宜信某站运维不当涉及内部系统人员信息

2017年4月11日08:30:53评论352 views字数 197阅读0分39秒阅读模式

摘要

2016-03-30：细节已通知厂商并且等待厂商处理中
2016-03-30：厂商已经确认，细节仅向厂商公开
2016-04-09：细节向核心白帽子及相关领域专家公开
2016-04-19：细节向普通白帽子公开
2016-04-29：细节向实习白帽子公开
2016-05-14：细节向公众公开

漏洞概要关注数(6) 关注此漏洞

缺陷编号： WooYun-2016-190806

漏洞标题：宜信某站运维不当涉及内部系统人员信息

漏洞作者：路人甲

提交时间： 2016-03-30 17:54

公开时间： 2016-05-14 18:40

漏洞类型：敏感信息泄露

危害等级：高

自评Rank： 15

漏洞状态：厂商已经确认

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签：无

0人收藏

漏洞详情

披露状态：

简要描述：

详细说明：

118.145.13.119:11211 memcached未授权访问

里面找到了名字电话暂时无法判定是否为内部系统还是用户系统数据

漏洞证明：

code 区域

遍历结果：数组/对象 序列化后显示，JSON字符串反序列化后以数组形式显示
 KEY : Entitys/User/200706字符集：
 PETMS.Components.Basic.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null.ETMS.Components.Basic.API.Entity.Security.UseruserIDFieldloginNameField realNameField passWordField emailField telphoneFielddescriptionFieldstatusFieldcreatorFieldcreateTimeField modifierFieldmodifyTimeFieldroleCodeFields<OfficeTelphone>k__BackingField<MobilePhone>k__BackingField<OrganizationID>k__BackingField<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleName>k__BackingField<PoliticsTypeID>k__BackingFieldAbstractObject+m_KeyName 1ETMS.Components.Basic.API.Entity.Security.IRole[] 201603030607 
mask 区域*****n+C201603030607*****
 


 Flags:8类型:string大小:973 byte失效时间:2016-03-30 17:39:00反序列化刷新删除
 KEY : Entitys/User/190797字符集：
 PETMS.Components.Basic.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null.ETMS.Components.Basic.API.Entity.Security.UseruserIDFieldloginNameField realNameField passWordField emailField telphoneFielddescriptionFieldstatusFieldcreatorFieldcreateTimeField modifierFieldmodifyTimeFieldroleCodeFields<OfficeTelphone>k__BackingField<MobilePhone>k__BackingField<OrganizationID>k__BackingField<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleName>k__BackingField<PoliticsTypeID>k__BackingFieldAbstractObject+m_KeyName 1ETMS.Components.Basic.API.Entity.Security.IRole[] M201512080234 

mask 区域
*****adminۅM201512080*****
 

  >l  
 Flags:8类型:string大小:973 byte失效时间:2016-03-30 17:42:51反序列化刷新删除
 KEY : Entitys/User/202459字符集：
 PETMS.Components.Basic.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null.ETMS.Components.Basic.API.Entity.Security.UseruserIDFieldloginNameField realNameField passWordField emailField telphoneFielddescriptionFieldstatusFieldcreatorFieldcreateTimeField modifierFieldmodifyTimeFieldroleCodeFields<OfficeTelphone>k__BackingField<MobilePhone>k__BackingField<OrganizationID>k__BackingField<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleName>k__BackingField<PoliticsTypeID>k__BackingFieldAbstractObject+m_KeyName 1ETMS.Components.Basic.API.Entity.Security.IRole[] 201603090448周超340e6837987f1ffc  sysadminõØH201603090448A8X  18262952560q  @bQmڻ  
 Flags:8类型:string大小:970 byte失效时间:2016-03-30 17:42:48反序列化刷新删除
 KEY : Entitys/User/178653字符集：
 PETMS.Components.Basic.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null.ETMS.Components.Basic.API.Entity.Security.UseruserIDFieldloginNameField realNameField passWordField emailField telphoneFielddescriptionFieldstatusFieldcreatorFieldcreateTimeField modifierFieldmodifyTimeFieldroleCodeFields<OfficeTelphone>k__BackingField<MobilePhone>k__BackingField<OrganizationID>k__BackingField<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleName>k__BackingField<PoliticsTypeID>k__BackingFieldAbstractObject+m_KeyName 1ETMS.Components.Basic.API.Entity.Security.IRole[] ݹ201509170009 

