当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0138611

漏洞标题:中国平安某wifi漏洞导致大量内部帐号密码泄漏/无线渗透/中间人攻击

相关厂商:中国平安保险(集团)股份有限公司

漏洞作者: 路人甲

提交时间:2015-09-02 15:19

修复时间:2015-10-21 17:40

公开时间:2015-10-21 17:40

漏洞类型:网络设计缺陷/逻辑错误

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-02: 细节已通知厂商并且等待厂商处理中
2015-09-06: 厂商已经确认,细节仅向厂商公开
2015-09-16: 细节向核心白帽子及相关领域专家公开
2015-09-26: 细节向普通白帽子公开
2015-10-06: 细节向实习白帽子公开
2015-10-21: 细节向公众公开

简要描述:

中国平安某wifi漏洞导致大量内部帐号密码泄漏/无线渗透/中间人攻击

详细说明:

地点是深圳福田八卦三路那个平安大厦
SSID:PA_WLAN_MR 没有密码,可以直接连,但是不能上网,从页面上看采用的是aruba的设备,这个wifi下需要输入帐号密码,通过后下载证书然后连另外一个wifi认证上网。。。。但此时已经获得了ip,用dsploit直接中间人攻击即可,以密码嗅探为例,抓取的数百条密码信息如下。可以用已经抓取的帐号密码通过其它ap的认证登录,进一步渗透内网。从抓取的信息看,涉及了大量内部帐号密码,包括svn,redmine等。
此wifi下进行认证的帐号密码可被直接抓取。。

HTTP : 10.11.180.18:80 -> USER: XIONGMIN762  PASS: Xm5***804  INFO: http://10.11.180.18/guest/device_provisioning2.php?cmd=login&mac=74:51:ba:56:34:7f&ip=10.180.146.90&essid=PA_WLAN_MR&apname=00:24:6c:c0:19:1e&apgroup


Screenshot_2015-08-27-14-22-24.jpeg


Screenshot_2015-08-27-14-33-18.jpeg

漏洞证明:

