当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0169778

漏洞标题:浙江省某市机动车驾驶员系统(涉及大量敏感信息/全市驾驶员个人详细信息/大量考核数据)

相关厂商:浙江省某市机动车驾驶员系统

漏洞作者: 路人甲

提交时间:2016-01-14 15:01

修复时间:2016-01-19 15:00

公开时间:2016-01-19 15:00

漏洞类型:命令执行

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(公安部一所)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-14: 细节已通知厂商并且等待厂商处理中
2016-01-19: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

**.**.**.**/pages/jsp/sys/login.jsp 浙江省湖州市机动车驾驶员培训系统,存在命令执行,通过写shell配置数据库发现几千万的信息,包括300个的驾校,近百万的个人信息,个人详细的身份信息以及照片,还有考试成绩信息和管理,
数据过于庞大,截取部分作为证明。

漏洞证明:

1111.png

db.png

web.png

web1.png

web2.png

web3.png

web4.png

web5.png

xinxi.png

xinxi1.png

xinxi2.png

xinxi3.png

xinxi4.png

xinxi5.png

xinxi6.png

xinxi7.png

xinxi8.png

xinxi9.png

xinxi10.png

<name>TC</name>
  <jdbc-driver-params>
    <url>jdbc:oracle:thin:@**.**.**.**:1521/dfo</url>
    <driver-name>oracle.jdbc.OracleDriver</driver-name>
    <properties>
      <property>
        <name>user</name>
        <value>dfo</value>
      </property>
    </properties>
    <password-encrypted>{AES}ynJBc1rGQmAxPQCo5lveUNkLBHWqLy6pzxcgCyLFUqGs9aXlyLGEf+51U1qD0R1R</password-encrypted> wellcom_hzdfo_yw

