当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-094877

漏洞标题:中航信邮箱密码泄漏及VPN账号和大量邮箱弱口令导致可内网漫游拿到域控

相关厂商:中航信

漏洞作者: 路人甲

提交时间:2015-01-31 13:46

修复时间:2015-03-17 13:48

公开时间:2015-03-17 13:48

漏洞类型:账户体系控制不严

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-01-31: 细节已通知厂商并且等待厂商处理中
2015-02-05: 厂商已经确认,细节仅向厂商公开
2015-02-15: 细节向核心白帽子及相关领域专家公开
2015-02-25: 细节向普通白帽子公开
2015-03-07: 细节向实习白帽子公开
2015-03-17: 细节向公众公开

简要描述:

中航信邮箱密码泄漏及大量邮箱及VPN账号弱口令导致可内网漫游拿到域控

详细说明:

https://mail.travelsky.com/
常见姓名作为字典爆破 获得一个邮箱弱口令,登陆邮箱获取所有邮箱用户爆破 得如下弱口令账号:

mask 区域
*****后^*****
*****nh*****
*****na*****
*****adm*****
*****min*****
*****nw*****
*****jie*****
*****ya*****
*****an*****
*****ih*****
*****iji*****
*****ao*****
*****uh*****
*****xi*****
*****do*****
*****ei*****
*****ng*****
*****h
*****
*****ng*****


存在弱口令的账号包括但不限于以上邮箱列表
利用得到的邮箱列表作为用户名 发现VPN也存在大量弱口令,由于时间关系 VPN弱口令请自行用邮箱名测试
https://122.119.255.79/por/login_psw.csp xuqian 123456

屏幕快照 2015-01-31 下午1.12.52.png


所有子域信息:

