当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-062185

漏洞标题:监控宝apache server status可公开访问

相关厂商:监控宝

漏洞作者: 木头影子

提交时间:2014-05-29 18:43

修复时间:2014-07-13 18:44

公开时间:2014-07-13 18:44

漏洞类型:系统/服务运维配置不当

危害等级:中

自评Rank:8

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-05-29: 细节已通知厂商并且等待厂商处理中
2014-05-29: 厂商已经确认,细节仅向厂商公开
2014-06-08: 细节向核心白帽子及相关领域专家公开
2014-06-18: 细节向普通白帽子公开
2014-06-28: 细节向实习白帽子公开
2014-07-13: 细节向公众公开

简要描述:

监控宝apache service status限制不够严谨,仍然可以直接访问。

详细说明:

细节决定成败,如果同样错误犯多次,还可以原谅么?
http://www.jiankongbao.com/server-status
一年前,就已经被提交漏洞
WooYun: 监控宝apache信息泄露
如今,这个问题还是存在,怎么说?
当然偶尔会报权限不够,不过还是可以轻易访问啊。
只能再敲打敲打了。

漏洞证明:

Apache Server Status for www.jiankongbao.com
Server Version: Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/1.0.1
Server Built: Feb 13 2012 01:51:50
Current Time: Saturday, 24-May-2014 18:45:58 HKT
Restart Time: Friday, 18-Apr-2014 18:16:32 HKT
Parent Server Generation: 8
Server uptime: 36 days 29 minutes 26 seconds
Total accesses: 54534579 - Total Traffic: 220.1 GB
CPU Usage: u977.93 s173.99 cu0 cs0 - .037% CPU load
17.5 requests/sec - 74.2 kB/second - 4333 B/request
4 requests currently being processed, 25 idle workers
________W__W____G_____G____....__...............................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................
Scoreboard Key:
"_" Waiting for Connection, "S" Starting up, "R" Reading Request,
"W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
"C" Closing connection, "L" Logging, "G" Gracefully finishing,
"I" Idle cleanup of worker, "." Open slot with no current process
Srv PID Acc M CPU SS Req Conn Child Slot Client VHost Request
0-8 12999 0/938/1826730 _ 19.36 1 0 0.0 4.78 7575.02 127.0.0.1 www.jiankongbao.com HEAD /check.txt HTTP/1.1
1-8 13601 0/412/1818229 _ 8.62 1 0 0.0 2.65 7551.74 127.0.0.1 www.jiankongbao.com HEAD /check.txt HTTP/1.1
2-8 13402 0/460/1812651 _ 9.90 2 0 0.0 3.75 7485.91 127.0.0.1 www.jiankongbao.com GET /img/yunzhihui/yongyou-logo.png HTTP/1.1
3-8 13611 0/398/1801382 _ 8.75 2 8 0.0 3.91 7435.57 127.0.0.1 www.jiankongbao.com GET /signin.php?refer=%2Fajax_wrapper.php%3Fcommand%3Dget_new_m
4-8 13613 0/392/1793341 _ 8.91 0 663 0.0 3.35 7415.81 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=04c60792e00000001790000025148056d0b59c
5-8 13379 0/552/1784638 _ 11.97 2 17 0.0 3.61 7344.28 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=c831717f0800000024970000284596ab423e19
6-8 13003 0/930/1774677 _ 19.67 2 16 0.0 6.22 7303.93 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=75492 HTTP/
7-8 13022 0/913/1762395 _ 19.56 0 21 0.0 4.74 7312.67 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=8b43122cd60000002729000000050837d6eb8c
8-8 13080 0/753/1751093 W 14.74 1 0 0.0 3.81 7251.16 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=84ec8349b200000029370000165468d5e8b728
9-8 13624 0/392/1745106 _ 8.73 1 283 0.0 2.15 7242.85 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=940c174bd500000024650000278248f886ed76
10-8 13686 0/299/1732702 _ 6.24 1 295 0.0 2.40 7186.19 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=ddaade203a0000000543000015624183c8e706