数据库配置

Query#0 : select t.TABLE_NAME,t.NUM_ROWS from user_tables t order by NUM_ROWS desc
TABLE_NAME
VARCHAR2	NUM_ROWS
NUMBER
TMP_QUESTION	 
GPS_CARCOORDINATE_CLOBTMP	 
SYS_DEVICELOG	17311824
WEBSER_OPERLOG	10073194
PRO_TRAININFO	9106766
STU_TRAININFO_12_10	8674868
ACT_SUMMARIZE	6178515
PRO_PHOTO	3685720
GEN_STUDENTEXAMINFO	3325434
GEN_PRO_STUDENTAPPLY	2136301
GEN_MAKEPRICEINFO	1571264
SYS_USERICWRITELOG	1424205
GEN_BUYCLOCKINFO	1272972
GEN_STUDENTEXAMSUMMARYINFO	1159816
STU_TRAININFO_15_07	1089022
STU_TRAININFO_15_08	1070771
STU_TRAININFO_14_07	940939
STU_TRAININFO_15_05	928601
STU_TRAININFO_14_12	926271
STU_TRAININFO_14_08	916410
STU_TRAININFO_14_06	891777
STU_TRAININFO_15_06	872232
STU_TRAININFO_13_08	854182
STU_TRAININFO_13_12	838554
STU_TRAININFO_14_11	833071
STU_TRAININFO_15_04	804343
STU_TRAININFO_15_01	793456
STU_TRAININFO_14_09	791918
STU_TRAININFO_14_01	783345
GEN_FINGERINFO	782854
STU_TRAININFO_13_11	767463
GEN_STUDENTEXAMINFO_TEST	759333
STU_TRAININFO_13_06	753833
STU_TRAININFO_13_10	752268
STU_TRAININFO_14_05	751673
STU_TRAININFO_13_07	748317
STU_TRAININFO_13_09	714443
STU_TRAININFO_15_02	700287
STU_TRAININFO_15_03	696492
STU_TRAININFO_14_10	658278
STU_TRAININFO_14_04	658244
STU_TRAININFO_14_03	650183
GEN_STUDENTEXAMSCORE	621849
GEN_STUDENTINFO	609966
GEN_STUDENTEXTINFO	592873
GEN_APPRAISALLINFO	582993
PRO_COACHTEACH_15	567640
STU_TRAININFO_13_05	535596
PRO_COACHTEACH_14	501686
GEN_STUDENTINFO_BAK_150123	494305
STU_TRAININFO_14_02	486048
PRO_COACHTEACH_13	476683
EQU_ICCARDINFO	470322
GEN_STUDENTEXTINFO_BAK_150123	462427
STU_TRAININFO_12_12	431030
PRO_TRAININFO_TMP_ORACLE	424929
GEN_PAYMENTINFO	417395
GEN_STUDENTCARDINFO	411985
STU_TRAININFO_13_04	410248
STU_TRAININFO_13_01	407798
STU_TRAININFO_12_11	380941
PRO_COACHTEACH_12	373958
STU_TRAININFO_13_03	338048
EQU_INCOMEINFO	320992
GEN_PRINTMANAGE	307862
SYS_USEROPERATELOG	243823
STU_TRAININFO_15_09	209386
STU_TRAININFO_13_02	201691
GEN_CLASSAPPLYINFO	174772
GEN_PRO_CHANGECOAAPPLY	118817
TEMP_EQU_CARDINFO	101618
GEN_STUDENT_SOURCEINFO	100585
GPS_OFFSET	94823
SCH_SCHOOLCARWARNINFO	61513
PRO_WXTRAININFO	30854
PRO_TRAININFO_HZ	24657
OA_READLOG	24202
SCH_COAFINGERINFO	24127
PRO_LOCKCARD	24010
STU_TRAININFO_12_09	23250
PRO_ICMAKEUPINFO	22647
PRO_WXTRAINRECORD	18036
GEN_STANDBYSIGNININFO	16750
PRO_COACHTEACH_16	14202
PRO_COACHTEACH_10	13280
PRO_COACHTEACH_11	13089
PRO_TRAININFO_20140427	12234
SYS_ROLEPOWER	11784
TEMP_TRAININFO	10253
GEN_PRO_RETIREAPPLY	9059
EQU_DRAWDETAIL	8837
TEMP_TRAININFO_MID	8774
GEN_PRO_RETIRECHECK	8478
OA_GPRSMESSAGEDETAIL	7592
EQU_DRAWINFO	7445
GEN_PRO_AMENDDETAIL	7383
GEN_PRO_AMENDINFO	6941
GEN_STUDENTSOURCE_CHANGELOG	4945
BASE_COURSE_SCHOOL	4892
SCH_COACHCARDINFO	4568
GEN_STUDENPRESIGN	4563
EQU_POSUSEINFO	4313
HZ_STUDENTINFO	3927
SYS_ROLEPOWER_TMP	3856
EQU_POSINFO	3517
OA_MESSAGEOBJECT	3341
TRAININFOTEMP	3308
SCH_COACHEXTINFO	3110
SCH_COACHINFO	3096
THE_EXAMQUESTION	3075
SCH_SCHOOLCARINFO	2945
YW_PROJECTBILL	2548
GEN_SHIFTSINFO	2318