> ls travelsky.com
[ns1.caacnet-oa.com]
travelsky.com. A 122.119.122.179
travelsky.com. NS server = ns2
123 A 202.106.139.15
3u A 202.106.139.31
old.3u A 202.106.139.16
6266 A 202.106.139.30
aar A 122.119.122.82
aar-data A 122.119.122.224
abd A 10.6.142.239
adapis A 122.119.122.67
afdip A 10.6.168.138
agibe A 122.119.122.38
agora A 202.106.139.6
agorabis A 122.119.122.74
airchina A 122.119.122.79
airnotice A 122.119.122.63
airport.travelsky.com A 202.106.139.30
airtis.travelsky.com A 122.119.122.201
ais.travelsky.com A 122.119.122.171
amps.travelsky.com A 122.119.122.151
amsde A 202.106.139.6
apptest A 202.106.139.196
aps A 202.106.139.30
apt A 122.119.122.208
aptldp A 122.119.147.48
arcs A 202.106.139.6
asp A 202.106.139.30
atbb A 202.106.139.5
atpd A 122.119.144.21
htl.atpd A 202.106.139.6
baosheng A 202.106.139.30
baoxian A 122.119.122.33
bar A 122.119.122.92
be A 122.119.122.26
berry A 10.6.168.89
bi A 122.119.122.74
bj A 122.119.122.82
bk A 122.119.122.51
bkb2b A 202.106.139.31
old.bkb2b A 122.119.122.111
bluesky A 122.119.122.38
bspdata A 202.106.139.25
bsserver A 122.119.129.71
bst A 122.119.122.92
btg A 202.106.139.30
bvdemo A 10.6.184.246
ca A 122.119.122.79
cab2b A 122.119.122.79
cae A 202.106.139.30
caldp A 10.6.66.11
capss A 10.6.151.16
cargo A 122.119.114.47
cargo1 A 122.119.122.44
cargo2 A 122.119.114.47
cargotest A 122.119.113.16
cawcki A 122.119.122.63
cc A 10.6.151.16
cdp A 122.119.122.139
web.cki A 10.6.168.124
cm-i-epm A 10.6.134.17
cmtest A 10.6.168.211
connect A 10.6.148.214
cq A 10.6.185.16
cqmail A 10.6.185.16
crs A 122.119.122.26
cs
A 122.119.122.92
cuss A 10.6.168.138
focus.customer A 10.6.134.12
customs A 202.106.139.41
czldp A 10.6.72.4
database A 10.6.168.38
datalife A 122.119.122.74
dbtest A 202.106.139.37
dc A 10.6.141.165
docfare A 10.6.151.19
drb2b A 122.119.122.59
dsvpn A 172.17.90.6
dvp A 122.119.122.208
dzb2b A 122.119.122.59
easypay A 202.106.139.11
ebuild A 202.106.139.11
ebws A 122.119.122.116
ecargo A 122.119.114.38
ecargotest A 122.119.113.17
ecip A 122.119.121.13
edocfare A 202.106.139.6
ehelp A 10.6.154.141
emd A 122.119.122.165
english A 202.106.139.11
epm-dm A 122.119.122.63
espeed A 122.119.122.38
eta A 122.119.122.30
inter.eta A 122.119.122.30
eterm A 10.6.177.101
etermlite A 10.6.151.13
etermsp A 10.6.72.15
etifare A 10.6.151.19
eub2b A 202.106.139.31
old.eub2b A 122.119.122.51
eub2c A 202.106.139.11
fare A 122.119.114.29
fenghuanghao A 218.246.21.46
fin2 A 10.6.183.66
finance2 A 10.6.183.67
www.financecenter A 124.42.13.201
gdssms A 202.106.139.44
gjb2b A 122.119.122.162
gocom A 122.119.144.28
gov A 122.119.122.74
hangyuanair A 202.106.139.6
hnair A 122.119.114.17
hnamip A 10.131.64.24
ho A 202.106.139.31
old.ho A 202.106.139.19
hoaes A 122.119.122.111
hotel A 202.106.139.25
hoto A 122.119.122.26
huaxia A 202.106.139.30
hub A 122.119.122.26
hubairline A 10.6.151.16
huet A 122.119.114.17
huffp A 202.106.139.11
huldp A 10.6.72.4
hureport A 10.6.134.33
cn.hx A 122.119.122.59
en.hx A 203.105.33.190
hx-i-epm A 10.6.151.19
hxb2b A 122.119.122.59
ibe A 10.6.177.101
ibe1 A 122.119.114.32
ibe2 A 122.119.114.35
ibeplus A 122.119.122.38
iCDS A 202.106.139.55
iCustoms A 202.106.139.55
idm A 172.27.12.101
idp A 10.6.72.15
iGHA A 202.106.139.55
iGSA A 202.106.139.55
iLink A 122.119.121.14
im A 10.6.72.15
info A 122.119.122.26
intfare A 10.6.151.19
isp A 122.119.144.21
iterm A 202.106.139.18
itp A 122.119.122.26
jinyan496 A 202.106.139.30
jy A 10.6.147.84
kaihuaair A 202.106.139.30
