当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0144324

漏洞标题:中国普天支付某漏洞导致getshell可泄漏持卡人等信息

相关厂商:中国普天支付

漏洞作者: 路人甲

提交时间:2015-09-30 22:43

修复时间:2015-11-24 16:54

公开时间:2015-11-24 16:54

漏洞类型:服务弱口令

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-30: 细节已通知厂商并且等待厂商处理中
2015-10-10: 厂商已经确认,细节仅向厂商公开
2015-10-20: 细节向核心白帽子及相关领域专家公开
2015-10-30: 细节向普通白帽子公开
2015-11-09: 细节向实习白帽子公开
2015-11-24: 细节向公众公开

简要描述:

中国普天

详细说明:

**.**.**.**:7001/cardservice/payment/index.action

1.jpg


**.**.**.**:7001/console/login/LoginForm.jsp
weblogic/11111111
可以上传war格式的马
拿到shell
**.**.**.**:7001/ma/ma3.jsp
数据库连接信息
/domains/payment/config/jdbc/PTPAY_POOL-0359-jdbc.xml

jdbc:oracle:thin:@**.**.**.**:1521:testdb
devaccount
devaccount


连接数据库

T_BAT_CARD_BAL 
T_LOG_ONLINE_PAYMENT_HIS
T_BAT_CLEAR_PAYMENT_DETAIL
T_LOG_ONLINE_P20120313_HIS
T_LOG_ONLINENT_HIS111222
T_LOG_ONLINE__HIS20120612
T_BAT_CARD_BAL_TEMP
T_INFO_ACCOUNT
T_INFO_ACCOUNT_CARD
T_INFO_CARD
T_LOG_ACCOUNT_PAYMENT
T_LOG_OFFACCOUNT_PAYMENT
T_BAT_LOG_PROCEDURE
T_LOG_OFFLINE_PAYMENT_HIS
T_BAT_SETTLE_CHECK_CYC
WL_OPRCARDSTOCKDETAIL
T_POSP_ACCT_CHK_INST_D
WULIU_BAT_STATISTICS_STOCK
WL_BUSCARDINOUTDETAIL
T_POSP_TXN
T_BAT_AML_ACCOUNT
T_BAT_CLEAR_DTL
T_POSP_TERM_INF
T_POSP_TERM_INF20131111
T_INFO_ORG_TERMINAL
T_POSP_OUT_TERM_ORG_INFO
T_LOG_OPERATION
T_RGHT_ROLE_FUNCTION
T_BAT_RUN_LOG
T_BAT_CLEAR_DTL20120612
T_BAT_XY_RECON_DETAIL_HIS
T_LOG_ACCOUNT_MANAGEMENT
T_LOG_PREAUTH_APPLY
T_POSP_TXN_MNG
T_POSP_TXN_MNG_PID
T_POSP_ALLACCT_STAT
T_INFO_ORG
T_LOG_PRINT_INVOICE
T_POSP_TXN_FILE_REG
WL_INNER_DEBUG_LOG
T_INFO_BUYCRD_CUSTOMER
T_BAT_TXN_AMT_STAT
T_POSP_OUT_MCHNT_INFO
T_RULE_SETTLE_2
T_POSP_TXN_2CORE_PID
T_RULE_SETTLE_CYCLE_2_TEMP
T_RULE_SETTLE_CYCLE_2
T_INFO_CUSTOMER
T_INFO_CARD_NO_MAP
WL_BUSCARDSTOCK_HIS
T_LOG_BOND_PAYMENT
WL_TXNDTL_SELL
T_BAT_SETTLE_DTL_2
T_BAT_FILE_LOG
T_LOG_ACCOUNT_ALTER
T_BAT_XY_RECON_INOUT
WL_BUSCARDINOUT
WL_OPRCARDSTOCKDETAIL_HIS
T_BAT_SETTLE_DTL_1
T_POSP_SHTY_ACCT_DAYSQEQ
