当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-042889

漏洞标题:金蝶主站部分源码泄露

相关厂商:金蝶

漏洞作者: 想要减肥的胖纸

提交时间:2013-11-14 16:30

修复时间:2013-12-29 16:31

公开时间:2013-12-29 16:31

漏洞类型:重要敏感信息泄露

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-11-14: 细节已通知厂商并且等待厂商处理中
2013-11-14: 厂商已经确认,细节仅向厂商公开
2013-11-24: 细节向核心白帽子及相关领域专家公开
2013-12-04: 细节向普通白帽子公开
2013-12-14: 细节向实习白帽子公开
2013-12-29: 细节向公众公开

简要描述:

配置不当,造成源码泄露。回顾了贵公司对白帽子提交漏洞的反馈,很多时候给了1rank或者忽略。呵呵

详细说明:

服务器配置不当,造成目录便利和代码泄露。

漏洞证明:

Index of /webapp/sme
Parent Directory
activMailTemplate.jsp
activMailTemplate.jsp.bak
activMailTemplate1.jsp.bak
activMailTemplate11.jsp
b1.jsp
b2.jsp
b3.jsp
b4.jsp
b5.jsp
bottom.jsp
chuangye.jsp
css/
cuxiao.jsp
e_learning.jsp
e_learning.jsp.bak
images/
img/
index.jsp
index_090614.jsp
index_090617.jsp
js/
jxc.jsp
kehu.jsp
map.txt
map/
news.jsp
register.jsp
renshi.jsp
right.jsp
slider/
taocan.jsp
template/
tijian.jsp
top.jsp
var.jsp
ys_assist.html
ys_assist.swf
ys_cunchu.jsp
ys_kuaiji.jsp
ys_shangpu.jsp
复件 activMailTemplate.jsp


