当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0149418

漏洞标题:泛华保险普益投基金某系统Getshell可导致用户敏感信息泄漏

相关厂商:pywm.com.cn

漏洞作者: 路人甲

提交时间:2015-10-26 09:45

修复时间:2015-10-31 09:46

公开时间:2015-10-31 09:46

漏洞类型:后台弱口令

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-26: 细节已通知厂商并且等待厂商处理中
2015-10-31: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

泛华保险

详细说明:

http://182.254.162.32:7001/etrading/

1.jpg


weblogic弱口令
http://182.254.162.32:7001/console/login/LoginForm.jsp
weblogic/weblogic1
为了安全 已将密码修改为ma666666
通过上传war 拿到shell
http://182.254.162.32:7001/ma/ma3.jsp
看下数据库链接信息
/data/weblogic/ETSDomain/config/jdbc/dstrade2edatasource2esysConfig-7697-jdbc.xml

jdbc:oracle:thin:@10.232.6.108:1522/ODSDB
hssale
trade0301


看下数据库

JJRBCL_FYLB104317250 
TMP_LIMIT_TRUST
JJRBCL_JJRDM104317250
JJRBCL_JJRLB_104317250
JYZK_FELB_B_110756796
JYZK_FZX_B_110756796
JYZK_HDDM_B_110756796
JYZK_JJDM2_B_110756796
JYZK_JJDM_B_110756796
JYZK_KHFL_B_110756796
JYZK_KHLB_B_110756796
JYZK_WD_B_110756796
JYZK_WTFS_B_110756796
JYZK_YHBH_B_110756796
JYZK_YWLB_B_110756796
JYZK_ZJFS_B_110756796
TMP_DISCOUNT_BANKNO
TMP_DISCOUNT_BROKERNO
TMP_DISCOUNT_BUSINFLAG
TMP_DISCOUNT_CAPITALMODE
TMP_DISCOUNT_CENTERNO
TMP_DISCOUNT_CUSTKIND
TMP_DISCOUNT_CUSTTYPE
TMP_DISCOUNT_FUNDCODE
TMP_DISCOUNT_MAXBALA
TMP_DISCOUNT_MINBALA
TMP_DISCOUNT_NETNO
TMP_DISCOUNT_OTHERFUNDCODE
TMP_DISCOUNT_PROMOTION
TMP_DISCOUNT_SHARETYPE
TMP_DISCOUNT_TRADEACCO
TMP_DISCOUNT_TRUST
TMP_LIMIT_BANKNO
TMP_LIMIT_BUSINFLAG
TMP_LIMIT_CAPITALMODE
TMP_LIMIT_CUSTKIND
TMP_LIMIT_CUSTTYPE
TMP_LIMIT_FUNDCODE
TMP_LIMIT_OTHERFUNDCODE
TMP_LIMIT_SHARETYPE
JJRBCL_JJDM_104317250
TEXPSCALE
TCOMFORMAT
TLIMIT
TQUERYCOMFORMAT
HSI_MODIFYDETAILLOG
TWORDSPELL
TAUDITLOG
TIFILEFIELD
TTRUSTDISCOUNT
TFAREZONE
TERRORCODE
TQUESTIONREPLY
TCAPITALMODERATIO
HSI_OPLOG
TDEINTERFACE
TSERVICE
TDICTIONARY
TACCOMODIFYLOG
TSUBAREACODE
TCAPITALDATE
HSI_ERRORLOG
TVOUCHERFIELD
HSI_MODIFYLOG
TJZIFILEFIELD
TCOMDICT
HSI_GROUPRIGHT
TFIELDCORRESPOND
TOPENDAY
TEVIEWCONFIG
TJZFIELDCORRESPOND
TBUSINPERMISSION
TJZINTERFACEDICT
TINTERFACEDICT
TREPORTGROUPSET
TFUNDDETAIL
TCITY
TQUERYGRIDSET
TAREACODE
TCUSTRISKINFO
TSQL
TESERVICE
TFUNDINFO
TDYNAMICFUNDINFO
TFUNDWORKDAY
TBROKERRATIO
TFUNDTYPE
TFUNDCURRENT
TFUNDCURRENT_NET
HSI_MENU
TSYSPARAMETER
HSR_REPORTCLASS
TREPORTFIELDSET
TSZTCOMFORMAT
TFUNDCURRENT_TMP
TREQUEST_NET
TFUNDINTERFACE
TCONFIRM
TSHARECURRENT
TREQUEST
TQUESTIONOPTION
