无线苏州APP命令执行/已打入内网获取到敏感信息

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0206042

漏洞标题：无线苏州APP命令执行/已打入内网获取到敏感信息

漏洞作者：路人甲

提交时间：2016-05-07 14:48

修复时间：2016-05-12 14:50

公开时间：2016-05-12 14:50

漏洞类型：命令执行

危害等级：高

自评Rank：20

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2016-05-07：细节已通知厂商并且等待厂商处理中
2016-05-12：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

去年六月下旬到七月挖你们的洞还送了2000的京东卡，这次呢？

详细说明：

直接打开APP

直接爆料那里，上传一张普通图片然后抓包

修改包的内容，然后nc监听

直接拿下

cat data.yml 
Offer(free):
  id: 1
  name: free
  description: free offer
Offer(vip):
  id: 2
  name: vip
  description: vip offer
Role(admin):
  id: 1
  name: admin
Role(company_admin):
  id: 2
  name: company
Role(user):
  id: 3
  name: user
Company(handwin):
  name: 掌赢信息科技公司
  nickname: xiao
  offer: vip
  logo: logo.jpg
  status: 1
  offerExpiredTime: 2013-12-23 15:03:17
  footerInfo: 版权所有?掌赢科技
Company(handwin1):
  name: 湖北电信规划设计院
  nickname: xiao
  offer: vip
  logo: logo.jpg
  status: 1
  offerExpiredTime: 2012-12-23 15:03:17
  footerInfo: 版权所有?广东省电信规划设计院有限公司
Company(handwin2):
  name: 江苏电信规划设计院
  nickname: xiao
  offer: vip
  logo: logo.jpg
  status: 0
  offerExpiredTime:
  footerInfo: 版权所有?广东省电信规划设计院有限公司
Company(handwin3):
  name: 广东电信规划设计院
  nickname: xiao
  offer: vip
  logo: logo.jpg
  status: 1
  offerExpiredTime: 2012-12-23 15:03:17
  footerInfo: 版权所有?广东省电信规划设计院有限公司
User(chenxy):
  name: chenxy
  email: cjsun@v5.cn
  mobile: 18651800000
  password: 109b30f398e4e39d544b8e73cc60c7fe
  passwordSalt: aabb263cce9589b0e0fbda48db427ed4c2918439f351c8d6c9973f0f6e6ad5c8
  nickname: 管理员
  company: handwin
  status: 1
  roleId: 1
User(sunchj):
  name: sunchj
  email: chjsun@v5.cn
  mobile: 18013301800
  password: 109b30f398e4e39d544b8e73cc60c7fe
  passwordSalt: aabb263cce9589b0e0fbda48db427ed4c2918439f351c8d6c9973f0f6e6ad5c8
  nickname: 孙成军
  company: handwin
  status: 1
  roleId: 1
User(roger):
  name: roger
  email: roger@v5.cn
  mobile: 13813800000
  password: 407be7e4e37bf1a20e921ed851fe8fae
  passwordSalt: f6265da1e53251fa5a66152854f8898c60a391a9aa80d66a20e0f8ecb914db0d
  nickname: 刘斌
  company: handwin
  status: 1
  roleId: 1
User(xxx):
  name: xxx
  email: xxx@v5.cn
  mobile: 13813800001
  password: 109b30f398e4e39d544b8e73cc60c7fe
  passwordSalt: aabb263cce9589b0e0fbda48db427ed4c2918439f351c8d6c9973f0f6e6ad5c8
  nickname: 某某某
  company: handwin
  status: 3
  roleId: 1
Video(video1):
  name: test
  user: chenxy
  company: handwin
  uuid : c8066ec19160207c986a2c217c1f1d81
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号
  touristToken: 1000
  fileSize: 1
Video(video2):
  name: test
  user: chenxy
  company: handwin
  uuid : 9ec111c94134f7dcd094cbd71c86c950
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号
  fileSize: 1
Video(video3):
  name: test1
  user: chenxy
  company: handwin
  uuid : 43a0f19cb3f7519ab8337e4b9b5740c7
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号
  fileSize: 1
Video(video4):
  name: test2
  user: chenxy
  company: handwin
  uuid : 3746441136130c2681eaf35d92a2cb9b
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video5):
  name: test3
  user: chenxy
  company: handwin
  uuid : 9a270f519fb402864d69d32e24a99ab0
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video6):
  name: test4
