当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0130107

漏洞标题:超星某系统弱口令 可直接获取数千高校服务器权限

相关厂商:超星网

漏洞作者: 路人甲

提交时间:2015-07-29 11:18

修复时间:2015-08-03 11:20

公开时间:2015-08-03 11:20

漏洞类型:服务弱口令

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-29: 细节已通知厂商并且等待厂商处理中
2015-08-03: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

超星某系统弱口令 可直接获取数千高校服务器权限

详细说明:

cx.16q.cn 管理员弱口令 wangkun wangkun
hejuan hejuan
zhanghengshuo zhanghengshuo
heyanbin heyanbin
大部分的管理员账号都是姓名的全拼
这些账号登陆进去就可以看到很多高校服务器的远程账号密码
问了下度娘找到 超星的邮箱用户列表
如下

mask 区域 
*****m>;"ssp3"<ssp3@chaoxing.com>;"ssp2"<ssp2@chaoxing.com>;"ssp1"<ssp1@chaoxing.com>;"周颖"<zhouying2014@chaoxing.com>;"周聪"<zhoucong@chaoxing.com>;"岳慧"<yuehui@chaoxing.com>;"yanfa"<yanfa@chaoxing.com>;"肖佩"<xiaopei@chaoxing.com>;"马强"<maqiang@chaoxing.com>;"李金晶"<jinjing@chaoxing.com>;"张惠龙"<huilong@chaoxing.com>;"韩天奇"<hantianqi@chaoxing.com>;"甘永宏"<ganyonghong@chaoxing.com>;"程灿"<chengcan@chaoxing.com>;"周国庆"<guoqing@chaoxing.com>;"张浩春"<haochun@chaoxing.com>;"黄祥龙"<xianglong@chaoxing.com>;"汪伟"<wangwei2014@chaoxing.com>;"王慧荣"<huirong@chaoxing.com>;"杨杰"<yangjie@chaoxing.com>;"戚洋"<qiyang@chaoxing.com>;"苏恩来"<enlai@chaoxing.com>;"李存"<licun@chaoxing.com>;"杨奇"<yangqi@chaoxing.com>;"陈文彬"<wenbin@chaoxing.com>;"高云"<gaoyun@chaoxing.com>;"刘敏"<liumin@chaoxing.com>;"韩芳"<hanfang@chaoxing.com>;"魏云霞"<yunxia@chaoxing.com>;"任晨光"<chenguang@chaoxing.com>;"孟书娟"<shujuan@chaoxing.com>;"书目组资源安装提库用"<shujuku@chaoxing.com>;"王进"<wangjin@chaoxing.com>;"张彦华"<yanhua@chaoxing.com>;"焦丽娟"<lijuan@chaoxing.com>;"李继伟"<jiwei@chaoxing.com>;"王芳/王红"<wangfang@chaoxing.com>;"赵子丹"<zidan@chaoxing.com>;"田凤敏"<fengmin@chaoxing.com>;"王维"<huiyawangwei@chaoxing.com>;"杨玉丽"<yuli@chaoxing.com>;"郭会玉"<huiyu@chaoxing.com>;"姜冬梅"<dongmei@chaoxing.com>;"毕婷婷"<tingting@chaoxing.com>;"赵雪"<zhaoxue@chaoxing.com>;"Teaching"<teaching@chaoxing.com>;"ask"<ask@chaoxing.com>;"赵旭娟"<xujuan@chaoxing.com>;"赵培雷"<peilei@chaoxing.com>;"资源建设部A"<zyjsba@chaoxing.com>;"资源建设部B"<zyjsbb@chaoxing.com>;"资源建设部C"<zyjsbc@chaoxing.com>;"资源建设部H"<zyjsbh@chaoxing.com>;"资源建设部I"<zyjsbi@chaoxing.com>;"资源建设部K"<zyjsbk@chaoxing.com>;"资源建设部LR"<zyjsblr@chaoxing.com>;"资源建设部Q"<zyjsbq@chaoxing.com>;"资源建设部R"<zyjsbr@chaoxing.com>;"资源建设部S"<zyjsbs@chaoxing.com>;"资源建设部T"<zyjsbt@chaoxing.com>;"资源建设部U"<zyjsbu@chaoxing.com>;"资源建设部V"<zyjsbv@chaoxing.com>;"资源建设部W"<zyjsbw@chaoxing.com>;"资源建设事业部"<zyjsbwx@chaoxing.com>;"资源建设部D"<zyjsbd@chaoxing.com>;"shumuzu"<shumuzu@chaoxing.com>;"赵学凤"<xuefeng@chaoxing.com>;"王东媛"<dongyuan@chaoxing.com>;"zyjsbn"<zyjsbn@chaoxing.com>;"史晓艳"<xiaoyan@chaoxing.com>;"数据服务器专腥"<shuju@chaoxing.com>;"韩晓东"<hanxiaodong@chaoxing.com>;"李永东"<yongdong@chaoxing.com>;"权巧"<quanqiao@chaoxing.com>;"徐贵水"<guishui@chaoxing.com>;"李敬"<lijing@chaoxing.com>;"李琳娟"<linjuan@chaoxing.com>;"读秀客服"<dx@chaoxing.com>;"郑晓磊"<zhengxiaolei@chaoxing.com>;"读秀"<duxiucard@chaoxing.com>;"拷贝组用"<kaobei@chaoxing.com>;"夏淑芳使用"<duxiu@chaoxing.com>;"李娜"<nana@chaoxing.com>;"servermonitor"<servermonitor@chaoxing.com>;"张德衡"<deheng@chaoxing.com>;"陈佳佳"<jiajia@chaoxing.com>;"赵凡一"<fanyi@chaoxing.com>;"张巧芬"<qiaofen@chaoxing.com>;"大雅客服"<daya@chaoxing.com>;"王佳宁"<jianing@chaoxing.com>;"邹道亮"<zoudaoliang@chaoxing.com>;"安晓燕"<anxiaoyan@chaoxing.com>;"gongchangfzu"<gongchangfzu@chaoxing.com>;"陈银威"<yinwei@chaoxing.com>;"徐莹娇"<yingjiao@chaoxing.com>;"郝晴"<haoqing@chaoxing.com>;"牛建国"<jianguo@chaoxing.com>;"赵丽丽"<lili@chaoxing.com>;"果新"<guoxin@chaoxing.com>;"焦馨蕊"<xinrui@chaoxing.com>;"赵丽丽"<zhaolili@chaoxing.com>;"张晓蒙"<xiaomeng@chaoxing.com>;"王涛"<wangtao@chaoxing.com>;"马腾"<mateng@chaoxing.com>;"张美玲"<zhangmeiling@chaoxing.com>;"魏雅南"<weiyanan@chaoxing.com>;"马建新"<jianxin@chaoxing.com>;"超星通行证"<passport@chaoxing.com>;"fanya_service"<fanya_service@chaoxing.com>;"史超"<shichao@chaoxing.com>;"郭玉"<guoyu@chaoxing.com>;"张姣姣"<jiaojiao@chaoxing.com>;"张幸淑"<xingshu@chaoxing.com>;"招聘"<zhaopin@chaoxing.com>;"李晓娟"<xiaojuan123@chaoxing.com>;"唐军"<tangjun@chaoxing.com>;"史昊"<shihao@chaoxing.com>;"马航"<mahang@chaoxing.com>;"姜彬彬"<jiangbinbin@chaoxing.com>;"人力资源部共用"<hr@chaoxing.com>;"王红梅"<hongmei@chaoxing.com>;"常雯"<changwen@chaoxing.com>;"朱平"<zhuping@chaoxing.com>;"吕彩红"<caihong@chaoxing.com>;"史强"<shiqiang@chaoxing.com>;"史松"<song@chaoxing.com>;"熊雪飞"<xuefei@chaoxing.com>;"龚治晋"<zhijin@chaoxing.com>;"姚兰"<yaolan@chaoxing.com>;"阙超"<qc@chaoxing.com>;"阙超"<jiwen@chaoxing.com>;"招人"<job@chaoxing.com>;"合同"<hetong@chaoxing.com>;"保证金"<baozhengjin@chaoxing.com>;"史强"<oversea@chaoxing.com>;"付玮娜"<fuweina@chaoxing.com>;"李正义"<zhengyi@chaoxing.com>;"张秀美"<xiumei@chaoxing.com>;"路志鹏"<luzhipeng@chaoxing.com>;"林静"<linjing@chaoxing.com>;"采购"<cg@chaoxing.com>;"郭红静"<hongjing@chaoxing.com>;"吴晶晶"<jingjing@chaoxing.com>;"许敏"<xumin@chaoxing.com>;"孟莉"<mengli@chaoxing.com>;"李君"<lijun2013@chaoxing.com>;"借款"<jiekuan@chaoxing.com>;"肖月"<xiaoyue@chaoxing.com>;"scbf"<scbf@chaoxing.com>;"张蓉"<zhangrong@chaoxing.com>;"票据"<piaoju@chaoxing.com>;"韩静"<hanjing@chaoxing.com>;"张丽萍"<liping@chaoxing.com>;"周淑敏"<shumin@chaoxing.com>;"杨淑慧"<shuhui@chaoxing.com>;"满博"<manbo@chaoxing.com>;"刘强"<liuqiang@chaoxing.com>;"罗兰苹"<lanping@chaoxing.com>;"cw"<cw@chaoxing.com>;"存档"<cundang@chaoxing.com>;"办公室"<bgsh@chaoxing.com>;"蔡亚明"<yaming@chaoxing.com>;"可静"<kejing@chaoxing.com>;"版权"<copyright@chaoxing.com>;"赵琳"<zhaolin@chaoxing.com>;"张彬"<zhangbin@chaoxing.com>;"赵文生"<wensheng@chaoxing.com>;"文娟"<wenjuan2014@chaoxing.com>;"罗丹"<luodan@chaoxing.com>;"马鸿玥"<hongyue@chaoxing.com>;"苏海坡"<haipo@chaoxing.com>;"周成功"<chenggong@chaoxing.com>;"超星数字图书馆"<card@chaoxing.com>;"超星数字图书馆"<password@chaoxing.com>;"超星数字图书馆"<password1@chaoxing.com>;"超星数字图书馆"<superstar@chaoxing.com>;"超星数字图书馆"<supervise@chaoxing.com>;"王维"<wangwei@chaoxing.com>;"闫秀娟"<yanxiujuan@chaoxing.com>;"李华章"<huazhang@chaoxing.com>;"超星数字图书馆"<hezuo@chaoxing.com>;"超星数字图书馆"<card1@chaoxing.com>;"超星数字图书馆"<card2@chaoxing.com>;"超星数字图书馆"<taobao@chaoxing.com>;"姜浩然"<haoran@chaoxing.com>;"史超"<zongjie@chaoxing.com>;"任冉冉"<ranran@chaoxing.com>;"张旸"<zhangyang@chaoxing.com>;"张帅"<zhangshuai@chaoxing.com>;"黄玉玺"<yuxi@chaoxing.com>;"姚曦"<yaoxi@chaoxing.com>;"谢荣"<xierong@chaoxing.com>;"肖磊"<xiaolei2015@chaoxing.com>;"胡相艳"<xiangyan@chaoxing.com>;"王军"<wangjun2015@chaoxing.com>;"王红"<wanghong88@chaoxing.com>;"童飞"<tongfei@chaoxing.com>;"彭帆"<pengfan@chaoxing.com>;"邓克毅"<keyi@chaoxing.com>;"杨继虎"<jihu@chaoxing.com>;"黄梦娇"<huangmengjiao@chaoxing.com>;"何佳"<hejia@chaoxing.com>;"韩潇"<hanxiao2015@chaoxing.com>;"高亚菲"<gaoyafei@chaoxing.com>;"王凤超"<fengchao@chaoxing.com>;"方晔"<fangye@chaoxing.com>;"杨丹凤"<danfeng@chaoxing.com>;"赵斌凯"<binkai@chaoxing.com>;"张辉"<zhanghui@chaoxing.com>;"马欢"<mahuan@chaoxing.com>;"eryaweixin"<eryaweixin@chaoxing.com>;"范永宏"<yonghong@chaoxing.com>;"郝俊蕾"<junlei@chaoxing.com>;"史彦军"<shiyanjun@chaoxing.com>;"尚景伟"<jingwei@chaoxing.com>;"韩莹"<hanying@chaoxing.com>;"赵云飞"<yunfei66@chaoxing.com>;"赵平"<zhaoping@chaoxing.com>;"魏晓静"<xiaojing@chaoxing.com>;"教图视频产品"<jiaotushipin@chaoxing.com>;"位均地"<jundi@chaoxing.com>;"邓博"<dengbo@chaoxing.com>;"濮东升"<dongsheng@chaoxing.com>;"李伊伶"<yiling@chaoxing.com>;"陈国际"<guoji@chaoxing.com>;"李阳"<liyang2012@chaoxing.com>;"甄琪"