lams-skyteam A 122.119.64.11
lams-skyteam2 A 122.119.64.12
lcc A 10.6.151.16
ldp A 10.6.151.16
link A 10.6.159.7
loopback A 127.0.0.1
m80-up A 202.106.139.195
mail A 10.6.168.15
mail2 A 10.6.148.124
mailapp A 10.6.168.229
mailaudit A 124.42.13.200
mailgate A 10.6.168.207
mair A 122.119.122.38
market A 10.6.183.1
merchandising A 122.119.122.51
mf A 202.106.139.19
mfaes A 122.119.122.111
mfb2b A 202.106.139.31
cn.mfetbi18n A 122.119.122.59
mfetci18n A 10.6.133.1
mfetci18n A 10.6.133.2
global.mfetci18n A 10.6.133.1
global.mfetci18n A 10.6.133.2
hk.mfetci18n A 10.6.133.1
hk.mfetci18n A 10.6.133.2
kr.mfetci18n A 10.6.133.1
kr.mfetci18n A 10.6.133.2
mo.mfetci18n A 10.6.133.1
mo.mfetci18n A 10.6.133.2
my.mfetci18n A 10.6.133.1
my.mfetci18n A 10.6.133.2
sg.mfetci18n A 10.6.133.1
sg.mfetci18n A 10.6.133.2
tw.mfetci18n A 10.6.133.1
tw.mfetci18n A 10.6.133.2
mkt A 10.6.183.1
moa A 10.6.147.85
mobileweb A 122.119.122.67
mu A 122.119.122.18
muldp A 10.6.72.4
mupss A 10.6.70.151
ncc A 10.6.177.245
net-wsus A 10.6.185.200
new A 202.106.139.30
newnrise A 10.6.151.44
news A 122.119.122.92
newsky A 122.119.122.151
nrise A 122.119.122.165
ns3 A 172.17.18.28
nsb2b A 202.106.139.31
cn.nx A 122.119.122.51
en.nx A 203.105.33.190
nxb2b A 122.119.122.158
cn.nxb2b A 122.119.122.158
en.nxb2b A 122.119.122.158
zh.nxb2b A 122.119.122.158
nxffp A 219.137.225.93
oa A 10.6.147.87
obt A 202.106.139.6
ods-datalife A 202.106.139.51
old A 10.6.168.85
open A 10.6.72.16
opensc A 122.119.122.97
ora-datalife A 202.106.139.53
ostc A 10.6.151.16
panorama A 202.106.139.30
paxsrv A 10.6.151.16
pbt A 122.119.122.26
pop3 A 10.6.168.15
portal A 202.106.139.25
products A 202.108.202.228
pss A 122.119.122.47
pub A 202.106.139.30
qwb2b A 122.119.122.59
rams A 122.119.122.165
rd A 10.6.142.225
receiptprint A 202.106.139.6
report A 122.119.122.79
rosenbluth A 202.106.139.30
salpek A 202.106.139.30
sas-datalife A 202.106.139.52
sc A 122.119.122.51
sc-d-epm A 10.6.151.19
scaes A 122.119.122.79
scb2b A 122.119.122.51
scnewb2b A 122.119.122.79
sd A 172.17.18.51
seat A 10.6.151.16
sentry A 122.119.124.43
smsinterface A 122.119.122.63
smsurl A 10.6.151.13
smsws A 10.6.151.13
smtpa A 10.6.168.207
smtpav A 10.6.168.207
smtpb A 10.6.168.226
sus A 10.6.185.200
tam A 10.6.151.50
tap A 202.106.139.25
tas A 10.6.151.13
test A 202.106.139.16
test0 A 202.106.139.12
testmupss A 10.6.134.14
testtam A 172.30.12.83
tmall A 122.119.122.190
tr A 202.106.139.25
training A 202.106.139.30
tv A 202.106.139.31
tvb2c A 202.106.139.31
twm A 202.106.139.6
typeb A 10.6.151.13
typebws A 10.6.151.13
uqb2b A 122.119.122.59
video A 122.119.113.14
vipbx A 122.119.117.13
vm-vmw219-fin A 10.6.155.127
vm-vmw733-t A 10.6.50.146
vp A 10.6.151.13
vpn A 124.42.13.197
vps A 122.119.122.183
vsp A 122.119.124.42
wap A 58.83.130.69
wap A 59.151.4.119
watcher A 10.6.168.97
web A 122.119.122.38
web2 A 202.106.139.6
webcheckin A 122.119.122.63
webcki A 122.119.122.63
weblink A 10.6.151.13
weixin A 122.119.122.198
test.weixin A 122.119.122.229
wfx A 122.119.122.38
wlan A 172.17.88.109
wuxianaudit A 124.42.13.200
wuxicits A 202.106.139.30
www A 122.119.122.179
www1 A 202.106.139.30
xmnfasco A 202.106.139.30
> ls caacnet-oa.com
[ns1.caacnet-oa.com]
*** Can't list domain caacnet-oa.com: BAD ERROR VALUE
> ls e-travelsky.com
[ns1.caacnet-oa.com]
e-travelsky.com. NS server = ns2.e-travelsky.com
adm A 10.6.141.136
domino A 172.17.18.11
eam A 10.6.183.19
law A 10.6.183.19
loopback A 127.0.0.1
www A 10.6.151.13
>


