当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0142749

漏洞标题:中信证券近300账户存在弱口令可导致大量内部敏感信息

相关厂商:中信证券

漏洞作者: 路人甲

提交时间:2015-09-24 12:58

修复时间:2015-11-06 15:04

公开时间:2015-11-06 15:04

漏洞类型:服务弱口令

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-24: 细节已通知厂商并且等待厂商处理中
2015-09-22: 厂商已经确认,细节仅向厂商公开
2015-10-02: 细节向核心白帽子及相关领域专家公开
2015-10-12: 细节向普通白帽子公开
2015-10-22: 细节向实习白帽子公开
2015-11-06: 细节向公众公开

简要描述:

中信证券
简单看看

详细说明:

1.png


2.png


3.png


4.png


5.png


6.png


7.png


就登录了2-3个用户邮箱,太多了反而不想看
附:

Payload1	Payload2
print 123456
zhangbin1 123456
zhanglei6 123456
caili 123456 caili123456
wangyun 123456 wangyun123456
Payload1 Payload2
060dnb 123456
060dnb 123456
062cwb 123456
071CWB 123456
319cwb 123456
401dnb 123456
409cwb 123456
409zhb 123456
413cwb 123456
422cwb 123456
422zhb 123456
427zhb 123456
428zhb 123456
440cwb 123456
440dnb 123456
441dnb 123456
442dnb 123456
447cwb 123456
447zhb 123456
450cwb 123456
465zhb 123456
466zhb 123456
467dnb 123456
467zhb 123456
516cwb 123456
516cwb 123456
caoc 123456
cvms 123456
ex_apex 123456
Forum 123456
060dnb 123456
060dnb 123456
062cwb 123456
071CWB 123456
319cwb 123456
401dnb 123456
409cwb 123456
409zhb 123456
413cwb 123456
422cwb 123456
422zhb 123456
427zhb 123456
428zhb 123456
440cwb 123456
440dnb 123456
441dnb 123456
442dnb 123456
447cwb 123456
447zhb 123456
450cwb 123456
465zhb 123456
466zhb 123456
467dnb 123456
467zhb 123456
516cwb 123456
caoc 123456
aliyun_dev 123456
aliyun_prod 123456
ali_cloud_dev 123456
ali_cloud_prod 123456
chengrui 123456
citicsserver 123456
custodiandata 123456
evaluation 123456
ex_caidong 123456
ex_chenhuashan 123456
ex_chiweisu 123456
ex_daichangqing 123456
ex_daixiaowei 123456
ex_duanjing 123456
ex_fengqibing 123456
ex_fuxuegang 123456
ex_gaofan 123456
ex_gumeng 123456
ex_guohuiming 123456
ex_haozhuo 123456
ex_huangronghui 123456
ex_huangronghui 123456
ex_hulun 123456
ex_huyaoxue 123456
ex_jiangying 123456
ex_jinshi 123456
ex_liaojunfu 123456
ex_lihailiang 123456
ex_lijiaxiang 123456
ex_liujidong 123456
ex_liupin 123456
ex_liushaoxiong 123456
ex_liuxiwu 123456
ex_liuyan 123456
ex_lixiong 123456
ex_liyongjin 123456
ex_maoqiang 123456
ex_menglinglong 123456
ex_miaoyu 123456
ex_qianjing 123456
ex_qilin 123456
ex_ququnjiang 123456
ex_shaoxuecheng 123456
ex_shiyu 123456
ex_sunlingshuai 123456
ex_sunzhenhua 123456
ex_suxiuhu 123456
ex_tanglei 123456
ex_tianchuan 123456
ex_wanggang 123456
ex_wangh 123456
ex_wangjian 123456
ex_wangjing 123456
ex_wangkp 123456
ex_wanglina 123456
ex_wanglong 123456
ex_wangruiming 123456
ex_wangyuxiu 123456
ex_wangzhiwei 123456
ex_wanyao 123456
ex_wujiangbin 123456
ex_xiaopei 123456
ex_xiehy 123456
ex_xieliang 123456
ex_xujingwei 123456
ex_xujinliang 123456
ex_yanglb 123456
ex_yankunpeng 123456
ex_yejinhua 123456
ex_yeshengqiang 123456
ex_yuhong 123456
ex_zhangbaihong 123456
ex_zhangnengjie 123456
ex_zhangquan 123456
ex_zhangxiaohui 123456
ex_zhangxu 123456
ex_zhaokan 123456
