当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-094032

漏洞标题:新浪某服务配置不当导致任意文件包含GetShell(大量内部数据库泄露)

相关厂商:新浪

漏洞作者: boooooom

提交时间:2015-01-26 16:31

修复时间:2015-03-12 16:32

公开时间:2015-03-12 16:32

漏洞类型:命令执行

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-01-26: 细节已通知厂商并且等待厂商处理中
2015-01-26: 厂商已经确认,细节仅向厂商公开
2015-02-05: 细节向核心白帽子及相关领域专家公开
2015-02-15: 细节向普通白帽子公开
2015-02-25: 细节向实习白帽子公开
2015-03-12: 细节向公众公开

简要描述:

RT

详细说明:

mask 区域
1.://**.**.**


fastcgi对外,可包含任意文件

info.jpg

漏洞证明:

大量数据库配置泄露,部分库涉及几百万用户相关数据

mask 区域
*****home/finance/runtime/p*****
*****liver.ini*****
*****nce_*****
***** "re*****
1.://**.**.**//dist.finance.intra.sina.com.cn:8000/delivery/distrsync_html.php"_
2.://**.**.**//dist.finance.intra.sina.com.cn:8000/delivery/distrsync_request.php"_
*****e.intra.sina.com.c*****
*****t = &quo*****
*****t;/usr/bin*****
*****ync_data_center/fin*****
*****c_data_center/fina*****
*****e_htm*****
***** "re*****
3.://**.**.**//dist.finance.intra.sina.com.cn:8000/delivery/distrsync_html_new.php"_
4.://**.**.**//dist.finance.intra.sina.com.cn:8000/delivery/distrsync_request.php"_
*****e.intra.sina.com.c*****
*****t = &quo*****
*****t;/usr/bin*****
*****ync_data_center/fin*****
*****c_data_center/fina*****
**********
**********
*****onfig.ini*****
*****asco*****
5.://**.**.**//root:[email protected]:3306/chinascope"_
*****asco*****
6.://**.**.**//root:[email protected]:3306/chinascope"_
*****db_*****
7.://**.**.**//moneyfinance3:[email protected]:3329/fcdb"_
*****db]*****
8.://**.**.**//moneyfinance3_r:[email protected]:3329/fcdb"_
*****ney*****
9.://**.**.**//moneyfinance:[email protected]:3325/moneyfinance"_
*****y_db*****
10.://**.**.**//moneyfinance:[email protected]:3325/moneyfinance"_
*****_win*****
11.://**.**.**//moneyfinance2_r:[email protected]:3328/wind_dbo"_
*****es_d*****
12.://**.**.**//quotes_db_r:[email protected]:3326/quotes_db"_
*****es_d*****
13.://**.**.**//quotes_db:[email protected]:3326/quotes_db"_
*****b_stan*****
14.://**.**.**//quotes_db:[email protected]:3333/quotes_db"_
*****res_*****
15.://**.**.**//futures:[email protected]:3309/futures_db"_
*****e_leg*****
16.://**.**.**//finance:[email protected]/finance"_
*****_db_ad*****
17.://**.**.**//root:[email protected]:3309/mysql"_
*****tart*****
18.://**.**.**//libstart_db:[email protected]:3309/libstart_db"_
*****ade*****
19.://**.**.**//tradedb_r:[email protected]:3308/tradedb"_
*****e_db*****
20.://**.**.**//tradedb:[email protected]:3308/tradedb"_
*****p_md*****
21.://**.**.**//webuser_r:[email protected]:3324/hkexp_mdf"_
*****d_ma*****
22.://**.**.**//world_market:[email protected]:3332/world_market"_
*****marke*****
23.://**.**.**//world_market_r:[email protected]:3332/world_market"_
*****rt_*****
24.://**.**.**//wmrt_db:[email protected]:3331/wmrt_db"_
*****_db_*****
25.://**.**.**//wmrt_db_r:[email protected]:3331/wmrt_db"_
*****et_d*****
26.://**.**.**//market_r:[email protected]:3730/market"_
*****et_d*****
27.://**.**.**//market:[email protected]:3730/market"_
*****_biz*****
28.://**.**.**//biz_r:[email protected]:3309/biz"_
*****x_0_*****
29.://**.**.**//webzx_0_r:[email protected]:3770/webzx_0"_
*****x_1_*****
30.://**.**.**//webzx_1_r:[email protected]:3770/webzx_1"_
*****x_2_*****
31.://**.**.**//webzx_2_r:[email protected]:3770/webzx_2"_
*****x_3_*****
32.://**.**.**//webzx_3_r:[email protected]:3771/webzx_3"_
*****x_4_*****
33.://**.**.**//webzx_4_r:[email protected]:3771/webzx_4"_
*****x_5_*****
34.://**.**.**//webzx_5_r:[email protected]:3771/webzx_5"_
*****x_0_*****
35.://**.**.**//wapzx_0_r:[email protected]:3770/wapzx_0"_
*****x_1_*****
36.://**.**.**//wapzx_1_r:[email protected]:3770/wapzx_1"_
*****x_2_*****
37.://**.**.**//wapzx_2_r:[email protected]:3770/wapzx_2"_
*****x_3_*****
38.://**.**.**//wapzx_3_r:[email protected]:3771/wapzx_3"_
*****x_4_*****
39.://**.**.**//wapzx_4_r:[email protected]:3771/wapzx_4"_
*****x_5_*****
40.://**.**.**//wapzx_5_r:[email protected]:3771/wapzx_5"_
*****niu*****
41.://**.**.**//genius:[email protected]:3329/genius"_
*****niu*****
42.://**.**.**//genius_r:[email protected]:3329/genius"_
*****e_use*****
43.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_0"_
*****e_use*****
44.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_1"_
*****e_use*****
45.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_2"_