mask 区域
1.https://**.**.**
2.http://**.**.**/login.jsp guest guest_
3.http://**.**.**/denglu.aspurl1=15_
4.http://**.**.**/caci/admin/login.jsp_
5.http://**.**.**/LogIn.aspx_
6.https://**.**.**/TecAlert/_
*****^^录名是各位的^*****
7.://**.**.**//192.168.4.9:8080/rdom/login.jsp 或者:http://202.100.228.122:8080/rdom/login.jsp_
*****^^:chenly 卞惟翠:bianwc*****
**********
8.http://**.**.**/lbsp_service/services/AxisWebServiceEntryService/callAxisServiceparamList= _
*****2.22.11.200/Pub*****
9.://**.**.**//10.6.157.9:9080/WDoe/_
**********
*****elsky*****
*****m SVN开^*****
**********
10.http://**.**.**/svn/document2014/ProjDoc/laputa/20工程/20.50测试/需替换的配置文件_
**********
*****a.travel*****
*****姓名汉字,密码:pa*****
**********
*****^sonar的*****
11.http://**.**.**
*****密码^*****
**********
12.://**.**.**//10.6.148.232/svn/ARCH_JCF_
13.://**.**.**//10.6.148.232/svn/ARCH_JCF_
*****VN,或者*****
*****
*****
*****^^ 口^*****
*****g tf!12*****
*****n yjm!1*****
*****g wq!12*****
*****z!123 *****
***** ww!123*****
***** wy!123 *****
*****tu ttt!1*****
*****w wzw!1*****
*****o mls!1*****
***** gyx!123*****
***** xhx!123*****
***** xhb!123*****
***** dwx!123*****
***** ln!123*****
***** ycr!123*****
***** lzx!123*****
*****a zh!12*****
***** zk!123 *****
*****g ttw!1*****
*****x wcx!1*****
*****u hxz!1*****
***** jyc!00 *****
**********
*****^^密码*****
**********
*****eway自己改配置,以至误删除他人配置的情^*****
*****
*****
**********
*****tuxapp/kftux911 *****
**********
*****tuxapp/kftux911 *****
**********
*****tuxapp/kftux911 *****
**********
***** tuxprod/kftux911*****
**********
***** tuxprod/kftux911*****
**********
***** tuxprod/kftux911*****
**********
*****tuxtst/kftux911 *****
**********
*****uxegw/kftux911 *****
**********
***** tuxmgw/kftux91*****
**********
***** tuxqgw/kftux911 *****
**********
*****tuxngw/kftux911 *****
*****
*****
**********
*****^测试root*****
*****
*****
**********
*****84.*****
*****^^^*****
*****5de*****
*****^^12*****
**********
*****54.*****
*****54.*****
*****54.*****
*****54.*****
*****54.*****
*****54.*****
*****^123*****
**********
*****xapp密^*****
*****ss5deploy *****
14.://**.**.**//10.6.158.46/openweb/network.aspx _
**********
15.http://**.**.**
16.http://**.**.**
*****137的 tu*****
**********
*****.6.50.145:908*****
***** 794721465*****
*****ord: *****
*****oot<*****
17.://**.**.**//10.6.155.169:9081/is/index.jsp 023_
18.http://**.**.**/caci/admin/login.jsp sundongming guest


