乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2012-10-15: 细节已通知厂商并且等待厂商处理中 2012-10-19: 厂商已经确认,细节仅向厂商公开 2012-10-29: 细节向核心白帽子及相关领域专家公开 2012-11-08: 细节向普通白帽子公开 2012-11-18: 细节向实习白帽子公开 2012-11-29: 细节向公众公开
svn泄露
1.之前的邮箱的
http://mail.156.cn/help/css/.svn/entries
即(未修补的):
WooYun: 中国联通156邮箱 SVN信息泄露 WooYun: 中国联通156邮箱可遍历目录
2.不小心发现主站也存在:
http://www.156.cn/help/.svn/entrieshttp://www.156.com.cn/.svn/entries
3.各二级域名也存在:
http://hb.156.cn/web/album/.svn/entrieshttp://cq.156.cn/.svn/entrieshttp://ah.156.cn/.svn/entrieshttp://mms.156.cn/web/album/.svn/entries..........
2gForget.jsp 2gshuoming.jsp forget.jsp tiaokuan.jsp wapGetSmsCode.jsp waptiaokuan.jsp2gbanquan.jsp 2gtiaokuan.jsp help.jsp verificationCode.jsp waphelp.jsp wapzhuce.jsp2ghelp.jsp 2gzhuce.jsp shengming.jsp wapForget.jsp wapshuoming.jsp zhuce.jsp
http://www.156.cn/.svn/entries
8dir8707http://220.194.55.12:8087/svn/albumII/gdbanlvweb/webapphttp://220.194.55.12:8087/svn/albumII2012-06-25T02:39:40.278125Z8651zhanglinsvn:special svn:externals svn:needs-lockcacf1611-ccc3-ef4a-870a-b915fedcf1faloaddirmmsSuperMarketdirandroiddirload_resource.jspfile2012-07-13T06:52:29.000000Zb8f8993cb737c57f711c81dd45dbcb882012-06-25T02:39:40.278125Z8651zhanglinwapMeal.jspfile2012-07-13T06:52:29.000000Z9184c317ce2818953ceade49f58e03a42012-06-25T02:39:40.278125Z8651zhanglinzhipingke.jspfile88042012-08-16T08:12:03.000000Z5a286e4c324fe4b0a4fa9e47c20875fb2012-08-16T08:45:11.484125Z8804zhangjigelogin1.jspfile2012-07-13T06:52:29.000000Z00af4d588d4da7f3d44bce82014b28a12012-06-25T02:39:40.278125Z8651zhanglinloginErroy.jspfile2012-07-13T06:52:29.000000Z90478a011338c5d468750a4736d885c02012-06-25T02:39:40.278125Z8651zhanglinwappushdir2g_waplogin_tc.jspfile87332012-07-30T08:28:14.000000Zedc42c46bf2cff3af6da257d12a1471a2012-07-30T08:58:52.156559Z8733zhanglinpushmmsdirshenqu.jspfile89882012-09-29T01:52:59.000000Z6dff595254327c05dcebd1cfa87353b52012-09-29T02:30:51.139000Z8988zhangjigeaddressbookdir2g_wapindex.jspfile87322012-07-30T08:27:48.000000Zc5e1729b3c0944844a0423db3d7715192012-07-30T08:58:31.910706Z8732zhanglinwarehousedirindex.jspfile2012-07-13T06:52:29.000000Z3ccdb77d81eb19937231a3db4903eede2012-06-25T02:39:40.278125Z8651zhanglinloginimgdiroperadiruploadsdirjsdirchange.jspfile2012-07-13T06:52:29.000000Zc0cea8f9998c1d415a881db053e834be2012-06-25T02:39:40.278125Z8651zhanglinWEB-INFdirwapdirMETA-INFdirwaplogin_tc.jspfile87372012-07-30T08:29:32.000000Z180ee60d755a0a1981268869c4cd65bd2012-07-30T09:00:10.390533Z8737zhanglinlogin_old.jspfile2012-07-13T06:52:29.000000Z16f01b599e7c04cea6dbbedd2c27dcd22012-06-25T02:39:40.278125Z8651zhanglinopera.jspfile87842012-08-08T04:56:18.000000Ze9ef0ba82baa8a459e763adc9a90610e2012-08-08T05:28:23.452875Z8784zhangjige404.jspfile2012-07-13T06:52:29.000000Zf84011e20c2d2017c9d22c138ff0913e2012-06-25T