11-8 13629 0/329/1718096 W 7.24 0 0 0.0 2.32 7112.20 127.0.0.1 www.jiankongbao.com GET /server-status HTTP/1.1
12-8 13630 0/332/1707778 _ 7.46 1 0 0.0 1.70 7019.45 127.0.0.1 www.jiankongbao.com GET /favicon.ico HTTP/1.1
13-8 13631 0/340/1698576 _ 7.08 0 565 0.0 2.24 7017.30 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=050b04a98400000018530000263574214f5de0
14-8 13081 0/758/1675493 _ 14.92 2 259 0.0 5.87 6922.68 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=6af9579c21000000113100002514801b994e6f
15-8 13993 0/157/1666299 _ 3.83 0 787 0.0 0.47 6885.83 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=80a949bc7600000023570000147713e18cea8a
16-2 5936 0/108/616956 G 2.32 2019706 0 0.0 1.08 2412.14 127.0.0.1 www.jiankongbao.com GET /sms.php HTTP/1.1
17-8 13694 0/297/1634983 _ 5.22 0 469 0.0 2.36 6765.79 127.0.0.1 www.jiankongbao.com POST /agent_post.php?key=d93abaf0080000000018000000595537ed58ea
18-8 13711 0/221/1630887 _ 5.41 0 343 0.0 1.85 6741.01 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=134d01146100000008200000148209aaab8477
19-8 13259 0/718/1606401 _ 16.04 2 628 0.0 4.13 6623.39 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=a4766c664700000011270000251480a23d695f
20-8 13262 0/692/1587513 _ 14.09 1 64 0.0 6.24 6530.21 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=13917 HTTP/
21-8 13268 0/658/1565445 _ 14.57 1 59 0.0 4.49 6433.88 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=30763 HTTP/
22-4 23546 0/538/1156831 G 10.88 802933 0 0.0 2.33 4388.83 127.0.0.1 www.jiankongbao.com POST /jkb/account_dashboard_load/alert_sum/x HTTP/1.1
23-8 13301 0/593/1511862 _ 11.89 0 258 0.0 2.64 6272.81 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=6af9579c21000000113100002514801b994e6f
24-8 13714 0/220/1484233 _ 5.12 2 334 0.0 1.39 6160.81 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=bfdd63351f000000289000002845197a460644
25-8 13997 0/107/1467864 _ 2.67 0 691 0.0 0.79 6050.13 127.0.0.1 www.jiankongbao.com GET /jkb_status.php HTTP/1.1
26-8 14019 0/42/1418968 _ 0.97 1 15 0.0 0.24 5886.75 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=696a0e81e700000031090000285177a9bf8959
27-8 - 0/0/1383206 . 12.68 1196 66 0.0 0.00 5710.33 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=87107 HTTP/
28-8 - 0/0/1324532 . 19.70 298 24 0.0 0.00 5490.69 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=bec5823061000000113000002514805b230544
29-8 - 0/0/1255632 . 20.79 71 4 0.0 0.00 5168.84 127.0.0.1 www.jiankongbao.com GET /css/yunzhihui/css/bootstrap.min.css HTTP/1.1
30-8 - 0/0/1159664 . 20.14 77 56 0.0 0.00 4824.93 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=45849 HTTP/
31-8 13312 0/607/1014635 _ 13.89 2 898 0.0 6.11 4276.15 127.0.0.1 www.jiankongbao.com GET /img/yunzhihui/jkb-qrcode.jpg HTTP/1.1
32-8 13313 0/601/852271 _ 12.72 1 64 0.0 3.89 3617.19 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=66550 HTTP/
33-8 - 0/0/674711 . 21.22 1678 0 0.0 0.00 2861.61 127.0.0.1 www.jiankongbao.com GET /css/jkb.css HTTP/1.1
34-8 - 0/0/564274 . 19.58 1651 11 0.0 0.00 2381.09 127.0.0.1 www.jiankongbao.com GET / HTTP/1.1
35-8 - 0/0/444608 . 18.36 5014 1458 0.0 0.00 1909.82 127.0.0.1 www.jiankongbao.com GET /img/yunzhihui/jkb_photo_family.png HTTP/1.1