mask 区域
*****yijia365  PASS: hhxx*****
*****; COMMUNITY: pu*****
*****shucn@163.com PASS: *****
*****xianfeng671 PASS: p*****
*****ianfeng671 PASS: pa*****
*****ngmin013 INFO: http://10.11.*****
*****wanpeng001 PASS: Wa*****
*****chengeng001 PASS: T*****
*****ongyubin001 PASS: yu*****
*****76836804 INFO: http://10.11.*****
*****aozusheng001 PASS: b*****
*****; USER: winxp27*****
*****25767214f81e66999906233d779a*****
*****89efd5e30304dd57e5e5956921be*****
*****LIUWANLI001 PASS: W*****
*****sioning2.php?cmd=login&mac=74:51:ba:56:34:7f&ip=*****
*****3160a844721abfa2a266d76a31f8*****
*****LONGKUAN786 PASS:*****
*****angpei001 PASS: EX-Z*****
*****R: 15813810776@13*****
*****hangzhen012 PASS: *****
*****ngtingtao001 PASS: M*****
*****HUMIN173 PASS: Nius*****
*****oxin520 PASS: ghf28*****
*****GLEI703 PASS: DINGL*****
*****SHUMIN173 PASS: Niu*****
*****heduandan661 PASS:*****
*****injuan034 PASS: jj*****
*****DAPENG001 PASS: 5CV1*****
*****ozusheng001 PASS: bv*****
*****7154c01024ed16b82e0802541056*****
*****; USER: xusenzh*****
*****NGZHIHANG001 PASS: I*****
*****jqka.com.cn/docookie.php?uname=mo_270490506&pass*****
*****d1fd728ddad7635a63d862991906 INFO:*****
*****ongmin762 PASS: xi*****
*****gzhiyong875 PASS: A*****
*****R: asce1885 PASS*****
*****GRENKANG001 PASS: EX-*****
*****OWANYING442 PASS: A*****
*****AOWANYING442 PASS:*****
*****2d5a02d3380d1bd4d215390d5edf*****
*****f9a7d2f2ef0fceb8862f38510a36*****
*****4b22874ad8d0937a6c24b2570b0d*****
*****91fdde58d0cc41d57daa40490c8c*****
*****e9c7b7a16cf4fe2e915c1d52e0f5*****
*****a32fdbd6c91649cf1af2e6024f4f*****
*****19900820 INFO: 10.11.104.176/s*****
*****yangqing001 PASS: Qi*****
*****900820 INFO: 10.11.104.176/svn/*****
*****.com.cn/psp/PSHRM/EMPLOYEE/HRMS/h/?tab=DEFA*****
*****zhuhuiming001 PASS:*****
*****nyangqing001 PASS: Q*****
*****jiaxiong350 PASS: V4*****
*****ghongbo720 PASS: jh*****
*****uyuandeng001 PASS: *****
*****lei406 PASS: Bolei*****
*****wuyuandeng001 PASS:*****
***** DINGLEI19900820 INFO: 10.*****
*****nghongbo720 PASS: j*****
*****gzhao923 PASS: peng*****
***** PASS: paic1234 INFO:*****
*****ioning2.php?cmd=login&mac=9c:c1:72:be:16:a8&ip=10*****
*****ang838 PASS: yangyan*****
*****0ff7302464cd6a230eb6e8e8269e*****
*****0ec83b0aec6a2c53af2126d07a06*****
*****89575795@163.com PAS*****
*****ghaoqing783 PASS: l*****
*****jqka.com.cn/docookie.php?uname=mo_270490506&pass*****
*****aic.com.cn/psp/PSHRM/EMPLOYEE/HRMS/h/?tab=D*****
*****f393bcde11e40f16d213322a02db INFO:*****
*****33cfb2380d2a09808f903e93c885*****
*****45a23f9350bc2fe5e86e2c2f0663*****
*****bafdc4eaa94f672ab6467672d927*****
*****daeabefbe70457bba645d2a4d2f4*****
*****12f3b08e8ae78848c48c89e85705*****
*****128493333e4fe1b9642f334c3e68*****
*****HANGWEI010 PASS: EX*****
*****u@szbykc.com PASS: &*****
*****�>�E�;B��S>��g�!���, �,7*****
*****08586b66117ac7856b1c953d62bf*****
*****1f1afde0da27cfd4a6eaff0ee980*****
*****046ab357034b63e7ee72ab84134b*****
*****586b66117ac7856b1c953d62bf5c6*****
*****868313131 INFO: http://id.amap.c*****
*****nghaoqing783 PASS: *****
*****1afde0da27cfd4a6eaff0ee980ae2*****
*****aterhkzhong PASS: *****
*****30bc7a6a7057b68936fe29dad981*****
*****UYANGFAN001 PASS: EX*****
*****8a8cc3a49d730fd60f037b192bb9*****
*****bf210b27f9b5a86adb1a63a25c84*****
*****210b27f9b5a86adb1a63a25c8458f*****
*****ng2.php?cmd=login&mac=9c:c1:72:be:16:a8&ip=10.1*****
