金蝶某系统弱口令可查看修改敏感信息

2015-02-01T00:00:00
ID SSV:93803
Type seebug
Reporter Root
Modified 2015-02-01T00:00:00

Description

简要描述:

看到乌云上报了很多洞,我也去挖一个。

详细说明:

云服务管理平台:http://118.194.40.134:8080/index.php?m=Index&a=index http://118.194.40.135:8080/index.php?m=Index&a=index 弱口令: admin kingdee 可查看订单信息,管理序列号,可以查看服务器ip和连接状态,ssh账号信息各种密钥

<img src="https://images.seebug.org/upload/201502/01192800574f79c3bd46bba8b427a0f644628ad6.png" alt="1.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201502/01192825b78b9154b0d7f20cbd12dea947bb4b89.png" alt="2.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201502/011928384e96c9e62b1029fa1aec0e9083e2f469.png" alt="3.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201502/011928538daec0bfa42e7c5eb112a25d21cbcb0c.png" alt="4.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201502/011929110c63a183f75c46bc5769ee3a9fb25b06.png" alt="5.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201502/011939560f1d95bebbdff9dbf9739d1bbfdde25f.png" alt="6.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201502/01194014ddda416fc99aa71420890094dcc9758c.png" alt="7.png" width="600" onerror="javascript:errimg(this);">

外赠送一个敏感信息未授权访问 http://118.194.40.29/config.inc.php

<img src="https://images.seebug.org/upload/201502/01194514e8cff67341eed264174e30136d30509e.png" alt="8.png" width="600" onerror="javascript:errimg(this);">

感觉进了内网有点用

漏洞证明:

云服务管理平台:http://118.194.40.134:8080/index.php?m=Index&a=index http://118.194.40.135:8080/index.php?m=Index&a=index 弱口令: admin kingdee 可查看订单信息,管理序列号,可以查看服务器ip和连接状态,ssh账号信息各种密钥

<img src="https://images.seebug.org/upload/201502/01192800574f79c3bd46bba8b427a0f644628ad6.png" alt="1.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201502/01192825b78b9154b0d7f20cbd12dea947bb4b89.png" alt="2.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201502/011928384e96c9e62b1029fa1aec0e9083e2f469.png" alt="3.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201502/011928538daec0bfa42e7c5eb112a25d21cbcb0c.png" alt="4.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201502/011929110c63a183f75c46bc5769ee3a9fb25b06.png" alt="5.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201502/011939560f1d95bebbdff9dbf9739d1bbfdde25f.png" alt="6.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201502/01194014ddda416fc99aa71420890094dcc9758c.png" alt="7.png" width="600" onerror="javascript:errimg(this);">

外赠送一个敏感信息未授权访问 http://118.194.40.29/config.inc.php

<img src="https://images.seebug.org/upload/201502/01194514e8cff67341eed264174e30136d30509e.png" alt="8.png" width="600" onerror="javascript:errimg(this);">

感觉进了内网有点用