  user: chenxy
  company: handwin
  uuid : 4fca7c37da5cc7b59b05f28e90e0f146
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video7):
  name: test5
  user: chenxy
  company: handwin
  uuid : f3fc40568c466fa2f7fda8e29eeba11b
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video8):
  name: test6
  user: chenxy
  company: handwin
  uuid : a8f705479fe131f084ca29c1dce43b1f
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video9):
  name: test7
  user: chenxy
  company: handwin
  uuid : 070e0059c4d9c3cc1e7d0f9c2995c2c7
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video10):
  name: test8
  user: chenxy
  company: handwin
  uuid : 3fa73a3e429b9626755ea50ae429d2b6
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video11):
  name: test9
  user: chenxy
  company: handwin
  uuid : b5064bea12fae659d76a1410e94e2583
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video12):
  name: test10
  user: chenxy
  company: handwin
  uuid : f5cdb18028be7ec5df1a0bba2e41cf0e
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video13):
  name: test11
  user: chenxy
  company: handwin
  uuid : cbca73b86a0164e1f0bb48f98c164a7c
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video14):
  name: test12
  user: chenxy
  company: handwin
  uuid : a41efef4bd36a9e35bb572a27210ac1b
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video15):
  name: test13
  user: chenxy
  company: handwin
  uuid : e28132f480f96a276c5cb8d274fc56da
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2011-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video16):
  name: test14
  user: chenxy
  company: handwin
  uuid : cf51ffc6b4f342aa43c96aaf7b12e4c1
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video17):
  name: test17
  user: chenxy
  company: handwin
  uuid : c8b360732700d938d18fd15e4c587d93
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2011-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video18):
  name: test14
  user: chenxy
  company: handwin
  uuid : ad4a1ce6c712ea7cd1d6fd3c87174804
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video19):
    name: test13
    user: chenxy
    company: handwin
    uuid : 2b84d4e68eadb349be3b2043c0028216
    status: 2
    longitude: 31.082665
    latitude: 121.667594
    createTime: 2011-11-23 15:03:17
    place: 南京市鼓楼区广州路1号易发信息大厦A座
    fileSize: 1
Video(video20):
    name: test14
    user: chenxy
    company: handwin
    uuid : db2390cbfb1501c3f0cfff4f70c7ee70
    status: 2
    longitude: 31.082665
    latitude: 121.667594
    createTime: 2001-11-23 15:03:17
    place: 南京市鼓楼区广州路1号易发信息大厦A座
    fileSize: 1
Video(video21):
  name: test15
  user: chenxy
  company: handwin
  uuid : 17bd1495eab8d132623e9eb38c8a4b0e
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2011-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video22):
  name: test15
  user: chenxy
  company: handwin
  uuid : e256fd69f8af685c68f2c1d54b910b91
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2011-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video23):
  name: test15
  user: chenxy
  company: handwin
  uuid : e31c2ab0122363aef3d6ba46c5791cea
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2011-11-23 15:03:17
  place: 南京市政府
  fileSize: 1