*****e_use*****
46.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_3"_
*****e_use*****
47.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_4"_
*****e_use*****
48.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_5"_
*****e_use*****
49.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_6"_
*****e_use*****
50.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_7"_
*****e_use*****
51.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_8"_
*****e_use*****
52.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_9"_
*****e_use*****
53.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_10"_
*****e_use*****
54.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_11"_
*****e_use*****
55.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_12"_
*****e_use*****
56.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_13"_
*****e_use*****
57.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_14"_
*****e_use*****
***** *****
***** *****
58.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_15"_
*****e_use*****
59.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_16"_
*****e_use*****
60.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_17"_
*****e_use*****
61.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_18"_
*****e_use*****
62.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_19"_
*****e_use*****
63.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_20"_
*****e_use*****
64.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_21"_
*****e_use*****
65.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_22"_
*****e_use*****
66.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_23"_
*****e_use*****
67.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_24"_
*****e_use*****
68.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_25"_
*****e_use*****
69.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_26"_
*****e_use*****
70.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_27"_
*****e_use*****
71.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_28"_
*****e_use*****
72.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_29"_
*****e_use*****
73.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_30"_
*****e_use*****
74.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_31"_
*****e_use*****
75.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_32"_
*****e_use*****
76.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_33"_
*****e_use*****
77.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_34"_
*****e_use*****
78.://**.**.**//moneyFINANCE:[email protected]:3325/finance_user_35"_
*****_conte*****
79.://**.**.**//moneyFINANCE:[email protected]:3773/"_
*****_conte*****
80.://**.**.**//moneyFINANCE:[email protected]:3774/"_
*****_db_*****
81.://**.**.**//news_db:[email protected]:3329/news_db"_
*****ws_*****
82.://**.**.**//news_db_r:[email protected]:3329/news_db"_
*****naly*****
83.://**.**.**//finanalysis:[email protected]:3330/finanalysis"_
*****lysis*****
84.://**.**.**//finanalysis_r:[email protected]:3330/finanalysis"_
*****_my*****
85.://**.**.**//root:[email protected]:3306/test"_
*****_in*****
86.://**.**.**//fn_inf_r:[email protected]:3730/financeinformation"_
*****_in*****
87.://**.**.**//fn_inf_w:[email protected]:3730/financeinformation"_
*****inal*****
88.://**.**.**//terminal_r:[email protected]:3442/terminal"_
*****rmi*****
89.://**.**.**//terminal:[email protected]:3442/terminal"_
*****ll_*****
90.://**.**.**//bill_r:[email protected]:3442/bill"_
*****ll]*****
91.://**.**.**//bill:[email protected]:3442/bill"_
**********
**********
*****s.ini____*****
*****_fil*****
92.://**.**.**//money.finance.sina.com.cn/fund/api/srv.php/"_
*****uot;php_se*****
*****rpi*****
93.://**.**.**//money.finance.sina.com.cn/api/srv.php/"_
*****uot;php_se*****
*****ndi*****
94.://**.**.**//money.finance.sina.com.cn/fund/api/srv.php/"_
*****uot;php_se*****
*****uote*****
95.://**.**.**//money.finance.sina.com.cn/quotes_service/api/srv.php/"_
*****uot;php_se*****
*****quot*****
96.://**.**.**//money.finance.sina.com.cn/q/api/srv.php/"_
*****uot;php_se*****


0.jpg


1.jpg


2.jpg

修复方案:

配置正确

版权声明:转载请注明来源 boooooom@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:6

确认时间:2015-01-26 19:06

厂商回复:

此漏洞已经在报告之前内部发现并已修复,故将漏洞判为中。感谢关注新浪安全。

最新状态:

暂无