当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0111429

漏洞标题:天极源码等政要敏感信息泄露

相关厂商:天极传媒集团

漏洞作者: 路人甲

提交时间:2015-05-01 07:44

修复时间:2015-06-19 11:36

公开时间:2015-06-19 11:36

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-01: 细节已通知厂商并且等待厂商处理中
2015-05-05: 厂商已经确认,细节仅向厂商公开
2015-05-15: 细节向核心白帽子及相关领域专家公开
2015-05-25: 细节向普通白帽子公开
2015-06-04: 细节向实习白帽子公开
2015-06-19: 细节向公众公开

简要描述:

RT

详细说明:

http://passport.yesky.com/jsp/newyesky/.svn/entries
SVN

`1DJ}DOH1LR[4@8@3RQRT4H.png


CAX`Q40PUVLOMN_B}B2@`~X.png


M(Q8{}6Q1Z6`_ST3JM}M17U.jpg


源码都是可以看的,只不过不懂jsp, 没法审计
http://www.yesky.com/web.tar

漏洞证明:

10
dir
511
http://219.239.88.35/repository/passport2009/casclient/web/jsp/newyesky
http://219.239.88.35/repository/passport2009
2013-05-28T04:32:13.158495Z
506
wuxf
8851bafa-ff8a-4a23-ad0a-b23fd3c8d2bf
3.jsp
file
2010-11-17T09:13:30.806000Z
c0cf0bff965e7a9ea962921fb0540201
2009-05-15T11:09:16.366770Z
336
longwp
6573
agreement.jsp
file
2010-11-17T09:13:31.434000Z
af70e76b8fcdf752ef78d2264e0687cd
2010-01-26T02:39:46.402821Z
413
yangfan
14249
alipay_login.jsp
file
512
2012-11-11T16:00:00.000000Z
293a9123e2279399afb950f80966564a
2013-07-29T03:39:46.289738Z
512
wuxf
1614
cbsys_confirm.jsp
file
512
2012-11-11T16:00:00.000000Z
8e45e7a9b76569e736fa5419d1cd7ddb
2013-07-29T03:39:46.289738Z
512
wuxf
2837
cbsys_getpass_select.jsp
file
2010-11-17T09:13:31.451000Z
8d9687e5b81f76328fd793435fee0e94
2009-04-17T05:59:57.756146Z
255
longwp
3042
count.jsp
file
2010-11-17T09:13:31.062000Z
49a6d58fe186a6a370c560e9c51cc312
2010-04-19T03:24:00.286384Z
430
yangfan
1887
get_baidu_access-token.jsp
file
512
2013-03-18T12:38:00.000000Z
41d12df46b0c542cfe6175426ddb25f5
2013-07-29T03:39:46.289738Z
512
wuxf
2594
help_find.html
file
2010-11-17T09:13:31.211000Z
203cffab772bcd074387fb9f66b85d10
2010-04-19T03:24:00.286384Z
430
yangfan
10556
help_login.html
file
512
2012-11-11T16:00:00.000000Z
5b72d2f9d03aa4ae2a83a6d9224e695c
2013-07-29T03:39:46.289738Z
512
wuxf
12454
help_safety.html
file
2010-11-17T09:13:30.943000Z
6d7d798fcc8d073e81d02351fa925bdf
2010-04-19T03:24:00.286384Z
430
yangfan
11807
index.jsp
file
512
2012-11-11T16:00:00.000000Z
b56b06f1d4c15b10fed9b36d6e882428
2013-07-29T03:39:46.289738Z
512
wuxf
1835
js
dir
login_baidu_connect.jsp
file
2012-04-23T01:42:30.577000Z
d87d4d16b5547a55fb804b6d1b140fd6
2012-04-06T03:58:17.955856Z
495
liuna
svn:special svn:externals svn:needs-lock
6580
login_baidu_connect.jsp.bak
file
512
deleted
login_by139.jsp
file
512
2012-11-11T16:00:00.000000Z
62ceb9a74a3e594f4ae66e75feedcfc4
2013-07-29T03:39:46.289738Z
512
wuxf
783
qqloginback.jsp
file
512
2012-11-11T16:00:00.000000Z
be1aa02764fbcae97c3e4a88c8864526
2013-07-29T03:39:46.289738Z
512
wuxf
1265
qweibo_login_return.jsp
file
512
2012-11-11T16:00:00.000000Z
d8f2bdb2c86d1e84e31938ee9478b96b
2013-07-29T03:39:46.289738Z
512
wuxf
4615
saiban_user_confirm.jsp
file
2012-04-23T01:42:30.702000Z
db6bfcc33c3e11476600a52d5ae91684
2012-04-06T03:58:17.955856Z
495
liuna
svn:special svn:externals svn:needs-lock
4612
