2013-08-05: 细节已通知厂商并且等待厂商处理中 2013-08-06: 厂商已经确认,细节仅向厂商公开 2013-08-16: 细节向核心白帽子及相关领域专家公开 2013-08-26: 细节向普通白帽子公开 2013-09-05: 细节向实习白帽子公开 2013-09-19: 细节向公众公开
存在webdav漏洞,可以查看网站文件与数据,且有写权限,可以上传webshell等操作,从而控制整台服务器。
青岛海尔检测信息平台http://218.58.70.220/http://218.58.70.220/sl.asp;.txt 一句话密码:1passhttp://218.58.70.220/wooyun.txt目录遍历例子:http://218.58.70.220/WJ_MarketNew/http://218.58.70.220/WJ_Market/http://218.58.70.220/WasterDayWork/http://218.58.70.220/SupplyAudit/智能电子外检管理系统http://218.58.70.220/wj_zndz/海尔检测公司信息管理平台http://218.58.70.220/Protype/
驱动器 E 中的卷没有标签。 卷的序列号是 0EA5-B8B3 E:\webroot\Jiance17_191 的目录2013-08-05 14:55 <DIR> .2013-08-05 14:55 <DIR> ..2005-11-18 18:32 41 1.asp2013-08-05 08:14 167,244 11.asp2013-05-15 09:10 <DIR> aspnet_client2013-05-15 09:10 <DIR> BaseInformation2006-11-17 16:02 2,074 chai1117.html2003-05-16 14:12 941 content.asp2013-05-15 09:10 <DIR> ContentPage2003-02-26 17:06 2,674 contentPage_Left.htm2003-04-15 13:10 2,693 contentPage_Main.htm2012-05-14 18:40 1,561 contentPage_top.asp2003-04-15 13:10 3,006 contentPage_Top.htm2003-09-24 11:47 1,662 contentPage_top1.asp2003-04-15 13:10 581 content_bottom.asp2013-05-15 09:10 <DIR> content_images2006-11-17 15:31 5,874 content_left.asp2003-04-15 13:10 918 content_middle.htm2013-05-15 09:10 <DIR> Department2006-10-23 11:00 16,384 detail.xls2006-10-24 16:28 38,400 detail24.xls2013-05-15 09:09 <DIR> dyypms2013-05-15 09:09 <DIR> Employee2004-01-16 12:34 285 err.htm2013-05-15 09:09 <DIR> ForZndz2006-06-21 16:31 30,208 fubiao.xls2004-12-06 14:23 3,640 ggSupply.htm2013-05-15 09:09 <DIR> Gist2013-05-15 09:09 <DIR> gmds2011-04-18 18:57 620,386 gongfangjy.doc.docx2006-06-01 14:10 25,088 gysdj.doc2006-06-10 13:14 26,112 gysdytz.doc2006-08-04 10:38 126,976 haierRoHSfirst.xls2006-08-04 10:38 126,976 haierRoHSfirst1.xls2006-06-21 17:21 83,968 haierRoHSfirst2.xls2013-05-15 09:09 <DIR> Headship2005-08-12 10:48 1,682,944 help.ppt2008-02-25 14:25 3,679,694 hrzzs.pdf2013-07-29 17:38 <DIR> images2013-05-15 09:09 <DIR> images1922013-05-15 09:09 <DIR> imagestop2013-05-15 09:09 <DIR> imagestop12013-05-15 15:09 <DIR> includes2013-02-19 09:38 8,810 index.asp2005-01-03 18:52 48 index.html2003-09-14 12:42 5,840 index1.asp2013-05-15 09:09 <DIR> index2_images2013-05-15 09:09 <DIR> index_images2005-05-21 13:14 1,317 index_维护.asp2007-12-28 11:36 1,488 