T_DICT_CODE
WULIU_BAT_STATISTICS
T_POSP_TERM_PRM_CFG
T_RGHT_FUNCTION
T_REPORT_RP_COLUMN
WL_BUSCARDSTOCKDETAIL
WL_BUSCARDSTOCK
T_LOG_ONLINE_PAYMENT
T_LOG_ONLINE_PAYMENT20140215
T_INF_CARD_ISSUE_2ND
T_DICT_AREA_CITY
T_BAT_AML_MERCH
T_LOG_ONLINE_PAYMENT20130808
WL_BUSCARDSTOCKDETAIL_HIS
T_BAT_DIFF_LOTTERYORG_HIS
T_POSP_BMP_INF
T_INFO_INVOICE
T_INFO_ORDER
T_RGHT_USER_ROLE
EACODE
T_LOG_ONLINE_PAYMENT20130806
T_BAT_XY_RECON_FILE
T_POSP_FLD_INF
T_INFO_USER
T_INFO_ORDER_DTL
T_LOG_CHANGECARD_APPLY
T_POSP_TXN_AUTH
T_DICT_INFO
T_POSP_CON_INF
T_DICT_TXN_ERRCODE
T_LOG_OFFLINE_PAYMENT20130625
TBCARDCSNRELATION
WL_BUSCARDINOUTDF
T_POSP_BATTR_TXN
T_REPORT_RP_QUERY
T_INFO_ORDER_PAY
T_POSP_MSG_INF
T_REPORT_OUTKEYTB
T_LOG_CARD_ISSUANCE
T_RGHT_ROLEDEF
T_INFO_INVOICE_TEMP
T_INFO_BUYCRD_CUSTOMER_TEMP
T_POSP_NO_HANDLINGCHARGE
T_DICT_TXN_CODE
WL_ORDER
T_LOG_COUPON_PAYMENT_HIS
T_INFO_ORDER_CARDDTL
T_POSP_TXN_TONGLIAN
T_REPORT_RIGHT_ROLE_FUNCTION
T_POSP_TXN_IC_PURSE
T_LOG_ONLINE_PAYMENT20130807
T_POSP_TXN_REVSAL_PID
T_POSP_RSP_CODE_MAP
T_INFO_SALESMAN
T_LOG_MNG_TXN_REG
T_LOG_MNG_TXN_DTL
T_BAT_AML_TXN
T_GM_OPEN_ACCOUNT
T_INFO_ORDER_DTL_TEMP
T_BAT_SHARED_DTL_2
T_BAT_SELL_SIGNCARD
T_LOG_ONLINE_PAYMENT20130617
T_INFO_ORDER_TEMP
T_LOG_ONLINE_PAYMENT20130625
T_POSP_ROUTE_INF
T_POSP_TXN_INF
T_FILE_ERROR_PAYMENT
T_BAT_CRDMANAGE_DTL
T_LOG_ONLINE_PAYMENT20130803
WL_OPRCARDSTOCK
T_ENCODERULE_CARD
T_DETAIL_BANK_RECMENT
T_LOG_ONLINE_PAYMENT20140219
T_LOG_ONLINE_PAYMENT20140213
T_REPORT_RP_BASE
T_INFO_BLACK
T_LOG_OFFLINE_PAYMENT20130803
T_LOG_ONLINE_PAYMENT20130804
T_FILE_BATCH_OPEN_ACCOUNT
T_LOG_ONLINE_PAYMENT20140216
T_CLAIM_BANK_RECMENT
T_POSP_PRM_INF_SORTED
T_RULE_SHARED
TDUPPKGREGTB
T_LOG_ONLINE_PAYMENT20130623
T_POSP_PRM_INF
T_BAT_CLEAR_COUPON_DTL
T_RULE_SETTLE_1
T_RULE_FEE
T_LOG_ONLINE_PAYMENT20130802
T_POSP_DIFF_RESULT
T_LOG_POINT_INACTIVE
T_LOG_ONLINE_PAYMENT20130621
T_POSP_MSQ_INF
T_REPORT_DICT_CODE
T_BAT_SHARED_DTL_1
T_INFO_DEPARTMENT
T_INFO_CARDHOLDER_FEE_RATE