OA_GPRSMESSAGE	2182
SCH_PRO_COACHAPPLY	1814
SCH_COACHEVALUATION	1798
SCH_TUITIONINFO	1649
PRO_TRAININFO_TMP	1607
GPS_TMP_INFO	1585
PRO_TRAININFO_CHANGE_TMP	1446
OA_MESSAGEINFO	1191
SYS_FINGERCOUNT	1174
GPS_CARCOORDINATE_TEMP11	1143
OA_ATTACHMENTINFO	1000
SCH_COATEACHCTL	763
ZZ2	749
SCH_STANDBYSIGNININFO	678
SYS_FUNINFO	670
GEN_STUDENT_SIMRESERVE	588
EQU_STEPPEDUPINFO	573
PRO_COACHTEACH_TMP	571
SCH_SCHOOLCAREJWHINFO	555
SYS_LOGINFO	518
GPS_SCHOOLVERSION	457
GEN_PRO_STACKINFO	457
SYS_USERPORTAL	319
SYS_USERROLE	318
SYS_USERINFO	318
GEN_STUDENTNUM	253
STU_TRAININFO_15_10	236
SYS_MENUINFO	221
SCH_SCHOOLPLACEINFO	154
SYS_DICTIONARY	152
SYS_ROLEINFO	147
SYS_FINGERINFO	145
STU_TRAININFO_12_08	132
ZZ1	123
GPS_AREATRAININFO	107
PRO_DELETETRAININFO_BAK	103
SYS_KEYVALUE	99
TEACH_EXAMPERIOD	96
SYS_PARAMINFO	93
SIGNINGBANK_LOG	79
STU_TRAININFO_15_11	79
SCH_COACHGROUP	77
SCH_SCHOOLINFO	62
SCH_SCHOOLEXTINFO	61
STU_TRAININFO_15_12	59
THE_ARCHIVEEXAMINFO	57
TEACH_MAINEXAMPERIOD	48
STU_TRAININFO_12_06	47
SCH_TEACHCTL	41
TEACH_TRAINLOG	39
EQU_COMMANDBYGPRS	38
SYS_YEARMONTH	36
SCH_SCHOOLINFO_TMP	35
OA_REWARDSINFO	33
THE_EXAMANSWERDETAIL	28
TEACH_COD_TEACHTYPE	25
PBCATEDT	21
PBCATFMT	20
YW_FAULTMANAGER	20
SCH_SCHENROLL	19
SYS_PRINT_ZZDY	17
TEACH_DRIVECARTYPE	16
TEACH_TARIFF	16
TEACH_DRIVECARPARAM	16
SCH_COACHREPLACED	13
GEN_KBGL	10
THE_CHAPTERINFO	10
THE_ARCHIVELOGININFO	10
SCH_COAREEDUCATE	8
GEN_PRO_AMENDPARA	8
SYS_DEPTINFO	7
SYS_AREACODE_REL	7
EQU_MATERIELINFO	7
TEACH_SUBEXAMSUBJECTINFO	6
GEN_OPERATORINFO	6
SCH_SCHOOLDEVICEINFO	6
SCH_SCHOOLLICENCE	6
SYS_AREAINFO	6
EQU_STORAGEINFO	6
THE_DRIVERCARTYPE	4
EQU_PRO_POSAPPLY	4
TEACH_PRICEPARAM	4
EQU_POWERINFO	3
SCH_COACHSECONDCARDINFO	3
TEACH_EXAMSUBJECTINFO	3
PRO_TRAININFO_ERROR	2
GEN_STUSECONDCARDINFO	1
GEN_CARDVALID_MODIFY	1
EQU_UPDATEFILEINFO	1
SCH_COACHHISTORYINFO	1
SCH_DEDUCTINFO	1
SYS_EQUPARAM	1
EQU_KEYS	1
BANKUSERINFO	1
MSG_TRANSPORT	1
GPS_CARWARNINFO	1
INF_DBLINK	1
EQU_DATACONTINFO	0
EQU_DEVUPCONTINFO	0
EQU_DEVUPCONTLOGINFO	0
EQU_POSVERSIONINFO	0
STU_TRAININFO_16_01	0
GEN_STUDENTSIMRESERVE	0
GEN_COACHSURVEY	0
EQU_POSSPECIALINFO	0
TEST_SCH_COACHCOMMENT	0
TEST_SCH_COACHCOMMENTDETAIL	0
ONLINE_LOGINFO	0
PBCATCOL	0
PBCATTBL	0
PBCATVLD	0
PRO_TRAINLOG	0
SCH_CHECKMANINFO	0
SCH_COACHDEDUCTINFO	0
SCH_COACHTEACHCARTYPE	0
SCH_SCHOOLCARPDINFO	0
MYTABLE	0
ACT_TRAININFO	0
BILL_INVOICEINFO	0
BILL_INVOICE_DETAIL	0
BILL_INVOICE_MASTER	0
BILL_JYZINFO	0
BILL_PHGL_DETAIL	0
BILL_PHGL_MASTER	0
BILL_PXJLDINFO	0
EQU_PARAMINFO	0
EQU_POSONLINE	0
EQU_POWERUSEINFO	0
GEN_STUDENTINFO_SCHOOLCODE_8	0
GPS_INFO	0
GPS_OFFSET_TMP	0
STU_TRAININFO_12_01	0
STU_TRAININFO_12_03	0
STU_TRAININFO_12_04	0
STU_TRAININFO_12_05	0
SYS_USEREXTINFO	0
SYS_USERPORTALSET	0
SYS_USERPOWER	0
THE_CURRENTEXAMINFO	0
THE_CURRENTLOGININFO	0
THE_REL_DRIVERCARCHAP	0

数据库结构

**.**.**.**/1.jspx 9635789

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-01-19 15:00

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无

漏洞评价:

评价