index公告.asp2006-10-24 15:02 1,247 info.asp2006-08-29 17:05 3,949 info1.asp2013-05-15 09:09 <DIR> inform2013-05-16 06:39 3,053 infox.asp2006-11-14 14:05 1,457 info_pay_tg.htm2006-09-20 15:28 6,350 info_pay_tg1.htm2006-10-24 16:28 1,908 info_pay_tg2.htm2005-05-26 04:42 8,106 iuident.cab2006-06-28 12:14 284,160 jiupian.doc2005-01-03 18:07 2,044 loadingbar.asp2012-05-24 14:15 4,398 login.asp2003-09-14 12:43 1,317 login1.asp2004-11-16 15:44 196 logoff.asp2011-12-21 13:35 22,534 main.asp2003-04-17 09:35 116 main.css2003-05-16 00:00 106,796 main.jpg2005-04-30 14:29 4,141 main0501.asp2005-09-05 13:32 6,422 main050915.asp2006-08-09 16:57 11,658 main1.asp2006-08-18 15:46 11,903 main11.asp2013-05-16 06:39 15,965 main20041224.htm2005-09-29 17:37 7,075 main20051008.asp2007-07-19 09:50 50,819 main_1.asp2005-09-05 11:01 6,026 main_供应商培训.asp2005-08-19 13:53 5,916 main_系统升级.asp2005-05-21 10:17 5,400 main_维护.asp2013-05-15 09:09 <DIR> News2013-05-15 09:09 <DIR> News12007-12-17 09:59 24,576 PayType.doc2006-03-14 14:01 26,112 PayType1.doc2006-08-19 17:04 2,870,533 pic.rar2005-03-01 11:23 1,664 Pinshen.htm2006-08-31 15:50 295,424 print.exe2006-07-27 17:17 81,408 productdeclaration.xls2006-06-30 16:53 51,200 productdeclaration1.xls2006-07-12 20:12 81,920 productdeclaration2.xls2006-07-17 12:06 81,408 productdeclaration3.xls2006-07-18 09:32 75,776 productdeclaration4.xls2013-05-15 09:09 <DIR> Protype2005-01-26 10:41 21,091 PX2.asp2004-12-13 10:50 1,271 QuitAwoke.asp2010-02-02 15:40 2,059,776 REACH.doc2013-05-16 06:44 980 redirectpage.asp2013-05-15 09:09 <DIR> Rohs2006-03-27 10:58 15,872 ROHS.xls2006-07-10 12:03 239,104 ROHS1.xls2009-10-14 09:18 1,011,712 ROHS2.doc2006-06-21 17:20 39,424 RoHSCARREPORT.xls2006-11-14 13:25 40,960 RoHSdeclare.doc2006-08-29 17:24 498,688 ROHS宣告表上传操作步骤说明.doc2006-08-29 19:06 344,983 ROHS宣告表上传操作步骤说明.rar2006-08-04 15:56 232,448 RoHS宣告表管理流程.doc2006-06-29 18:51 39,424 RoHS改善计划书.doc2006-06-21 17:04 28,672 Rohs有害物质清单及限制.doc2006-08-28 13:41 19,968 rosedeclaration.doc2005-01-28 12:57 24,576 s2.doc2005-07-07 15:42 7,807 selectViewFunction.js2006-06-08 17:09 1,297 sendsms.asp2013-08-04 14:38 27 sl.asp;.txt2013-05-15 09:06 <DIR> SocietyFeedBack2010-04-21 09:22 1,023 style.css2004-12-06 12:16 24,576 supply.doc2013-05-15 09:06 <DIR> SupplyAppeal2013-05-15 09:06 <DIR> SupplyAssessManage2004-06-05 