36-8 - 0/0/369496 . 15.74 30138 269 0.0 0.00 1571.02 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=a08a006e7600000024170000272458901a874a
37-8 - 0/0/292189 . 17.11 30102 69 0.0 0.00 1237.01 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_thumb_data&task_id=241683&tas
38-8 - 0/0/198628 . 16.96 30106 58 0.0 0.00 856.01 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=44581 HTTP/
39-8 - 0/0/164736 . 17.96 56525 61 0.0 0.00 712.39 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=21035 HTTP/
40-8 - 0/0/152370 . 18.17 56544 8 0.0 0.00 630.51 127.0.0.1 www.jiankongbao.com GET / HTTP/1.1
41-8 - 0/0/142279 . 0.08 58740 0 0.0 0.00 593.49 127.0.0.1 www.jiankongbao.com GET /scripts/jquery.datepick.package-3.7.1/flora.datepick.css H
42-8 - 0/0/121411 . 15.96 56990 4499 0.0 0.00 523.86 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=e37437092c00000010690000176254667c45f5
43-8 - 0/0/89407 . 19.96 56514 60 0.0 0.00 390.23 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=94195 HTTP/
44-8 - 0/0/66062 . 0.07 90797 32 0.0 0.00 284.37 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=4f869cbe7b000000131000002514808a7bfab6
45-8 - 0/0/49666 . 0.06 90806 75 0.0 0.00 208.91 125.39.31.6 qiye.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=67916 HTTP/
46-8 - 0/0/31292 . 25.32 89295 60 0.0 0.00 141.55 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=52284 HTTP/
47-8 - 0/0/22098 . 0.58 117777 63 0.0 0.00 96.79 124.207.192.114 qiye.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=23261 HTTP/
48-8 - 0/0/21192 . 0.28 177767 46 0.0 0.00 85.75 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=8137b0f516000000213800002514803982d299
49-8 - 0/0/25150 . 20.67 176422 61 0.0 0.00 98.33 111.206.74.120 qiye.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=24014 HTTP/
50-8 - 0/0/17809 . 0.22 177762 328 0.0 0.00 72.02 127.0.0.1 www.jiankongbao.com GET /jkb/account_dashboard_load/fault_list_ing/x HTTP/1.1
51-8 - 0/0/14394 . 0.25 177769 13 0.0 0.00 60.21 127.0.0.1 www.jiankongbao.com GET / HTTP/1.1
52-8 - 0/0/20153 . 22.63 176412 58 0.0 0.00 79.22 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=45093 HTTP/
53-8 - 0/0/21100 . 22.71 176423 62 0.0 0.00 82.73 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=19398 HTTP/
54-8 - 0/0/16976 . 0.09 177782 74 0.0 0.00 68.96 127.0.0.1 www.jiankongbao.com GET /chart_data_cpu_time.php?task_id=197334&period=today&range=
55-8 - 0/0/15486 . 0.21 177766 15 0.0 0.00 64.77 127.0.0.1 www.jiankongbao.com POST /jkb/account_dispose/signin/s HTTP/1.1
56-8 - 0/0/22135 . 22.66 176405 10 0.0 0.00 87.76 127.0.0.1 www.jiankongbao.com GET /monitorip.php HTTP/1.1
57-8 - 0/0/19579 . 0.25 177765 0 0.0 0.00 74.32 127.0.0.1 www.jiankongbao.com GET /scripts/jquery.datepick.package-3.7.1/jquery.datepick-zh-C
58-8 - 0/0/17966 . 0.11 177781 85 0.0 0.00 65.59 127.0.0.1 www.jiankongbao.com GET /chart_data_netio_time.php?task_id=197336&ifname=p2p1&perio
59-8 - 0/0/11389 . 23.46 176378 13 0.0 0.00 51.14 127.0.0.1 www.jiankongbao.com GET / HTTP/1.1
60-8 - 0/0/9522 . 22.37 176416 260 0.0 0.00 37.65 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=5af8dcdb4b00000016290000251480d52871ea
