当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0159488

漏洞标题:中粮集团某站点泄露超多内部人员信息

相关厂商:中粮集团有限公司

漏洞作者: 路人甲

提交时间:2015-12-09 12:21

修复时间:2016-01-23 15:16

公开时间:2016-01-23 15:16

漏洞类型:后台弱口令

危害等级:高

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-09: 细节已通知厂商并且等待厂商处理中
2015-12-10: 厂商已经确认,细节仅向厂商公开
2015-12-20: 细节向核心白帽子及相关领域专家公开
2015-12-30: 细节向普通白帽子公开
2016-01-09: 细节向实习白帽子公开
2016-01-23: 细节向公众公开

简要描述:

求一个邀请码,加入Wooyun大家庭。

详细说明:

http://hz.cofcopack.com/ 登陆框没有验证码
简单的随意跑一下就很多很多的口令。

1.jpg


仅仅密码1就能登陆很多账户。
随意拿一个登陆。
zhangli / 1

login.jpg


在通讯录可以查看中粮集团的内部联系方式。
http://hz.cofcopack.com/client.do?method=getpage&sessionkey=abcnez-_N4wQ25akB2bgv&module=6&scope=3&detailid=3
修改detailid即可遍历。

boss.jpg


漏洞证明:

只用正则匹配了邮箱,没有去匹配手机等联系。

zxoa@cofco.com
shiyu@cofco.com
zhang-ye@cofco.com
fengping@cofco.com
yangmu@cofco.com
lvqing@cofco.com
zhao_wei@cofco.com
jamescheng@cofco.com
xiaoyan@cofco.com
guxiaolei@cofco.com
wangdanwen@cofco.com
guanhuili@cofco.com
xuyulan@cofco.com
yanhm@cofco.com
dingyuran@cofco.com
dingjj@cofco.com
yufeii@cofco.com
wangxw@cofco.com
nieshuli@cofco.com
xiongfang@cofco.com
guohuiling@cofco.com
lvxiaohong@cofco.com
niyunkai@cofco.com
wli@cofco.com
wangmeixia@cofco.com
song-bo@cofco.com
wangbuhao@cofco.com
xuhao1@cofco.com
liu-xianghong@cofco.com
sunqunfang@cofco.com
lijimin@cofco.com
huqh@cofco.com
equipment@cofco.com
chenjiejing@cofco.com
zhuzhengli@cofco.com
fenghui@cofco.com
yujw@cofco.com
sunxl@cofco.com
yiyangzhi@cofco.com
zenglimin@cofco.com
zhujiqing@cofco.com
lbo@cofco.com
mingzhang@cofco.com
wuyanyan@cofco.com
songlj@cofco.com
xuwen@cofco.com
xy@cofco.com
kongchg@cofco.com
yefeifei@cofco.com
huxiaomin@cofco.com
zhangxiaopei@cofco.com
dingshuyue@cofco.com
wang-zhonghua@cofco.com
nichunbiao@cofco.com
quxiejing@cofco.com
liqinggong@cofco.com
qianrong@cofco.com
zjh@cofco.com
loumy@cofco.com
yudong@cofco.com
li-xd@cofco.com
sunyi-bz@cofco.com
wshong@cofco.com
liuyiyu@cofco.com
pengyt@cofco.com
wj-bz@cofco.com
chengqun@cofco.com
zhoujp@cofco.com
wang-zhigang@cofco.com
jiangquwu@cofco.com
fuchuanyang@cofco.com
wei.wang@cofco.com
wujinyuan@cofco.com
liuguoxin@cofco.com
wangfu@cofco.com
lvxiaodong@cofco.com
yaoqiaojiang@cofco.com
lxj@cofco.com
ljiang@cofco.com
fuyanhua@cofco.com
maohb@cofco.com
yinxy@cofco.com
wunaijiang@cofco.com
guoweiping@cofco.com
lehuan@cofco.com
hanjia@cofco.com
zhang-junhui@cofco.com
hanlizhong@cofco.com
suntx@cofco.com
zhangweiheng@cofco.com
zhanghanyu@cofco.com
zhangming-bz@cofco.com
helena@cofco.com
wangxiaogang@cofco.com
quhongliang@cofco.com
wujd@cofco.com
zhuhailin@cofco.com
zhanghao-zg@cofco.com
xujun-zg@cofco.com
dss@cofco.com
janoy.zhan@cofco.com
jerry.zhang@cofco.com
loujian@cofco.com
zhaoqiang@cofco.com
yaof@cofco.com
davidchan@cofco.com