<%@ page contentType="text/html;charset=GBK"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=GBK">
<title>中小企业转型与升级——金蝶援助计划</title>
<jsp:include page="/common/meta.htm"/> 
<meta http-equiv="Content-Type" content="text/html; charset=GBK"> 
<meta name="Cache-Control" content="no-cache, must-revalidate"> 
<meta name="Expires" content="Mon, 26 Jul 1970 00:00:00 GMT"> 
<meta name="Pragma" content="no-cache"> 
<script src=" http://www.google-analytics.com/urchin.js " type="text/javascript"></script> 
<script src=" http://www.kingdee.com/script/urchinTracker.js " type="text/javascript"></script>
<link href="css/index.css" rel="stylesheet" type="text/css" />
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_preloadImages() { //v3.0
  var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
    var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
    if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}
//-->
</script>
</head>
<body bgcolor="#FFFFFF" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<table width="930" height="81" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr> 
    <td colspan="3"> <jsp:include page="top.jsp"></jsp:include> </td>
  </tr>
</table>
<table width="930" height="150" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr> 
    <td bgcolor="#FFFFFF"><a href="http://www.kingdee.com/news/subject/09yzjh/index_news.jsp"><img src="images/chuangye.jpg" width="930" height="150" border="0"></a></td>
  </tr>
</table>
<table width="930" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr> 
    <td colspan="3"></td>
  </tr>
</table>
<table width="930" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr> 
    <td colspan="3" valign="top"><table width="100%" height="1" border="0" align="center" cellpadding="0" cellspacing="0">
        <tr> 
          <td colspan="3" background="images/d01.gif"></td>
        </tr>
      </table></td>
  </tr>
</table>
<table width="930" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr> 
    <td width="700" valign="top"> <table width="696" height="120" border="0" cellpadding="0" cellspacing="0">
        <tr> 
          <td colspan="3"><img src="images/bt23.gif" width="696" height="120"></td>
        </tr>
      </table>
      <table width="700" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
        <tr> 
          <td colspan="3"><table width="693" height="300" border="0" cellpadding="0" cellspacing="0">
              <tr> 
                <td width="1" bgcolor="#d9d9d9"></td>
                <td width="691" valign="top"><table width="600" height="25" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td class="bigtext">大学生创业就业计划——中小企业转型与升级 金蝶援助计划</td>
                    </tr>
                  </table>
                  <table width="100" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td colspan="3"></td>
                    </tr>
                  </table>
                  <table width="600" height="25" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td colspan="3"><p>有梦想的创业者们,来吧!加入到我们的队伍中来,金蝶为你点燃激情,成就创业梦想。金蝶为帮助中小企业度过经济危机的寒冬,特别推出了“中小企业转型与升级金蝶援助计划”的活动。<br>
                          今天,金蝶邀请有梦想的你,共同来帮助中小企业度难关!</p></td>
                    </tr>
                  </table>
                  <table width="100" height="15" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td colspan="3"></td>
                    </tr>
                  </table>
                  <table width="600" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td colspan="3"><table width="100%" height="1" border="0" align="center" cellpadding="0" cellspacing="0">
                          <tr> 
                            <td colspan="3" background="images/d01.gif"></td>
                          </tr>
                        </table></td>
                    </tr>
                  </table>
                  <table width="100" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td colspan="3"></td>
                    </tr>
                  </table>
                  <table width="600" height="20" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td width="20"><img src="images/0001.gif" width="13" height="13"></td>
                      <td>登陆金蝶网站注册成为“金蝶援助大使”。</td>
                    </tr>
                  </table>
                  <table width="100" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td colspan="3"></td>
                    </tr>
                  </table>
                  <table width="600" height="20" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td width="20"><img src="images/0002.gif" width="13" height="13"></td>
                      <td>金蝶集团将对“援助大使”进行集中培训,提升援助能力。</td>
                    </tr>
                  </table>
                  <table width="100" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td colspan="3"></td>
                    </tr>
                  </table>
                  <table width="600" height="20" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td width="20" valign="top"><img src="images/0003.gif" width="13" height="13"></td>
                      <td>暑假回家乡期间,以“金蝶援助大使”的身份,向家乡所在城市的中小企业推广 “中小企业转型与升级 金蝶援助计划”。</td>
                    </tr>
                  </table>
                  <table width="100" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td colspan="3"></td>
                    </tr>
                  </table>
                  <table width="600" height="20" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td width="20"><img src="images/0004.gif" width="13" height="13"></td>
                      <td>凡有企业经“援助大使”推广注册,援助大使即有机会获取创业“第一桶金”。</td>
                    </tr>
                  </table>
                  <table width="100" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td colspan="3"></td>
                    </tr>
                  </table>
                  <table width="600" height="20" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td width="20"><img src="images/0005.gif" width="13" height="13"></td>
                      <td>金蝶将对表现优秀的“援助大使”进行评估,择优录取。</td>
                    </tr>
                  </table>
                  <table width="100" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td colspan="3"></td>
                    </tr>
                  </table>
                  <table width="600" height="20" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td width="20"><img src="images/0006.gif" width="13" height="13"></td>
                      <td>通过活动提升个人就业能力,了解认识更多的中小企业,增加社会接触面,获取就业机会与就业范围。</td>
                    </tr>
                  </table>
                  <table width="100" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td colspan="3"></td>
                    </tr>
                  </table>
                  <table width="100" height="15" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td colspan="3"></td>
                    </tr>
                  </table>
                  <table width="600" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td colspan="3"><table width="100%" height="1" border="0" align="center" cellpadding="0" cellspacing="0">
                          <tr> 
                            <td colspan="3" background="images/d01.gif"></td>
                          </tr>
                        </table></td>
                    </tr>
                  </table>
                  <table width="100" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr>
                      <td colspan="3"></td>
                    </tr>
                  </table>
                  <table width="600" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr>
                      <td align="center"><a href="http://www.kingdee.com/diagnose/asistantReg.jsp" target="_blank"><img src="images/but_zc.gif" width="81" height="25" border="0"></a></td>
                    </tr>
                  </table>
                  <table width="100" height="20" border="0" align="center" cellpadding="0" cellspacing="0">
                    <tr> 
                      <td colspan="3"></td>
                    </tr>
                  </table></td>
                <td width="1" bgcolor="#d9d9d9"></td>
              </tr>
            </table></td>
        </tr>
      </table>
      <table width="700" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
        <tr> 
          <td colspan="3"><img src="images/j2.jpg" width="696" height="10"></td>
        </tr>
      </table>
      <table width="100" height="10" border="0" cellpadding="0" cellspacing="0">
        <tr> 
          <td colspan="3"></td>
        </tr>
      </table> 
    </td>
    <td width="8"></td>
    <td width="222" valign="top"><table width="100" height="3" border="0" cellpadding="0" cellspacing="0">
        <tr> 
          <td colspan="3"></td>
        </tr>
      </table>
      <table width="222" height="10" border="0" cellpadding="0" cellspacing="0">
        <tr> 
          <td colspan="3"><jsp:include page="right.jsp"></jsp:include></td>
        </tr>
      </table> </td>
  </tr>
</table>
<table width="930" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr> 
    <td colspan="3"></td>
  </tr>
</table>
<table width="930" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr> 
    <td colspan="3"></td>
  </tr>
</table>
<table width="930" height="10" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr> 
    <td colspan="3"><table width="100%" height="1" border="0" align="center" cellpadding="0" cellspacing="0">
        <tr> 
          <td colspan="3" background="images/d01.gif"></td>
        </tr>
      </table></td>
  </tr>
</table>
<table width="930" height="30" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr> 
    <td colspan="3" bgcolor="#FFFFFF"><jsp:include page="bottom.jsp"></jsp:include></td>
  </tr>
</table>
</body>
</html>


