当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0170110

漏洞标题:苏省某市计生系统漏洞(涉及海量个人详细信息/涉及全市某些隐私信息/大量具体信息

相关厂商:center

漏洞作者: 路人甲

提交时间:2016-01-15 23:36

修复时间:2016-03-04 13:27

公开时间:2016-03-04 13:27

漏洞类型:命令执行

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-15: 细节已通知厂商并且等待厂商处理中
2016-01-19: 厂商已经确认,细节仅向厂商公开
2016-01-29: 细节向核心白帽子及相关领域专家公开
2016-02-08: 细节向普通白帽子公开
2016-02-18: 细节向实习白帽子公开
2016-03-04: 细节向公众公开

简要描述:

详细说明:

**.**.**.**/jsw2/ 南京计生系统存在命令执行,泄露了1400W+900W详细的个人信息(详细到门牌号,)30W+30W+30W个人身份信息。个人身份信息在第一个数据库,前三个表,1400W+900W在第二个数据库第一个表和第二个表,在下文中会详细标注出来。
数据过于庞大,只给出部分作为证明。

漏洞证明:

1111.png

db.png

db1.png

xinxi.png

xinxi1.png

xinxi2.png

xinxi3.png

xinxi4.png

xinxi5.png

xinxi6.png

<url>jdbc:oracle:thin:@**.**.**.**:1521:newjsw</url>
    <driver-name>oracle.jdbc.xa.client.OracleXADataSource</driver-name>
    <properties>
      <property>
        <name>user</name>
        <value>newjsw</value>
      </property>
    </properties>
    <password-encrypted>{AES}dEZPo7qIt3MM2zCL6du/3BzOPatkRFQOWGy6BH70FvY=</password-encrypted> les1028
    <url>jdbc:oracle:thin:@**.**.**.**:1521:jswbt</url>
    <driver-name>oracle.jdbc.xa.client.OracleXADataSource</driver-name>
    <properties>
      <property>
        <name>user</name>
        <value>jswbt</value>
      </property>
    </properties>
    <password-encrypted>{AES}rHKIQNE6mqsNW75maekqELa5lggoDu9WfMKz48gvtdM=</password-encrypted> les1028

