当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0118309

漏洞标题:海尔某站运维不当导致大量内部信息泄露

相关厂商:海尔集团

漏洞作者: i3esn0w

提交时间:2015-06-05 12:01

修复时间:2015-07-23 18:26

公开时间:2015-07-23 18:26

漏洞类型:内部绝密信息泄漏

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-05: 细节已通知厂商并且等待厂商处理中
2015-06-08: 厂商已经确认,细节仅向厂商公开
2015-06-18: 细节向核心白帽子及相关领域专家公开
2015-06-28: 细节向普通白帽子公开
2015-07-08: 细节向实习白帽子公开
2015-07-23: 细节向公众公开

简要描述:

我不小心看到的

详细说明:

海尔某站存在iis写权限漏洞
URL:http://123.234.41.25
根目录下不可写,需要在web目录下面才可以put
通过写权限getshell
http://123.234.41.25/web/shell.asp
然后就看到了很多不该看的东西

漏洞证明:

1.png


貌似这还是个FTP服务器

2.png


各种数据

<add key="ConnectionString" value="Data Source=10.135.13.102;Initial Catalog=HIGMDM; User ID=sa;Password=huazheng2010;" />
<add key="MonitorConnectionStr" value="Data Source=10.135.13.102;Initial Catalog=MonitorLog; User ID=sa;Password=huazheng2010;" />
<add key="RepairConnectionString" value="Data Source=10.135.13.102;Initial Catalog=costdbnew; User ID=sa;Password=huazheng2010;" />


各种数据库
貌似密码都一样

192.168.99.227  acmailserver
192.168.99.7 acmailserverc
10.135.6.11 archivemailserver
192.168.100.126 bxmailserver
192.168.100.139 bxmailserverc
10.135.6.177 cqlmailserver
192.168.100.32 cwmailserver
192.168.171.6 dlmailsvr
192.168.100.204 dmsmailserver
192.168.100.129 haiermailserver
192.168.99.223 haiermailserverc
192.168.100.71 haiernetserver
192.168.100.87 Haierpt
192.168.11.2 hdmailserver
192.168.100.70 hdmailserverc
10.135.7.219 hdzhsserver
192.168.175.2 hfhrserver
10.142.236.2 hfmailserver2
192.168.99.30 hrapplyserver
192.168.99.233 hrldap
192.168.100.39 hrmailserver
192.168.100.72 hrmailserver1
192.168.100.229 hrmailserver2
192.168.100.223 hrmailserver3
192.168.99.222 hrmailserverc
192.168.100.79 hrnetserver
192.168.99.221 hrnetserverc
192.168.100.92 hrnetsvr
192.168.100.211 hrportal
192.168.99.224 hrportalc
192.168.100.75 hrserver
192.168.99.225 hrsmtp
192.168.99.230 hrzjserver
192.168.27.2 hwbxserver
192.168.99.171 hwtmailserver
192.168.100.88 ICM_Server
192.168.100.76 infosvr1
192.168.100.95 infosvr2
192.168.100.196 infosvr3
10.128.3.116 infosvr5
192.168.100.73 itmailserver
192.168.100.117 jnmailserver
10.128.3.134 jsjmailserver
192.168.99.228 lodmserver
192.168.100.137 lodmserverc
10.130.41.1 mjmailserver
10.135.7.103 mobilemailserver1
10.135.7.137 portalagserver
192.168.100.78 qdmailserver1
192.168.99.229 qdmailserver2
192.168.99.231 qdmailserver3
192.168.99.234 qdmailserver5
10.135.7.230 qdmailserver6
10.135.6.23 qdmailserver7
10.135.6.24 qdmailserver8
192.168.100.77 vpnserver
192.168.99.6 vpnserver1
192.168.100.74 vpnsvr1
192.168.100.138 vpnsvr2
192.168.100.81 webmailserver
192.168.179.7 whapplyserver
192.168.99.226 xyjmailsvr
192.168.99.5 xyjmailsvrc
192.168.249.1 zqhrmailserver
10.135.106.86 sharefileserver
192.168.99.8 qdmailserver2c
10.135.7.138 portalinfo
192.168.229.5 chnue001.china.hp.com chnue001
192.168.229.7 chnue003.chn.hp.com chnue003


内网所有服务器

<add key="AppCenterDSN" value="Host=10.0.2.36;Service=8001;Server=niosserver; Database=nios_flow3; UId=npmuser; Password=npmoptr2012;Database locale=en_US.819;Client Locale=en_US.CP1252"/>
<add key="AppCenterDBType" value="Informix"/>

<add key="AppCenterDSN" value="Data Source=localhost;Persist Security info=True;Initial Catalog=ccflow;User ID=root;Password=jiaozi;"/>
<add key="AppCenterDBType" value="MySQL"/>

<add key="AppCenterDSN" value="Password=ccflow;Persist Security Info=True;User ID=sa;Initial Catalog=tongwang;Data Source=.;Timeout=999;MultipleActiveResultSets=true"/>
<add key="AppCenterDBType" value="MSSQL"/>

<add key="AppCenterDSN" value="user id=ccflow;data source=orcl;password=ccflow;Max Pool Size=200"/>
<add key="AppCenterDBType" value="Oracle"/>
-->


又一批数据库

------------------------------------------------------测试
登录地址:http://10.135.108.141/HRHIGTest/login4.aspx
用户名:admin 密码:crstest
数据数据库服务器:10.135.13.102 用户名:sa 密码:huazheng2010
数据库名:HRMS_Test
运行服务器:10.135.108.141 用户名:haieradmin 密码:Haier,2015
代码位置:D/Test System/HRHIGTEST
ftp地址:ftp://10.135.108.141/Test System/HRHIGTEST
------------------------------------------------------正式
登录地址:http://10.135.108.141/HRHIG/login4.aspx
用户名:admin 密码:Haierdc
数据数据库服务器:10.135.13.102 用户名:sa 密码:huazheng2010
数据库名:HRMS_Pro
运行服务器:10.135.108.141 用户名:haieradmin 密码:Haier,2015
代码位置:D/System/HRHIG
ftp地址:ftp://10.135.108.141/System/HRHIG
hz_cb_d_DeleteTaskBookApproveByCpxmcode


人力系统服务器信息
还有好多,我就不贴啦

修复方案:

你们集团缺运维嘛

版权声明:转载请注明来源 i3esn0w@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:17

确认时间:2015-06-08 18:24

厂商回复:

感谢乌云平台白帽子的测试与提醒,我方已安排人员进行处理。

最新状态:

暂无


漏洞评价:

评论