*****8cc3a49d730fd60f037b192bb90af*****
***** EX-LUOQI001 PASS*****
***** ex-luoqi001 PASS*****
*****f109103d3b7841ab41994f96ace8*****
*****f9cda98783b87ec64c12bf745db6*****
*****130d241c4ea0f970897a79284f22*****
*****SS: asdfg123456 INFO: svn*****
*****SS: asdfg123456 INFO: svn*****
*****PASS: asdfg123456 INFO: *****
*****: asdfg123456 INFO: svn.pa*****
*****: asdfg123456 INFO: svn.pa*****
*****dfg123456 INFO: svn.paic.com*****
*****23456 INFO: svn.paic.com.cn/sv*****
*****ab3e2eb66ee5a8c9a8a99c9f2b04b*****
*****456 INFO: svn.paic.com.cn/svn/f*****
*****23456 INFO: svn.paic.com.cn/sv*****
*****456 INFO: svn.paic.com.cn/svn/f*****
***** INFO: svn.paic.com.cn/svn/ff_fces*****
*****vn/ff_fces_doc/trunk/二期需求(630)/交互/*****
*****NFEI120 PASS: yanf*****
*****YANFEI120 PASS: Y*****
***** PASS: WGF68nX112345 INFO*****
*****ngchong001 PASS: fpM*****
*****angchong001 PASS: fp*****
***** INFO: svn.paic.com.cn/svn/ff_fces*****
***** INFO: svn.paic.com.cn/svn/ff_fces*****
*****cn/svn/ff_fces_doc/trunk/二期需求(630)/^*****
*****cc7cc8d7b2de3319762d6d94665 INFO:*****
*****^^:5�� PASS: _176fc199407c5128f78a6c5d1*****
*****^^:5�� PASS: _0ac6ee47a71da584e3453fd03*****
*****S: _f4e714bb605c23ec753a9217ec63ae8c *****
*****: _f4e714bb605c23ec753a9217ec63ae8c I*****
*****b396c10be51b136a4d9d632e919e7 INF*****
*****: _4bfd90ad6c641b0ee15aa7cb3ab8f8e6 *****
*****NFO: svn.paic.com.cn/svn/ff_fces_do*****
*****d124cc2a7495f5df1d12acb0a5e INFO:*****
***** _3ba05d124cc2a7495f5df1d12acb0a5e *****
*****GCHONG203 PASS: zha*****
***** _2039bf5f35d0412eef068424a7ee257d *****
***** INFO: svn.paic.com.cn/svn/ff_fces*****
*****.paic.com.cn/svn/ff_fces_doc/trunk/二^*****
*****SS: Aimee12345 INFO: svn-a*****
*****811734d88fcaf8426d189fcf8755*****
*****1901df84ac5e2bded9b403e0d291*****
*****71d003454f992b8451fa1e27bd1c*****
*****c06bab6f55772338e8390253548f*****
*****82c89470b9921cde1449ccb6e70d*****
***** f8cf7e43f92e2edb5adb7852cd*****
*****95deda7631290ada01854d08a0e6*****
*****d024f0df92a409b9a38da4ec66f6*****
*****31ebb00ae90993b552b1c0a8c9af*****
*****vn.paic.com.cn/svn/ff_fces_doc/trunk/^*****
*****: http://smc.com.cn/owa/auth/logon.asp*****
*****dfg123456 INFO: svn.paic.com*****
*****g123456 INFO: svn.paic.com.cn*****
*****/smc.com.cn/owa/auth/logon.aspx?replaceCu*****
*****X-LUOQI001 PASS: l*****
*****g123456 INFO: svn.paic.com.cn*****
*****/smc.com.cn/owa/auth/logon.aspx?replaceCu*****
*****cn/svn/ff_fces_doc/trunk/二期需求(630)/^*****
*****aibo204 PASS: Hyper_*****
*****EpOmMVMVVbZ2ipLTNw+CdzJJbPkHLLn68DcQ5el8Dy2Hj1+IhCUjhJ0rXl7ZB87vJGoUKks7qQfXJCU+nfqKz2I3WLKvKkJG52hrojWoBbye+Z*****
*****92a7367a31aeb00f5ffa3088d7c7*****
*****73a056e87498906aef3d88cbb7d6*****
*****85e1b18892fb0236dbc680406d84*****
*****9b61f50e0dedd9b4c0f2cb3c5c22*****
*****asdfg123456 INFO: svn.paic.*****
*****://smc.com.cn/owa/auth/logon.aspx?replace*****
*****456 INFO: svn.paic.com.cn/svn/f*****
***** PASS: yun413400 INFO: ht*****
***** exluoqi001 PASS:*****
*****NFO: svn.paic.com.cn/svn/ff_fces_do*****
*****O: svn.paic.com.cn/svn/ff_fces_doc/t*****
*****docookie.php?uname=mx_253306191&passwd=90e135783365498*****
*****414cfeea59579c02a85fa98d580c*****
*****05425954a669aaf3055d4de0062b*****
*****91773681fa5518d4bfa9840c3227*****
*****f33b6873758d1ccb75bffba01228*****
*****: dalizhang PASS*****
*****8a84dd53a623d46609a84e43f3f5*****