数据库配置

Query#0 : select t.TABLE_NAME,t.NUM_ROWS from user_tables t order by NUM_ROWS desc
TABLE_NAME
VARCHAR2	NUM_ROWS
NUMBER
JSBT_TXDA_320100V3	333965
JSW_TXDA	333849
JSW_TXDA_20151111BAK	325576
JSW_TXDA_20151012BAK	320655
JSW_TXDA_20150813BAK	314212
JSW_TXDA_20150630BAK	311708
JSW_TXDA_20150604BAK	309579
JSW_TXDA_20150513BAK	300563
JSW_TXDA_20150309BAK	295287
JSW_TXDA_20150202BAK	292358
JSW_TXDA_20141215	283399
JSW_TXDA_20150114BAK	283399
JSBT_TXDA2	283004
JSBT_TXDA	280297
JSW_TXDA_20141201BAK	278586
JSW_TXDA_20141104BAK	273934
JSW_TXDA_20141010BAK	270572
JSW_TXDA_20140801BAK	264138
JSW_TXDA_20140911BAK	264138
JSW_TXDA_20140804BAK	260116
JSW_TXDA_20140701BAK	256633
JSW_TXDA_20140509	253179
JSW_TXDA_20140603BAK	253119
JSW_SQJLB_20150402	252870
JSW_TXDA_20140505BAK	249626
JSW_TXDA_20140403BAK	245901
JSW_TXDA_20140307BAK	243457
JSW_TXDA_20140112BAK	235669
JSW_TXDA_20140220BAK	235669
JSW_TXDA_20140107BAK	230191
JSW_TXDA_20131013BAK	219642
JSW_TXDA_20131231BAK	219642
JSW_TXDA_20131009BAK	214630
JSW_TXDA_20130901BAK	206081
TMP_JSW_ZFQKMXB_BAK20131009	201596
JSW_TXDA_20130703BAK	201569
JSW_TXDA_20130617BAK	196804
JSW_TXDA_20130428BAK	192955
TMP_JSW_ZFQKMXB	187912
JSW_TXDA_20130403BAK	184605
JSW_TXDA_BAK_20130301	184605
VVV_FFRYTJ	163072
JSW_GSQKMXB	154644
JSW_SQJLB	153461
JSW_ZFQKMXB	150289
JSW_SQJLB_20150402BAK	128999
JSW_SQJLB20140619	104158
TMP_JSW_HPQKMXB	79085
JSBT_TXDA_BC	73455
JSW_HPQKMXB2	45515
VVV_FFFFF	41875
JSW_SQJLB_20131013BAK	38099
JSW_GSQKMXB_20131013BAK	37748
JSW_ZFQKMXB_20131013BAK	37095
JSW_JFRY	29506
JSW_GSQKMXB_20130424BAK	25210
JSW_HPQKMXB2_20140415BAK	24426
JSW_JFRY_20150416_BAK	23017
JSW_SQJLB_BAK20130514	22799
OA_MANAGER_QX	21206
JSW_DWDA_20151111BAK	18295
JSW_DWDA_20151012BAK	18061
JSW_DWDA	17762
Query#0 : select t.TABLE_NAME,t.NUM_ROWS from user_tables t order by NUM_ROWS desc
TABLE_NAME
VARCHAR2	NUM_ROWS
NUMBER
TP_JSBT_TXDWMX	 
TP_JSBT_SQJLMX	 
TP_JSBT_TXCXMX	 
WAS_TRANSDATASET	14028748                   1400W个人的详细信息
BAK$WAS_TRANSDATASET101219	9732609             900W个人详细信息
BAK$WAS_TRANSDATA101219	5664107
WAS_TRANSDATA	5071046
WAS_TRANSLOG	739474
BAK$WAS_TRANSDATA	518357
BAK_JSBT_HPQKMXB_20141208	447799
BAK_JSBT_HPQKMXB_20140530	445908
BAK_JSBT_HPQKMXB_20150716	444970
BAK_JSBT_HPQKMXB_20121025	443914
BAK_JSBT_HPQKMXB_20121106	441857
JSBT_KPQKMXB_TMP	440432
BAK_JSBT_HPQKMXB_20120112	439701
JSBT_HPQKMXB	429604
BAK$JSBT_HPQKMXB$20110701	423722
