当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-017020

漏洞标题:盛大在线某重要系统命令执行,可导致大量敏感信息泄漏

相关厂商:盛大在线

漏洞作者: se55i0n

提交时间:2013-01-07 10:44

修复时间:2013-02-21 10:45

公开时间:2013-02-21 10:45

漏洞类型:命令执行

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-01-07: 细节已通知厂商并且等待厂商处理中
2013-01-07: 厂商已经确认,细节仅向厂商公开
2013-01-17: 细节向核心白帽子及相关领域专家公开
2013-01-27: 细节向普通白帽子公开
2013-02-06: 细节向实习白帽子公开
2013-02-21: 细节向公众公开

简要描述:

大半夜还给你们找洞洞,送个新年礼物呗!

详细说明:

1)问题对象:盛大在线-经营分析系统struts命令执行,测试地址:http://114.80.132.148/showIndexArticlesAction.htm?recordType=2

1.jpg


2)貌似有好多敏感的东西呀;

2.jpg


3)随便看了看,不晓得这是啥子东东(你们应该知道吧);

#BOSERVER_10=http://61.172.254.246:8080/businessobjects/enterprise115/desktoplaunch/
#CMS_10=asfasfs
#Auth_10=secEnterprise
#PASS_10=dash2009
BOSERVER_10=http://114.80.132.147:8080/businessobjects/enterprise115/desktoplaunch/
CMS_10=datacenter-246
Auth_10=secEnterprise
PASS_10=dash2009
#BOSERVER_11=http://192.168.100.84:8080/businessobjects/enterprise115/desktoplaunch/
#CMS_11=qc-datacenter2
#Auth_11=secEnterprise
#PASS_11=bo888888
BOSERVER_11=http://data2.sdo.com:8080/businessobjects/enterprise115/desktoplaunch/
CMS_11=datacenter-bo84
Auth_11=secEnterprise
PASS_11=bo888888
BOSUBID141_11=141
#BOSERVER_12=http://61.172.254.246:8080/businessobjects/enterprise115/desktoplaunch/
#CMS_12=asfasfs
#Auth_12=secEnterprise
#PASS_12=bo888888
BOSERVER_12=http://114.80.132.147:8080/businessobjects/enterprise115/desktoplaunch/
CMS_12=asfasfs
Auth_12=secEnterprise
PASS_12=bo888888
#BOSERVER_13=http://192.168.100.82:8080/businessobjects/enterprise115/desktoplaunch/
#CMS_13=qc-datacenter1
#Auth_13=secEnterprise
#PASS_13=bo888888
BOSERVER_13=http://data1.sdo.com:8080/businessobjects/enterprise115/desktoplaunch/
CMS_13=datacenter-bo82
Auth_13=secEnterprise
PASS_13=bo888888
BOSUBID106_13=106
RTBOSERVER=http://192.168.100.74:8088/bmsh/
RTPASS=admin
needUnifyAuthenticate=1
#authentication interface url
###internet 61.172.241.94/218.30.75.31(BK):8083
#authenHost=61.172.241.94
#authenPort=8083
#authenHostBK=218.30.75.31
###intranet 192.168.100.180/192.168.100.110:8083
#authenHost=192.168.100.180
#authenPort=8083
#authenHostBK=192.168.100.110
#only useful for FacadeAction
subSystemID=0907131
#query interface url
###internet 61.152.122.44:8084
###intranet 192.168.100.180:8084
queryHost=192.168.100.185
queryPort=8080
#record num on one page
numPerPage=20
numPerPage_leaveword=20
#domainName=.sdch.sdo.com
domainName=data.sdo.com
#sendmail
#发送邮件服务器
mailhost = 61.172.242.25
#邮件服务器登录用户名
mailusername = dataportal
#邮件服务器登录密码
mailpassword = dataportal
#发送人邮件地址
mailfrom = dataportal@snda.com


4)还有好多东西,你们懂的~

漏洞证明:

见详细说明!~

修复方案:

补丁呀

版权声明:转载请注明来源 se55i0n@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2013-01-07 17:57

厂商回复:

感谢se55i0n提交漏洞,我们已处理。
线下再联系你,另行感谢!

最新状态:

暂无


漏洞评价:

评论

  1. 2013-01-07 23:05 | se55i0n ( 普通白帽子 | Rank:1567 漏洞数:173 )

    哈哈,rank神马的都是浮云,礼物神马的最稀饭咯!!!