当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0208640

漏洞标题:中国铁通某计费系统GetShell泄露大量客户信息(包括姓名\身份证\账号\密码等)可生成充值卡

相关厂商:中国铁通

漏洞作者: 路人甲

提交时间:2016-05-14 22:30

修复时间:2016-07-02 11:30

公开时间:2016-07-02 11:30

漏洞类型:系统/服务补丁不及时

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-05-14: 细节已通知厂商并且等待厂商处理中
2016-05-18: 厂商已经确认,细节仅向厂商公开
2016-05-28: 细节向核心白帽子及相关领域专家公开
2016-06-07: 细节向普通白帽子公开
2016-06-17: 细节向实习白帽子公开
2016-07-02: 细节向公众公开

简要描述:

....

详细说明:

**.**.**.**:7001/


反序列getshell

**.**.**.**:7001/bea_wls_internal/1.jsp


密码:

mask 区域
*****og*****


jdbc:

<url>jdbc:oracle:thin:@**.**.**.**:1521:bims</url>
<driver-name>oracle.jdbc.OracleDriver</driver-name>
<properties>
<property>
<name>user</name>
<value>bill</value>
</property>
</properties>
<password-encrypted>{3DES}Cf1CPot/AttvyyiMgE9nGg==</password-encrypted>


TESTBILL	MONTHLYTONGJIDETAIL_TABLE	20217083
BILL MONTHLYTONGJIDETAIL_TABLE 20217083
TESTBILL MONTHLYFLUECNT_TABLE 6832675
BILL MONTHLYFLUECNT_TABLE 6832675
BILL DAILYTONGJIDETAIL_TABLE 6120534
BILL LOG_TABLE 4465949
BILL USERMONTHLY_TABLE 4188706
TESTBILL DAILYTONGJIDETAIL_TABLE 3775497
BILL MONPREPAID_TABLE 2630136
TESTBILL MONPREPAID_TABLE 2630136
BILL SYS_SPACE_TAB 2128172
BILL ORDERFLUEHST_TAB 1941578
BILL DB_TABLESPACE_TAB 1880220
BILL IDRERRORS_TABLE 1402302
TESTBILL ORDERFLUEHST_TAB 1339918
TESTBILL IDRERRORS_BAK2 1054011
BILL DAILY_BAK 1045174
BILL USER_ENDTIME_LOG 1037796
BILL MONTHLYDETAIL_TABLE 966718
BILL MONTHLYBILL_TABLE 894026
BILL INFOMODIFY_TABLE 820969
TESTBILL USER_ENDTIME_LOG 773145
BILL ACCURALHISYEAR_TABLE 696271
BILL ADSLLOG_TABLE 600066
BILL CUSTOMERLOG_TABLE 594889
BILL BILLCURRSESSION_TABLE 537023
BILL RAD_DETAILLOG 485606
BILL ORDERADSLHST_TAB 415196
BILL MONTHLYQUANZE_TABLE 408531
BILL ORDERCUSTOMERHST_TAB 404810
BILL ORDERFEEDETAILHST_TAB 397695
TESTBILL USER_LASTENDTIME 392530
BILL ORDERFEEHST_TAB 390330
TESTBILL MON_EXP 389781
BILL MON_EXP 389781
BILL ORDERINDEXHST_TAB 385844
TESTBILL ADSLLOG_TABLE 373962
TESTBILL CUSTOMERLOG_TABLE 370315
SYS WRI$_OPTSTAT_HISTGRM_HISTORY 358778
TESTBILL ACCURALHISYEAR_TABLE 354626
TESTBILL SYS_SPACE_TAB 326088
TESTBILL RAD_DETAILLOG 301275
TESTBILL ORDERFEEDETAILHST_TAB 299140
TESTBILL ORDERFEEHST_TAB 293874
TESTBILL ORDERINDEXHST_TAB 289442
TESTBILL ORDERCUSTOMERHST_TAB 284324
TESTBILL ORDERADSLHST_TAB 283210
TESTBILL DB_TABLESPACE_TAB 278513
BILL USERSWILLBELOCKED_TAB2 277473
BILL DAILYSESSION_BY 275539
TESTBILL DAILYSESSION_BY 275539
BILL USERSWILLBELOCKED_TAB3 271361
TESTBILL DEPOSITMONTH_20080222TEMP 268710
TESTBILL MONTHLYQUANZE_TABLE 262243