BAK_JSBT_KPQKMXB_20121025	418216
BAK_JSBT_KPQKMXB_20120112	416273
JSBT_KPQKMXB	416034
YY_HP1	410698
BAK$JSBT_KPQKMXB$20110701	398972
BAK$JSBT_HPQKMXB$20101224	386080
JSBT_TXDA_OLD	302870
JSBT_TXDA_20100623	302870
JSBT_TXDA20100525	294326
JSBT_TXDA20100524	292479
JSBT_TXDA2	283004
JSBT_TXDA_20140212_BAK	282494
JSBT_TXDA_20140125BAK	282394
JSBT_TXDA_20131028BAK	282384
BAK_JSBT_TXDA_20121012	282384
BAK_JSBT_TXDA_20120112	280474
BAK_JSBT_TXDA_20111130	280343
BAK_JSBT_TXDA_20111111	280335
BAK_JSBT_TXDA_20111101	280299
JSBT_TXDA	280297
BAK$JSBT_TXDA$20110701	280297
BAK$JSBT_TXDA$20101224	279825
JSBT_TXDA_20101222	279672
BAK$WAS_TRANSDATASET	276151
BAK$JSBT_KPQKMXB$20101224	268207
JSBT_KPQKMXB_20100623	262354
JSBT_TXDA_320100V3	211848
JSBT_TXDA_320100V2_BAK	211838
JSBT_GSQKLSB	193956
BAK_JSBT_ZFQKMXB_20150716	178992
JSBT_ZFQKMXB	178980
BAK_JSBT_ZFQKMXB_20141208	178778
JSB_ZFQKMXB_20140612	178776
BAK_JSBT_ZFQKMXB_20140530	178774
BAK_JSBT_ZFQKMXB_20130606	178488
BAK_JSBT_ZFQKMXB_201314	178484
BAK_JSBT_ZFQKMXB_201313	178484
BAK_JSBT_ZFQKMXB_20121012	175282
BAK_JSBT_ZFQKMXB_20121025	175282
BAK_JSBT_ZFQKMXB_20121106	175263
JSBT_ZFQKMXB_20120712	174764
BAK_JSBT_ZFQKMXB_20120112	172590
YY_ZF_HP	166316
BAK$JSBT_ZFQKMXB$20110701	143144
JSBT_ZFQKMXB20101229	137440
BAK$JSBT_ZFQKMXB$20101224	137136
TMP_JSBT_HPQKMXB	135980
TP_LDFF_20121115	128836
TP_LDFF	128451
TP_JSBT_FFHP20110228	117368
JSBT_TXDA_320100V2_BC_BAK	103778
JSBT_TXDA_BC	73455
JSBT_TXDA_BC_20101222	73167
JSBT_TXDA_BC_20131030BAK	72815
JSBT_TXDA_320100V2_BC_20100622	68152
WAS_CZRZB	59385
TP_JSBT_DXQY	55338
TP_JSBT_ZXDW	33163
BAK$JSBT_KPQKMXB_SBSQY	31092
TP_JSBT_TXDA_SBSQY_QH	30487
BAK$JSBT_TXDA_BC_SBSQY	30319
JSBT_TXDA_BAK	21764
BAK_JSBT_SQJLB_20121025	17608
BAK_JSBT_GSQKMXB_20121025	17603
JSBT_SQJLB	17561
BAK$JSBT_GSQKMXB$20110701	17510
JSBT_GSQKMXB	17388
BAK$JSBT_SQJLB$20101224	16819
BAK$JSBT_GSQKMXB$20101224	16490
JSBT_SQJLB_20100705	15481
YY_HP2	12890
TP_JSBT_WD	10394
JSBT_HPQKMXB_20100623	10235
BAK_JSBT_HPQKB_20150716	9929
JSBT_TXDA_20110916_SWRY	9911
BAK_JSBT_HPQKB_20141208	9895
BAK_JSBT_HPQKB_20140530	9864
BAK_JSBT_HPQKB_20121106	9667
BAK_JSBT_HPQKB_20121025	9666
BAK_JSBT_HPQKB_20120112	9554
JSBT_HPQKB	9522
BAK$JSBT_HPQKB$20110701	9370
OA_MANAGER_QX	8926
JSBT_TXDA20100601	8544
TP_JNTXDA	8280
JSBT_HPQKB20101230	8156
BAK$JSBT_HPQKB$20101224	7960
TP_JSBT_YHYFF_20120113	7254
TP_JSBT_SBSQY_RYB	6115