pasuyim@cofco.com
candytao@cofco.com
yangg@cofco.com
liw@cofco.com
guojf@cofco.com
smin@cofco.com
zhoudj@cofco.com
fmcming@cofco.com
xuhuiqiang@cofco.com
fanxiaoyan@cofco.com
wang-nan@cofco.com
liaoyu@cofco.com
zchao@cofco.com
lvxj@cofco.com
yanyunlong@cofco.com
zjing@cofco.com
xuxuan@cofco.com
chenxuejiao@cofco.com
dingchang@cofco.com
luhm@cofco.com
yeshilu@cofco.com
shaogz@cofco.com
duxiaodan@cofco.com
lvdk@cofco.com
lixuexue@cofco.com
jinhongmei@cofco.com
cfei@cofco.com
wuyp@cofco.com
shisl@cofco.com
wangpd@cofco.com
wangyongde@cofco.com
lizhongzheng@cofco.com
zhang-xi@cofco.com
zhaopinjiang@cofco.com
tangyu@cofco.com
fangdongsheng@cofco.com
king@cofco.com
xuql@cofco.com
wangxiaolu@cofco.com
zhangxing@cofco.com
liliangliang@cofco.com
dubin@cofco.com
wangyusheng@cofco.com
wangyuehong@cofco.com
jiangyaoyao@cofco.com
songy@cofco.com
suzp@cofco.com
kitechen@cofco.com
minzhang@cofco.com
zhangyiyang@cofco.com
suqw@cofco.com
zhangweinan@cofco.com
tanzy@cofco.com
wugeng@cofco.com
guxq@cofco.com
malun@cofco.com
yukang@cofco.com
zhoubibang@cofco.com
shenjian@cofco.com
zhouchangsuo@cofco.com
wenh@cofco.com
zhangweili@cofco.com
zhengshan@cofco.com
xuxiaojun@cofco.com
tangm@cofco.com
xusb@cofco.com
xiaongxiaohong@cofco.com
yrl@cofco.com
maogz@cofco.com
shixx@cofco.com
kexz@cofco.com
yanyx@cofco.com
wwei@cofco.com
zhengbo@cofco.com
zhouqiong@cofco.com
zhangsq@cofco.com
feijinping@cofco.com
liuqf@cofco.com
liumeiyan@cofco.com
zhengjianghe@cofco.com
chenal@cofco.com
wgq@cofco.com
huangfeng@cofco.com
liuwanglin@cofco.com
fangqiang@cofco.com
shigongcheng@cofco.com
sunhong@cofco.com
nijiai@cofco.com
huya@cofco.com
chenyuhong@cofco.com
huguocheng@cofco.com
li-chuang@cofco.com
gongbaojie@cofco.com
zhengmuhua@cofco.com
chengmiao@cofco.com
lv-fei@cofco.com
zhubinhao@cofco.com
xuhp@cofco.com
loujing@cofco.com
liuweijin@cofco.com
csong@cofco.com
wengminwen@cofco.com
zhoucheng@cofco.com
toylor@cofco.com
zhouchangjin@cofco.com
wangyuefeng@cofco.com
lijing5@cofco.com
hefen@cofco.com
yuanf@cofco.com
qianli@cofco.com
xiemh@cofco.com
shenlina@cofco.com
lmin@cofco.com
yaoxl@cofco.com
guiht@cofco.com
shenxinhua@cofco.com
gyjin@cofco.com
tongjq@cofco.com
shenxiaofeng@cofco.com
zhuwei@cofco.com
xuhao@cofco.com
hongxh@cofco.com
cairui@cofco.com
xuyanling@cofco.com
mali-bz@cofco.com
ejianlove@cofco.com
liangym@cofco.com
sunm@cofco.com
fanmx@cofco.com
luoxiaosheng@cofco.com
zhangrong@cofco.com
weij@cofco.com
wanganqi@cofco.com
tianchao@cofco.com
liurong@cofco.com
zhaohy@cofco.com
hzzhoujun@cofco.com
tingting@cofco.com
chencheng1@cofco.com
yangguanglai@cofco.com
zhoudc@cofco.com
mibobo@cofco.com
mafangchao@cofco.com
chenweiwei@cofco.com
zhangbf@cofco.com
jiyijian@cofco.com
jiaoshijun@cofco.com