02:39:40.278125Z8651zhanglinsmsdirwapExplain.jspfile2012-07-13T06:52:29.000000Zf56b1131b81aa958e198ffb97108af562012-06-25T02:39:40.278125Z8651zhanglin2g_waplogin.jspfile87342012-07-30T08:28:29.000000Zc385e38ccf5970e7dd74b73977a78a212012-07-30T08:59:11.308886Z8734zhanglinlogin.jspfile89272012-09-11T06:49:17.000000Z7a9625e545be74a973ad7f40a9f44c1e2012-09-11T07:27:15.765375Z8927zhangjigeincdirqunfadirwapindex.jspfile89972012-09-29T02:50:34.000000Z3ac90322501559f946558c33ce2c575a2012-09-29T03:28:44.764000Z8997zhangjigemmsplugindirunicom_querydirandroidTestdirjumpNew.jspfile2012-07-13T06:52:29.000000Z25da5a351bf3409074849c56f97e6e912012-06-25T02:39:40.278125Z8651zhanglinjumpNew.wmlfile2012-07-13T06:52:29.000000Zc6ec67ba24bcead2d4a2a759c3104d472012-06-25T02:39:40.278125Z8651zhanglinsradirfsend.jspfile2012-07-13T06:52:29.000000Zbadbee06f1bab16dac53a9dfd196839a2012-06-25T02:39:40.278125Z8651zhanglinwapHow.jspfile2012-07-13T06:52:29.000000Z8202e0f6a7f08cbe0b24902491b6e6b32012-06-25T02:39:40.278125Z8651zhanglinjqm_html5dirusersdirdiymmsdiraltercontentdir.mymetadatafile2012-07-13T06:52:29.000000Z484dc257f1b7fabcfd98f0f99c6111bf2012-06-25T02:39:40.278125Z8651zhanglinimagesdirwaplogin.jspfile89952012-09-29T02:39:20.000000Z1e07b687cb799d668145cd24011aab502012-09-29T03:17:32.139000Z8995zhangjigenpe.jspfile2012-07-13T06:52:29.000000Zac275fc1ec3ff631184bf848838c61b42012-06-25T02:39:40.278125Z8651zhanglinwo.jspfile2012-07-13T06:52:29.000000Zf2cc7d68e967a226263d0d35ca80072f2012-06-25T02:39:40.278125Z8651zhanglineventdirold_time.jspfile2012-07-13T06:52:29.000000Zaa2a82d0f2d60b2b41d084610550360e2012-06-25T02:39:40.278125Z8651zhanglinadmindircssdirhelpdirweidiaocha.jspfile89892012-09-29T01:53:16.000000Z1040165f341220311ba61a313d0449c42012-09-29T02:31:29.560875Z8989zhangjigeswfdir500.jspfile2012-07-13T06:52:29.000000Z9a28edd219fa7959b37f5ad6a3034ba12012-06-25T02:39:40.278125Z8651zhanglinloginJump.jspfile2012-07-13T06:52:29.000000Z66e1ccc20acd276fafbe6d7b50b093d62012-06-25T02:39:40.278125Z8651zhanglintmpdirjump.jspfile2012-07-13T06:52:29.000000Z8eb2a92568f70a1100efde50d4690abb2012-06-25T02:39:40.278125Z8651zhanglin2g_mealChange.jspfile2012-07-13T06:52:29.000000Z7ff34c59de2831af157612182a61487b2012-06-25T02:39:40.278125Z8651zhanglinsession_test.jspfile2012-07-13T06:52:29.000000Z87baabfa8ae76d6218cf74b753853ad52012-06-25T02:39:40.278125Z8651zhanglinMyHtml.htmlfile2012-07-13T06:52:29.000000Z2a06f79c58b30dfbd30801e0569df4672012-06-25T02:39:40.278125Z8651zhanglinwapTg.jspfile2012-07-13T06:52:29.000000Z83963daf97278a0a5686d97a53b96f882012-06-25T02:39:40.278125Z8651zhanglin
此处略--!
危害等级:中
漏洞Rank:6
确认时间:2012-10-19 18:53
对于邮箱SVN泄露事件,在此前曾处置过事件,联通修复了弱口令。但看来对SVN信息泄露或可访问权限未进行限制,或许为开发方的配置,面临风险较高。转由CNCERT继续协调邮箱SVN泄露情况以及新发现的主站SVN泄露情况,目前尚未测试得到弱口令情况。参照部分影响机密性评分,rank=4.96*1.0*1.2=5.952
暂无