乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-21: 细节已通知厂商并且等待厂商处理中 2015-01-22: 厂商已经确认,细节仅向厂商公开 2015-02-01: 细节向核心白帽子及相关领域专家公开 2015-02-11: 细节向普通白帽子公开 2015-02-21: 细节向实习白帽子公开 2015-03-07: 细节向公众公开
阿里巴巴少量内部敏感信息泄漏
github:
https://github.com/nathanyhm/langlearning/blob/83dc5290c242a37ec609234b7caecd028a448ec7/pythonlearning/ipmonitor_aio.py
仅泄漏了个163邮箱的密码,试了下SSO,这密码登录不上的。
sender.login("[email protected]", "wy%1314")[email protected]
然而对方把少量内部资料转发到这163邮箱了。。。邮箱内搜索“alibaba-inc.com”,可找到部分有用信息
资源地址:2方库:http://svn.alibaba-inc.com/repos/binary/branches/crm/test/repository.project3方库:http://svn.alibaba-inc.com/repos/binary/branches/crm/test/repositorymartini:http://svn.alibaba-inc.com/repos/crm/martini工具:SecureCRT: \\10.20.130.6\pub\soft\SecureCRT5.0数据库:开发库:10.20.36.17:1522bpm/caapollo/ca测试库:10.20.36.37:1521bpm/bpmapollo/kissqacrm文件服务器:nathan.yuhm/rNQzpwXH测试环境的memcached 10.20.129.147:12002联调环境: 服务器:10.20.130.29 pass/hello12345 端口:http:8087, https:8743 , esb:6007,debug:8387 martini.apache.servername:crm-bpm.alibaba-dev.com4.sso帐号:https://crm-bpm.alibaba-inc.com/xiangming.zhangxmjpfxbhxmvip监控联系人:分机35555两台memcache:crm_memcache1: 172.16.131.111crm_memcache2: 172.16.131.112
BPM发布验证流程:1.查看进程:2个httpd,1个java2.查看日志:martini_all.log3.流程查询验证清空操作码:cache_memcachedexport LANG=en_US.UTF-8令牌静态密码:fY4fT8f数据库环境操作:NLS_LANG=AMERICAN_AMERICA.zhs16gbksqlplus /nologconn rnd/mCQe88il@crmg1.查看错误日志: SELECT * FROM bpm.bpm_transdata_log l WHERE l.create_time>SYSDATE-20;2.查看历史数据 select COUNT(*) from bpm.bpm_process_monitor pm where pm.end_time<=sysdate-30 and pm.end_time is not null and pm.system_src in('approve.av_self','approve.order_self')col xx for a30应用服务器操作:1.查看日志:tail -f /home/admin/output/logs/user/martini_all.log2.结束tail Ctrl+C3.查看进程:ps -u adminmemcache服务器操作:开/关memcache:/home/admin/memcached/memcached.sh start/stop 远程拷贝命令: scp antx.properties [email protected]:~export LANG=en_US.UTF-8LANG="zh_CN.UTF-8"夏永涛 memcached 10.20.136.1:12000数据库查询机帐号:aliapp======================================================================echo $NLS_LANG 关闭此主机(crmweb1)在nagios中的报警:wget -O /dev/null "http://b2b.monitor.alibaba-inc.com/interface.php?bid=CN_NAGIOS&user=elephant.chenl&type=DISABLE_HOST_AND_CHILD_NOTIFICATIONS&host=CN_DSL_legal_web2"打开此主机(crmweb1)在nagios中的报警:wget -O /dev/null "http://b2b.monitor.alibaba-inc.com/interface.php?bid=CN_NAGIOS&user=elephant.chenl&type=ENABLE_HOST_AND_CHILD_NOTIFICATIONS&host=CN_DSL_legal_web2"关闭此主机(crmweb1)在nagios中的报警:wget -O /dev/null "http://b2b.monitor.alibaba-inc.com/interface.php?bid=CN_NAGIOS&user=elephant.chenl&type=DISABLE_HOST_AND_CHILD_NOTIFICATIONS&host=CN_DSL_legal_web2"打开此主机(crmweb1)在nagios中的报警:wget -O /dev/null "http://b2b.monitor.alibaba-inc.com/interface.php?bid=CN_NAGIOS&user=elephant.chenl&type=ENABLE_HOST_AND_CHILD_NOTIFICATIONS&host=CN_DSL_legal_web2"生产环境登录机器地址:172.16.20.162用户名:nathan.yuhm密码:静态密码+动态密码登录后: 1: cn_oidh2 (172.16.13.164) 2: crm_bpm1 (172.16.131.101) 3: crm_bpm2 (172.16.131.102) 4: crm_bpm3 (172.16.131.103) Select server: 选择数字跳到相应的服务器其中1为数据库服务器;2,3,4为三个应用服务器在不同的服务器上切换命令:ssh server_name检查jboss是否有等待关闭的连接:netstat -an |grep CLOSEnetstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
删代码,改密删除邮件。
危害等级:低
漏洞Rank:3
确认时间:2015-01-22 16:56
相关信息时间比较早,经验证内网相关系统已没有在线,感谢您对阿里巴巴安全的关注!
暂无