xuke1@cofco.com
smj@cofco.com
fanglili@cofco.com
wu-hui@cofco.com
lqd@cofco.com
luoyun@cofco.com
wangyiwolf@cofco.com
gaoyu@cofco.com
yexb@cofco.com
chenzuan@cofco.com
xiajingzg@cofco.com
goods@cofco.com
wangting@cofco.com
libw@cofco.com
heshan@cofco.com
fangle@cofco.com
chuqiushuo@cofco.com
sufei@cofco.com
jessica-chen@cofco.com
jiangxr@cofco.com
maxing@cofco.com
xiexb@cofco.com
lushiming@cofco.com
heweizg@cofco.com
caihw@cofco.com
yunw@cofco.com
qianshaojie@cofco.com
gzhang@cofco.com
linxuqiang@cofco.com
yujunfeng@cofco.com
wangxiangyu@cofco.com
chengbiao@cofco.com
wangyy@cofco.com
yingmeng@cofco.com
zhu-xl@cofco.com
chenheqing@cofco.com
qj@cofco.com
zql@cofco.com
wenquanguo@cofco.com
tony.luo@cofco.com
jhma@cofco.com
zwwang@cofco.com
shangcunjing@cofco.com
yangxuchao@cofco.com
huangyongfu@cofco.com
wentao@cofco.com
chenhua@cofco.com
wen-qiang@cofco.com
gujs@cofco.com
xiejiaozhong@cofco.com
zhengpingmei@cofco.com
lizongwu@cofco.com
lin-jun@cofco.com
huangqihong@cofco.com
jiangfei-bz@cofco.com
qiaohongsheng@cofco.com
dongtao@cofco.com
zhouxiaobing-bz@cofco.com
huangbaoyu-bz@cofco.com
guolili@cofco.com
liuwy1001@cofco.com
li-y@cofco.com
chenshuxia@cofco.com
wenlijuan@cofco.com
huqing@cofco.com
wengyan@cofco.com
fanny.su@cofco.com
huangyingqing@cofco.com
zhaoj@cofco.com
sam_peng@cofco.com
qiboshuai@cofco.com
huang-wx@cofco.com
liquanwei@cofco.com
jiyongzhan@cofco.com
liaoheng@cofco.com
pengsaiping@cofco.com
yang-sx@cofco.com
linshirong@cofco.com
dongcuanlu@cofco.com
chenyaoqiang@cofco.com
tangjunping@cofco.com
wangyoudi@cofco.com
hlwu@cofco.com
zyjiang@cofco.com
geguoliang@cofco.com
tanfangfang@cofco.com
luoxiao@cofco.com
fuyuli@cofco.com
huangdemei@cofco.com
huangyuhua@cofco.com
tanhengjia@cofco.com
sr@cofco.com
liweifeng@cofco.com
zhuhongguang@cofco.com
wangjin@cofco.com
chenyu@cofco.com
qiuming@cofco.com
zhangjingshan@cofco.com
lvfeng@cofco.com
tsui.ken@cofco.com
feihaimin@cofco.com
wangxfeng@cofco.com
sizhenwei@cofco.com
wu-yl@cofco.com
huayinhai@cofco.com
dhluo@cofco.com
husijin@cofco.com
zhangguochang@cofco.com
lanwn@cofco.com
tangxunhua@cofco.com
yishinexue@cofco.com
liulamei@cofco.com
chenyujuan@cofco.com
fanwc@cofco.com
yszhang@cofco.com
ming-chen@cofco.com
wangbincpmc@cofco.com
weiqh@cofco.com
liangsiru@cofco.com
caoql@cofco.com
binyp@cofco.com
yqing@cofco.com
xubi@cofco.com
liquan@cofco.com
xiaodan1@cofco.com
liubiqiang@cofco.com
lihaining@cofco.com
lixiaoka@cofco.com
jiangzhen@cofco.com
lizhiliang@cofco.com
zhujupeng@cofco.com
jenny.zhan@cofco.com
chenyr@cofco.com
guqing@cofco.com
caijz@cofco.com
sophia.wong@cofco.com
luzhizuo@cofco.com
gwei@cofco.com
hejianmei@cofco.com
ouyanghongjing@cofco.com
xiaodunyou@cofco.com
guanghui@cofco.com
zhengquansheng@cofco.com
wang-jin@cofco.com
