当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0180678

漏洞标题:链家某站点配置不当导致重要信息泄露(含数据库信息)

相关厂商:homelink.com.cn

漏洞作者: 路人甲

提交时间:2016-03-03 23:11

修复时间:2016-03-08 23:20

公开时间:2016-03-08 23:20

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:10

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-03-03: 细节已通知厂商并且等待厂商处理中
2016-03-08: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

数据库密码命名有规则容易被爆破

详细说明:

http://119.254.68.150


可以直接访问WEB-INF文件夹下的文件,包括数据库文件,网站文件等等都可以下载

http://119.254.68.150//login_bj.jsp


1.png


http://119.254.68.150//WEB-INF/classes/tiles-def.xml


可以下载整个网站的网页源代码了

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<tiles-definitions>
<definition name="hdis" template="/html/common/layout.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="mainMenu" value="/html/common/publicTop_new.jsp"/>
<put-attribute name="subMenu" value="/html/common/sub.jsp"/>
<put-attribute name="body" value="添加你的代码"/>
<put-attribute name="bottom" value="/html/common/bottom.jsp"/>
</definition>
<definition name="hpmsAppeal" template="/html/common/layout.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="mainMenu" value="/html/common/publicTop_new.jsp"/>
<put-attribute name="subMenu" value="/html/common/sub.jsp"/>
<put-attribute name="body" value="添加你的代码"/>
<put-attribute name="bottom" value="/html/common/bottom_appeal.jsp"/>
</definition>
<definition name="indexAppeal" template="/html/common/publicIndexLayout1.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="topBar" value="/html/common/publicTop_new.jsp"/>
<put-attribute name="body" value=""/>
<put-attribute name="bottom" value="/html/common/bottom_appeal.jsp"/>
</definition>
<definition name="helpdis" template="/html/common/layout.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="mainMenu" value="/html/common/publicTop_new.jsp"/>
<put-attribute name="subMenu" value="/html/common/helpleft6.jsp"/>
<put-attribute name="body" value=""/>
<put-attribute name="bottom" value="/html/common/bottom.jsp"/>
</definition>
<definition name="noticedis" template="/html/common/layout.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="mainMenu" value="/html/common/publicTop_new.jsp"/>
<put-attribute name="subMenu" value="/html/common/noticeleft.jsp"/>
<put-attribute name="body" value="/html/help/notice_detail.jsp"/>
<put-attribute name="bottom" value="/html/common/bottom.jsp"/>
</definition>
<definition name="minHdis" template="/html/common/minLayout.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="body" value="添加你的代码"/>
<put-attribute name="bottom" value="/html/common/bottom.jsp"/>
</definition>
<definition name="indexHdis" template="/html/common/indexLayout.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="mainMenu" value="/html/common/top.jsp"/>
<put-attribute name="body" value="添加你的代码"/>
<put-attribute name="bottom" value="/html/common/bottom.jsp"/>
</definition>
<definition name="indexHpms" template="/html/common/publicIndexLayout.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="topBar" value="/html/common/publicTop_new.jsp"/>
<put-attribute name="left" value="/html/common/product_type.jsp"/>
<put-attribute name="center" value="/html/common/publicCenter.jsp"/>
<put-attribute name="hotSell" value="/html/common/publicHotSell.jsp"/>
<put-attribute name="hotService" value="/html/common/publicHotService.jsp"/>
<put-attribute name="bottom" value="/html/common/bottom.jsp"/>
</definition>
<definition name="indexHpms2" template="/html/common/publicIndexLayout2.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="topBar" value="/html/common/publicTop_new.jsp"/>
<put-attribute name="left" value="/html/common/publicLeft.jsp"/>
<put-attribute name="right" value="/html/common/publicRight.jsp"/>
<put-attribute name="bottom" value="/html/common/bottom.jsp"/>
</definition>
<definition name="indexHpms1" template="/html/common/publicIndexLayout1.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="topBar" value="/html/common/publicTop_new.jsp"/>
<put-attribute name="body" value=""/>
<put-attribute name="bottom" value="/html/common/bottom.jsp"/>
</definition>
<definition name="indexWangqian" template="/html/common/publicIndexLayout1.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="topBar" value="/html/common/publicTop_wangqian.jsp"/>
<put-attribute name="body" value=""/>
<put-attribute name="bottom" value="/html/common/bottom_wangqian.jsp"/>
</definition>
<definition name="hpms" template="/html/common/hpmsLayout.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="topBar" value="/html/common/indexTop.jsp"/>
<put-attribute name="body" value=""/>
<put-attribute name="bottom" value="/html/common/bottom.jsp"/>
</definition>
<!--  个人中心模板  -->
<definition name="userCenter" template="/html/common/layout.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="mainMenu" value="/html/common/publicTop_new.jsp"/>
<put-attribute name="subMenu" value="/html/common/userCenterLeft.jsp"/>
<put-attribute name="body" value="添加你的代码"/>
<put-attribute name="bottom" value="/html/common/bottom.jsp"/>
</definition>
<!--  在线课程模板 -->
<definition name="video" template="/html/video/videoLayout.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="topBar" value="/html/video/videoTop.jsp"/>
<put-attribute name="body" value=""/>
<put-attribute name="bottom" value="/html/video/videoBottom.jsp"/>
</definition>
<!--  我的学习模板 -->
<definition name="videoCenter" template="/html/videoCenter/videoCenterLayout.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="topBar" value="/html/video/videoTop.jsp"/>
<put-attribute name="left" value="/html/videoCenter/video_center_left.jsp"/>
<put-attribute name="body" value=""/>
<put-attribute name="bottom" value="/html/video/videoBottom.jsp"/>
</definition>
<definition name="video_new" template="/html/video/videoLayout.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="topBar" value="/html/video/video_top_new.jsp"/>
<put-attribute name="body" value=""/>
<put-attribute name="bottom" value="/html/video/videoBottom.jsp"/>
</definition>
<!--  职能店铺模板  -->
<definition name="functionofstore" template="/html/common/layout.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="mainMenu" value="/html/common/publicTop_new.jsp"/>
<put-attribute name="subMenu" value="/html/functionofstore/store_manage_left.jsp"/>
<put-attribute name="body" value="添加你的代码"/>
<put-attribute name="bottom" value="/html/common/bottom.jsp"/>
</definition>
<definition name="functionofstore_withfloat" template="/html/functionofstore/floatlayout.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="mainMenu" value="/html/common/publicTop_new.jsp"/>
<put-attribute name="subMenu" value="/html/functionofstore/store_manage_left.jsp"/>
<put-attribute name="body" value="添加你的代码"/>
<put-attribute name="float_div" value="/html/functionofstore/locationfloat.jsp"/>
<put-attribute name="bottom" value="/html/common/bottom.jsp"/>
</definition>
<definition name="functionofstore_noleft" template="/html/common/layout.jsp">
<put-attribute name="title" value=""/>
<put-attribute name="inHeader" value=""/>
<put-attribute name="mainMenu" value="/html/common/publicTop_new.jsp"/>
<put-attribute name="subMenu" value=""/>
<put-attribute name="body" value="添加你的代码"/>
<put-attribute name="bottom" value="/html/common/bottom.jsp"/>
</definition>
</tiles-definitions>