61-8 - 0/0/10088 . 20.71 176422 15 0.0 0.00 39.42 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=74717 HTTP/
62-8 - 0/0/8033 . 0.00 177787 453 0.0 0.00 27.80 127.0.0.1 www.jiankongbao.com POST /agent_post.php?key=d93abaf0080000000018000000595537ed58ea
63-8 - 0/0/5675 . 0.78 201068 9 0.0 0.00 22.51 127.0.0.1 www.jiankongbao.com GET / HTTP/1.1
64-8 - 0/0/7461 . 19.55 199927 11 0.0 0.00 28.12 127.0.0.1 api.jiankongbao.com GET /v2/site/lists.json?access_token=&start_date=2014-05-22&end
65-8 - 0/0/3942 . 6.35 200701 59 0.0 0.00 16.12 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=57524 HTTP/
66-8 - 0/0/1597 . 1.31 287373 0 0.0 0.00 7.17 127.0.0.1 www.jiankongbao.com GET /images/16-sinaweibo.gif HTTP/1.1
67-8 - 0/0/6550 . 2.77 287315 34 0.0 0.00 24.06 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=3cf7e7ecde000000107000002514806d5c0d75
68-8 - 0/0/2613 . 0.24 287463 67 0.0 0.00 8.42 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_user_notice_num&cache=65876 H
69-8 - 0/0/1833 . 0.76 287360 0 0.0 0.00 6.41 127.0.0.1 www.jiankongbao.com GET /css/jkb.css HTTP/1.1
70-8 - 0/0/4501 . 20.88 286107 26 0.0 0.00 15.64 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=c357a0cb020000002359000028263189993e88
71-8 - 0/0/3197 . 0.08 287504 0 0.0 0.00 14.00 127.0.0.1 www.jiankongbao.com GET /images/sn_add_images/mail/sn_telephone_icon.png HTTP/1.1
72-8 - 0/0/3477 . 21.61 286125 32 0.0 0.00 14.37 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=3cf7e7ecde000000107000002514806d5c0d75
73-8 - 0/0/4449 . 0.17 287419 82629 0.0 0.00 16.22 127.0.0.1 www.jiankongbao.com GET /user_report_chart.php?t=5b3a4cc92ec6b528a8d6d8d5a5b92ddf04
74-8 - 0/0/2385 . 0.99 287418 59 0.0 0.00 9.39 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=17369 HTTP/
75-8 - 0/0/4397 . 0.18 287495 6633 0.0 0.00 18.22 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=af5e805b1900000009140000242833c14a2b45
76-8 - 0/0/6657 . 0.07 287487 35 0.0 0.00 22.80 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=6fc249334a00000012200000251480ad306a01
77-8 - 0/0/3933 . 0.08 287502 0 0.0 0.00 12.34 127.0.0.1 www.jiankongbao.com GET /images/16-sinaweibo.gif HTTP/1.1
78-8 - 0/0/1898 . 6.10 287475 262 0.0 0.00 6.97 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=a4405462bf000000136700002514807c087a4c
79-8 - 0/0/2252 . 0.02 287510 21 0.0 0.00 9.68 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=5d52577fdb000000055900001477134021fc19
80-8 - 0/0/1512 . 0.60 287465 54 0.0 0.00 7.07 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=36099 HTTP/
81-8 - 0/0/4795 . 1.48 287398 62 0.0 0.00 18.02 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=3488 HTTP/1
82-8 - 0/0/6161 . 0.26 287478 0 0.0 0.00 22.67 127.0.0.1 www.jiankongbao.com GET /images/16-qqweibo.gif HTTP/1.1
83-8 - 0/0/2776 . 5.79 287482 1 0.0 0.00 10.45 127.0.0.1 www.jiankongbao.com GET /css/jkb.css HTTP/1.1
84-8 - 0/0/5865 . 5.51 287409 25 0.0 0.00 20.89 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=e65b78642c00000012220000251480d541876b