xfzhang@cofco.com
zhanghong1@cofco.com
zhenghe@cofco.com
yuguangyang@cofco.com
duzhanjun@cofco.com
liumenggang@cofco.com
rex@cofco.com
wangwenlong@cofco.com
nicyzhang@cofco.com
ma-li@cofco.com
wangsanmei@cofco.com
tianzhonghua@cofco.com
suishuli@cofco.com
zhangyuanchuan@cofco.com
shen-yong@cofco.com
jixin@cofco.com
zhangfeng-bz@cofco.com
hehaimin@cofco.com
zhouwenjuan@cofco.com
xxiao@cofco.com
nilinyan@cofco.com
gouqiang@cofco.com
zyao@cofco.com
jianghaiqiang@cofco.com
zhanglongfei@cofco.com
gongshangzhi@cofco.com
wang-heng@cofco.com
liuwei168@cofco.com
liuhuimin@cofco.com
zhang-jinlong@cofco.com
liuhuaqi@cofco.com
lusiyu@cofco.com
liufeng3@cofco.com
huangming@cofco.com
weiqinchang@cofco.com
hrs@cofco.com
zenghong@cofco.com
hanmingwei@cofco.com
yijiaoe@cofco.com
huxiaobin@cofco.com
zhaowenqing@cofco.com
shenshuang@cofco.com
zhaobi@cofco.com
zy-bz@cofco.com
yangchunfeng@cofco.com
maqiong@cofco.com
zhangjingyan@cofco.com
qiangl@cofco.com
huyuanchun@cofco.com
wangyingpinguan@cofco.com
chengxu@cofco.com
duhongbo@cofco.com
he-can@cofco.com
fengli-bz@cofco.com
fengqi@cofco.com
xuyina@cofco.com
yangdayan@cofco.com
xusongyi@cofco.com
amei@cofco.com
lisa@cofco.com
money@cofco.com
shirley@cofco.com
sharon@cofco.com
chenzhenchao@cofco.com
nieminjie@cofco.com
vivienzhao@cofco.com
liudong1@cofco.com
tangzukang@cofco.com
zhaoguo@cofco.com
zengh@cofco.com
yutingyan@cofco.com
jam.zeng@cofco.com
wendy.wan@cofco.com
linbiyun@cofco.com
zhangsx@cofco.com
lixin@cofco.com
chenfeng1@cofco.com
lifangxiong@cofco.com
kuangwenxiu@cofco.com
cy-bz@cofco.com
shenyuanyuan@cofco.com
chenyanting@cofco.com
songyufu@cofco.com
yangdaguang@cofco.com
lf-bz@cofco.com
zhangjianwei@cofco.com
heyaoqing@cofco.com
gujinglei@cofco.com
yuanjidong@cofco.com
liujiaqiu@cofco.com
lixingqiang@cofco.com
xulidan@cofco.com
wuyalan@cofco.com
luqiuyue@cofco.com
chenmanxiang@cofco.com
wangbo-gz@cofco.com
xiaohaowei@cofco.com
yanghuiyun@cofco.com
lishaojun@cofco.com
shijianming@cofco.com
daishifeng@cofco.com
gaojuezhang@cofco.com
dujun@cofco.com
wuyan@cofco.com
chenfw@cofco.com
tonglisi@cofco.com
clong@cofco.com
dong-xiaoyan@cofco.com
wu-yin@cofco.com
yanfang@cofco.com
tangzhaojian@cofco.com
shendonghui@cofco.com
qijl@cofco.com
chenmeiying@cofco.com
chencf@cofco.com
jiangjf@cofco.com
xuyuxiang@cofco.com
raulchen@cofco.com
jiangjixin@cofco.com
xingkai@cofco.com
daixm@cofco.com
zhou-hua@cofco.com
liuke@cofco.com
ljh@cofco.com
pengjs@cofco.com
shenlf@cofco.com
zhaojm@cofco.com
zhuxiaomei@cofco.com
zhuwq@cofco.com
chenje@cofco.com
yuanfeifei@cofco.com
lp-bz@cofco.com
zhanghangmin@cofco.com
tangshaolei@cofco.com
wenghuaping@cofco.com
yan-l@cofco.com
lling@cofco.com
qinqq@cofco.com
qiuyue@cofco.com
huang-jian@cofco.com
yangwan@cofco.com
