乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-24: 细节已通知厂商并且等待厂商处理中 2015-02-28: 厂商已经确认,细节仅向厂商公开 2015-03-10: 细节向核心白帽子及相关领域专家公开 2015-03-20: 细节向普通白帽子公开 2015-03-30: 细节向实习白帽子公开 2015-04-13: 细节向公众公开
学而思某服务器未授权访问
学而思两台服务器rsync未授权访问,可查看部分子系统源代码、数据库备份文件、访问日志等内容,由于可读不可写,且源码中数据库配置为内网环境,无法远程访问,故rank设为低115.182.69.66未授权访问:
rsync 115.182.69.66::webroot 4096 2014/11/18 10:33:17 .-rw-r--r-- 308779209 2014/07/10 13:00:47 homeworkInterface-20140710.tar.gz-rw-r--r-- 308779316 2014/08/05 15:01:16 homeworkInterface-20140805.tar.gz-rw-r--r-- 30488675 2014/11/11 15:44:57 m_100tal_20141111.tar.gz-rw-r--r-- 31469992 2014/11/14 17:49:28 m_100tal_20141114.tar.gz-rw-r--r-- 31776041 2014/11/18 10:33:19 m_100tal_20141118.tar.gz-rw-r--r-- 956546 2014/01/06 16:45:20 xueersi_toupiao_20140106.tar.gzdrwxr-xr-x 4096 2014/05/07 09:50:07 cms_v41drwxr-xr-x 4096 2014/01/07 16:10:25 defaultdrwxr-xr-x 4096 2012/06/05 16:57:36 eduu_awstatsdrwxr-xr-x 4096 2012/02/02 16:39:43 exam1.0drwxr-xr-x 4096 2012/07/11 13:39:53 ftpdrwxr-xr-x 4096 2014/08/05 15:03:57 homeworkInterfacedrwxr-xr-x 4096 2014/10/24 10:24:53 htmldrwxr-xr-x 4096 2012/02/02 16:40:22 kaoshidrwx------ 16384 2014/06/30 15:34:23 lost+founddrwxr-xr-x 4096 2015/02/23 10:24:30 m_100taldrwxr-xr-x 4096 2014/01/10 11:07:57 sumlogdrwxr-xr-x 4096 2012/07/17 16:14:41 xueersi_toupiaorsync 115.182.69.66::webroot/html/ 4096 2014/10/24 10:24:53 .drwxr-xr-x 4096 2013/01/31 17:25:16 jiajiaodrwxr-xr-x 4096 2013/04/08 15:27:00 newxueersidrwxr-xr-x 4096 2015/01/09 18:25:34 speiyoudrwxr-xr-x 4096 2014/03/07 17:46:48 speiyou_cddrwxr-xr-x 4096 2015/01/30 16:07:30 speiyou_csdrwxr-xr-x 4096 2014/03/07 17:46:56 speiyou_hzdrwxr-xr-x 4096 2014/12/12 17:49:40 speiyou_jndrwxr-xr-x 4096 2014/11/07 17:52:56 speiyou_qddrwxr-xr-x 4096 2014/07/01 10:43:12 speiyou_scddrwxr-xr-x 4096 2015/01/29 10:40:29 speiyou_scqdrwxr-xr-x 4096 2015/02/12 16:23:29 speiyou_sgzdrwxr-xr-x 4096 2015/01/22 15:47:17 speiyou_shzdrwxr-xr-x 4096 2014/10/27 19:36:07 speiyou_sjzdrwxr-xr-x 4096 2015/01/08 11:52:08 speiyou_snjdrwxr-xr-x 4096 2015/01/19 15:08:01 speiyou_sshdrwxr-xr-x 4096 2014/02/13 15:04:28 speiyou_ssudrwxr-xr-x 4096 2014/07/29 14:39:46 speiyou_sszdrwxr-xr-x 4096 2014/11/06 13:57:10 speiyou_stjdrwxr-xr-x 4096 2014/11/25 15:35:46 speiyou_sudrwxr-xr-x 4096 2014/04/22 18:23:11 speiyou_swhdrwxr-xr-x 4096 2014/04/09 13:50:57 speiyou_sxadrwxr-xr-x 4096 2015/01/27 17:29:50 speiyou_sydrwxr-xr-x 4096 2014/02/17 14:28:08 speiyou_szzdrwxr-xr-x 4096 2015/02/09 11:53:01 speiyou_tydrwxr-xr-x 4096 2015/02/02 11:24:01 speiyou_zzdrwxr-xr-x 4096 2013/12/12 14:24:35 styledrwxr-xr-x 4096 2014/02/25 17:14:06 xueersi
其中m_100tal对应m.100tal.com源文件speiyou对应sbj.speiyou.com源文件speiyou_*对应各个省份源文件115.182.69.16未授权访问:
