** r*****
*****-&g*****
*****t="false" traceMode="So*****
*****ION STAT*****
*****entify which requests be*****
*****an be tracked by adding a *****
*****essionState cookie*****
*****-&g*****
*****ectionString="data source=127.0.0.1;Trusted_Connecti*****
*****cpip=127.0.0.1:42424" cookieless=&q*****
*****"280450BB36319B474C996B506A95AEDF9B51211B1D2B7A7*****
*****=192.168.1.8:42424" cookieless=&qu*****
*****GLOBAL*****
*****balization setting*****
*****-&g*****
*****!--*****
*****tomProvider="Redis*****
*****rovide*****
*****;clear*****
*****isSessionStateStore.RedisSessionStateStor*****
*****provid*****
*****nState&g*****
*****
*****
*****cutionTimeout="90" ma*****
*****tf-8" responseEnco*****
*****pHandl*****
*****g.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, V*****
*****tpHand*****
*****Servic*****
*****rotoco*****
*****uot;HttpPost*****
*****"HttpG*****
*****protoc*****
*****bServi*****
*****em.web*****
*****webServ*****
*****andle*****
*****=".htm*****
*****Control.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microso*****
*****ndlers*****
*****taticCo*****
*****bak" mimeType=&quo*****
*****aticCont*****
*****.webSer*****
*****service*****
*****indin*****
*****HttpBind*****
*****;false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" m*****
*****xArrayLength="16384" maxBytesPerRead=*****
*****mode="N*****
*****" proxyCredentialType=&q*****
*****t;UserName" algorith*****
*****;/secur*****
*****;/bind*****
*****SoapBinding" close*****
*****iveTimeout="00:10:00&quo*****
*****nLocal="false" hostNam*****
*****ufferSize="524288" ma*****
*****sferMode="Buffered&quot*****
*****Encoding=&quot*****
*****tentLength="10485760&quo*****
*****760" maxNameTableChar*****
*****urity mode=&qu*****
*****ialType="None" p*****
***** realm=&quo*****
*****e="UserName" algor*****
***** </s*****
*****nding*****
*****uot;wmgwSoa*****
*****cHttpBin*****
*****cpBind*****
*****t; sendTimeout="00:01:00" maxBufferPoolSize="2147483647" maxBuffe*****
*****t;2147483647" maxBytesPerRead="214748*****
*****mode="N*****
*****;/bind*****
*****tTcpBin*****
*****ndings*****
*****lient*****
29.://**.**.**//219.134.187.132:8080/scheduler/ws/AcceptOrderService" binding="basicHttpBinding" bindingConfiguration="AcceptOrderServiceServiceSoapBinding" contract="AcceptOrderService.IAcceptOrderService" name="AcceptOrderServicePort" />_
30.://**.**.**//119.147.212.44/bsp-ois/ws/expressServicewsdl" binding="basicHttpBinding" bindingConfiguration="CommonServiceServiceSoapBinding" contract="SFServiceReference.IService" name="CommonServicePort" />_
31.://**.**.**//inventory.int.benlai.com:688/InventoryService.svc"_
*****dingConfiguration="Ne*****
*****Service" name="NetTc*****
32.://**.**.**//bsp-oisp.test.sf-express.com:6080/bsp-oisp/ws/sfexpressService"_
*****gConfiguration="Commo*****
*****" name="SFServiceRe*****
*****clien*****
*****erviceMo*****
*****uratio*****
*****cod*****


很重要!!!
很重要!!!
很重要!!!

漏洞证明:

···

修复方案:

加强运维安全

版权声明:转载请注明来源 爱上平顶山@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-10-16 11:21

厂商回复:

谢谢

最新状态:

暂无