TBUSINFLAG
TBATCHREQCPD
TTRUSTPERMISSION
HSR_REPORT
TSZTCOMDICT
TBATCHREQDICT
THQUESTIONREPLY
TSHAREDETAIL
TSHAREDETAIL_NET
TFUNDMARKET
TTRAILCOMMISSION
TDAYINCOME
TBROKERSUCCESS
TCONFIRMDETAIL
TACCOREQUEST_NET
TACCOREQUEST
TCAPITALBUSIN
HSI_PARAMETER
TFILETYPE
TBUSINAUDIT
TSTATICSHARE
TSTATICSHARE_NET
TACCOINFO
TACCOINFO_NET
TACCOBANK_NET
TCUSTINFO_NET
TCUSTINFO
TACCOBANK
TRISKLIMIT
TLIQUIDATEFLAG
TFUNDACCO_NET
TFUNDACCO
TDEALPROCESS_NET
TDEALPROCESS
TACCORELATION
TACCORELATION_NET
HSI_TOOLBUTTON
TACCOCONFIRM
TCUSTFUND_NET
TCUSTFUND
TCOMPRESULT
TQUESTIONNAIRE
TTAAUTHORIZATION
TDIVIDENDDETAIL
HSI_PASSWORDHIS
HSI_USER
HSI_USERGROUP
HSI_USERNETNO
TBANKACCOCURRENT
THCHINAPAYCOMPRESULT
HSR_CLASS
TERRORMSG
TFREEQUERY
HSI_RIGHT
HSI_GROUP
TQUESTIONRISK
TSENDCHINAPAYCOLLECT
TSENDCHINAPAY
HSI_USERSTATE
TSZTMSGSERVICE
THBANKACCOCAPITAL
TFUNDMANAGER
TCAPITALMODENET
THCUSTRISKINFO
TVOUCHERSQL
TBANKACCO
TSZTCOMPONENT
THYLFEE
TBUSINCFG
TBROKER
TCONTACT
HSI_SYSTEM
THCONTACT
TBUSINSETUPMUX
TSALE
TTAINFO
TDICCODERELATION
TNETSTATION
TTRADESETFIELDPARAM
TDISCOUNT
TBRANCH
TCHILDCENTER
TBANKACCOCAPITAL
TREQUESTMODIFYLOG
TACCOCONFIRM_TMP
TSHARECOMP
TFIXREQUEST_NET
TFIXREQUEST
TSHARECOMP_TMP
TFUNDMARKET_TMP
TCONFIRM_TMP
TCHINAPAYCOMPRESULT
TDIVIDENDDETAIL_TMP
TCHINAPAYCOMP
THSMSSEND
TYEBBANKACCO
TBACKUPTABLES
TFUNDMARKET_REST
TPARTNERSENDCONFIG
TACCOTGR
TACCOMANAGER
TEFUNDCONTRACT
TYEBCONVERTREQUEST
TCAPSPILITPARAMETER
TCUSTMATCH
VYEBPAYOUTREQUEST
VYEBPAYINRESULT
TSHAREQUERY
TFUNDINFOQUERY
TTRUSTJKCONFIRM
TTRUSTJKCONFIRM_TMP
TTRUSTPZCONFIRM
TTRUSTPZCONFIRM_TMP
TAGENCYFUNDINFO
TYEBPAYINREQUEST
TBANKBALANCEDETAIL
TSUMREQUEST_TMP
THTRADEINTERACT
THACCOINTERACT
TTRADEINTERACT
TACCOINTERACT
THPARTNERREQUEST
TCAPITALDATASFLAG
TCAPITALSYSTEMCONFIG
THCAPITALCOMMAND
TCAPITALCOMMAND
TYEBASSET_TOTAL
TPARTNERREQUEST
TDSAPPADDRESS
TUSERMANAGER
TTHIRDPROTOCOLCURRENT_TMP
TTHIRDPROTOCOLCURRENT
TTHIRDPROTOCOLDETAIL
TRISKLIMIT_WEB
TFUNDATTACHINFO
TYEBASSET_BEFORECASH_DS
TDIVIDENDDETAIL_LIQ
TCONFIRM_LIQ
TGLRYEBINCOMECURRENT
TTZRYEBINCOMECURRENT
TYEBACCOBANK
TYEBACCOINFO
TALLOTREDEEMBATIMP
TYEBFUNDDAY
TYEBCALLDSTRANSFERORDER
TTHIRDPROTOCOL_TMP
TTHIRDPROTOCOL
TCOLLECTCAPIN
TZFFUNDLIMIT
TPROEXPORTCAPITALSET
TYEBASSET


看下具体的

2.jpg


3.jpg

漏洞证明:

2.jpg

修复方案:

修改密码

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-10-31 09:46

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无