漏洞证明:

数据库地址,包括ldap用户名和密码(已手动打码)

2.png


#Created by JInto - www.guh-software.de
#Sun Jun 15 16:00:01 CST 2008
driverClassName=oracle.jdbc.driver.OracleDriver
# \u7531\u4E8E\u4F7F\u7528p6spy\u663E\u793Aheibernate\u7684sql\u53C2\u6570\uFF0C\u56E0\u6B64\u66FF\u6362\u9A71\u52A8\uFF0C\u5B9E\u9645\u9A71\u52A8\u5728 spy.properties\u91CC\u914D\u7F6E
#driverClassName=com.p6spy.engine.spy.P6SpyDriver
#url=jdbc\:oracle\:thin\:@localhost\:1521\:orcl
#url=jdbc\:oracle\:thin\:@192.168.1.***\:1521\:cpic
#url=jdbc\:oracle\:thin\:@172.16.6.***\:1521\:hepp
url=jdbc\:oracle\:thin\:@172.16.4.***\:1521\:hpms
p.minIdle=20
password=*****
p.maxActive=100
sqlldrpath=sqlldr
username=*****
instance=*****
#ldap
ldap.url=ldap://ldap.homelink.com.cn:***/
ldap.userDN=cn=administrator,cn=users,dc=corp,dc=homelink,dc=com,dc=cn1
ldap.pwd=*********
ldap.baseDN=OU\=\u5317\u4EAC\u94FE\u5BB6,DC\=corp,DC\=linkhome,DC\=com,DC\=cn1


修复方案:

把WEB-INF指为禁访目录

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-03-08 23:20

厂商回复:

漏洞Rank:2 (WooYun评价)

最新状态:

暂无