漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2012-012011
漏洞标题:后台无验证,可直接修改网站内容
相关厂商:第七大道科技有限公司
漏洞作者: oneof
提交时间:2012-09-11 11:18
修复时间:2012-10-26 11:19
公开时间:2012-10-26 11:19
漏洞类型:未授权访问/权限绕过
危害等级:中
自评Rank:7
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2012-09-11: 积极联系厂商并且等待厂商认领中,细节不对外公开
2012-10-26: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
nmap 发现开了不少http的端口,一个一个试了一下,发现一个后台页面,完全没有管理员身份验证。
小试了一下,可以直接修改网站内容……
没啥技术难度,纯粹管理上的失误。
运维人员啊,千万不要图省事啊。
详细说明:
Starting Nmap 6.01 ( http://nmap.org ) at 2012-09-10 20:45 中国标准时间
Nmap scan report for www.7road.com (113.107.111.147)
Host is up (0.20s latency).
Not shown: 995 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS httpd 6.0
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: \xB5\xDA\xC6\xDF\xB4\xF3\xB5\xC0\xBF\xC6\xBC\xBC\xD3\xD0\xCF\xDE\x
B9\xAB\xCB\xBE
8008/tcp open http Microsoft IIS httpd 6.0
|_http-title: Error
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
8009/tcp open http Microsoft IIS httpd 6.0
|_http-title: Error
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
8086/tcp open http Microsoft IIS httpd 6.0
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
|_http-title: \xE4\xB8\xBB\xE9\xA1\xB5
8089/tcp open http Microsoft IIS httpd 6.0
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: LogOn
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at http://nmap.
org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 266.37 seconds
其中8086是一个后台地址,没有作任何验证。
漏洞证明:
修复方案:
修复?
1、禁掉后台;
2、后台加身份验证;
3、后台放在内网不要公开出来;
等等等等
版权声明:转载请注明来源 oneof@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