乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2012-06-01: 细节已通知厂商并且等待厂商处理中 2012-06-04: 厂商已经确认,细节仅向厂商公开 2012-06-14: 细节向核心白帽子及相关领域专家公开 2012-06-24: 细节向普通白帽子公开 2012-07-04: 细节向实习白帽子公开 2012-07-16: 细节向公众公开
如题,果然被猜中,有第一处就会有同样的多处!
众多svn信息暴露(所有应用都清理一下,肯定很多):
http://music.sogou.com/.svn/entrieshttp://wap.sogou.com/.svn/entrieshttp://wap.sogou.com/pic/.svn/entrieshttp://wap.sogou.com/book/.svn/entrieshttp://wap.sogou.com/music/.svn/entrieshttp://wap.sogou.com/new/.svn/entrieshttp://wap.sogou.com/sogou/map/.svn/entrieshttp://wap.sogou.com/sogou/.svn/entries
web.xml文件读取(IE6下读取显示有点问题,在Firefox下正常): http://mp3.sogou.com/WEB-INF/web.xml
<web-app><servlet><servlet-name>QueryInitServlet</servlet-name><servlet-class>com.sogou.music.query.init.InitServlet</servlet-class><load-on-startup>1</load-on-startup></servlet><servlet><servlet-name>InitAsyncTinyServlet</servlet-name><servlet-class>com.sogou.music.query.init.TinyServlet</servlet-class><load-on-startup>2</load-on-startup></servlet><servlet><servlet-name>LinkListServlet</servlet-name><servlet-class>com.sogou.music.query.servlet.LinkListServlet</servlet-class></servlet><servlet-mapping><servlet-name>LinkListServlet</servlet-name><url-pattern>/api/links</url-pattern></servlet-mapping><servlet><servlet-name>LyricServlet</servlet-name><servlet-class>com.sogou.music.query.servlet.LyricServlet</servlet-class></servlet><servlet-mapping><servlet-name>LyricServlet</servlet-name><url-pattern>/api/lrc</url-pattern></servlet-mapping><servlet><servlet-name>SongListServlet</servlet-name><servlet-class>com.sogou.music.query.servlet.SongListServlet</servlet-class></servlet><servlet-mapping><servlet-name>SongListServlet</servlet-name><url-pattern>/api/songlist</url-pattern></servlet-mapping><servlet><servlet-name>HobbyServlet</servlet-name><servlet-class>com.sogou.music.query.servlet.HobbyServlet</servlet-class></servlet><servlet-mapping><servlet-name>HobbyServlet</servlet-name><url-pattern>/api/hobby</url-pattern></servlet-mapping><!-- copy begin--><servlet><servlet-name>LinkListServlet2</servlet-name><servlet-class>com.sogou.music.query.servlet.LinkListServlet2</servlet-class></servlet><servlet-mapping><servlet-name>LinkListServlet2</servlet-name><url-pattern>/api/links2</url-pattern></servlet-mapping><servlet><servlet-name>LyricServlet2</servlet-name><servlet-class>com.sogou.music.query.servlet.LyricServlet2</servlet-class></servlet><servlet-mapping><servlet-name>LyricServlet2</servlet-name><url-pattern>/api/lrc2</url-pattern></servlet-mapping><servlet><servlet-name>SongListServlet2</servlet-name><servlet-class>com.sogou.music.query.servlet.SongListServlet2</servlet-class></servlet><servlet-mapping><servlet-name>SongListServlet2</servlet-name><url-pattern>/api/songlist2</url-pattern></servlet-mapping><servlet><servlet-name>HobbyServlet2</servlet-name><servlet-class>com.sogou.music.query.servlet.HobbyServlet2</servlet-class></servlet><servlet-mapping><servlet-name>HobbyServlet2</servlet-name><url-pattern>/api/hobby2</url-pattern></servlet-mapping><servlet><servlet-name>QcServlet2</servlet-name><servlet-class>com.sogou.music.query.servlet.QcServlet2</servlet-class></servlet><servlet-mapping><servlet-name>QcServlet2</servlet-name><url-pattern>/api/qc2</url-pattern></servlet-mapping><servlet><servlet-name>PictureServlet</servlet-name><servlet-class>com.sogou.music.query.servlet.PictureServlet</servlet-class></servlet><!-- iapi --><servlet-mapping><servlet-name>PictureServlet</servlet-name><url-pattern>/iapi/pic</url-pattern></servlet-mapping><servlet><servlet-name>LinkListServlet3</servlet-name><servlet-class>com.sogou.music.query.servlet.LinkListServlet3</servlet-class></servlet><servlet-mapping><servlet-name>LinkListServlet3</servlet-name><url-pattern>/iapi/links</url-pattern></servlet-mapping><servlet><servlet-name>SongListServlet3</servlet-name><servlet-class>com.sogou.music.query.servlet.SongListServlet3</servlet-class></servlet><servlet-mapping><servlet-name>SongListServlet3</servlet-name><url-pattern>/iapi/songlist</url-pattern></servlet-mapping><!