人类的怠惰之一安全管理执行力度不够导致寺库中国安全边界被突破（进入内网）

发表于 2015年06月20日
WooYun漏洞库

漏洞概要

缺陷编号：WooYun-2015-0121853

漏洞标题：人类的怠惰之一安全管理执行力度不够导致寺库中国安全边界被突破（进入内网）

漏洞详情

披露状态：

2015-06-20: 细节已通知厂商并且等待厂商处理中
2015-06-22: 厂商已经确认，细节仅向厂商公开
2015-07-02: 细节向核心白帽子及相关领域专家公开
2015-07-12: 细节向普通白帽子公开
2015-07-22: 细节向实习白帽子公开
2015-08-06: 细节向公众公开

简要描述：

就是个弱口令，简单而又高效且杀伤力巨大中国姓名排行TOP500(数据统计来自国家人口数据库)
http://zone.wooyun.org/content/18372Top 100 baby names per country
http://t.cn/RwLzSdUList of most popular given names
http://t.cn/8sEjmYGSome common countries. Top 10 surnames and forenames
http://t.cn/RwLzSd4List of most common surnames in Asia
http://t.cn/zTAFSEu

详细说明：

http://www.secoo.com/qqexmail:http://mail.secoo.com/中国姓名排行TOP500(数据统计来自国家人口数据库)http://zone.wooyun.org/content/18372爆破知如下帐号密码：

<mask>[email protected]*****<br>
*****oo.com*****<br>
*****coo.com*****<br>
*****oo.com*****<br>
*****com a1*****<br>
*****o.com a*****<br>
*****oo.com*****<br>
*****o.com a*****<br>
*****oo.com *****<br>
*****oo.com*****<br>
*****coo.com*****<br>
*****oo.com *****<br>
*****oo.com *****<br>
*****o.com a*****<br>
*****ecoo.co*****<br>
*****oo.com*****<br>
*****oo.com*****<br>
***** a123456&*****<br></mask>

<mask>[email protected]*****

*****oo.com*****

*****coo.com*****

*****oo.com*****

*****com a1*****

*****o.com a*****

*****oo.com*****

*****o.com a*****

*****oo.com *****

*****oo.com*****

*****coo.com*****

*****oo.com *****

*****o.com a*****

*****ecoo.co*****

*****oo.com*****

***** a123456&***** </mask>

漏洞证明：

开始了DHL订单

客服信息

等等，先想想为什么都是a123456看这里

原来如此那我们看RTX

一开始登录不上，看下配置，选择远程登录即可

商家后台密码泄漏如

http://sop.secoo.com/cooperator/main.action    1719   shms   SHms0000

1	http://sop.secoo.com/cooperator/main.action 1719 shms SHms0000

企业邮箱通讯录

<mask>[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>;[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>;[email protected]*****<br>
[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>*****<br>
*****com;[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>;[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a*****<br>
*****t;;"罗之琳"<[email protected]>;"卢雅娜"<[email protected]>;"吕薇—投资"<[email protected]>;"马晓菲"<[email protected]>;"Michelle"<[email protected]>;"潘婷婷"<[email protected]>;"passport"<[email protected]>;"钱包业务服务"<[email protected]>;"支付"<[email protected]>;"易宝欧元账户"<[email protected]>;"易宝欧元账户"<[email protected]>;"易宝香港账户"<[email protected]>;"易宝日本帐号"<[email protected]>;"易宝日币账户"<[email protected]>;"易宝美国帐号"<[email protected]>;"易宝美国账户"<[email protected]>;"裴胜"<[email protected]>;"PostMaster"<[email protected]>;"钱赟"<[email protected]>;"权芸芸"<[email protected]>;"打印机"<[email protected]>;"secoo淘宝店"<[email protected]>;"举报邮箱"<[email protected]>;"支付宝"<[email protected]>;"美国站支付"<se*****<br></mask>

<mask>[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>;[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>;[email protected]*****

[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>*****

*****com;[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>;[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a*****

*****t;;"罗之琳"<[email protected]>;"卢雅娜"<[email protected]>;"吕薇—投资"<[email protected]>;"马晓菲"<[email protected]>;"Michelle"<[email protected]>;"潘婷婷"<[email protected]>;"passport"<[email protected]>;"钱包业务服务"<[email protected]>;"支付"<[email protected]>;"易宝欧元账户"<[email protected]>;"易宝欧元账户"<[email protected]>;"易宝香港账户"<[email protected]>;"易宝日本帐号"<[email protected]>;"易宝日币账户"<[email protected]>;"易宝美国帐号"<[email protected]>;"易宝美国账户"<[email protected]>;"裴胜"<[email protected]>;"PostMaster"<[email protected]>;"钱赟"<[email protected]>;"权芸芸"<[email protected]>;"打印机"<[email protected]>;"secoo淘宝店"<[email protected]>;"举报邮箱"<[email protected]>;"支付宝"<[email protected]>;"美国站支付"<se***** </mask>