13:48 137,665 SupplyAssessManageSupplyAppraise.xls2013-05-15 09:06 <DIR> SupplyAudit2006-11-14 13:25 172,032 Supplydeclare.doc2013-05-15 09:05 <DIR> SupplyPort2007-11-07 15:16 4,528,636 supplySys.pdf2010-12-31 09:13 1,256,448 Supply_9S.doc2013-05-15 09:05 <DIR> TestWork2006-03-27 10:51 25,600 tongzhi.doc2008-02-25 14:27 1,870 tongzhi.html2007-12-24 11:33 57,856 tongzhi1.doc2007-12-27 11:10 54,784 tongzhi2.doc2003-06-23 10:42 34,411,520 UM-Guide.doc2013-05-15 09:05 <DIR> uploadfiles2003-11-18 10:34 24,576 urlsend.dll2006-06-13 13:23 24,576 urlsend1.dll2013-05-15 09:05 <DIR> UserMgr2013-05-15 09:05 <DIR> WasterDayWork2013-05-15 09:04 <DIR> WJ_Market2013-05-15 09:04 <DIR> WJ_MarketNew2013-05-15 09:04 <DIR> WJ_ZNDZ2013-08-05 14:55 8 wooyun.txt2006-08-14 09:51 0 WUTRACK.BIN2006-08-18 15:46 15,872 xinpindeclare.xls2013-05-15 09:04 <DIR> XLS2003-07-18 10:45 111 XLSCareerFeedBack.xls2003-07-17 16:55 173 XLSCareerWaster.xls2004-05-11 13:03 18,739 XLSFeedBack.xls2004-06-07 11:11 910,553 XLSJiuPian.xls2003-10-30 08:58 724 XLSSQM.xls2004-06-11 20:24 298,326 XLSSupply.xls2004-04-15 16:12 10,968 XLSUnusualInfo.xls2004-06-17 09:01 24,066 XLSWaster.xls2007-03-14 14:33 880,640 xunjian.doc2006-06-01 14:26 25,088 xxttz.doc2006-04-17 12:54 24,064 zhakou.doc2013-05-15 09:04 <DIR> _vti_pvt2005-09-19 09:26 18,944 供应商评价办法0902.xls2006-07-10 14:58 19,456 好消息.doc2006-08-28 13:27 19,456 好消息2.doc2006-08-28 13:37 19,968 审核通告2.doc2006-09-01 09:34 240,128 宣告表打印操作说明.doc2006-11-17 15:59 1,038,336 家用空调入立体库明细及与检验员对应表.xls2011-12-20 16:43 924,501 市场反馈9S模块操作手册-供应商.pdf2006-08-31 18:56 256,858 打印必备安装程序.rar2006-06-08 17:17 0 新建 文本文档 (2).txt2006-03-03 15:23 257 新建 文本文档.txt2006-06-10 13:14 26,112 检测公司打假通告.doc2006-11-17 15:59 347,648 洗衣机立体库采购组及检验员分配(新).xls2006-08-28 13:32 19,968 海尔供应商RoHS审核通告2.doc2006-08-28 13:35 19,968 海尔供应商审核通告2.doc2006-11-17 15:59 269,312 海梅入立体库统计(按采购组)及检验员分配.xls2006-02-09 15:13 16,384 用户密码更改申请单.xls 127 个文件 61,626,680 字节 39 个目录 111,696,314,368 可用字节
可以禁用WebDAV修改平台登录密码
危害等级:高
漏洞Rank:15
确认时间:2013-08-06 08:54
感谢 @YY-2012 的工作,已根据白帽子披露整改如下:对服务器虚拟目录权限、IIS webdav组件进行分析和程序排查,2013-08-06凌晨对服务器IIS webdav组件和服务器虚拟目录权限进行修改服务器配置参数,浏览服务器虚拟目录权限取消,IIS webdav组件已禁用。请白帽子们继续友好监督海尔信息安全工作,非常感谢。
2013-08-14:业务单位的最新答复为:经过这段时间的整顿,已经完成了方案中的整改并对防sql注入进行了完善,接下来我们将进一步跟踪平台的系统安全性。也请各位白帽子持续友好监督海尔信息安全工作,非常感谢。
MARK
海尔信息安全。态度很好!不错