该文件对应主站 http://www.kingdee.com/sme/chuangye.jsp
web.xml

contextConfigLocation /WEB-INF/classes/conf/spring/applicationContext*.xml Set Character Encoding com.mykingdee.filters.SetCharacterEncodingFilter encoding GB2312	 utf8encoding .action accessControl com.mykingdee.auth.web.AccessControlFilter SimplePageCachingFilter net.sf.ehcache.constructs.web.filter.SimplePageCachingFilter hitCountFilter com.mykingdee.hitcount.web.HitCountFilter UrlRewriteFilter org.tuckey.web.filters.urlrewrite.UrlRewriteFilter logLevel WARN confPath /WEB-INF/urlrewrite.xml UrlRewriteFilter /* Set Character Encoding /* accessControl /* hitCountFilter /* struts2 org.apache.struts2.dispatcher.FilterDispatcher actionPackages com.kingdee config struts-default.xml,struts-plugin.xml,conf/struts/struts.xml struts2-cleanup org.apache.struts2.dispatcher.ActionContextCleanUp struts2 *.action REQUEST FORWARD struts2-cleanup *.action org.springframework.web.context.ContextLoaderListener com.mykingdee.listener.AppInit com.mykingdee.listener.MemcachedListener action org.apache.struts.action.ActionServlet config /WEB-INF/classes/conf/struts1/struts-config.xml ,/WEB-INF/classes/conf/struts1/struts-config-adminsys.xml ,/WEB-INF/classes/conf/struts1/struts-config-book.xml ,/WEB-INF/classes/conf/struts1/struts-config-ceomailbox.xml ,/WEB-INF/classes/conf/struts1/struts-config-cert.xml ,/WEB-INF/classes/conf/struts1/struts-config-certificate.xml ,/WEB-INF/classes/conf/struts1/struts-config-comment.xml ,/WEB-INF/classes/conf/struts1/struts-config-diaocha.xml ,/WEB-INF/classes/conf/struts1/struts-config-feedback.xml ,/WEB-INF/classes/conf/struts1/struts-config-hr.xml ,/WEB-INF/classes/conf/struts1/struts-config-investorstock.xml ,/WEB-INF/classes/conf/struts1/struts-config-kdcombranch.xml ,/WEB-INF/classes/conf/struts1/struts-config-mail.xml ,/WEB-INF/classes/conf/struts1/struts-config-news.xml ,/WEB-INF/classes/conf/struts1/struts-config-newsletter.xml ,/WEB-INF/classes/conf/struts1/struts-config-searcher.xml ,/WEB-INF/classes/conf/struts1/struts-config-support.xml ,/WEB-INF/classes/conf/struts1/struts-config-union.xml ,/WEB-INF/classes/conf/struts1/struts-config-usermember.xml ,/WEB-INF/classes/conf/struts1/struts-config-vote.xml ,/WEB-INF/classes/conf/struts1/struts-config-hitcount.xml ,/WEB-INF/classes/conf/struts1/struts-config-hpkdsolution.xml ,/WEB-INF/classes/conf/struts1/struts-config-pubadmin.xml ,/WEB-INF/classes/conf/struts1/struts-config-training.xml ,/WEB-INF/classes/conf/struts1/struts-config-enterfor.xml ,/WEB-INF/classes/conf/struts1/struts-config-member.xml ,/WEB-INF/classes/conf/struts1/struts-config-newFeedBack.xml ,/WEB-INF/classes/conf/struts1/struts-config-everywhere.xml ,/WEB-INF/classes/conf/struts1/struts-config-license.xml ,/WEB-INF/classes/conf/struts1/struts-config-diagnose.xml ,/WEB-INF/classes/conf/struts1/struts-config-partner.xml ,/WEB-INF/classes/conf/struts1/struts-config-local.xml debug 3 detail 3 2 LoginPage Dispatch Servlet com.mykingdee.auth.web.LoginPageDispatchServlet 4 NumValidate com.mykingdee.mb.util.NumValidate CitySvl com.mykingdee.mb.util.CitySvl LoadXML com.mykingdee.mb.util.LoadXML check com.mykingdee.license.servlet.SerialNoCheck checkSN com.mykingdee.license.servlet.GetCheckResult Connector com.fredck.FCKeditor.connector.ConnectorServlet baseDir /UserFiles/ debug true 1 SimpleUploader com.fredck.FCKeditor.uploader.SimpleUploaderServlet baseDir /UserFiles/ debug true enabled true AllowedExtensionsFile DeniedExtensionsFile php|php3|php5|phtml|asp|aspx|ascx|jsp|cfm|cfc|pl|bat|exe|dll|reg|cgi AllowedExtensionsImage jpg|gif|jpeg|png|bmp DeniedExtensionsImage AllowedExtensionsFlash swf|fla DeniedExtensionsFlash 1 Connector /editor/filemanager/browser/default/connectors/jsp/connector SimpleUploader /editor/filemanagerhttps://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/simpleuploader NumValidate /NumValidate CitySvl /CitySvl LoadXML /servlet/LoadXML action *.do jsp *.jhtml LoginPage Dispatch Servlet /loginPageDispatchServlet check /license/servlet/check checkSN /license/servlet/checkSN 120 mp4 video/mp4 index.html index.htm index.jsp 400 /error/400.html 404 /error/404.html 500 /error/500.html mykingdee_taglib /WEB-INF/tlds/mykingdee-taglib-1.0.tld fckeditor_taglib /WEB-INF/tlds/FCKeditor.tld /WEB-INF/struts-bean.tld /WEB-INF/tlds/struts/struts-bean.tld /WEB-INF/struts-html.tld /WEB-INF/tlds/struts/struts-html.tld /WEB-INF/struts-logic.tld /WEB-INF/tlds/struts/struts-logic.tld /WEB-INF/struts-nested.tld /WEB-INF/tlds/struts/struts-nested.tld /WEB-INF/struts-template.tld /WEB-INF/tlds/struts/struts-template.tld /WEB-INF/tlds/oscache.tld /WEB-INF/tlds/oscache.tld