TESTBILL BILLCURRSESSION_TABLE 260817
BILL USERSWILLBELOCKED_TAB 258785
BILL BOSSDAILYSESSION_TABLE 248225
TESTBILL CURRSESSION_ASYNC_TABLE 228919
BILL VLAN_TABLE 227173
TESTBILL VLAN_TABLE 227173
TESTBILL DAILYTONGJIDETAIL_WH 227115
BILL DAILYDEL_TABLE 217065
BILL TC_BROADBAND_INTERFACE_FAIL 211465
SYS SOURCE$ 210340
BILL IDF_TABLE 196541
BILL USER_ENDTIME 191200
BILL USER_ENDTIME_LAST 189416
TESTBILL IDR_TABLE 185964
TESTBILL USERSWILLBELOCKED_TAB 185842
TESTBILL USERSWILLBELOCKED_TAB2 181149
TESTBILL ORDERPOSTAMOUNTCHECK 176136
BILL ORDERPOSTAMOUNTCHECK 176136
TESTBILL USERSWILLBELOCKED_TAB3 174687
TESTBILL USER_ENDTIME 156060
BILL SYS_PERFORM_TAB 156046
TESTBILL USER_ENDTIME_LAST 154796
BILL CURRSESSION_TABLE 154329
TESTBILL DAILYBDEL_TABLE 153891
BILL DAILYBDEL_TABLE 153891
TESTBILL IDFCREATE 143038
BILL IDFCREATE 143038
TESTBILL CURRSESSION_TABLE 141429
TESTBILL MONTHLYDETAIL_TABLE 137952
BILL IDRTEMP_TABLE 133212
TESTBILL BASESTATISTICS_TABLE 130119
BILL BASESTATISTICS_TABLE 130119
BILL USER_LASTENDTIME 126522
BILL T_HTBT 123211
TESTBILL T_HTBT 123211
TESTBILL HTBT 123211
TESTBILL TC_BROADBAND_INTERFACE_FAIL 119352
TESTBILL DAILYDEL_TABLE 115035
BILL DEPOSITERROR_TABLE 106972
BILL BASETAB_0210 100968
BILL CUSTOMER_TMP 100809
BILL VNET_PASSWDCHANGEBAK_TAB 97209
TESTBILL CUSTOMER_STATE20110530 97129
BILL CUSTOMER20110426 96449
TESTBILL BASETAB_0210 95205
BILL DAILYTEMP_TABLE 94446
TESTBILL CUSTOMER_TABLE_ENDTIME 94340
BILL CUSTOMER_TABLE_ENDTIME 94340
BILL CUSTOMER20110228 93727
BILL ABS_USER_BALANCE 93423
TESTBILL ABS_USER_BALANCE 93423
TESTBILL ISBINDING_TABLE 92355
BILL ISBINDING_TABLE 92355
BILL ABS2BMS_ADSLLANCUSTOMER_TAB 92152
TESTBILL ABS2BMS_ADSLLANCUSTOMER_TAB 92152
TESTBILL ABS2BMS_ADSLLANCUSTOMER_TABBAK 89681
TESTBILL XVNI_TMP 85580
BILL C210_RATESELECT 84027
SYS HISTGRM$ 83962
BILL A 82511
BILL MONTHLYPREFER_TABLE 81741
TESTBILL C210_RATESELECT 81154
SYS WRH$_LATCH 78738
BILL DESTROYUSER_ENDTIME 78404
SYS WRH$_SYSSTAT 73600
TESTBILL DEPOSITERROR_TABLE 72817
BILL RAD_DETAIL 70501
TESTBILL RAD_DETAIL 69804
BILL ADSL_TABLE 69489
TESTBILL CUSTOMER_TABLE 69175
TESTBILL ADSL_TABLE 69175
BILL CUSTOMER_TABLE 69113
TESTBILL IDRTEMP_TABLE 67131
BILL T_ERROR_USERLIST 61564
TESTBILL DESTROYUSER_ENDTIME 59837
TESTBILL DAILYTEMP_TABLE 59802
TESTBILL MONTHLYPREFER_TABLE 58610


A7.png


A6.png


使用账号登陆前台

user:
mask 区域
*****dm*****


pass:123456


A8.png


漏洞证明:

A7.png


A6.png


A8.png

修复方案:

更新补丁

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2016-05-18 11:25

厂商回复:

CNVD未复现所述情况,已经转由CNCERT向中国移动集团公司通报,由其后续协调网站管理部门处置.

最新状态:

暂无


漏洞评价:

评价