当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0208983

漏洞标题:wiz笔记泄漏信息之空中网某站数据库泄露

相关厂商:空中网

漏洞作者: 我在不想理你

提交时间:2016-05-20 18:16

修复时间:2016-07-07 15:40

公开时间:2016-07-07 15:40

漏洞类型:系统/服务运维配置不当

危害等级:中

自评Rank:5

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-05-20: 细节已通知厂商并且等待厂商处理中
2016-05-23: 厂商已经确认,细节仅向厂商公开
2016-06-02: 细节向核心白帽子及相关领域专家公开
2016-06-12: 细节向普通白帽子公开
2016-06-22: 细节向实习白帽子公开
2016-07-07: 细节向公众公开

简要描述:

程序员的错,不要把敏感信息存在云笔记不加密!!!

详细说明:

http://wooyun.org/bugs/wooyun-2016-0205007
利用撞出来的帐号登陆

1.png


看了看,有个笔记比较新,吸引人

22222.png


看到了配置信息,是空中网的子站,访问182.254.247.126

33.png


百度了下空中网

www.kongzhong.com


流量挺大

root/cdb_outerroot
mysqld/654321*a


mysql -h 182.254.247.126 -u root -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'220.250.52.82' (using password: YES)


root无法远程登陆
试试看另一个帐号

mysql -h 182.254.247.126 -u mysqld -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 476976
Server version: 5.1.73 Source distribution
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>


成功登陆了

漏洞证明:

mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| daokong |
| daokong_statistic |
| mysql |
| test |
+--------------------+
5 rows in set (0.03 sec)


mysql> use daokong
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables
-> ;
+----------------------------+
| Tables_in_daokong |
+----------------------------+
| achieve |
| black_list |
| cdk_code |
| cdk_used_role |
| container |
| data_bigint |
| data_int |
| data_vector_int |
| equipments |
| family |
| family_temple |
| familywar |
| hefu |
| hiddentreasure |
| leitai |
| mail_envelope |
| mail_info |
| mail_roleinfo |
| mail_task |
| maxids |
| pay |
| pet |
| qqh |
| resourcereturn |
| reward_task |
| rides |
| role |
| role_activity |
| role_ai |
| role_buff |
| role_center_hiddentreasure |
| role_center_jinji_exp |
| role_center_magic_tower |
| role_center_top_jinji |
| role_controlworld_award |
| role_corps |
| role_corps_skill |
| role_crossdistrict |
| role_doworld_msg |
| role_emperor_award_msg |
| role_employ |
| role_family |
| role_fatalityaltar_award |
| role_fish |
| role_friend_panel |
| role_garden |
| role_goldtree |
| role_king_award_msg |
| role_knifes |
| role_knifes_recast |
| role_last_scene |
| role_level_fuben_box |
| role_lsww_msg |
| role_magic_tower |
| role_maid |
| role_offline_data |
| role_offline_msg |
| role_pet_atta |
| role_pet_skill |
| role_qiecuo |
| role_settings |
| role_shop |
| role_skills |
| role_skills_hotkeys |
| role_tower |
| role_tower_battleinfo |
| server_bigint |
| server_int |
| server_text |
| server_vector_int |
| serverlist |
| task |
| tmp_center_data |
| tmp_data |
+----------------------------+
74 rows in set (0.03 sec)


但是无法查看内容

修复方案:

敏感信息加密存放

版权声明:转载请注明来源 我在不想理你@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2016-05-23 15:34

厂商回复:

合作商业务,已经通知相关部门处理,谢谢关注。

最新状态:

暂无


漏洞评价:

评价

  1. 2016-05-20 21:21 | 放逐 ( 路人 | Rank:2 漏洞数:1 | 白帽子放逐Gg?得失乐与悲与Av Qq205655539)

    QWQ