当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-036669

漏洞标题:联想某分站.svn entries 泄露漏洞

相关厂商:联想

漏洞作者: RuIg

提交时间:2013-09-10 15:18

修复时间:2013-10-25 15:19

公开时间:2013-10-25 15:19

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-09-10: 细节已通知厂商并且等待厂商处理中
2013-09-10: 厂商已经确认,细节仅向厂商公开
2013-09-20: 细节向核心白帽子及相关领域专家公开
2013-09-30: 细节向普通白帽子公开
2013-10-10: 细节向实习白帽子公开
2013-10-25: 细节向公众公开

简要描述:

SVN文件漏洞

详细说明:

http://e-learning.lenovo.com.cn//css/admin/.svn/entries
下面还有:
/css/carousel/.svn/entries
/css/carousel/skins/.svn/entries
/css/carousel/skins/tango/.svn/entries
/images/admin/.svn/entries
/js/admin/courseware/.svn/entries
https://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/courseware/.svn/entries
https://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/user/wrongcsv/.svn/entries

漏洞证明:

9
dir
1532
http://10.19.90.94/svn/lenovo/web/wwwroot/css/admin
http://10.19.90.94/svn/lenovo
2010-07-15T01:24:45.476342Z
152
chenggang
svn:special svn:externals svn:needs-lock
0cb64d75-b3e2-4ed0-a4f1-2c619231b784
print.css
file
2010-08-17T10:02:36.000000Z
95abcb5aea2a2aa269db9d014d950605
2010-07-13T04:00:18.267297Z
22
mengxiaobing
1284
ie.css
file
2010-08-17T10:02:36.000000Z
e3d1c6a359094150bba24d77a656bc98
2010-07-13T04:00:18.267297Z
22
mengxiaobing
1933
iepngfix.htc
file
2010-08-17T10:02:36.000000Z
3a6038a978947adaf997f79dd9024c2a
2010-07-13T04:00:18.267297Z
22
mengxiaobing
1804
screen.css
file
2010-08-17T10:02:36.000000Z
c0f69ffa2b0b8dff76972259551dac48
2010-07-13T04:00:18.267297Z
22
mengxiaobing
10855
style.css
file
2010-08-17T10:02:36.000000Z
06ac999eb13388ee4af6a2418f20502a
2010-07-15T01:24:45.476342Z
152
chenggang
5650
theme.css
file
2010-08-17T10:02:36.000000Z
6fdab97f417db56b0ce59bbd7fe133ba
2010-07-13T07:35:24.290776Z
36
mengxiaobing
2202
ie-sucks.css
file
2010-08-17T10:02:36.000000Z
497542f71371cf4320c9d4ba813cbfd8
2010-07-13T04:00:18.267297Z
22
mengxiaobing
248

修复方案:

这个你们运维应该会搞搞的。。。

版权声明:转载请注明来源 RuIg@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2013-09-10 15:26

厂商回复:

感谢您对联想安全做出的贡献!我们将立即评估与修复相关漏洞

最新状态:

暂无


漏洞评价:

评论