*****hanghaichuan001 PAS*****
*****hanghaichuan001 PAS*****
*****HANGHAICHUAN001 PAS*****
*****NFO: svn.paic.com.cn/svn/ff_fces_do*****
*****ICHUAN001@pingan.com.cn*****
*****NFO: svn.paic.com.cn/svn/ff_fces_do*****
*****NFO: svn.paic.com.cn/svn/ff_fces_do*****
*****NFO: svn.paic.com.cn/svn/ff_fces_do*****
*****aic.com.cn/svn/ff_fces_doc/trunk/二期^*****
*****d0d4b806296bc89e13bc24a75e21*****
***** svn.paic.com.cn/svn/ff_fces_doc/trun*****
*****bac94bd74f7d1b3e27d8cbdd42a1*****
*****3cfe95be3137544458d15016ab1b*****
*****40e1dc51d4d686918c41008c6caf*****
*****7654c2e91ccf4a3a124ceef7816e*****
*****8540397f53d1433fec0d7270789a*****
*****visioning2.php?cmd=login&mac=9c:c1:72:be:16:a8&ip*****
*****d4ad8b11e74090c3e88cead9dae3*****
*****iangbirong821 PASS*****
*****qka.com.cn/docookie.php?uname=18603068323&passwd*****
*****hanghaichuan001 PAS*****
*****3e0f659ebdf3ae4532610087c608*****
*****6/svn/mobile_group/!svn/bc/1577/trunk/DataColl*****
*****6/svn/mobile_group/!svn/bc/1576/trunk/DataColl*****
***** INFO: svn-app.paic.com.cn/svn/*****
*****hanghaichuan001 PAS*****
*****ASS: Sherman1792 INFO: http://w*****
*****GCHENGHUA605 PASS: *****
*****HRM/EMPLOYEE/PSFT_HR/c/PAIC_WORKFLOW.PAIC_WF_HOME.GBL?*****
*****HANGHAICHUAN001 PAS*****
*****1273477073bfd86b2df910c91dac*****
*****NFO: svn.paic.com.cn/svn/ff_fces_do*****
*****S: IIIiii111 INFO: svn-app.pa*****
***** ex-wanpeng001 PA*****
*****S: IIIiii111 INFO: svn-app.pa*****
*****//pshr.paic.com.cn/psp/PSHRM/?cmd=start&*****
*****aic.com.cn/psp/PSHRM/EMPLOYEE/HRMS/h/?tab=DE*****
*****ttp://pshr.paic.com.cn/psp/PSHRM/?&amp*****
*****e6e437a4a3a8e8e73f01cfa09ba4*****
*****://pshr.paic.com.cn/psp/PSHRM/?cmd=start*****
*****ANGYANG132 PASS: z*****
*****6c0536780ab106a318e66fde4f8c*****
*****b760bf9209ba9e267002399a06d3*****
*****ASS: zwy365365 INFO: p*****
***** PASS: CSF2011love INF*****
*****oning2.php?cmd=login&mac=9c:c1:72:be:16:a8&ip=10*****
*****6a99f68296249eaca8580f8cf8fd*****
*****9fd5d478efe58e89524eff33efaa6330 IN*****
*****7ce72ac863c1ddb3a78c2fb326b4*****
*****4046d29ca9a4b463d68b82a837a5*****
*****b205a8f46fbdda8e8e63d6203a15*****
*****9adc5cd6051d793624850fc889be*****
*****087f53ae62153c9b10062a296db8 INFO*****
*****�:5�� PASS: _f0635291625078694c88c009*****
*****SS: _4e8661971a804bbe22940424f182a9b4 *****
*****: _33168f3a19001a3d2c24ec2ffeffd809 I*****
*****b6733115b1d525f43c9094559349d INF*****
*****: _60e256af17ab99b7e120246af1906347 *****
*****20c9debb4214d0b5eed5f149f89 INFO:*****
***** _12e510d54c2dc3c081cbcf2d612c4379 *****
*****group/!svn/bc/1582/trunk/DataCollection/Android/tr*****
*****6218147fd600dacec5352b3c2e54*****
*****558a22f3463e237238725aa90be0*****
*****5 PASS: INFO: ftn.m*****
*****IEXIAOWEI001 PASS: *****
*****zoukangjun001 PASS:*****
*****p/!svn/bc/1582/trunk/DataCollection/Android/trunk/In*****
*****n PASS: IIIiii111 INFO: svn-app.*****
*****asiyong094 PASS: x*****
*****n PASS: BBBBB11111 INFO: svn-app*****
*****n PASS: BBB111bbb INFO: svn-app.*****
*****group/!svn/bc/1582/trunk/DataCollection/Android/tr*****
*****IIiii111 INFO: svn-app.paic.*****
*****IIIiii111 INFO: svn-app.paic.