saiban_user_mail.jsp
file
2012-04-23T01:42:30.593000Z
c5c910d9d1f1adfe721b6559cf179e2e
2012-04-06T03:58:17.955856Z
495
liuna
svn:special svn:externals svn:needs-lock
7099
sinacallback.jsp
file
2011-11-17T06:56:02.587848Z
62e0ae1e1312a7e7deaf29778bd6b553
2011-08-11T02:49:42.061228Z
486
zhouhw
1140
testlwp.jsp
file
512
2012-11-11T16:00:00.000000Z
2d40815c07fcdbb472dd87622cdbecdf
2013-07-29T03:39:46.289738Z
512
wuxf
14847
tp.jsp
file
512
2012-11-11T16:00:00.000000Z
ace4d384a2f3787e3e9b07ed2e1b6c84
2013-07-29T03:39:46.289738Z
512
wuxf
11365
xd_baidu.html
file
2011-11-17T06:56:02.583848Z
b4895d86b097560b31e83d14dfbf947b
2011-05-13T11:06:21.680431Z
472
zhouhw
441
yeskysys_checklogin.jsp
file
2010-11-17T09:13:30.762000Z
88fd33ed38cd2ad135703cbc3e424e95
2009-04-27T07:42:50.207203Z
277
longwp
254
yeskysys_confirm.jsp
file
2010-11-17T09:13:31.495000Z
16ee3c1b65680306309b46303d1b7295
2009-09-24T08:06:58.274623Z
383
duancy
4615
yeskysys_emailerror.jsp
file
2010-11-17T09:13:31.034000Z
a5dd17d5be3e50313d0d0464c072e8d7
2009-04-14T06:51:20.104968Z
251
longwp
2693
yeskysys_getpass_fill.jsp
file
2010-11-17T09:13:31.179000Z
39f0b6492c1de667d854503089aa3d29
2009-05-12T06:59:31.036546Z
309
longwp
17915
yeskysys_getpass_fill_post.jsp
file
2010-11-17T09:13:31.418000Z
f7d3ce68cec655f0c7e4310a082704b8
2009-05-12T06:59:31.036546Z
309
longwp
6573
yeskysys_getpass_name.jsp
file
512
2012-11-11T16:00:00.000000Z
b98b0c379a5592752db4f689e028906c
2013-07-29T03:39:46.289738Z
512
wuxf
2459
yeskysys_getpass_resetpw.jsp
file
2010-11-17T09:13:31.228000Z
413a744b7caac719379b0307498a55de
2009-05-12T06:59:31.036546Z
309
longwp
10382
yeskysys_getpass_select.jsp
file
2010-11-17T09:13:30.750000Z
0a0f07f3181734bf42889dfe092b3aa2
2009-05-12T06:59:31.036546Z
309
longwp
3206
yeskysys_getpass_toemail.jsp
file
2010-11-17T09:13:31.366000Z
154c2ff00efb57a589b2b6873bce0372
2009-05-12T06:59:31.036546Z
309
longwp
5806
yeskysys_index.jsp
file
2013-03-19T04:59:59.283000Z
5e588e6d9303970cc2c8b04e16b18a88
2012-04-06T03:52:46.539949Z
494
liuna
svn:special svn:externals svn:needs-lock
44501
yeskysys_login_c.jsp
file
2012-04-23T01:42:31.107000Z
8373828288f7484210dcfca20482f361
2012-04-06T03:58:17.955856Z
495
liuna
svn:special svn:externals svn:needs-lock
24075
yeskysys_login_i.jsp
file
512
2012-11-21T16:00:00.000000Z
e838e8d42f0d25a6f94b14b9d88bd3ff
2013-07-29T03:39:46.289738Z
512
wuxf
24188
yeskysys_login_p.jsp
file
512
2012-11-11T16:00:00.000000Z
3a3144114ddb189c6efbe85493af2697
2013-07-29T03:39:46.289738Z
512
wuxf
20754
yeskysys_login_success.jsp
file
2010-11-17T09:13:30.979000Z
5fa8fb4393900f879d4bcd9f6aeeee20
2009-04-14T06:51:20.104968Z
251
longwp
1121
yeskysys_modify_jb.jsp
file
2012-04-23T01:42:30.390000Z
97a3b6862247d30a5ff50d4a05a92018
2012-04-06T03:58:17.955856Z
495
liuna
svn:special svn:externals svn:needs-lock
15228
yeskysys_modify_mail.jsp
file
2010-11-17T09:13:30.964000Z
12884ea2d0326b57a2c90dcad8baea33
2009-10-09T07:59:11.978598Z
392
duancy
10003
yeskysys_modify_password.jsp
file
512