T_INFO_BLACKBAK
T_FILE_CONTROL
T_SYS_PRM
T_POSP_SHTY_ACCT_DTL
T_REPORT_RIGHT_FUNCTION
T_POSP_SAF_MSG
T_LOG_ONLINE_PAYMENT20130329
T_BAT_TASK_CFG
T_RULE_SETTLE_CYCLE_2_HIS
T_LOG_ONLINE_PAYMENT20130331
T_POSP_SRV_INF
T_INFO_ORDER_REBATE
T_ENCODERULE_CARD_ADD
T_LOG_POINT_ACTIVE
T_LOG_ONLINE_PAYMENT20130805
T_LOG_OFFLINE_PAYMENT20130806
T_POSP_KEY_CFG
T_POSP_DICT_INF
WL_TXNDTL_TH
T_LOG_OFFLINE_PAYMENT20130802
T_LOG_ONLINE_PAYMENT20130330
T_BAT_DIFF_LOTTERYORG_INOUT
T_REPORT_DICT_INFO
T_POSP_TXN_TRANSFER2CUP
T_INFO_CARDHOLDER_FEE
T_TRANS_LINK
T_POSP_INF_DICT
T_LOG_ONLINE_PAYMENT20130325
T_POSP_LINE_CFG
T_INFO_ADVICE
T_LOG_OFFLINE_PAYMENT
T_INFO_ISSORG_SERVICEFEE
T_INFO_ACCESS_ORG
T_LOG_ONLINE_PAYMENT20130622
T_INFO_POINT_COUPON
T_LOG_OFFLINE_PAYMENT20130805
T_POSP_CONV_TYPE
T_INFO_COUPON
WL_BISUPPLYUNIT
T_RULE_SETTLE_CYCLE_1
T_LOG_ONLINE_PAYMENT20121109
T_LOG_ONLINE_PAYMENT20130326
T_POSP_IPC_INF
XJ_CUSTOMER
T_LOG_ACCT_PAYMENT
T_DICT_BUSI_INF
T_RULE_SHARED_HIS
T_LOG_ONLINE_PAYMENT20121202
T_LOG_ONLINE_PAYMENT20130101
T_REPORT_RIGHT_USER
T_PAYMENT_MSG_SEND
T_REPORT_RP_INFO
T_RULE_FEE_HIS
T_LOG_APPLY_RECONCILIATION
T_POSP_SHTY_ACCT_STAT
T_LOG_ONLINE_PAYMENT20121203
T_LOG_ONLINE_PAYMENT20130327
T_POSP_RED_TERM_SIGNIN_RESULT
T_FILE_BANK_RECMENT
T_BAT_SETTLE_DTL_INVOICE
T_BAT_FILE_TASK_DEF
EAPARAM
T_BAT_XY_RECON_DETAIL_SUPPLE
T_RULE_SETTLE_0
T_POSP_OUT_ORG_INFO
T_REPORT_RIGHT_USER_ROLE
T_RULE_SETTLE_CYCLE_0_HIS
T_RULE_SETTLE_2_HIS
T_RULE_SETTLE_0_HIS
T_BAT_POINT_RECONCIL
XJ_CCCC
XI
T_PAYMENT_MSG_TEMP_SEND
T_POSP_OUT_SYS_INF
T_POSP_LINE_INF
CNTXDTB
CNDATADIRINFOTB
T_LOG_DUBIOUS_TXN
T_LOG_OFFLINE_PAYMENT20130617
T_POSP_TERM_INF20131001
T_POSP_TIMEOUT_INFO
T_POSP_OUT_SHOP_INFO
T_BAT_BOC_CONSIGN
T_LOG_OFFLINE_PAYMENT20130621
T_LOG_ONLINE_PAYMENT20130626
T_LOG_ONLINE_PAYMENT20130627
T_BAT_CUT_CTL
T_BAT_FILE_TASK_CFG
WL_BUSMAKECARDDETAIL
WL_RCCIMPORT
T_REPORT_BACKUP
T_REPORT_RIGHT_ROLE
T_RISK_PASSWD_ERR_CTL
T_POSP_BAT_CUT_CTL
