金蝶某处配置不当可导致内部敏感信息泄露

2015-06-05T00:00:00
ID SSV:93783
Type seebug
Reporter Root
Modified 2015-06-05T00:00:00

Description

简要描述:

rt审核帮忙打一下码谢谢

详细说明:

问题出现在:https://github.com/Kevin2030/finance_monitor/blob/9c4ffc8dd773ee072648de3a2e5d7b8afabf638a/src/main/resources/monitor.properties

mail.from==?UTF-8?B?6YeR6J225LqS6IGU572R6YeR6J6N?=<kdjrservice@kingdee.com> mail.smtp.host=kdmail.kingdee.com mail.smtp.auth=true mail.debug=false mail.authName=kdjrservice mail.authPsw=kd_hk0268

登陆邮箱试试

<img src="https://images.seebug.org/upload/201506/05132318fb26ebf53918d81a3b05a2b12bf2375b.jpg" alt="QQ图片20150605132304.jpg" width="600" onerror="javascript:errimg(this);">

登陆成功 看看都有些什么

<img src="https://images.seebug.org/upload/201506/051327080db2c9da1a71b999a22d6db7a2d42b7c.png" alt="QQ图片20150605132650.png" width="600" onerror="javascript:errimg(this);">

全是银行的数据

漏洞证明:

<img src="https://images.seebug.org/upload/201506/051327080db2c9da1a71b999a22d6db7a2d42b7c.png" alt="QQ图片20150605132650.png" width="600" onerror="javascript:errimg(this);">