VideoComment(comment1_1):
  video: video1
  user: roger
  content: ok!
  createTime: 2001-11-23 15:03:14
VideoComment(comment1_2):
  video: video1
  user: chenxy
  content: test...
  createTime: 2001-11-23 15:04:14
VideoComment(comment1_3):
  video: video1
  user: roger
  content: next?
  createTime: 2001-11-23 15:14:14
VideoComment(comment1_4):
  video: video1
  user: roger
  content: next?
  createTime: 2001-11-23 15:24:34
VideoComment(comment1_5):
  video: video1
  user: roger
  content: next?
  createTime: 2001-11-23 15:34:34
VideoComment(comment1_6):
  video: video1
  user: roger
  content: next?
  createTime: 2001-11-23 15:44:34
VideoComment(comment1_7):
  video: video1
  user: roger
  content: next?
  createTime: 2001-11-23 15:54:34
VideoComment(comment1_8):
  video: video1
  user: roger
  content: next?
  createTime: 2001-11-23 16:14:34
VideoComment(comment1_9):
  video: video1
  user: chenxy
  content: and ?
  createTime: 2001-11-23 16:15:34
VideoComment(comment1_10):
  video: video1
  user: chenxy
  content: and ?
  createTime: 2001-11-23 16:16:34
VideoComment(comment1_11):
  video: video1
  user: chenxy
  content: and ?
  createTime: 2001-11-23 16:24:34
Video(video2):
  name: 测试
  user: roger
  company: handwin
  uuid : testtest
  status: 0
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2009-11-23 15:03:17
Picture(picture):
  name: 测试
  userId: 1
  companyId: 1
  fileName: d0096ec6c83575373e3a21d129ff8fef.jpg
  departmentId: null
  createTime: 2009-11-23 15:03:17
Picture(picture1):
  name: 测试
  userId: 1
  companyId: 1
  fileName: d0096ec6c83575373e3a21d129ff8fef.jpg
  departmentId: null
  createTime: 2009-11-23 15:03:17
Picture(picture2):
  name: 测试
  userId: 1
  companyId: 1
  fileName: d0096ec6c83575373e3a21d129ff8fef.jpg
  departmentId: null
  createTime: 2009-11-23 15:03:17
Picture(picture3):
  name: 测试
  userId: 1
  companyId: 1
  fileName: d0096ec6c83575373e3a21d129ff8fef.jpg
  departmentId: null
  createTime: 2009-11-23 15:03:17
Feedback(feedback1):
  user: roger
  content: roger's feedback 1
  createTime: 2001-11-23 16:14:34
  fatherId: 0
Feedback(feedback2):
  user: roger
  content: roger's feedback 2
  createTime: 2001-11-23 16:14:34
  fatherId: 0
Feedback(feedback3):
  user: roger
  content: roger's feedback 3
  createTime: 2001-11-23 16:14:34
  fatherId: 0
Feedback(feedback4):
  user: roger
  content: roger's feedback 4
  createTime: 2001-11-23 16:14:34
  fatherId: 0
Feedback(feedback5):
  user: roger
  content: roger's feedback 5
  createTime: 2001-11-23 16:14:34
  fatherId: 0
Feedback(feedback6):
  user: roger
  content: roger's feedback 6
  createTime: 2001-11-23 16:14:34
  fatherId: 0
Admin(admin):
  name: admin
  password: 109b30f398e4e39d544b8e73cc60c7fe
  passwordSalt: aabb263cce9589b0e0fbda48db427ed4c2918439f351c8d6c9973f0f6e6ad5c8
  roleId: 1
Admin(check):
  name: check
  password: 109b30f398e4e39d544b8e73cc60c7fe
  passwordSalt: aabb263cce9589b0e0fbda48db427ed4c2918439f351c8d6c9973f0f6e6ad5c8
  roleId: 4
EnterpriseInfo(huiyan):
  companyName: 慧眼直播
  authKey: 34esve89
  deviceNum: 5
Client(client1):
   android_version_code: 1
   android_version_name: plbcloud_1.0
   android_url: www.android.com
   feature: 双向通话#feature#新增功能2#feature#新增功能3
sh-4.1#