还有域控\vm-vmw019-dc.travelsky-op.com

travelsky-op.com 的用户帐户
-------------------------------------------------------------------------------
$DUPLICATE-334a $DUPLICATE-334d __VMware_Converter__
adapis Administrator apsis
bgwang bowang caowei
caunint CGOCluster CGOCluSvc
chenguoqiang chenming cloud_db
cloud_dct cloud_hw cloud_opensys
cloud_rd cloud_shopping csd_ds
csdres csschld cuizhe
cwqiao dcadm fanruoyi
fengfeng gaoyue gaoyun
gongwen Guest guobin
guoyi hanchao hanyue
hening hexuan hninfo
hotel hshu huangjing1
huanjing huanjing2 huanjing3
huayin hxliu hyxmscs
hyzhang IUSR_FTPSERVER-BAK IUSR_OP-DC1
IUSR_OP-DC3 IUSR_OP-DC4 IUSR_VME-WIN2
IUSR_VM-VMW005-DC IUSR_VM-VMW601-DC IWAM_FTPSERVER-BAK
IWAM_OP-DC3 IWAM_OP-DC4 IWAM_VME-WIN2
IWAM_VM-VMW005-DC IWAM_VM-VMW601-DC jawang
jhuang jijun jjzhang
jqzhang jyang kfduty
krbtgt laibin lang
lidexu liquan litao
liuan liujia liuxiang
lixin liyong liyuntao
ljma loufeng lqsun
lshu lufei luohao
luohong luojl malimin
mayue MI_Viewer mqadmin
mqtest mscs netiq
ntp oper1 oper2
ovsd penghan qfqi
rhevm rqli shafuel
smsclient smsconn SPCAdmin
SPCAdmin1 SPCAdmin2 spctest1
spcuser1 sqladm sqltst
suixu svc_uChrg svc_UCO
symantec sysbackup tcam
TsInternetUser uChrgAdmin usasm_cl
usasm_cs vmadm vmguest
wangenle wanghu wangliaqnxi
wangnan wangr wangyue
wcm webtrends weichong
whxi wincluster wincluster133
wurb xdzhang xiaoyuqi
xnwang xswang xwang
yangyi ybzhang ycheng
yfeng yfzheng ymli
ynzhang yujin yzhan
yzssw zbzhang zgxu
zhangjia zhangjin zhangjing
zhangli zhangxin zhangyu
zhaohua zhuzhe zqwang
zyfeng
命令运行完毕,但发生一个或多个错误。


