当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0152838

漏洞标题:浙江某大学旗下站点编辑器弱口令+目录遍历+敏感信息泄漏

相关厂商:zjut.edu.cn

漏洞作者: 路人甲

提交时间:2015-11-09 14:49

修复时间:2015-12-26 15:16

公开时间:2015-12-26 15:16

漏洞类型:内部绝密信息泄漏

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-09: 细节已通知厂商并且等待厂商处理中
2015-11-11: 厂商已经确认,细节仅向厂商公开
2015-11-21: 细节向核心白帽子及相关领域专家公开
2015-12-01: 细节向普通白帽子公开
2015-12-11: 细节向实习白帽子公开
2015-12-26: 细节向公众公开

简要描述:

求rank。。。

详细说明:

各种敏感信息泄漏 编辑器弱口令 遍历目录。。。

漏洞证明:

目标站点:http://www.software.zjut.edu.cn/
编辑器弱口令:http://www.software.zjut.edu.cn/admin/editor/admin/login.php
帐号密码为admin
apache 可遍历目录
http://www.software.zjut.edu.cn/admin/editor/
等路径
敏感信息:http://www.software.zjut.edu.cn/gzd.sql

0.png


LOCK TABLES `ins_admin` WRITE;
/*!40000 ALTER TABLE `ins_admin` DISABLE KEYS */;
INSERT INTO `ins_admin` VALUES (24,'zmz','83f548b1f479d0e049d66cb5206e6a9f',1,'2014-05-13 09:24:37','2014-10-20 10:24:19','172.16.9.111',1,'','','','','','{\"news_info\":\"0\",\"news_dels\":\"0\",\"news_sites\":\"0\",\"news_cates\":\"0\",\"news_origs\":\"0\",\"news_keys\":\"0\",\"news_comments\":\"0\",\"news_tags\":\"0\",\"sites_info\":\"0\",\"sites_dels\":\"0\",\"sites_cates\":\"0\",\"sites_weeks\":\"0\",\"datas_view\":\"0\",\"sys_base\":\"0\",\"sys_backup\":\"0\",\"sys_update\":\"0\",\"sys_sitemap\":\"0\",\"sys_ads\":\"0\",\"sys_files\":\"0\",\"sys_links\":\"0\",\"sys_admins\":\"0\",\"sys_task\":\"0\"}'),(25,'mdusa','d183d0b0bec5192852117e99f5213cd5',1,'2014-02-01 13:29:32','2014-10-20 10:24:19','172.16.9.111',1,'','','','','','{\"news_info\":\"1\",\"news_dels\":\"1\",\"news_sites\":\"1\",\"news_cates\":\"1\",\"news_origs\":\"1\",\"news_keys\":\"1\",\"news_comments\":\"1\",\"news_tags\":\"1\",\"sites_info\":\"1\",\"sites_dels\":\"1\",\"sites_cates\":\"1\",\"sites_weeks\":\"1\",\"datas_view\":\"1\",\"sys_base\":\"1\",\"sys_backup\":\"1\",\"sys_update\":\"1\",\"sys_sitemap\":\"1\",\"sys_ads\":\"1\",\"sys_files\":\"1\",\"sys_links\":\"1\",\"sys_admins\":\"1\",\"sys_task\":\"1\"}'),(23,'lxc','fbb204a4061ffbd41284a84c258c1bfb',1,'2014-03-14 21:12:07','2014-10-20 10:24:19','172.16.9.111',1,'','','','','','{\"news_info\":\"1\",\"news_dels\":\"1\",\"news_sites\":\"1\",\"news_cates\":\"1\",\"news_origs\":\"1\",\"news_keys\":\"1\",\"news_comments\":\"1\",\"news_tags\":\"1\",\"sites_info\":\"1\",\"sites_dels\":\"1\",\"sites_cates\":\"1\",\"sites_weeks\":\"1\",\"datas_view\":\"1\",\"sys_base\":\"1\",\"sys_backup\":\"1\",\"sys_update\":\"1\",\"sys_sitemap\":\"1\",\"sys_ads\":\"1\",\"sys_files\":\"1\",\"sys_links\":\"1\",\"sys_admins\":\"1\",\"sys_task\":\"1\"}'),(22,'lyy','7e1600fe813b8c1e1008f39a8d726e6f',1,'2014-03-05 22:16:54','2014-10-20 10:24:19','172.16.9.111',1,'','','','','',''),(21,'wcw','a40b32f4e3027ebc1b317fc1460da184',1,'2014-03-05 22:16:36','2014-10-20 10:24:19','172.16.9.111',1,'','','','','',''),(1,'admin','e10adc3949ba59abbe56e057f20f883e',1,'2014-02-01 13:29:32','2014-10-20 10:38:14','172.16.9.111',1,'','','','','','{\"news_info\":\"1\",\"news_dels\":\"1\",\"news_sites\":\"1\",\"news_cates\":\"1\",\"news_origs\":\"1\",\"news_keys\":\"1\",\"news_comments\":\"1\",\"news_tags\":\"1\",\"sites_info\":\"1\",\"sites_dels\":\"1\",\"sites_cates\":\"1\",\"sites_weeks\":\"1\",\"datas_view\":\"1\",\"sys_base\":\"1\",\"sys_backup\":\"1\",\"sys_update\":\"1\",\"sys_sitemap\":\"1\",\"sys_ads\":\"1\",\"sys_files\":\"1\",\"sys_links\":\"1\",\"sys_admins\":\"1\",\"sys_task\":\"1\"}'),(17,'wbz','33c8dfafc788d06f751f3a892dd46540',1,'2014-03-05 13:44:48','2014-10-21 13:40:15','172.16.9.111',1,'','','','','',''),(18,'crr','769b767d4f5065564322ce51df406892',1,'2014-03-05 22:15:59','2014-10-21 11:46:49','10.3.135.82',1,'','','','','',''),(19,'blj','bc598dc04e033206bbc26d28a0ef6a96',1,'2014-03-05 22:16:16','2014-10-20 10:24:19','172.16.9.111',1,'','','','','',''),(20,'cwj','21496a6026b2cb71667fd65235f0cf97',1,'2014-03-05 22:16:26','2014-10-20 10:24:19','172.16.9.111',1,'','','','','',''),(26,'admin1','e00cf25ad42683b3df678c61f42c6bda',1,'2014-10-20 10:03:54','2014-10-20 10:24:19','172.16.9.111',1,'','','','','','{\"news_info\":\"1\",\"news_dels\":\"1\",\"news_sites\":\"1\",\"news_cates\":\"1\",\"news_origs\":\"1\",\"news_keys\":\"1\",\"news_comments\":\"1\",\"news_tags\":\"1\",\"sites_info\":\"1\",\"sites_dels\":\"1\",\"sites_cates\":\"1\",\"sites_weeks\":\"1\",\"datas_view\":\"1\",\"sys_base\":\"1\",\"sys_backup\":\"1\",\"sys_update\":\"1\",\"sys_sitemap\":\"1\",\"sys_ads\":\"1\",\"sys_files\":\"1\",\"sys_links\":\"1\",\"sys_admins\":\"1\",\"sys_task\":\"1\"}');
/*!40000 ALTER TABLE `ins_admin` ENABLE KEYS */;


帐号密码竟然是弱口令:admin 123456
http://www.software.zjut.edu.cn/test.php(phpinfo)
test:

1.png


2.png


不多做测试

修复方案:

rank能多点?

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-11-11 15:14

厂商回复:

谢谢你的帮助,我们会尽快处理的

最新状态:

暂无

漏洞评价:

评价