mask 区域
*****n+`ݿ201509170009x*****
 


 Flags:8类型:string大小:973 byte失效时间:2016-03-30 17:42:47反序列化刷新删除
 KEY : f58c86a7-6950-4672-b043-29b4d154a0d0字符集：
 WETMS.Components.ExOnlineTest.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null5ETMS.Components.ExOnlineTest.API.Entity.Ex_OnLineTest<OnLineTestID>k__BackingField<OrgID>k__BackingField<OnLineTestName>k__BackingField<OnLineTestDesc>k__BackingField<IsShowAnswer>k__BackingField!<OnLineTestStatus>k__BackingField<MaxCount>k__BackingField<LimitTime>k__BackingField<TotalScore>k__BackingField<PassLine>k__BackingField<CreateTime>k__BackingField<CreateUserID>k__BackingField<CreateUser>k__BackingField<ModifyTime>k__BackingField<ModifyUser>k__BackingField<Remark>k__BackingField<DelFlag>k__BackingField<TestPaperID>k__BackingField<TestPaperType>k__BackingFieldAbstractObject+m_KeyNameSystem.Guid  System.Guid_a_b_c_d_e_f_g_h_i_j_kPirFC)T3.28【1周1练】产品考试 100.0080.00ܺVİ张菡V张菡 $606c70e7-bc7a-4270-8835-dbfbc1d634b2 
 Flags:8类型:string大小:1048 byte失效时间:2016-03-30 17:44:57反序列化刷新删除
 KEY : Entitys/Course/b0fe7e11-12ec-4b71-a317-5c84923fcb79字符集：
 PETMS.Components.Basic.API,+Version=1.0.0.0,+Culture=neutral,+PublicKeyToken=null2ETMS.Components.Basic.API.Entity.Course.Res_Course<CourseID>k__BackingField<CourseCode>k__BackingField<CourseName>k__BackingField<CourseLevelID>k__BackingField<CourseTypeID>k__BackingField<CourseStatus>k__BackingField<IsPublic>k__BackingField<CourseHours>k__BackingField<ThumbnailURL>k__BackingField<ForObject>k__BackingField#<CourseIntroduction>k__BackingField<CourseOutline>k__BackingField<OrgID>k__BackingField<CreateTime>k__BackingField<CreateUserID>k__BackingField<CreateUser>k__BackingField<ModifyTime>k__BackingField<ModifyUser>k__BackingField<Remark>k__BackingField<DelFlag>k__BackingFieldAbstractObject+m_KeyNameSystem.Guid  System.Guid_a_b_c_d_e_f_g_h_i_j_k~qK/?y GQYHZ15014

mask 区域
*****174040718.jpg  p#qv*****
 *****间:2016-03-30 17:39*****
 *****8-48d6-8a56-8e3a1*****
 *****oduction>k__BackingField<CourseOutline>k__BackingField<OrgID>k__BackingField<CreateTime>k__BackingField<CreateUserID>k__BackingField<CreateUser>k__BackingField<ModifyTime>k__BackingField<ModifyUser>*****
 *****间:2016-03-30 17:39*****
 *****r/169690*****
 *****epartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleName>k__Ba*****
 *****间:2016-03-30 17:42:*****
 *****r/167732*****
 *****ld<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleN*****
 *****间:2016-03-30 17:42:*****
 *****r/183862*****
 *****ield<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<Tit*****
 *****间:2016-03-30 17:39:*****
 *****r/195487*****
 *****ield<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<Tit*****
 *****间:2016-03-30 17:41:*****
 *****r/196854*****
 *****<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleName*****
 *****间:2016-03-30 17:42:*****
 *****r/205784*****
 *****tID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<TitleName>k__BackingField&*****
 *****间:2016-03-30 17:39*****
 *****r/196845*****
 *****ield<DepartmentID>k__BackingField<IsSysAccount>k__BackingField<PhotoUrl>k__BackingField<SexTypeID>k__BackingField<Identity>k__BackingField<Birthday>k__BackingField<Tit*****

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：10

确认时间：2016-03-30 18:36

厂商回复：

感谢提醒，正在修复中。

漏洞评价：

对本漏洞信息进行评价，以更好的反馈信息的价值，包括信息客观性，内容是否完整以及是否具备学习价值

漏洞概要 关注数(6) 关注此漏洞

缺陷编号： WooYun-2016-190806

漏洞标题： 宜信某站运维不当涉及内部系统人员信息

相关厂商： 宜信

漏洞作者： 路人甲

提交时间： 2016-03-30 17:54

公开时间： 2016-05-14 18:40

漏洞类型： 敏感信息泄露

危害等级： 高