A series of security problems caused by China Telecom's system negligence

With a trembling hand, the weak password went in and found a series of security problems. The fsm service can be used to locate the problems, send text messages through sms, and even affect Telecom user data.
This system should have been adopted by China Telecom. It is recommended that cncert notify China Telecom to check the system ~

Googlehacking

Intitle: telecom field intext: megasoft

This is a field management system developed by China Telecom and megasoft. after entering a mobile phone number, employees will activate the fsm service. This system can be used to locate, send text messages, view and draw a road map, and perform other operations.

Test user

Password 123456

Taking http://www.189dw.com: 8081 as an Example

The test user successfully logs in,




Location

Draw a Roadmap

Getshell:

Http://www.xxx.com: 8081/common/JSPs/file. jsp

Arbitrary File Upload directly getshell

Positioning longitude and latitude:

The http://www.189dw.com: 8081/positionmap. mapemployee. do? Stimeid = 0.4427834945057538 & positionmap_smobile = Mobile Phone Number ~

Send text messages via sms

The http://www.189dw.com: 8081/positionmap. newsms. do? Ui_key = positionmap-sendsms-pop & ui_tokey = & ui_tohref = % 2Fpositionmap. no. do % 3F & ui_toform = & positionmap_smobile = Mobile Phone Number @ & mobile phone number @





After getshell finds that the permission is too high, it is root directly. After the ssh configuration is changed, the ip address and user group restrictions are removed and the server is connected successfully, and a bigger problem is found, the telecom user data in this province is stored naked on servers.




 

The data is too big to be directly looked at. I was so scared that I had to log out in a hurry.

 

Solution:

Delete test user

Enhance permission Control

Verify File Upload