<zhenqi@chaoxing.com>;"胡正凯"<zhengkai@chaoxing.com>;"高明阳"<gaomingyang@chaoxing.com>;"潘耀祖"<yaozu@chaoxing.com>;"冯时"<fengshi@chaoxing.com>;"卜霞"<buxia@chaoxing.com>;"覃宇星"<yuxing@chaoxing.com>;"朱菲"<zhufei@chaoxing.com>;"申大建"<dajian@chaoxing.com>;"蒋雪娇"<xuejiao@chaoxing.com>;"周雅斌"<yabin@chaoxing.com>;"王燕"<wangyan2014@chaoxing.com>;"卢欣欣"<luxinxin@chaoxing.com>;"档案部"<danganbu@chaoxing.com>;"赵悦"<zhaoyue@chaoxing.com>;"路华伟"<luhuawei@chaoxing.com>;"田晋治"<jinzhi@chaoxing.com>;"刘大龙"<dalong@chaoxing.com>;"李文志"<wenzhi@chaoxing.com>;"侯京波"<houjinbo@chaoxing.com>;"刘伟"<liuwei@chaoxing.com>;"赵芳"<zhaofang@chaoxing.com>;"陈智斌"<zhibin@chaoxing.com>;"肇裔"<zhaoyi@chaoxing.com>;"吴雅莹"<yaying@chaoxing.com>;"刘亚奇"<yaqi@chaoxing.com>;"赵阳旭"<yangxu@chaoxing.com>;"张学文"<xuewen@chaoxing.com>;"祁小杰"<xiaojie@chaoxing.com>;"郭文娟"<wenjuan@chaoxing.com>;"王军"<wangjun2014@chaoxing.com>;"丛素伟"<suwei@chaoxing.com>;"孙赫"<sunhe2014@chaoxing.com>;"李思超"<sichao@chaoxing.com>;"聂进"<niejin@chaoxing.com>;"梁燕"<liangyan@chaoxing.com>;"高婷婷"<gaotingting@chaoxing.com>;"高峰"<gaofeng@chaoxing.com>;"崔月"<cuiyue@chaoxing.com>;"唐锋"<tangfeng@chaoxing.com>;"张然"<zhangran@chaoxing.com>;"刘雪芳"<xuefang@chaoxing.com>;"王陆"<wanglu@chaoxing.com>;"张金豹"<jinbao@chaoxing.com>;"孙杰"<sunjie@chaoxing.com>;"丁晓春"<dingxiaochun@chaoxing.com>;"成万里"<wanli@chaoxing.com>;"张恒雨"<hengyu@chaoxing.com>;"王萌"<wangmeng@chaoxing.com>;"王敏"<wangmin@chaoxing.com>;"唐吉斯"<jisi@chaoxing.com>;"卢元龙"<yuanlong@chaoxing.com>;"朱红"<zhuhong@chaoxing.com>;"王玉奎"<yukui@chaoxing.com>;"杨成"<yangcheng@chaoxing.com>;"孟琪"<mengqi@chaoxing.com>;"李梦琪"<limengqi@chaoxing.com>;"李海"<lihai@chaoxing.com>;"潘守东"<shoudong@chaoxing.com>;"罗彬"<luobin@chaoxing.com>;"王晓英"<wangxiaoying@chaoxing.com>;"张雷"<zhanglei_erya@chaoxing.com>;"舒展"<shuzhan@chaoxing.com>;"杨杰山"<jieshan@chaoxing.com>;"王允亚"<wangyunya@chaoxing.com>;"程京雷"<jinglei@chaoxing.com>;"刘麒"<liuqi@chaoxing.com>;"浦佳"<pujia@chaoxing.com>;"张瑞华"<zhangruihua@chaoxing.com>;"杨晓东"<yangxiaodong@chaoxing.com>;"刘嘉玲"<jialing@chaoxing.com>;"罗奇"<luoqi@chaoxing.com>;"康军建"<junjian@chaoxing.com>;"贾继坤"<jiajikun*****


这是一部分还有的我就不贴出来了
通过这个列表可以使用Burp Suite爆破 然后你懂的

漏洞证明:

1wy.png


2wy.png


3wy.png


4wy.png


5wy.png


6wy.png


7wy.png


8wy.png

修复方案:

~~~

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-08-03 11:20

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无

漏洞评价:

评论