ex_zhaox 123456
ex_zhenghongen 123456
ex_zhouyuming 123456
ex_zouzhicai 123456
GB_Project 123456
aliyun_dev 123456
aliyun_prod 123456
ali_cloud_dev 123456
ali_cloud_prod 123456
ex_chengzhiqiang 123456
ex_fanxiqiantest 123456
ex_pengxianliang 123456
ex_yanghongzhang 123456
ex_zhongchonglong 123456
030CWB 123456
074dnb 123456
1082cwb 123456
319dnb 123456
320dnb 123456
320dnb 123456
419cwb 123456
420cwb 123456
bfcj 123456
bjjgm 123456
CCRS 123456
cgwl 123456
chengq 123456
CRMP 123456
ex_dffu 123456
ex_hil 123456
ex_rm 123456
ex_wl 123456
ex_yfxu 123456
030CWB 123456
074dnb 123456
1082cwb 123456
319dnb 123456
320dnb 123456
320dnb 123456
419cwb 123456
420cwb 123456
bfcj 123456
bjjgm 123456
CCRS 123456
admindpt 123456
chenzhiquan 123456
custodiandate 123456
custodiandate 123456
ex_caolijun 123456
ex_daixz 123456
ex_fanlibo 123456
ex_fanshigang 123456
ex_fengxiuxiu 123456
ex_fuzhaowei 123456
ex_guojuanjuan 123456
ex_guolin 123456
ex_haoquanwei 123456
ex_huruihai 123456
ex_kangweili 123456
ex_kongzaifu 123456
ex_liangyan 123456
ex_libing 123456
ex_lihang 123456
ex_lihengyu 123456
ex_liruifeng 123456
ex_liuqian 123456
ex_liuwei 123456
ex_liuyi 123456
ex_liuzhiquan 123456
ex_liuzhiying 123456
ex_liwei 123456
ex_lixuezheng 123456
ex_luhao 123456
ex_luzhenbo 123456
ex_mabin 123456
ex_maxiaoyue 123456
ex_menglingkui 123456
ex_qianyun 123456
ex_renmeng 123456
ex_shenli 123456
ex_shifeng 123456
ex_shushi 123456
ex_songxiaojuan 123456
ex_sunqiang 123456
ex_sunquan 123456
ex_sunyidong 123456
ex_tanleliang 123456
ex_wangbaoyue 123456
ex_wangruibo 123456
ex_wangshaohui 123456
ex_wangxianwen 123456
ex_wangyd 123456
ex_weiwang 123456
ex_wenjun 123456
ex_wuguohong 123456
ex_wukeding 123456
ex_xingshiwu 123456
ex_xuqiang 123456
ex_xuyuanfei 123456
ex_yangdongyue 123456
ex_yanghong 123456
ex_yangxiaolin 123456
ex_yangz 123456
ex_yeyunxi 123456
ex_yuhaoyang 123456
ex_zhanghui 123456
ex_zhangke 123456
ex_zhangxiao 123456
ex_zhangxiao 123456
ex_zhangxiaobo 123456
ex_zhangyuan 123456
ex_zhangzhipeng 123456
ex_zhaowenjie 123456
ex_zhaoyingjie 123456
ex_zhengxin 123456
ex_zhuyong 123456
fanxiqian 123456
admindpt 123456
caifuguanlilianmeng 123456
Equityderivatives1 123456
Equityderivatives1 123456
Equityderivatives2 123456
Equityderivatives3 123456
Equityderivatives4 123456
Equityderivatives5 123456
caifuguanlilianmeng 123456
Payload1 Payload2
byy a123456
byy a123456
dyt abc123
cx citics123
edg citics123
chenjunting 123qwe
chenyuxin a123456
citics_webex_test01 citics
citics_webex_test02 citics
citics_webex_test03 citics
citics_webex_test05 citics
citics_webex_test06 citics


漏洞证明:

真该整顿一下了

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-09-22 15:03

厂商回复:

已通知处理

最新状态:

暂无


漏洞评价:

评论

  1. 2015-09-22 12:58 | 疯狗 认证白帽子 ( 实习白帽子 | Rank:44 漏洞数:2 | 阅尽天下漏洞,心中自然无码。)

    中信证券的300勇士 --

  2. 2015-09-22 13:38 | 浮世浮城 ( 普通白帽子 | Rank:346 漏洞数:63 | 我存于这俗世烟火的浮世,我爱这时光倒影的...)

    我已经报警 我说我账户上怎么少了20万