zhaoyuzhu@cofco.com
guocaifang@cofco.com
maxuefen@cofco.com
minyixian@cofco.com
zjingjing@cofco.com
hanyq@cofco.com
hezhy@cofco.com
liuyan-ks@cofco.com
zhouq@cofco.com
wang-ys@cofco.com
sunhongqi@cofco.com
caocq@cofco.com
panyong@cofco.com
songjunmin@cofco.com
hehaifeng@cofco.com
caiyajun@cofco.com
lli@cofco.com
chenwg@cofco.com
sunwz@cofco.com
du-juan@cofco.com
shangguangjuan@cofco.com
liumeiyu@cofco.com
taogang@cofco.com
yjia@cofco.com
machenxin@cofco.com
wufenghui@cofco.com
liqingqing@cofco.com
wangbaixiang@cofco.com
fengyufa@cofco.com
cindychen@cofco.com
fk@cofco.com
zengzhijun@cofco.com
zhangjn@cofco.com
fanping@cofco.com
zhenggh@cofco.com
lihongyang@cofco.com
gaolz@cofco.com
mahongbo@cofco.com
dingguofeng@cofco.com
yujiawen@cofco.com
lq-bz@cofco.com
chenglw@cofco.com
wu-hy@cofco.com
yanxu@cofco.com
zhangfang-bz@cofco.com
zhangxcy@cofco.com
shirleyzhang@cofco.com
angle_zhj@cofco.com
liuyanbo@cofco.com
zhangliyan@cofco.com
zhanglidan@cofco.com
wang_hao@cofco.com
heshasha@cofco.com
tongchuan@cofco.com
jiangzhongwu@cofco.com
zhongfang@cofco.com
wangjirui@cofco.com
dongshujuan@cofco.com
liuluchun@cofco.com
hejf@cofco.com
dongzhijie@cofco.com
zhurf@cofco.com
wangbg@cofco.com
chenqb@cofco.com
ys@cofco.com
huqy@cofco.com
baiyh@cofco.com
yanhy@cofco.com
liushuai@cofco.com
liujn@cofco.com
liuxiaoming@cofco.com
zhanghuitao@cofco.com
qianglu@cofco.com
zhangxiaoping@cofco.com
mahanhui@cofco.com
yong-wang@cofco.com
gengyunxiao@cofco.com
slei@cofco.com
zhang_x@cofco.com
fun@cofco.com
miaoxuwei@cofco.com
yinguojun@cofco.com
lixuzhao@cofco.com
muyongchao@cofco.com
huangyanyan@cofco.com
donghuiming@cofco.com
wangyinhuan@cofco.com
yanglei-bz@cofco.com
yy-zltj@cofco.com
xhx@cofco.com
billy@cofco.com
lixianqiang@cofco.com
lizhiqiang@cofco.com
wangjiulai@cofco.com
xuxin1@cofco.com
ren-yuan@cofco.com
panxy@cofco.com
jorvik@cofco.com
liujia-bz@cofco.com
majianyong@cofco.com
zhanghongying-bz@cofco.com
zhang-hongying@cofco.com
zhangcx-bz@cofco.com
chuyuncheng@cofco.com
qiuhc@cofco.com
wzhou@cofco.com
cici@cofco.com
yinenfeng@cofco.com
fucq@cofco.com
changchenying@cofco.com
zhanghr@cofco.com
zhangqs@cofco.com
zhangher@cofco.com
lijs@cofco.com
chenly@cofco.com
li-chunyu@cofco.com
wangjinzhou@cofco.com
Joy_HB@cofco.com
qutao@cofco.com
zhangjie-bz@cofco.com
duanhaijiao@cofco.com
liuhuanyong@cofco.com
shengxiang@cofco.com
fanghonghai@cofco.com
zhouxiong@cofco.com
zhuoqimeng@cofco.com
zjiajia@cofco.com
zhaiyongzhao@cofco.com
chongzhijuan@cofco.com
caohm@cofco.com
liujianhua@cofco.com
wuyz@cofco.com
liangjingjing@cofco.com
gucj@cofco.com
guj@cofco.com
liyk@cofco.com

修复方案:

在登陆的地方加上验证码等措施。
求乌云邀请码。

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-12-10 11:13

厂商回复:

非常感谢,尽快整改!

最新状态:

暂无