-- end --><filter><filter-name>AlbumFilter</filter-name><filter-class>com.sogou.music.query.init.filter.AlbumFilter</filter-class></filter><filter-mapping><filter-name>AlbumFilter</filter-name><url-pattern>/music.so</url-pattern></filter-mapping><filter><filter-name>CharsetFilter</filter-name><filter-class>com.sogou.music.query.init.filter.CharsetFilter</filter-class></filter><filter-mapping><filter-name>CharsetFilter</filter-name><url-pattern>/*.so</url-pattern></filter-mapping><filter-mapping><filter-name>CharsetFilter</filter-name><url-pattern>/*.jsp</url-pattern></filter-mapping><filter><filter-name>BrowserFilter</filter-name><filter-class>com.sogou.music.query.init.filter.BrowserFilter</filter-class></filter><filter-mapping><filter-name>BrowserFilter</filter-name><url-pattern>/listen*.so</url-pattern></filter-mapping><filter-mapping><filter-name>BrowserFilter</filter-name><url-pattern>/listen/listenV2*.jsp</url-pattern></filter-mapping><filter><filter-name>ReferFilter2</filter-name><filter-class>com.sogou.music.query.init.filter.ReferFilter2</filter-class><init-param><param-name>refer</param-name><param-value/></init-param></filter><filter-mapping><filter-name>ReferFilter2</filter-name><url-pattern>/iapi/*</url-pattern></filter-mapping><filter><filter-name>ReferFilter</filter-name><filter-class>com.sogou.music.query.init.filter.ReferFilter</filter-class><init-param><param-name>ban</param-name><param-value>true</param-value></init-param></filter><filter-mapping><filter-name>ReferFilter</filter-name><url-pattern>/api/*</url-pattern></filter-mapping></web-app>
http://mbox.sogou.com/WEB-INF/web.xml
<web-app><servlet><servlet-name>InitServer</servlet-name><servlet-class>com.sogou.music.musicbox.servlet.InitServlet</servlet-class><load-on-startup>1</load-on-startup><init-param><param-name>hotTagNum</param-name><param-value>20</param-value></init-param></servlet><servlet-mapping><servlet-name>InitServer</servlet-name><url-pattern>/init</url-pattern></servlet-mapping><servlet><servlet-name>TPLInitServer</servlet-name><servlet-class>com.sogou.miscsearch.music.tpl.InitServlet</servlet-class><load-on-startup>1</load-on-startup><init-param><param-name>tplPath</param-name><param-value>/search/odin/resin/mbox/conf/tpl</param-value></init-param></servlet><servlet><servlet-name>InitAsyncTinyServlet</servlet-name><servlet-class>com.sogou.music.query.util.tiny.TinyServlet</servlet-class><load-on-startup>2</load-on-startup></servlet><!--error-page> <error-code>400</error-code> <location>/error400.html</location> </error-page> <error-page> <error-code>404</error-code> <location>/error404.html</location> </error-page> <error-page> <error-code>500</error-code> <location>/error500.html</location> </error-page--></web-app>
http://music.sogou.com/WEB-INF/web.xml
<web-app><welcome-file-list>index.html</welcome-file-list><!--error-page> <error-code>404</error-code> <location>/admin/error.so?errorcode=404</location> </error-page> <error-page> <error-code>500</error-code> <location>/admin/error.so?errorcode=500</location> </error-page--><servlet><servlet-name>InitServer</servlet-name><servlet-class>com.sogou.music.camp.tpl.servlet.InitServlet</servlet-class><load-on-startup>1</load-on-startup><init-param><param-name>tplPath</param-name><param-value>/search/odin/resin/musicphb/tag/WEB-INF/classes/tpl/web/dynamic</param-value></init-param></servlet><servlet><servlet-name>SSIServlet</servlet-name><servlet-class>com.caucho.servlets.ssi.SSIServlet</servlet-class></servlet><servlet-mapping><servlet-name>SSIServlet</servlet-name><url-pattern>*.html</url-pattern></servlet-mapping></web-app>
多关注安全!
危害等级:低
漏洞Rank:5
确认时间:2012-06-04 14:23
感谢, 正在安排处理
暂无