<code>10.6.141.136
apache$\VM-VMW1292-OA:ap3che!!!
oadevelop\VM-VMW1292-OA:oadevelop
Administrator\VM-VMW1292-OA:123456
Administrator\TRAVELSKY-OP:Zhouyi17
10.6.155.169
webservice\VM-VMW190-APP:Dell519Server
\\10.6.168.234 165
蒋翔 password
域控

mask 区域
*****s,CN=Configuration,DC*****
*****s,CN=Configuration,DC*****
*****CN=Sites,CN=Configurati*****
*****CN=Sites,CN=Configurati*****
*****Sites,CN=Configuration*****
*****CN=Sites,CN=Configurati*****
*****CN=Sites,CN=Configurati*****
*****Sites,CN=Configuration*****
**********
**********
*****^^*****
**********
**********
*****ers,DC=travelsk*****
*****=服务器,DC=tra*****
*****=服务器,DC=tra*****
*****=服务器,DC=tra*****
*****=服务器,DC=trav*****
*****服务器,DC=trav*****
*****服务器,DC=trav*****
*****s,DC=travelsky*****
*****ontrollers,DC=tra*****
*****ontrollers,DC=tra*****
*****ontrollers,DC=tra*****
*****ontrollers,DC=tra*****
*****ontrollers,DC=tra*****
*****^^务器,DC=trav*****
*****^^算机,DC=trav*****
*****^^算机,DC=trave*****
*****rs,DC=travelsky*****
*****rs,DC=travelsk*****
*****puters,DC=travel*****
*****puters,DC=travel*****
*****puters,DC=travel*****
*****计算机,DC=trav*****
*****s,DC=travelsky*****
*****uters,DC=travel*****
*****puters,DC=travel*****
*****rs,DC=travelsk*****
*****ers,DC=travels*****
*****puters,DC=travel*****
*****puters,DC=travel*****
*****puters,DC=travel*****
*****puters,DC=travel*****
*****puters,DC=travel*****
*****ers,DC=travels*****
*****rs,DC=travelsky*****
*****ters,DC=travels*****
*****uters,DC=travel*****
*****ers,DC=travels*****
*****rs,DC=travelsky*****
*****=服务器,DC=tra*****
*****=服务器,DC=tra*****
*****,DC=travelsky*****
*****^^算机,DC=trave*****
*****计算机,DC=trav*****
*****^算机,DC=travel*****
*****计算机,DC=trav*****
*****^^机,DC=travel*****
*****算机,DC=trave*****
*****^^机,DC=travels*****
*****^^机,DC=travels*****
*****^^算机,DC=trav*****
*****^^算机,DC=trav*****
*****^^机,DC=travels*****
*****^^,DC=travelsky*****
*****^机,DC=travels*****
*****^机,DC=travels*****
*****^^,DC=travelsky*****
*****^计算机,DC=tra*****
*****^计算机,DC=tra*****
*****^计算机,DC=tra*****
*****^算机,DC=trave*****
*****计算机,DC=trav*****
*****^^算机,DC=trav*****
*****^计算机,DC=tra*****
*****^计算机,DC=tra*****
*****^^,DC=travelsky*****
*****^机,DC=travels*****
*****^机,DC=travels*****
*****算机,DC=trave*****
*****算机,DC=trave*****
*****算机,DC=trave*****
*****^^算机,DC=trave*****
*****^算机,DC=travel*****
*****^^机,DC=travels*****
*****^^算机,DC=trav*****
*****=服务器,DC=tra*****
*****=服务器,DC=tra*****
*****计算机,DC=trav*****
*****ers,DC=travels*****
*****s,DC=travelsky*****
*****puters,DC=travel*****
*****^算机,DC=travel*****
*****s,DC=travelsky*****
*****puters,DC=travel*****
*****^务器,DC=trave*****
*****服务器,DC=trav*****
*****服务器,DC=trav*****
*****^^器,DC=travels*****
*****OU=服务器,DC=tr*****
*****OU=服务器,DC=tr*****
*****=服务器,DC=trav*****
*****U=服务器,DC=tra*****
*****服务器,DC=trav*****
*****服务器,DC=trav*****
*****务器,DC=travel*****
*****^务器,DC=trave*****
*****^^务器,DC=trave*****
*****^务器,DC=travel*****
*****OU=服务器,DC=tr*****
*****=服务器,DC=tra*****
*****=服务器,DC=tra*****
*****OU=服务器,DC=tr*****
*****^算机,DC=travel*****
*****U=服务器,DC=tra*****
*****计算机,DC=trav*****
*****=服务器,DC=trav*****
*****=服务器,DC=trav*****
*****=服务器,DC=trav*****
*****=服务器,DC=trav*****
*****^务器,DC=travel*****
*****U=服务器,DC=tra*****
*****^^务器,DC=trav*****
*****计算机,DC=trav*****
*****^计算机,DC=tra*****
*****服务器,DC=trav*****
*****=服务器,DC=trav*****
*****,OU=服务器,DC=tr*****
*****puters,DC=travel*****
*****^^务器,DC=trav*****
*****=服务器,DC=tra*****
*****U=服务器,DC=tra*****
*****U=服务器,DC=tra*****
*****^^务器,DC=trav*****
*****服务器,DC=trave*****
*****rs,DC=travelsky*****
*****服务器,DC=trav*****
*****U=服务器,DC=tra*****
*****服务器,DC=trav*****
*****=服务器,DC=trav*****
*****=服务器,DC=trav*****
*****U=服务器,DC=tra*****
*****=服务器,DC=tra*****
*****^^务器,DC=trave*****
*****^^算机,DC=trav*****
*****=服务器,DC=tra*****
*****^^器,DC=travels*****
*****U=服务器,DC=tra*****
*****服务器,DC=trave*****
*****=服务器,DC=trav*****
*****=服务器,DC=tra*****
*****服务器,DC=trav*****
*****服务器,DC=trave*****
*****U=服务器,DC=tra*****
*****OU=服务器,DC=tr*****
*****计算机,DC=trav*****
*****ters,DC=travels*****
*****=服务器,DC=trav*****
*****=服务器,DC=tra*****
*****^务器,DC=trave*****
*****=服务器,DC=trav*****
*****OU=服务器,DC=tr*****