找到一些敏感信息

漏洞证明：

直接打开APP

直接爆料那里，上传一张普通图片然后抓包

修改包的内容，然后nc监听

直接拿下

cat data.yml 
Offer(free):
  id: 1
  name: free
  description: free offer
Offer(vip):
  id: 2
  name: vip
  description: vip offer
Role(admin):
  id: 1
  name: admin
Role(company_admin):
  id: 2
  name: company
Role(user):
  id: 3
  name: user
Company(handwin):
  name: 掌赢信息科技公司
  nickname: xiao
  offer: vip
  logo: logo.jpg
  status: 1
  offerExpiredTime: 2013-12-23 15:03:17
  footerInfo: 版权所有?掌赢科技
Company(handwin1):
  name: 湖北电信规划设计院
  nickname: xiao
  offer: vip
  logo: logo.jpg
  status: 1
  offerExpiredTime: 2012-12-23 15:03:17
  footerInfo: 版权所有?广东省电信规划设计院有限公司
Company(handwin2):
  name: 江苏电信规划设计院
  nickname: xiao
  offer: vip
  logo: logo.jpg
  status: 0
  offerExpiredTime:
  footerInfo: 版权所有?广东省电信规划设计院有限公司
Company(handwin3):
  name: 广东电信规划设计院
  nickname: xiao
  offer: vip
  logo: logo.jpg
  status: 1
  offerExpiredTime: 2012-12-23 15:03:17
  footerInfo: 版权所有?广东省电信规划设计院有限公司
User(chenxy):
  name: chenxy
  email: cjsun@v5.cn
  mobile: 18651800000
  password: 109b30f398e4e39d544b8e73cc60c7fe
  passwordSalt: aabb263cce9589b0e0fbda48db427ed4c2918439f351c8d6c9973f0f6e6ad5c8
  nickname: 管理员
  company: handwin
  status: 1
  roleId: 1
User(sunchj):
  name: sunchj
  email: chjsun@v5.cn
  mobile: 18013301800
  password: 109b30f398e4e39d544b8e73cc60c7fe
  passwordSalt: aabb263cce9589b0e0fbda48db427ed4c2918439f351c8d6c9973f0f6e6ad5c8
  nickname: 孙成军
  company: handwin
  status: 1
  roleId: 1
User(roger):
  name: roger
  email: roger@v5.cn
  mobile: 13813800000
  password: 407be7e4e37bf1a20e921ed851fe8fae
  passwordSalt: f6265da1e53251fa5a66152854f8898c60a391a9aa80d66a20e0f8ecb914db0d
  nickname: 刘斌
  company: handwin
  status: 1
  roleId: 1
User(xxx):
  name: xxx
  email: xxx@v5.cn
  mobile: 13813800001
  password: 109b30f398e4e39d544b8e73cc60c7fe
  passwordSalt: aabb263cce9589b0e0fbda48db427ed4c2918439f351c8d6c9973f0f6e6ad5c8
  nickname: 某某某
  company: handwin
  status: 3
  roleId: 1
Video(video1):
  name: test
  user: chenxy
  company: handwin
  uuid : c8066ec19160207c986a2c217c1f1d81
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号
  touristToken: 1000
  fileSize: 1
Video(video2):
  name: test
  user: chenxy
  company: handwin
  uuid : 9ec111c94134f7dcd094cbd71c86c950
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号
  fileSize: 1
Video(video3):
  name: test1
  user: chenxy
  company: handwin
  uuid : 43a0f19cb3f7519ab8337e4b9b5740c7
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号
  fileSize: 1
Video(video4):
  name: test2
  user: chenxy
  company: handwin
  uuid : 3746441136130c2681eaf35d92a2cb9b
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video5):
  name: test3
  user: chenxy
  company: handwin
  uuid : 9a270f519fb402864d69d32e24a99ab0
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video6):
  name: test4
  user: chenxy
  company: handwin
  uuid : 4fca7c37da5cc7b59b05f28e90e0f146
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video7):
  name: test5
  user: chenxy
  company: handwin
  uuid : f3fc40568c466fa2f7fda8e29eeba11b
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video8):
  name: test6
  user: chenxy
  company: handwin
  uuid : a8f705479fe131f084ca29c1dce43b1f
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video9):
  name: test7
  user: chenxy
  company: handwin
  uuid : 070e0059c4d9c3cc1e7d0f9c2995c2c7