TP_GCTXDA	6073
TP_JSBT_SWRQ20101201TO20110630	5536
JSBT_DWDA_OLD	5505
JSBT_DWDA_20100623	5505
JSBT_DWDA20100525	5497
JSBT_DWDA20100524	5476
JSBT_DWDA_20140408BAK	5464
JSBT_DWDA_20140212_BAK	5458
BAK$JSBT_DWDA$20110701	5457
BAK$JSBT_DWDA$20101224	5455
JSBT_DWDA_20100707	5454
JSBT_DWDA	5454
TMP_HASNOTSEND	5126
BAK_JSBT_KPQKB_20121025	4985
BAK_JSBT_KPQKB_20120112	4966
BAK$JSBT_KPQKB$20110701	4877
BAK_JSBT_ZFQKMXB_YFHRY	4835
BAK$JSBT_KPQKB$20101224	4823
JSBT_KPQKB	4791
TP_JSBT_FFRY_LH_0617	4444
JSBT_DWDA_320100V2_20100622	4272
JSBT_DWDA_320100V2_BAK	4272
JSBT_KPQKB_20100623	4049
TP_LDFF_20130606	3847
TP_JSBT_ZFQKMXB_20121011	3576
TP_JSBT_ZFQKMXB_20130606	3489
TP_PANDA_SENDED_20121114	2888
TP_JSBT_FFRY_JN_0617	2864
TP_SWRY_20121115	2761
TP_SWRY	2737
JSBT_ZFQKMXB_BAK	2689
JSBT_HPQKMXB_BAK	2683
TP_JSBT_SWZFB	2498
TP_JSBT_SWFF20110308	2492
TP_JSBT_SWFF20110429	2491
TP_JSBT_SWRY_20110915	2443
TP_JSBT_SWFF20110727	2443
TP_JSBT_XSRY_GC	2360
BZ_JSBT_SQMCH	2292
JSBT_DWDA_320100V2_BC_BAK	2281
JSBT_DWDA_BC	2281
BZ_JSBT_SQB	2127
BZ_SQB	2110
TMP_JSBT_QYFH_20130130_2	2100
TP_JSBT_FFRY_GC_0617	1961
JSW_TXDA_20120113	1907
TP_JSBT_FFRY_LS_0617	1623
TP_JSBT_FFRY_LS	1623
TP_JSBT_KPQKMXB_SBSQY	1557
TP_FFQKMX_20121128	1513
JSBT_HPQKMXB_00000039	1422
TP_JSBT_FFRY_PK_0617	1416
JSBT_DWDA_BAK	1409
JSBT_SQJLB_BAK	1143
JSBT_HPQKB_20100623	1069
BAK_JSBT_ZFQKB_20150716	837
JSBT_ZFQKB	831
BAK_JSBT_ZFQKB_20141208	821
BAK_JSBT_ZFQKB_20140530	815
TP_JSBT_1ST2HPDW	775
BAK_JSBT_ZFQKB_20121025	769
BAK_JSBT_ZFQKB_20121106	761
JSBT_TXDA_320100V2	748
BAK_JSBT_ZFQKB_20120112	744
BAK$JSBT_ZFQKB$20110701	721
TP_JSBT_TXDA	712
JSBT_GSQKB	690
TP_JSBT_XSRY_LH	675
WAS_FIELD	636
JSBT_ZFQKB20101229	519
BAK$JSBT_GSQKB$20110701	513
TMP_JSBT_HASNOTINSERT	507
TMP_JSBT_QYFH_20130130	505
BAK$JSBT_ZFQKB$20101224	487
TP_JSBT_TXDA_20110616	466
JSBT_FFCWMXB	460
JSBT_DWFFQKB	440
TP_FHQYMX_20121115	360
TP_FHQYMX	360
TP_JSBT_ZFQKMXB_20130613	358
TP_KNQY	341
BAK$JSBT_KPQKB_SBSQY	317
OA_ROLES_QX	300
YX_RYB	291
BAK$JSBT_GSQKB$20101224	287
OA_MAN_ROLES	287
ZFTEST	286
P	286
TP_JSBT_CZRY	274
OA_TZ_SJKSB	257
TP_JSBT_ZTQY_0720	255
TP_JSBT_DW20110107	253
TP_JSBT_DWDA_20110915	247
OA_ACTMENU	244
JSBT_DWDA_ZLKP	234
TP_JSBT_KPQKB_SBSQY	207
WAS_BMXZB	205
BAK_JSBT_KPQKMXB_100528	204
TMP_ZDXM_20121107	197
JSBT_GSDYB	192
TP_JSBT_GZQY	171
JSBT_KPTOJDDW	168
BAK_JSBT_KPTOJDDW_20121025	167
TP_JSBT_KPQKMXB_20110616	157
TEST3_20140626	149