*****
*****a60f7522b9c9eed4906f9e0e855f*****
*****ff4d8d4d50d23a7c9f096cf40962*****
*****95258e56734b0ddcb6b56547bacb*****
*****: bolei406 PASS:*****
*****6450aea454a3a1011feb2eeb21fc*****
*****fc5fed4393866418bbe1e3dae513*****
*****01a6c671f5bd558b8187b5adf497*****
*****3288b4a09cc0aabf9b3deda3d946*****
*****S: BBB111bbb INFO: svn-app.pa*****
*****24691a891ee43473fc4ea002cbf8*****
*****b4d12a497108ac4fa18072eced3d*****
*****035f1853dee3847cd6dfa0b016d2*****
*****500 PASS: INFO: ftn*****
*****4a73c0e834793e18f281f9d4a7aa*****
*****UCHUIJIN275 PASS: *****
*****com/login/login.html?ts=1440469618911&serviceId=lagou&amp*****
*****73ccb300fbfa2c2ed9b9cab1892c*****
*****c67145e67a823f6225446cff03e3*****
*****80fb6239aefe393ab3c429b4e96d*****
*****fb6239aefe393ab3c429b4e96dd20*****
*****com/login/login.html?ts=1440469618911&serviceId=lagou&amp*****
*****a7e4ad646218e95370a50a41621b*****
*****ed3c723aa2688d251dc9268c9f77*****
*****92d879053dbaecfe8d3591cded2d*****
*****isioning2.php?cmd=login&mac=9c:c1:72:be:16:a8&ip=*****
*****891223x INFO: http://10.11.*****
*****b9d2d32bb6c4c8a3945a994781a7*****
*****cd332bba0d22432669107ff3b7a4*****
*****fa709a0b9669b581628ceb488d97*****
***** ZHUYUHUA129 PASS*****
*****psPkTdKvkGhQtoFwojGDfODE5raXnx3RKB7VmTTk*****
*****Mk7BUfsSrKgPJ9oQHd8KtfBMKOfYS6eMCV5/4njj*****
*****UHHcOjJHH1ID0bj3S6dte+k+FQwap6W4Af INFO: s37.blued.*****
*****-TANJUN002 PASS: E*****
*****XNXUJvX4dDo/DItA2mkceO94tFa73auYj+c3nWYpV*****
*****S9vAPS+l4GnK8FSt1AO8ja2q/T62PBjxbN4aV2bSNv6M I*****
*****A0V2fjBSmMzSizHlAGPsdejq8/ZbhhXUIrwhDu7e*****
*****xsYtcGjw0ArR0PWbugTd1H4VRN1yghcQbh INFO: s37.blued.*****
*****CCdxyyNrz6K25p4Ut2qKh2h3+O4DVXwhm5kP9cHO*****
*****ning2.php?cmd=login&mac=9c:c1:72:be:16:a8&ip=10*****
*****8yKf36s9CI4rSL5/ubRExaPIyVzF4e47Qa INFO: s37.blued.*****
*****XssvQhAsLb0fVmn1vhGm7n3/cUMDJ1KbMDzTrchB*****
*****C7i12uUq4GjrV9+nlTqq/ciwcZ55QDk98V INFO: s37.blued.*****
*****S: Houhou123 INFO: svn-app.pa*****
*****u8888 INFO: http://10.11.18*****
*****8fe9ec5e43811231f46691d1499d*****
*****d1f859832a874ac428318e8625fd*****
*****9@qq.com PASS: INFO:*****
*****62a46c5dc67fc00182562c954285*****
*****27299dde0355c5b2c7873d5825c8*****
*****0@qq.com PASS: INFO:*****
*****IWEN050 PASS: UMd39*****
*****> USER: 79*****
*****92fbbc965c81f04cc345f35307a7 INFO*****
*****1c9b4315c1c35b2755300ae61556*****
*****98ab4f4ef11d0925c239efedf797*****
*****c703d82ab026266401d1580d8699*****
*****06fac87b6c748769d582102ff9a3*****
*****�:5�� PASS: _2f733489d292758426ecda11*****
*****SS: _8404ba2471dca7f660a1625ea9fa8b49 *****
*****S: _25b6f92d9a22d45876f993907aac5451 *****
*****4e0e2c5814e4bd673b1536901cb1 INFO:*****
*****R: xy2501 PASS: *****
*****R: (null) PASS: *****
*****S: _4c94d788fffe874da89a15642a1c7ae0 *****
*****bd9be5f7ac67a0aaa2794ec249ba INFO*****
*****_aa33b410096508e068c24b846965e90b IN*****
*****8bef112a016aefbe28a7c56be8e5*****
*****cefb8e96a1d2131730798ff29ff8*****
*****5f20e96365ce690e005351614b35*****
*****^�����GBjNRc��Ȧ*****
*****67b5adf20ef78996df7e398183d0*****
*****MAJIAKUN465 PASS:*****
*****ad7f0af0a86171db7a6a2f78f297*****
*****AJIAKUN465 PASS: @*****
*****MAJIAKUN465 PASS:*****
*****ingshuai685 PASS: *****
*****f2ecdae4798cf701bb3c2d17b0c5*****
*****685532ee67c5f79b8409a02dcd67*****
*****011ab5899a65714581c0004392f6*****
*****60e16c706d349b6839d0e885efac*****
*****e0cb003a7662d28e70988a877c2b*****
*****cb38d60511898d2ebc27689c7043*****
*****087697bb402455846ef41ea5a009*****
*****82349150da42d0e5ab62915591e4*****
*****88729eb0308df6046dab7372651f*****
*****c7645b8488bfc2d7e7346f9c1863*****
*****e3a085f7751ee3033f6f239ab37f*****