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video10):
  name: test8
  user: chenxy
  company: handwin
  uuid : 3fa73a3e429b9626755ea50ae429d2b6
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video11):
  name: test9
  user: chenxy
  company: handwin
  uuid : b5064bea12fae659d76a1410e94e2583
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video12):
  name: test10
  user: chenxy
  company: handwin
  uuid : f5cdb18028be7ec5df1a0bba2e41cf0e
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video13):
  name: test11
  user: chenxy
  company: handwin
  uuid : cbca73b86a0164e1f0bb48f98c164a7c
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video14):
  name: test12
  user: chenxy
  company: handwin
  uuid : a41efef4bd36a9e35bb572a27210ac1b
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video15):
  name: test13
  user: chenxy
  company: handwin
  uuid : e28132f480f96a276c5cb8d274fc56da
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2011-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video16):
  name: test14
  user: chenxy
  company: handwin
  uuid : cf51ffc6b4f342aa43c96aaf7b12e4c1
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video17):
  name: test17
  user: chenxy
  company: handwin
  uuid : c8b360732700d938d18fd15e4c587d93
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2011-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video18):
  name: test14
  user: chenxy
  company: handwin
  uuid : ad4a1ce6c712ea7cd1d6fd3c87174804
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2001-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video19):
    name: test13
    user: chenxy
    company: handwin
    uuid : 2b84d4e68eadb349be3b2043c0028216
    status: 2
    longitude: 31.082665
    latitude: 121.667594
    createTime: 2011-11-23 15:03:17
    place: 南京市鼓楼区广州路1号易发信息大厦A座
    fileSize: 1
Video(video20):
    name: test14
    user: chenxy
    company: handwin
    uuid : db2390cbfb1501c3f0cfff4f70c7ee70
    status: 2
    longitude: 31.082665
    latitude: 121.667594
    createTime: 2001-11-23 15:03:17
    place: 南京市鼓楼区广州路1号易发信息大厦A座
    fileSize: 1
Video(video21):
  name: test15
  user: chenxy
  company: handwin
  uuid : 17bd1495eab8d132623e9eb38c8a4b0e
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2011-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video22):
  name: test15
  user: chenxy
  company: handwin
  uuid : e256fd69f8af685c68f2c1d54b910b91
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2011-11-23 15:03:17
  place: 南京市鼓楼区广州路1号易发信息大厦A座
  fileSize: 1
Video(video23):
  name: test15
  user: chenxy
  company: handwin
  uuid : e31c2ab0122363aef3d6ba46c5791cea
  status: 2
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2011-11-23 15:03:17
  place: 南京市政府
  fileSize: 1
VideoComment(comment1_1):
  video: video1
  user: roger
  content: ok!
  createTime: 2001-11-23 15:03:14
VideoComment(comment1_2):
  video: video1
  user: chenxy
  content: test...
  createTime: 2001-11-23 15:04:14
VideoComment(comment1_3):
  video: video1
  user: roger
  content: next?
  createTime: 2001-11-23 15:14:14
VideoComment(comment1_4):
  video: video1
  user: roger
  content: next?
  createTime: 2001-11-23 15:24:34
VideoComment(comment1_5):
  video: video1
  user: roger
  content: next?
  createTime: 2001-11-23 15:34:34
VideoComment(comment1_6):
  video: video1
  user: roger