*****OU=服务器,DC=tr*****
*****服务器,DC=trave*****
*****U=服务器,DC=tra*****
*****^^算机,DC=trav*****
*****U=服务器,DC=tra*****
*****=服务器,DC=tra*****
*****^务器,DC=travel*****
*****=服务器,DC=trav*****
*****U=服务器,DC=tra*****
*****=服务器,DC=trav*****
*****服务器,DC=trav*****
*****ters,DC=travels*****
*****^务器,DC=travel*****
*****=服务器,DC=tra*****
*****U=服务器,DC=tra*****
*****^^务器,DC=trave*****
*****=服务器,DC=trav*****
*****服务器,DC=trave*****
*****=服务器,DC=tra*****
*****U=服务器,DC=tra*****
*****^算机,DC=travel*****
*****ers,DC=travelsk*****
*****s,DC=travelsky*****
*****=服务器,DC=trav*****
*****U=服务器,DC=tra*****
*****ollers,DC=travel*****
*****^算机,DC=travel*****
*****服务器,DC=trav*****
*****服务器,DC=trave*****
*****^^务器,DC=trave*****
*****U=服务器,DC=tra*****
*****U=服务器,DC=tra*****
*****=服务器,DC=trav*****
*****=服务器,DC=trav*****
*****=服务器,DC=trav*****
*****U=服务器,DC=tra*****
*****服务器,DC=trave*****
*****U=服务器,DC=tra*****
*****=服务器,DC=trav*****
*****服务器,DC=trave*****
*****OU=服务器,DC=tr*****
*****服务器,DC=trave*****
*****=服务器,DC=tra*****
*****服务器,DC=trav*****
*****^^务器,DC=trave*****
*****OU=服务器,DC=tr*****
*****U=服务器,DC=tra*****
*****=服务器,DC=tra*****
*****^^务器,DC=trav*****
*****puters,DC=trave*****
*****^^务器,DC=trav*****
*****^^算机,DC=trave*****
*****U=服务器,DC=tra*****
*****U=服务器,DC=tra*****
*****^务器,DC=trave*****
*****=服务器,DC=tra*****
*****ers,DC=travelsk*****
*****ers,DC=travelsk*****
*****U=服务器,DC=tra*****
*****puters,DC=trave*****
*****OU=服务器,DC=tr*****
*****=服务器,DC=trav*****
*****=服务器,DC=trav*****
*****=服务器,DC=trav*****
*****OU=服务器,DC=tr*****
*****^务器,DC=trave*****
*****服务器,DC=trav*****
*****U=服务器,DC=tra*****
*****=服务器,DC=trav*****
*****puters,DC=trave*****
*****puters,DC=trave*****
*****U=服务器,DC=tra*****
*****U=服务器,DC=tra*****
*****U=服务器,DC=tra*****
*****puters,DC=trave*****
*****U=服务器,DC=tra*****
*****uters,DC=travel*****
*****U=服务器,DC=tra*****
*****U=服务器,DC=tra*****
*****s,DC=travelsky*****
*****puters,DC=trave*****
*****ters,DC=travels*****
*****ters,DC=travels*****
*****ters,DC=travels*****
*****puters,DC=trave*****
*****puters,DC=travel*****
*****uters,DC=travel*****
*****服务器,DC=trav*****
*****puters,DC=trave*****
*****ters,DC=travels*****
*****ters,DC=travels*****
*****ers,DC=travels*****
*****ters,DC=travels*****
*****ontrollers,DC=tra*****
*****ters,DC=travels*****
*****ters,DC=travels*****
*****puters,DC=trave*****
*****puters,DC=trave*****
*****ters,DC=travels*****
*****puters,DC=trave*****
*****puters,DC=travel*****
*****puters,DC=travel*****
*****puters,DC=trave*****
*****puters,DC=trave*****
*****C=travelsky-o*****
*****C=travelsky-o*****
*****puters,DC=travel*****
*****ters,DC=travels*****
*****rs,DC=travelsk*****
*****uters,DC=travel*****
*****puters,DC=trave*****
*****puters,DC=trave*****
*****puters,DC=trave*****
*****ters,DC=travels*****
*****puters,DC=trave*****
*****puters,DC=trave*****
*****rs,DC=travelsky*****
*****rs,DC=travelsk*****
*****rs,DC=travelsky*****
*****puters,DC=trave*****
*****puters,DC=trave*****
*****puters,DC=trave*****
*****puters,DC=trave*****
*****s,DC=travelsk*****
*****ers,DC=travels*****
*****ers,DC=travels*****
*****ers,DC=travels*****
*****ers,DC=travels*****
*****ers,DC=travelsk*****
*****ers,DC=travelsk*****
*****ers,DC=travelsk*****
*****ers,DC=travelsk*****
*****ers,DC=travelsk*****
*****ers,DC=travelsk*****
*****ers,DC=travelsk*****
*****ers,DC=travelsk*****
*****puters,DC=travel*****
*****puters,DC=travel*****
*****486ff5f3b541,CN=Computer*****
*****rs,DC=travelsk*****
*****puters,DC=trave*****
*****puters,DC=trave*****
*****puters,DC=trave*****
*****puters,DC=travel*****
*****puters,DC=trave*****
*****puters,DC=trave*****
*****94-03c5ac9e8b28,CN=Compute*****
*****。^*****


域用户
"CN=Administrator,CN=Users,DC=travelsky-op,DC=com"
"CN=Guest,CN=Users,DC=travelsky-op,DC=com"
"CN=krbtgt,CN=Users,DC=travelsky-op,DC=com"
省略号...

屏幕快照 2015-01-31 下午1.12.52.png


屏幕快照 2015-01-31 下午1.19.24.png


屏幕快照 2015-01-31 下午1.23.12.png


RGWHLX~U193H8H_[BJEBRUS.jpg


NO@KSIZ2IO4HU0O`Y9P5(HK.jpg


D~_L}PL4P[39QVP6$T_4H%N.jpg


内网太敏感 就不乱翻了 到此为止

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:14

确认时间:2015-02-05 10:32

厂商回复:

CNVD确认并复现所述情况,已经由CNVD通过以往建立的处置渠道向网站管理单位通报。

最新状态:

暂无