*****7fe88920b6a7432597d9dc54bda2*****
*****9bf3b14dc67125ce7c7122d837f3*****
*****13c563718c0b0432bb8c8a3035d1*****
***** -> USER:*****
*****ning2.php?cmd=login&mac=9c:c1:72:be:16:a8&ip=10*****
*****qka.com.cn/docookie.php?uname=18603068323&passwd*****
*****a00ad1aa9c25ba3fc8f03b845583*****
*****aoshuhao772 PASS: *****
*****924092925" PASS:*****
*****4092925@qq.com" P*****
*****USER: 924092925 *****
*****7c3e30745112deb3f1d95cd39253*****
*****413f561b95fba009f6f4804f7e89*****
*****EX-TANJUN002 PASS*****
***** http://10.20.8.146/redmine/login?*****
*****104.176/svn/mobile_group/!svn/bc/1589/trunk*****
*****aic.com.cn/psp/PSHRM/EMPLOYEE/HRMS/h/?tab=DE*****
*****c03999c9d3de11c3a972a0cd1fcb*****
*****104.176/svn/mobile_group/!svn/bc/1588/trunk*****
*****407ba892830ec445c8d71b80e1d5*****
*****.com PASS: 19890205 INF*****
*****bd84714031f65135dcd66e191e3d*****
*****6ed0ba04758b3f173d98cbac34f0*****
*****1c66e72c733578f35e5a4ceac12e*****
*****3b64b3565871508dbe2138f64ee3*****
*****da920f390d028fec10d9fbde71c9*****
*****aa73035c8e32e650cee2e09a2b5 INFO:*****
*****2b35ff614762dbc3f90144b2088a*****
*****�:5�� PASS: _e1f66b7bcdcb40584f8b7407*****
*****SS: _8a0608ddab242b93ae1e4931b1bb22fb *****
*****S: _a12f1bf79b961d99df599ea6b6559578 *****
*****8fe3d32bfa863afaa8b49e4f06aa INFO:*****
*****S: _3210d706289a1e6ab7838f84edb17697 *****
*****536b22b75cac52e2d3cfca71ac08*****
*****0b225f18f9ba2bf54d0792d47b8b INFO*****
*****_88df49a040ca46ecebafff645f506a2b IN*****
*****jqka.com.cn/docookie.php?uname=mo_270490506&pass*****
*****.11.180.18/guest/device_provisioning2.php?cmd=lo*****
*****5af5aaf6a2148a9a49d43d9ff297*****
*****dd9daa64dd47280c86f50ff853e7*****
*****52d24625dc3629a9e0681ef1fe12*****
*****9853240&sid=1203823196&username=shiyongjiekw&passwo*****
*****S: BBB111bbb INFO: svn-app.pa*****
*****671c26f785821ddec179d3f82322*****
***** BBBBB11111 INFO: svn-app.paic*****
***** BBBBB11111 INFO: svn-app.paic*****
*****671c26f785821ddec179d3f82322*****
*****IEXIAOWEI001 PASS: *****
*****8520 INFO: svn-app.paic.com.cn/sv*****
*****498 PASS: 924092 INF*****
*****5 PASS: 924092 INFO*****
*****8 PASS: yf924092925 I*****
*****nghaichuan001 PASS: *****
*****1192cc6ba75a2da5ee4ee8062493*****
*****8 PASS: 924092925 INF*****
*****4e8246926708a62dcdf8f41cbfc4*****
***** USER: winxp273*****
*****79a5b015ce6f29653361100eedbc*****
*****jqka.com.cn/docookie.php?uname=mo_270490506&pass*****
*****PASS: jjn912joanna INFO: *****
*****BB11111 INFO: svn-app.paic.com.c*****
*****BBBB11111 INFO: svn-app.paic.co*****
*****6453@qq.com PASS: &qu*****
*****BB11111 INFO: svn-app.paic.com.c*****
*****ASS: BBBBB11111 INFO: svn-ap*****
*****BBBB11111 INFO: svn-app.paic.co*****
*****docookie.php?uname=mx_189002289&passwd=2a9e2dea66aba84*****
*****11111 INFO: svn-app.paic.com.cn/s*****
*****e3a6b762c98cbe1cd8854dd11333*****
*****ea7f42d3bb1be3248a36dc6b2e3e INFO*****
*****�:5�� PASS: _af7f2d2e9f47e233335128d1*****
*****SS: _d88b546fc49a03fc435f0ad2c4b43524 *****
*****S: _4ad14aad25e1001215bbd5b952244d29 *****
*****605e6f87a530968c1b27c89bfb49 INFO:*****
*****S: _4bc342f3e3ac524b7e18882546aa7fbc *****
*****892bdc8bf3cf69366b73619b2ac9 INFO*****
*****_e84e3ab834485d43f7988bafee2acff9 IN*****
*****c1832f770df0a6652c9eda7e71c6*****
***** PASS: uS�jX5��Uw*****
*****t; USER: �DK*****
*****SER: F��*****
*****1ac240ea6e91aaec7fbc979d3683*****
*****.11.180.18/guest/device_provisioning2.php?cmd=lo*****
*****5e295ee058693e678435515f469a*****
*****c891acb12dd5bf41a1e430df32a5*****
*****fc8ae1f5d1665acae4ab9272f503*****
*****.11.180.18/guest/device_provisioning2.php?cmd=lo*****
*****6ae3c578845773978a9a908ac1bf*****
*****Q6c851113 INFO: svn-app.paic.