T_POSP_SSN
T_BAT_XJ_LOG
T_INFO_MSG_RECEIVE_ADDR
T_RULE_SETTLE_1_HIS
T_INVOICE_MISS_BACK
T_LOG_ONLINE_PAYMENT20121110
T_LOG_ONLINE_PAYMENT20130131
T_LOG_OFFLINE_PAYMENT20130808
T_POSP_TONGLIAN_MERCHANT_INFO
T_LOG_OFFLINE_PAYMENT20130804
T_SUPPLY_TXN_LOGS
T_POSP_SINOPEC_TERM
SMSSVR_IN
SMSVR_OUT
T_INFO_ORDER_REFUNDDTL
T_LOG_OFFLINE_PAYMENT20130623
T_LOG_OFFLINE_PAYMENT20130622
T_LOG_OFFLINE_PAYMENT20130627
T_LOG_OFFLINE_PAYMENT20130626
T_BAT_DIFF_LOTTERYORG
T_POSP_TXN_TRANSFER_ACCT
T_BAT_XY_RECON_DETAIL
T_LOG_OFFLINE_PAYMENT20121110
T_LOG_ONLINE_PAYMENT20121113
T_LOG_OFFLINE_PAYMENT20121113
T_LOG_OFFLINE_PAYMENT20121114
T_LOG_ONLINE_PAYMENT20121114
T_LOG_ONLINE_PAYMENT20121115
T_LOG_OFFLINE_PAYMENT20121115
T_LOG_OFFLINE_PAYMENT20121130
T_LOG_OFFLINE_PAYMENT20121129
T_LOG_ONLINE_PAYMENT20121129
T_LOG_ONLINE_PAYMENT20121130
T_LOG_OFFLINE_PAYMENT20121202
T_LOG_OFFLINE_PAYMENT20121201
T_LOG_ONLINE_PAYMENT20121201
T_LOG_OFFLINE_PAYMENT20121203
T_LOG_OFFLINE_PAYMENT20121205
T_LOG_OFFLINE_PAYMENT20121204
T_LOG_ONLINE_PAYMENT20121204
T_LOG_OFFLINE_PAYMENT20121230
T_LOG_ONLINE_PAYMENT20121205
T_LOG_OFFLINE_PAYMENT20121231
T_LOG_ONLINE_PAYMENT20121230
T_LOG_ONLINE_PAYMENT20121231
T_LOG_OFFLINE_PAYMENT20130103
T_LOG_OFFLINE_PAYMENT20130101
T_LOG_OFFLINE_PAYMENT20130102
T_LOG_ONLINE_PAYMENT20130102
T_LOG_OFFLINE_PAYMENT20130128
T_LOG_ONLINE_PAYMENT20130103
T_LOG_ONLINE_PAYMENT20130128
T_LOG_OFFLINE_PAYMENT20130131
T_LOG_ONLINE_PAYMENT20130129
T_LOG_OFFLINE_PAYMENT20130129
T_LOG_OFFLINE_PAYMENT20130130
T_LOG_ONLINE_PAYMENT20130130
T_LOG_OFFLINE_PAYMENT20130201
T_LOG_ONLINE_PAYMENT20130201
T_LOG_ONLINE_PAYMENT20130202
T_LOG_OFFLINE_PAYMENT20130202
T_BAT_SETTLE_BANK
T_LOG_OFFLINE_PAYMENT20130325
T_LOG_OFFLINE_PAYMENT20130327
T_LOG_OFFLINE_PAYMENT20130326
T_LOG_OFFLINE_PAYMENT20130329
T_LOG_ONLINE_PAYMENT20130328
T_LOG_OFFLINE_PAYMENT20130328
T_LOG_OFFLINE_PAYMENT20130330
T_LOG_OFFLINE_PAYMENT20130331
T_LOG_OFFLINE_PAYMENT20130807