rsync 115.182.69.16::rsync 115.182.69.16::lec_queue_010等rsync 115.182.69.16::ftpdrwxr-xr-x 4096 2014/07/22 11:30:31 .-rw-r--r-- 0 2012/10/26 11:23:35 check_diskIO-rw-r--r-- 28572170 2013/06/19 21:11:59 ftpServer-20130619.tar.gz-rw-r--r-- 18569197 2012/11/13 16:44:57 ftpServer-hanxiao.tar.gz-rw-r--r-- 13960160 2012/07/25 19:01:09 ftpServer.tar.gz-rw-r--r-- 5853474 2012/07/25 19:00:33 ftpServer_20120725_1900.tar.gz-rw-r--r-- 1633508021 2014/07/22 11:35:38 ftp_ics3-20140722.tar.gz-rw-r--r-- 16052864 2012/06/27 16:19:40 mysqldata.tar.gzdrwxrwxrwx 4096 2014/12/08 15:26:36 BiVideodrwxr-xr-x 4 2013/07/25 15:39:38 MobbyMsidrwxr-xr-x 4096 2013/05/10 15:56:27 OaVideodrwxr-xr-x 5 2012/11/19 15:57:30 OnlineServicesdrwxr-xr-x 4096 2014/05/09 17:17:12 PCcheckdrwxr-xr-x 4096 2013/03/08 16:43:15 bk_2013drwxr-xr-x 4096 2013/03/08 16:47:15 bk_testdrwxr-xr-x 26 2014/09/01 18:17:39 ftp010drwxr-xr-x 4096 2010/12/20 18:07:28 ftp010_bk_bkdrwxr-xr-x 17 2013/05/17 18:28:15 ftp020drwxr-xr-x 4096 2012/07/23 16:15:20 ftp021-bakdrwxr-xr-x 19 2013/12/03 17:20:34 ftp021drwxr-xr-x 18 2013/12/02 10:12:12 ftp022drwxr-xr-x 4096 2012/07/23 16:15:20 ftp023-bakdrwxr-xr-x 9 2013/05/17 18:29:07 ftp023drwxr-xr-x 4096 2012/07/23 16:15:20 ftp024-bakdrwxr-xr-x 11 2013/12/03 17:21:31 ftp024drwxr-xr-x 4096 2012/07/23 16:15:20 ftp025-bakdrwxr-xr-x 18 2013/12/02 10:25:56 ftp025drwxr-xr-x 4096 2012/07/23 16:15:20 ftp027-bakdrwxr-xr-x 18 2014/04/22 19:04:24 ftp027drwxr-xr-x 4096 2012/07/23 16:15:20 ftp028-bakdrwxr-xr-x 18 2013/12/03 17:22:43 ftp028drwxr-xr-x 4096 2012/07/23 16:15:20 ftp029-bakdrwxr-xr-x 19 2013/12/31 16:28:06 ftp029drwxr-xr-x 10 2014/06/25 18:05:57 ftp0311drwxr-xr-x 4096 2012/07/23 16:15:20 ftp0351-bakdrwxr-xr-x 11 2014/03/11 19:37:13 ftp0351drwxr-xr-x 4096 2012/07/23 16:15:20 ftp0371-bakdrwxr-xr-x 9 2013/05/17 18:29:24 ftp0371drwxr-xr-x 4096 2012/07/23 16:15:20 ftp0512-bakdrwxr-xr-x 11 2014/01/21 17:38:57 ftp0512drwxr-xr-x 10 2014/06/25 18:06:27 ftp0531drwxr-xr-x 10 2014/06/25 18:06:39 ftp0532drwxr-xr-x 4096 2012/07/23 16:15:20 ftp0571-bakdrwxr-xr-x 15 2012/07/23 16:15:20 ftp0571drwxr-xr-x 10 2014/06/25 18:06:18 ftp0731drwxr-xr-x 17 2013/05/17 18:29:33 ftp0755drwxr-xr-x 4096 2013/12/19 15:24:02 ftpServerdrwxr-xr-x 4096 2014/02/14 14:55:56 ftpWuHanICSdrwxr-xr-x 4 2015/01/30 11:43:33 ftp_englishHomeworkdrwxr-xr-x 4096 2014/04/14 13:39:26 ftp_ics3-bakdrwxr-xr-x 23 2014/07/22 12:00:44 ftp_ics3drwxr-xr-x 4096 2011/10/19 13:55:44 ftpmobby010-bakdrwxr-xr-x 17 2013/05/17 18:30:23 ftpmobby010drwxr-xr-x 4096 2013/05/17 18:19:37 ftpzkjiaoyan_bkdrwxr-xr-x 4096 2011/04/20 09:05:04 logsdrwx------ 16384 2010/05/28 08:24:07 lost+founddrwxr-xr-x 4096 2014/02/18 15:52:21 nginx
包含多个ftp路径及备份文件,其中logs及nginx目录含访问日志
如上
添加访问权限
危害等级:高
漏洞Rank:20
确认时间:2015-02-28 09:45
非常感谢
暂无