  content: next?
  createTime: 2001-11-23 15:44:34
VideoComment(comment1_7):
  video: video1
  user: roger
  content: next?
  createTime: 2001-11-23 15:54:34
VideoComment(comment1_8):
  video: video1
  user: roger
  content: next?
  createTime: 2001-11-23 16:14:34
VideoComment(comment1_9):
  video: video1
  user: chenxy
  content: and ?
  createTime: 2001-11-23 16:15:34
VideoComment(comment1_10):
  video: video1
  user: chenxy
  content: and ?
  createTime: 2001-11-23 16:16:34
VideoComment(comment1_11):
  video: video1
  user: chenxy
  content: and ?
  createTime: 2001-11-23 16:24:34
Video(video2):
  name: 测试
  user: roger
  company: handwin
  uuid : testtest
  status: 0
  longitude: 31.082665
  latitude: 121.667594
  createTime: 2009-11-23 15:03:17
Picture(picture):
  name: 测试
  userId: 1
  companyId: 1
  fileName: d0096ec6c83575373e3a21d129ff8fef.jpg
  departmentId: null
  createTime: 2009-11-23 15:03:17
Picture(picture1):
  name: 测试
  userId: 1
  companyId: 1
  fileName: d0096ec6c83575373e3a21d129ff8fef.jpg
  departmentId: null
  createTime: 2009-11-23 15:03:17
Picture(picture2):
  name: 测试
  userId: 1
  companyId: 1
  fileName: d0096ec6c83575373e3a21d129ff8fef.jpg
  departmentId: null
  createTime: 2009-11-23 15:03:17
Picture(picture3):
  name: 测试
  userId: 1
  companyId: 1
  fileName: d0096ec6c83575373e3a21d129ff8fef.jpg
  departmentId: null
  createTime: 2009-11-23 15:03:17
Feedback(feedback1):
  user: roger
  content: roger's feedback 1
  createTime: 2001-11-23 16:14:34
  fatherId: 0
Feedback(feedback2):
  user: roger
  content: roger's feedback 2
  createTime: 2001-11-23 16:14:34
  fatherId: 0
Feedback(feedback3):
  user: roger
  content: roger's feedback 3
  createTime: 2001-11-23 16:14:34
  fatherId: 0
Feedback(feedback4):
  user: roger
  content: roger's feedback 4
  createTime: 2001-11-23 16:14:34
  fatherId: 0
Feedback(feedback5):
  user: roger
  content: roger's feedback 5
  createTime: 2001-11-23 16:14:34
  fatherId: 0
Feedback(feedback6):
  user: roger
  content: roger's feedback 6
  createTime: 2001-11-23 16:14:34
  fatherId: 0
Admin(admin):
  name: admin
  password: 109b30f398e4e39d544b8e73cc60c7fe
  passwordSalt: aabb263cce9589b0e0fbda48db427ed4c2918439f351c8d6c9973f0f6e6ad5c8
  roleId: 1
Admin(check):
  name: check
  password: 109b30f398e4e39d544b8e73cc60c7fe
  passwordSalt: aabb263cce9589b0e0fbda48db427ed4c2918439f351c8d6c9973f0f6e6ad5c8
  roleId: 4
EnterpriseInfo(huiyan):
  companyName: 慧眼直播
  authKey: 34esve89
  deviceNum: 5
Client(client1):
   android_version_code: 1
   android_version_name: plbcloud_1.0
   android_url: www.android.com
   feature: 双向通话#feature#新增功能2#feature#新增功能3
sh-4.1#

找到一些敏感信息

root权限
没什么好说的了吧。

修复方案：

我也不知道，嘿嘿

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2016-05-12 14:50

厂商回复：

漏洞Rank：15 (WooYun评价)

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0206042

漏洞标题：无线苏州APP命令执行/已打入内网获取到敏感信息

相关厂商：苏州世纪飞越网络信息有限公司

漏洞作者：路人甲

提交时间：2016-05-07 14:48

修复时间：2016-05-12 14:50

公开时间：2016-05-12 14:50

漏洞类型：命令执行

危害等级：高

自评Rank：20

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0206042

漏洞标题：无线苏州APP命令执行/已打入内网获取到敏感信息

相关厂商：苏州世纪飞越网络信息有限公司

漏洞作者： 路人甲

提交时间：2016-05-07 14:48

修复时间：2016-05-12 14:50

公开时间：2016-05-12 14:50

漏洞类型：命令执行

危害等级：高

自评Rank：20

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2016-0206042"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云