当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0155522

漏洞标题:经营宝理财某系统漏洞(各种KEY/数据库信息/理财信息)

相关厂商:珠海易道科技有限公司

漏洞作者: 路人甲

提交时间:2015-11-24 15:35

修复时间:2016-01-11 15:32

公开时间:2016-01-11 15:32

漏洞类型:重要敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-24: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-01-11: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

首先是数据库配置文件泄露
https://github.com/hwf452/efb/blob/master/efb/resources/jdbc.properties

#[192.168.8.3]
jdbc.url=jdbc:mysql://192.168.8.3:3306/EFB
#[121.40.183.68 -  10.168.63.223]
#jdbc.url=jdbc:mysql://121.40.183.68:3306/efb-1-3
#jdbc.url=jdbc:mysql://rdsr3u3ammzjyau.mysql.rds.aliyuncs.com/efb-1-3 invalid
#[121.40.200.101 - 10.168.80.17]
#jdbc.url=jdbc:mysql://rdsy6vzb2y6vzb2.mysql.rds.aliyuncs.com/efb-1-1-4
jdbc.username=efb
jdbc.password=edao2014EDAO


能链接的有两台服务器

数据库1.png


数据库2.png


最新的数据验证码.png


最新的验证码信息
找了好久没找到用户表,不知道在哪里
下面贴一些配置文件

<?xml version="1.0" encoding="utf-8"?>
<config>
	<sendSmsParam>
    	<yunTongXun>
    		<smsServiceUrl>sandboxapp.cloopen.com</smsServiceUrl>
    		<smsServicePort>8883</smsServicePort>
    		<accountSid>aaf98f89488d0aad0148b15dd9da10f7</accountSid>
    		<authToken>9e670cc2aede48c8a712e538877d1047</authToken>
    		<appId>8a48b551488d07a80148ba0c033b1469</appId>
    		<templateId>5043</templateId>
    		<registerSuccessTemplateId>7710</registerSuccessTemplateId>
    		<registerSuccessDownloadLink>http://www.jyb360.com/</registerSuccessDownloadLink>
    		<registerSuccessDownloadQrcode>http://web.jyb360.com/web/images/qrcode.png</registerSuccessDownloadQrcode>
    	</yunTongXun>
    	<juhe>
    	   <smsServiceUrl>http://v.juhe.cn/sms/send</smsServiceUrl>
    	   <appKey>302efec9b344ae81a7e2a78d6b7d890a</appKey>
    	   <paramPattern>#?#=*</paramPattern>
    	</juhe>
    </sendSmsParam>
    <financialParam>
    	<annualInterestRate>0.0035</annualInterestRate>
    </financialParam>
    <fundTradeParam>
        <lionfund>
            <requestApplyUrl>http://210.21.212.7:8080/febop/requestApply.go</requestApplyUrl>
            <!-- <requestApplyUrl>https://trade.lionfund.com.cn/febop/requestApply.go</requestApplyUrl> -->
            <edaoInstitutionId>YD01</edaoInstitutionId>
            <edaoCertificationId>YD0101</edaoCertificationId>
	        <edaoPrivateKeyPath>yidao_private_key_101.pem</edaoPrivateKeyPath>
	        <lionfundPublicKeyPath>lionfund_public_key_101.pem</lionfundPublicKeyPath>
	        
	        <ftpUrl>210.21.212.7</ftpUrl>
            <ftpUserName>yd</ftpUserName>
            <ftpPassWord>1q2w3e</ftpPassWord>
            <ftpProt>21</ftpProt>
            <ftpPath>E:/Projects/FTP/</ftpPath>
            
            <sftpUrl>121.34.253.167</sftpUrl>
            <sftpUserName>yd</sftpUserName>
            <sftpPassWord>271614</sftpPassWord>
            <sftpProt>22</sftpProt>
            <sftpPath>E:/Projects/FTP/</sftpPath>
        </lionfund>
    </fundTradeParam>  
    <aliyunOSSParam>
        <endpoint>http://oss.aliyuncs.com</endpoint>
        <accessKeyId>I5pYapkHvS4Sz0JI</accessKeyId>
        <accessKeySecret>tPOsmNYMDX8Vb7H83FJShQquXdr9eq</accessKeySecret>
        <resExpiration>3600000</resExpiration>
        <bucketNameSystemRes>efb-system-res-101</bucketNameSystemRes>
        <bucketNameCommonRes>efb-common-res-101</bucketNameCommonRes>
        <bucketNameEnterpriseRes>efb-enterprise-res-101</bucketNameEnterpriseRes>
        <bucketNameTempRes>efb-temp-res-101</bucketNameTempRes>
        <ossHttpUrl>http://${bucketName}.oss-cn-hangzhou.aliyuncs.com</ossHttpUrl>
    </aliyunOSSParam>
    
    <pushMessageParam>
        <apns>
            <apnsHost>gateway.sandbox.push.apple.com</apnsHost>
            <apnsPort>2195</apnsPort>
            <certificate>efb_apns_dev_java_key.p12</certificate>
            <certificatePassword>yidao</certificatePassword>
        </apns>
        <android>
	        <getui>
	        	<jyb>
			    	<appId>wRWdEFahtq8UdHswebaFg1</appId>
			    	<appKey>lZCPdNFdE16aIxKbZS1ndA</appKey>
			    	<masterSercret>NBY5fiugDW8zBDkTv919S2</masterSercret>
			    	<appSecret>2EKHgvc4D17nSJSaDArOZ6</appSecret>
			    	<host>http://sdk.open.api.igexin.com/apiex.htm</host>
		    	</jyb>
		    </getui>
        </android>
    </pushMessageParam>
    <globalRes>
    	<clientUpdateDataFilePath>E:/EFB/Sources/trunch/efb/resources/efb.db</clientUpdateDataFilePath>
    </globalRes>
</config>


mail.png


一些sql数据

sql.png


就这样吧
不找了

漏洞证明:

最新的数据验证码.png

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)

漏洞评价:

评价