修复方案:

你猜?

版权声明:转载请注明来源 想要减肥的胖纸@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2013-11-14 19:59

厂商回复:

重复提交了,这个我们内部已经讨论处理,因有业务需要故,暂时放那!谢谢!

最新状态:

暂无

漏洞评价:

评论

  1. 2013-11-14 16:40 | 小贱 ( 路人 | Rank:5 漏洞数:2 | 我是一只小菜鸟啊 飞呀飞呀飞)

    1楼广告出租

  2. 2013-11-14 17:17 | 蟋蟀哥哥 ( 普通白帽子 | Rank:363 漏洞数:57 | 巴蜀人士,80后宅男,自学成才,天朝教育失败...)

    胖子又调皮了

  3. 2013-11-14 20:16 | 小贱 ( 路人 | Rank:5 漏洞数:2 | 我是一只小菜鸟啊 飞呀飞呀飞)

    c重复提交也给10?

  4. 2013-11-14 20:23 | 想要减肥的胖纸 ( 普通白帽子 | Rank:250 漏洞数:42 )

    @金蝶 @小贱 @蟋蟀哥哥 我肿么木看到wooyun里有提交金蝶主站源码的咩?那就继续放那,我只是个打酱油的。呵呵

  5. 2013-11-14 20:26 | 小贱 ( 路人 | Rank:5 漏洞数:2 | 我是一只小菜鸟啊 飞呀飞呀飞)

    @想要减肥的胖纸 哎 小白只是路过

  6. 2013-11-16 17:29 | 帅气凌云 ( 普通白帽子 | Rank:314 漏洞数:60 | 弱点扫描{Www.VulScan.CN} 为网站健康检查...)

    胖子又憤青了