*****
*****650c433bc7e258f031e0678f2577*****
*****n PASS: admin INFO:*****
*****#039;''''*****
*****531185345d579ab6817ff79b5bc5*****
*****8158f77a0b2e3267e0e98d18cc68*****
*****c6874fbb6c46d3b4ec6408695bc6 INFO*****
*****�:5�� PASS: _fb121e7d43e864332a32d8ea*****
*****SS: _1d557ecf02f215db4419e24a53d61267 *****
*****S: _0d74c388ae5f49ec8aa0f7b728320e36 *****
*****c678ab1fc99360f67086d5ac2e1d INFO:*****
*****S: _0f359673c4f9b0db1008506fb5e4d0af *****
*****_246de8573d80206a73a912be36378352 IN*****
*****;+or+1=1-- PASS: aaaaa *****
*****&time=1440476114&user_id=0&area_id=6&app_key=b0b339cbd5926111806e14479db61dd6&type=3&user_nam*****
*****&time=1440476123&user_id=110663386&area_id=6&app_key=b0b339cbd5926111806e14479db61dd6&type=3&user*****
*****9a5ee41593b430107921a88633ad*****
*****c PASS: cx3246____ IN*****
*****6605bcf462cec9c59c11c937ebac*****
*****99faca4130fea059ba36c171f5d2*****
*****^ PASS: N9.�>�*****
*****t; USER: K�*****
*****> USER: ^*****
*****> USER: ^*****
*****> USER: ^*****
***** -> USER:*****
***** -> USER:*****
***** PASS: eV&�*****
*****> USER: ^*****
*****:389 ->*****
*****> USER: ^ *****
*****> USER: 3^*****
*****:389 ->*****
*****b735d3524b77424f4f000e2b2ac3*****
***** iface.iqiyi.com/api/initL*****
*****l1g0dYYkIjSb8QFL5vnwqEi8H4+Wa8ii2ezl70PDpxPN5Fwe7gub3FT/zyWF444UqhHA8SkwwCFPsDliEkc0IImCCq3fkPzsGO3w2b/N3DMKX*****
*****^b�)��_5�6��*****
*****t; USER: �^*****
*****�ГA-���f:*+f�ߢ�83o�^*****
***** PASS: ixin.qq.com/cgi*****
*****SER: �"l^*****
*****> USER: ^*****
*****50703274707ee051fc0c2df4cf43*****
*****> USER: ^*****
*****> USER: WJ*****
*****HOUKUN001 PASS: 21z*****
*****t; USER: ]�*****
*****^^9���L��4|�T8k堲^*****
*****t; USER: �^*****
*****SUrcAW75X69Ag7V0s5O9mj92Y1x2tw47nEMNSLRH*****
*****175fe493691e93b42b6cb3a86e64*****
*****58f6221a070b55886b4b7ad318a6*****
*****zhuzhe078 PASS: T*****
*****4804704c4ecb74eeee6f6e359b86*****
*****c6cf5d6b90b37582721eb5bf39c5*****
***** _e325b242c16853c0aa78b9ceda0c0b37 *****
*****e94e819341da9b8e1059e3af6333*****
*****.11.180.18/guest/device_provisioning2.php?cmd=lo*****
***** PASS: ye289286 I*****
*****O: http://bbs.gfan.com/forum.php?mod=forumdi*****
*****O: http://bbs.gfan.com/forum.php?mod=forumdi*****
*****c987bc1d0a8b2994fc1785bb8ab3*****
*****bd9960f9ccb57ee7c8460ccd6fe2*****
*****a9a64f317257a93e27605176271e*****
*****e71d99ad2eaafc5ac18e79a28bae*****
*****2cfb8f9c0349c59344a19621dc98*****
*****8754f6fcc924e05036a84c02f978*****
*****72e7d5de898a47a02d6bdc5cb03f6*****
*****45e801ec8aed260a826f6bc7f459*****
*****bea7d001d8dc97c2aa1bc5caec81*****
*****5f515dffca89477f0edd77b567d6*****
*****5913efdf6cf69ee39e78804c4ac9*****
*****6a0b342879504f8ae4ea69cba0e4*****
*****0659fab418f02385f9682adf0af4*****
*****0b342879504f8ae4ea69cba0e4bf7*****
*****a5093a0ac1a23784fdc19551e879*****
*****3f272e108a90691ccfc88f372cd85*****
*****093a0ac1a23784fdc19551e879883*****
*****ee23b5b9b5865c850f8de63fd44f3*****
*****e3ee23b5b9b5865c850f8de63fd4*****
*****e65f20a9c97a76ea0bd542afbbeb1*****
*****112.86:*****