T_LOG_OFFLINE_PAYMENT20140213
T_BAT_ORDER_CARDNO
T_BAT_ORDER_BALANCE
T_LOG_OFFLINE_PAYMENT20140217
T_POSP_MON_DISKSPACE
T_LOG_OFFLINE_PAYMENT20140215
T_LOG_OFFLINE_PAYMENT20140216
T_LOG_OFFLINE_PAYMENT20140218
T_LOG_ONLINE_PAYMENT20140217
T_LOG_ONLINE_PAYMENT20140218
T_LOG_OFFLINE_PAYMENT20140219
T_ORDER_SCOPE
T_ORDER_SCOPE_CURR
T_TEST_DICT
T_INFO_NOTICE_TEST
T_INFO_ENTERPRISE
T_INFO_OTAPWD_TRANSFER
T_INFO_SERVICEFEE
T_LOG_ACCOUNT_ALTER_HIS
T_LOG_ACCOUNT_MANAGEMENT_HIS
T_LOG_ACCOUNT_PAYMENT_HIS
T_LOG_ASK_COMPLAITS
CNUNITDATAMAP
TDDOWNPKGREGTB
TPPARAMTB
WL_BUSCARDINOUTTHCONDITION
WL_BUSMAKECARDDETAIL_HIS
WL_OPRCARDSTOCKDETAILCK
WL_OPRCDKREGISTE
WL_OPRCDKREGISTEDETAIL
T_FILE_BATCH_CHARGE_ACCOUNT
T_FILE_BATCH_SALE_ACCOUNT
T_FILE_BAT_DEAL
T_INFO_ACCOUNT_BOND
WL_TXNDTL_RECORD
WL_TXNDTL_TH_BACK
WULIU_BAT_LOG
T_TEMP_LOG_PAYMENT_BAT_LOTTERY
T_POSP_TXN_HIS
T_POSP_TXN_IC_PURSE_HIS
T_POSP_TXN_TRANSFER_ACCT_HIS
T_RISK_BLACK_CUSTOMER
T_RISK_BLACK_MERCHANT
T_RISK_CUSTOMER_COMMON_RULE
T_RISK_MERCHANT_COMMON_RULE
T_LOG_RECONCILIATION
T_LOG_REFUND_APPLY
T_LOG_UPACCCOUNT_TXN
T_MSG_CONFIRM
T_MSG_UNCONFIRM
T_PARA_ACCOUNT_BAL
T_PARA_MERCHANT_REFUND_RULE
T_POSP_SAF_MSG_HIS
T_LOG_DUBIOUS_TXN_HIS
T_LOG_MERCHANT_DAY_TXN
T_LOG_MESSAGE
T_LOG_MESSAGE_RANGE
T_LOG_MESSAGE_VIEWER
T_POSP_TXN_4046_REG
T_RULE_SETTLE_CYCLE_1_HIS
XIAJIE
T_LOG_DISC_JNL
T_INFO_JOIN_ARCH
T_INFO_DISC_RATE
T_INFO_DISC_ARCH
XJ_TEST
T_BAT_CLEAR_DTL_FINAL
T_INFO_POINT
T_LOG_COUPON_PAYMENT
T_BAT_POINT_CONFIRM
T_BAT_POINT_CONFIRM_HIS
T_BAT_POINT_RECONCIL_HIS
T_RULE_SETTLE_CYCLE_0
T_BAT_AML_MERCH_CONFIG
T_LOG_ONLINE_PAYMENT20121111
T_LOG_OFFLINE_PAYMENT20121111
T_LOG_OFFLINE_PAYMENT20121112
T_LOG_ONLINE_PAYMENT20121112
T_LOG_OFFLINE_PAYMENT20121109
。。。。。。。。。。。。。。


大量信息泄漏

1.jpg

漏洞证明:

2.jpg

修复方案:

修改密码

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:12

确认时间:2015-10-10 16:52

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给上海分中心,由其后续协调网站管理单位处置(需要新建立联系渠道).

最新状态:

暂无


漏洞评价:

评论