来，我们来看下一个叫曹京的人

掌管各种VPN嗯，VPN

目测一个员工一个VPN未相继测试还有国外VPN，是一个叫lili美女的一个邮件里有下载openvpn

各种密码哇

修复方案：

<mask>*****要的是默认*****<br>
**********<br>
[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>;[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>;[email protected]*****<br>
[email protected];[email protected];[email protected];zhengli@secoo.com;zhouzhihua@secoo.com;zhuhongye@secoo.com;zhuyingchun@secoo.com;anhuiyu@secoo.com;boshanshan@secoo.com;caojin@secoo.com;hanyukuo@secoo.com;haomuzi@secoo.com;jiangshuaiguang@secoo.com;jiangweiyi@secoo.com;lanyabin@secoo.com;lilinan@secoo.com;liqing@secoo.com;liuhongyin@secoo.com;"a??"<liutao@secoo.com>*****<br>
*****com;renchongyu@secoo.com;renyarong@secoo.com;rongxiulian@secoo.com;rongyan@secoo.com;"a??"<shangliancai@secoo.com>;shaoshuang@secoo.com;sheji_liurui@secoo.com;sheji_zhulin@secoo.com;shijieying@secoo.com;shijingwen@secoo.com;shiqinqin@secoo.com;shirongjun@secoo.com;shixiaoyu@secoo.com;shuliang@secoo.com;simon.li@secoo.com;songchao@secoo.com;"a*****<br>
*****om>;"罗之琳"<luozhilin@secoo.com>;"卢雅娜"<luyana@secoo.com>;"吕薇—投资"<lvwei@secoo.com>;"马晓菲"<maxiaofei@secoo.com>;"Michelle"<michelle@secoo.com>;"潘婷婷"<pantingting@secoo.com>;"passport"<passport@secoo.com>;"钱包业务服务"<pay@secoo.com>;"支付"<payment@secoo.com>;"易宝欧元账户"<payment_eur@secoo.com>;"易宝欧元账户"<payment_eurx@secoo.com>;"易宝香港账户"<payment_hkdx@secoo.com>;"易宝日本帐号"<payment_jpy@secoo.com>;"易宝日币账户"<payment_jpyx@secoo.com>;"易宝美国帐号"<payment_usd@secoo.com>;"易宝美国账户"<payment_usdx@secoo.com>;"裴胜"<peisheng@secoo.com>;"PostMaster"<postmaster@secoo.com>;"钱赟"<qianyun@secoo.com>;"权芸芸"<quanyunyun@secoo.com>;"打印机"<scanner@secoo.com>;"secoo淘宝店"<secoo@secoo.com>;"举报邮箱"<secoojubao@secoo.com>;"支付宝"<secoopay@secoo.com>;"美国站支付"*****<br>
*****oo.com*****<br>
*****oo.com*****<br>
*****coo.com*****<br>
*****oo.com*****<br>
*****com a1*****<br>
*****o.com a*****<br>
*****oo.com*****<br>
*****o.com a*****<br>
*****oo.com *****<br>
*****oo.com*****<br>
*****coo.com*****<br>
*****oo.com *****<br>
*****oo.com *****<br>
*****o.com a*****<br>
*****ecoo.co*****<br>
*****oo.com*****<br>
*****oo.com*****<br>
*****oo.com*****<br>
**********<br>
*****ji*****<br>
**********<br>
1.http://**.**.**/loginredirectUrl=http%3A%2F%2Fabdpop.secoo.com%2F_<br>
**********<br>
**********<br>
2.http://**.**.**/cooperator/main.action    1719   shms   SHms0000_<br>
**********<br>
**********<br>
*****.com   lili@*****<br>
**********<br>
**********<br>
**********<br>
*****089h    11*****<br>
**********<br>
**********<br>
**********<br>
**********<br>
**********<br>
*****cod*****<br></mask>

<mask>*****要的是默认*****

**********

[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>;[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];[email protected];"a??"<[email protected]>;[email protected]*****

[email protected];[email protected];[email protected];zhengli@secoo.com;zhouzhihua@secoo.com;zhuhongye@secoo.com;zhuyingchun@secoo.com;anhuiyu@secoo.com;boshanshan@secoo.com;caojin@secoo.com;hanyukuo@secoo.com;haomuzi@secoo.com;jiangshuaiguang@secoo.com;jiangweiyi@secoo.com;lanyabin@secoo.com;lilinan@secoo.com;liqing@secoo.com;liuhongyin@secoo.com;"a??"<liutao@secoo.com>*****

*****com;renchongyu@secoo.com;renyarong@secoo.com;rongxiulian@secoo.com;rongyan@secoo.com;"a??"<shangliancai@secoo.com>;shaoshuang@secoo.com;sheji_liurui@secoo.com;sheji_zhulin@secoo.com;shijieying@secoo.com;shijingwen@secoo.com;shiqinqin@secoo.com;shirongjun@secoo.com;shixiaoyu@secoo.com;shuliang@secoo.com;simon.li@secoo.com;songchao@secoo.com;"a*****

*****om>;"罗之琳"<luozhilin@secoo.com>;"卢雅娜"<luyana@secoo.com>;"吕薇—投资"<lvwei@secoo.com>;"马晓菲"<maxiaofei@secoo.com>;"Michelle"<michelle@secoo.com>;"潘婷婷"<pantingting@secoo.com>;"passport"<passport@secoo.com>;"钱包业务服务"<pay@secoo.com>;"支付"<payment@secoo.com>;"易宝欧元账户"<payment_eur@secoo.com>;"易宝欧元账户"<payment_eurx@secoo.com>;"易宝香港账户"<payment_hkdx@secoo.com>;"易宝日本帐号"<payment_jpy@secoo.com>;"易宝日币账户"<payment_jpyx@secoo.com>;"易宝美国帐号"<payment_usd@secoo.com>;"易宝美国账户"<payment_usdx@secoo.com>;"裴胜"<peisheng@secoo.com>;"PostMaster"<postmaster@secoo.com>;"钱赟"<qianyun@secoo.com>;"权芸芸"<quanyunyun@secoo.com>;"打印机"<scanner@secoo.com>;"secoo淘宝店"<secoo@secoo.com>;"举报邮箱"<secoojubao@secoo.com>;"支付宝"<secoopay@secoo.com>;"美国站支付"*****

*****oo.com*****