修复方案:

配置问题吧

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2015-09-06 17:38

厂商回复:

测试和开发网络配置稍微简陋了点,获取的数据均不是办公或生产环境,影响不大。

最新状态:

暂无


漏洞评价:

评论

  1. 2015-09-02 15:21 | xsser 认证白帽子 ( 普通白帽子 | Rank:254 漏洞数:18 | 当我又回首一切,这个世界会好吗?)

    终于看到了

  2. 2015-09-02 16:03 | 秋风 ( 普通白帽子 | Rank:438 漏洞数:44 | 码农一枚,关注互联网安全)

    NB!

  3. 2015-09-02 17:28 | 蓝天 ( 普通白帽子 | Rank:192 漏洞数:51 )

    这个需要看看

  4. 2015-09-02 18:14 | M4sk ( 普通白帽子 | Rank:1213 漏洞数:321 | 国内信息安全任重而道远,还需要厂商和白帽...)

    1111

  5. 2015-09-02 22:29 | 一只猿 ( 普通白帽子 | Rank:483 漏洞数:90 | 硬件与无线通信研究方向)

    又是wifi

  6. 2015-10-21 17:54 | orange ( 普通白帽子 | Rank:200 漏洞数:39 | 戒骄戒躁。)

    我们学校这边的包商银行的wifi也可以直连。。。