2012-11-11T16:00:00.000000Z
b0906d2da3d9d457fe3316058e977924
2013-07-29T03:39:46.289738Z
512
wuxf
svn:special svn:externals svn:needs-lock
9627
yeskysys_modify_pic.jsp
file
2010-11-17T09:13:30.872000Z
7867dfa0e5d99632724840f11ceecd63
2009-10-09T07:59:11.978598Z
392
duancy
5498
yeskysys_modify_pwd.jsp
file
2012-04-23T01:42:30.749000Z
b09fa70ffb8c8ba3a754e7f92bb8f7ed
2012-04-06T03:58:17.955856Z
495
liuna
svn:special svn:externals svn:needs-lock
10143
yeskysys_modifysuccess.jsp
file
2010-11-17T09:13:31.303000Z
835bd95f2b8e3e45955e540fda113d12
2009-09-24T08:06:58.274623Z
383
duancy
275
yeskysys_modifysuccess_p.jsp
file
2012-04-23T01:42:30.717000Z
a0959ea4469a4c8bf00f321905323249
2012-04-06T03:58:17.955856Z
495
liuna
svn:special svn:externals svn:needs-lock
287
yeskysys_newpwd.jsp
file
2010-11-17T09:13:31.049000Z
82ba920bab7908a4bad61b5ca7ad1558
2009-05-12T06:59:31.036546Z
309
longwp
2845
yeskysys_pass.jsp
file
512
2013-03-14T02:05:00.000000Z
b2e04cd9bea498a65afc0ae453eae0db
2013-07-29T03:39:46.289738Z
512
wuxf
svn:special svn:externals svn:needs-lock
11146
yeskysys_pass_byRenren.jsp
file
2012-04-23T01:42:31.201000Z
b9cb1c892530316c455a550ac358c171
2012-04-06T03:52:46.539949Z
494
liuna
svn:special svn:externals svn:needs-lock
3506
yeskysys_pass_bybaidu.jsp
file
2013-05-28T03:11:42.862000Z
a0a1ed502d8ff72d437f7506edce306b
2013-05-28T04:32:13.158495Z
506
wuxf
7444
yeskysys_pass_byqq.jsp
file
512
2012-11-11T16:00:00.000000Z
220f7ff7e2f33ed333664663a9c0976e
2013-07-29T03:39:46.289738Z
512
wuxf
3186
yeskysys_pass_bysina.jsp
file
512
2012-11-11T16:00:00.000000Z
55c4d4f45c9a0cdde84f55f18583d27f
2013-07-29T03:39:46.289738Z
512
wuxf
3126
yeskysys_pass_check.jsp
file
512
2012-11-11T16:00:00.000000Z
0e95ae3cf26dec0f0b16bf4a7624744b
2013-07-29T03:39:46.289738Z
512
wuxf
4683
yeskysys_pass_p.jsp
file
512
2012-11-11T16:00:00.000000Z
7d8d25a9f246e7752dbc232c3490d9b5
2013-07-29T03:39:46.289738Z
512
wuxf
17369
yeskysys_passerror.jsp
file
2010-11-17T09:13:31.276000Z
706c6a22594cdce697630a8af43f2bdc
2009-04-14T06:51:20.104968Z
251
longwp
2749
yeskysys_register.jsp
file
2010-11-17T09:13:30.902000Z
f06652467059440bf8d342f9dd459812
2010-11-02T07:49:54.760814Z
451
zhouhw
10721
yeskysys_session.jsp
file
2010-11-17T09:13:30.884000Z
8211313e8bf03a28b7401df2e61fc0c1
2009-04-27T07:42:50.207203Z
277
longwp
1049
yeskysys_uploadImg.jsp
file
2010-11-17T09:13:30.845000Z
c7535b3c72050732223e638bb6fab890
2009-05-15T11:09:16.366770Z
336
longwp
9797
yeskysys_uploadPic.jsp
file
2012-11-12T03:04:00.000000Z
c9afe644387b04f2ab3fb6a086f4b589
2012-04-06T03:52:46.539949Z
494
liuna
svn:special svn:externals svn:needs-lock
15436
yeskysys_xx_gj.jsp
file
2010-11-17T09:13:31.258000Z
a97cf57f5c96c5ed88026fe1150af5f5
2009-04-14T06:51:20.104968Z
251
longwp
9833
yeskysys_xx_jb.jsp
file
2010-11-17T09:13:30.792000Z
b279b00971cb0161d7d3c9502bf54fde
2009-04-14T06:51:20.104968Z
251
longwp
9908

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:2

确认时间:2015-05-05 11:34

厂商回复:

非常感谢您对我们公司安全工作的关注,谢谢。

最新状态:

暂无