TEST4_20140626	149
BZ_JDB	148
BZ_JSBT_JDB	148
TEST20140701	145
TP_JSBT_ZTDW_V2	136
TEST_20140626	129
JSBT_FF_LH	123
TP_JSBT_XM	122
TP_JSBT_KPWDJQY	119
TP_PANDA	114
JSBT_ZFQKMXB_BAK_20130926	114
TMP_JSBT_RSFF_20130704	113
JSBT_QRSB	113
TP_JSBT_ZFQKMXB_20130614	112
TP_PANDA_FF	112
TMP_BBB	108
JSBT_DWDA_CXKP	107
WAS_NODE	84
PP	81
TP_JSBT_GTQY	69
BAK_JSBT_DWDA_20130325	68
TMP_JSBT_4TO99	68
TMP_JSBT_FFQK_CHECK_20130121	66
OA_TYMENU	56
TP_JSBT_XSRY_JN	45
TP_JSBT_XSRY_LS	43
JSBT_CDLQ	42
JSBT_ZFQKMXB_20131025BAK	42
TP_JSBT_DW20110916	41
TP_SWRY_20120109	37
WAS_DATASET	36
TP_JSBT_NOFF	36
WAS_DATASETCOL	36
WAS_ITEMAPPID	32
WAS_RWPRO	31
WAS_ITEM	31
TMP_JSBT_LEFT_RY	27
TP_JSBT_XSRY_PK	26
TP_JSBT_TXDA_20121012	26
JSBT_ZFQKMXB_20100623	22
PBCATEDT	21
PBCATFMT	20
OA_TZ_XXB	19
TP_JSBT_ZTDW_V3	19
JSBT_ZFQKB_20100623	18
BZ_JSBT_QHDZB	17
BZ_QMB	17
TP_JSBT_ZTDW_V5	16
TP_JSBT_ZTDW_V4	16
JSBT_ZFQKMXB_BAK_20110620	16
JSBT_HPQKMXB_BAK_20110620	16
JSBT_DWDA_RECOVERY	16
JSBT_SQJLB20140626	14
OA_TZ_FJB	12
BZ_JSBT_LSGXB	10
JSBT_HPQKMXB_2014_DELINFO	9
BAK_JSBT_GSQKMXB_20111122	8
JSBT_ZFQKMXB_2014_DELINFO	8
JSBT_DWDA20100601	8
OA_ROLES	7
BZ_JSBT_TCQHB	6
JSBT_HPQKB_RECOVERY	6
JSBT_HPQKMXB_RECOVERY	6
JSBT_ZFQKMXB_CG6R	6
OA_THEME	6
JSBT_ZFQKMXB_BAK_20130606	5
JSBT_TXDA_BC_RECOVERY	5
JSBT_HPQKB_00000039	5
JSBT_HPQKMXB_BAK_20130606	5
BZ_JSBT_RYLBB	5
JSBT_DWDA_320100V2	5
JSBT_ZFQKB_RECOVERY	4
JSBT_HPQKB_BAK_20110620	4
JSBT_ZFQKMXB_RECOVERY	4
JSBT_ZFQKB_BAK_20110620	4
BZ_JSBT_DWTZHB	4
JSBT_TXDA_201407DELINFO	3
BZ_JSBT_DLGXB	3
TP_JSBT_DWDA_20110616	3
BZ_JSBT_XBB	3
JSBT_ZFQKMXB20140702	3
JSBT_GSQKMXB_RECOVERY	3
JSBT_SQJLB_BAK20130903	2
JSBT_SQJLB_201407DELINFO	2
JSBT_HPQKB_BAK_20130606	2
JSBT_GSQKMXB_BAK20130903	2
BZ_JSBT_ZJLXB	2
BZ_JSBT_TXTZB	2
BZ_JSBT_FFFSB	2
BZ_JSBT_BTJGB	2
OA_STATUS	2
OA_YCCSB	2
OA_YDCSB	2
OA_GQCSB	2
OA_FJCSB	2
JSBT_ZFQKB_BAK_20130606	2
JSBT_TXDA_RECOVERY	2
JSBT_HPQKMXB_DELINFO	1
JSBT_KPQKMXB_DELINFO	1
TP_JSBT_HPQKMXB_00004262	1
BZ_JSBT_BTJS	1
JSBT_TXDA_BC_DELINFO	1
JSBT_TXDA_DELINFO	1
JSBT_GSQKB_BAK20130903	1
JSBT_KPTOJDDW_20130903	1
JSBT_TKQKB	0
JSBT_ZFQKMXB_TMP	0
OA_FJB	0
OA_JSXXB	0
OA_XXB	0
ZH_ERR_JL	0
PBCATTBL	0
PBCATVLD	0
WAS_DTBMXZB	0
WAS_TAB_COL	0
WAS_TRANSDATA_BF	0
PBCATCOL	0
OA_JSXXB	0
JSW_ZFQKMXB_JC20130301BAK	0

数据库结构

**.**.**.**/jsw2/1.jspx  9635789

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2016-01-19 13:26

厂商回复:

漏洞重复,CNVD不在重复处置。

最新状态:

暂无

漏洞评价:

评价