85-8 - 0/0/3146 . 0.37 287460 25 0.0 0.00 9.91 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=d64c50957300000014170000251480cf5d35ce
86-8 - 0/0/4486 . 5.25 287417 134437 0.0 0.00 17.53 127.0.0.1 api.jiankongbao.com GET /site/task/438825/report.json HTTP/1.1
87-8 - 0/0/5133 . 0.91 287434 0 0.0 0.00 19.48 127.0.0.1 www.jiankongbao.com GET /scripts/main.js?v1.4.4 HTTP/1.1
88-8 - 0/0/3225 . 0.57 287358 237 0.0 0.00 12.85 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=8137b0f516000000213800002514803982d299
89-8 - 0/0/5197 . 6.86 287347 306 0.0 0.00 18.51 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=834b1bb14d000000113200002514803ca08f77
90-8 - 0/0/5486 . 2.37 287356 0 0.0 0.00 21.80 127.0.0.1 www.jiankongbao.com GET /css/siteview.css HTTP/1.1
91-8 - 0/0/3271 . 6.59 287404 0 0.0 0.00 14.05 127.0.0.1 www.jiankongbao.com HEAD /check.txt HTTP/1.1
92-8 - 0/0/1438 . 1.65 287399 61 0.0 0.00 5.18 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=97110 HTTP/
93-8 - 0/0/726 . 5.43 287408 25 0.0 0.00 3.53 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=af5e805b1900000009140000242833c14a2b45
94-8 - 0/0/4716 . 5.36 287455 325 0.0 0.00 15.39 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=213bffdd0800000016750000226296bd54c38d
95-8 - 0/0/2660 . 0.15 287488 17 0.0 0.00 11.68 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=24285 HTTP/
96-8 - 0/0/364 . 0.56 287834 0 0.0 0.00 1.05 127.0.0.1 www.jiankongbao.com GET /js/yunzhihui/html5shiv.min.js HTTP/1.1
97-4 - 0/0/416 . 1.90 977015 72 0.0 0.00 1.51 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=89607 HTTP/
98-4 - 0/0/1542 . 0.74 977041 0 0.0 0.00 6.04 127.0.0.1 www.jiankongbao.com GET /css/agent.css HTTP/1.1
99-4 - 0/0/1192 . 23.39 975884 0 0.0 0.00 3.39 127.0.0.1 www.jiankongbao.com HEAD /check.txt HTTP/1.1
100-4 - 0/0/1203 . 3.38 977092 73 0.0 0.00 4.29 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=53381 HTTP/
101-4 - 0/0/182 . 0.33 977081 84 0.0 0.00 0.51 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=83228 HTTP/
102-4 - 0/0/2053 . 26.54 975887 64 0.0 0.00 7.73 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=31405 HTTP/
103-4 - 0/0/1797 . 23.81 976908 67 0.0 0.00 5.29 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=81896 HTTP/
104-4 - 0/0/3172 . 29.31 976002 37 0.0 0.00 10.47 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=72a20354190000001792000025148062c942e0
105-4 - 0/0/1064 . 8.18 976980 629 0.0 0.00 4.81 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=22e29c6c32000000248800001654160bc20aee
106-4 - 0/0/498 . 8.55 977058 0 0.0 0.00 1.73 127.0.0.1 www.jiankongbao.com GET /images/sn_add_images/index/area_bottom_line.png HTTP/1.1
107-4 - 0/0/854 . 8.97 977096 0 0.0 0.00 2.52 192.168.2.4 www.jiankongbao.com HEAD /check.txt HTTP/1.1
108-4 - 0/0/2785 . 2.99 977064 0 0.0 0.00 10.18 127.0.0.1 www.jiankongbao.com GET /images/sn_add_images/index/function_area_api_blur.png HTTP
109-4 - 0/0/2033 . 24.96 975708 74 0.0 0.00 6.61 127.0.0.1 www.jiankongbao.com GET /ajax_wrapper.php?command=get_new_msg_sum&cache=97993 HTTP/
110-4 - 0/0/1577 . 25.71 975797 28 0.0 0.00 3.95 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=1110c8d88100000011290000251480501b04f0
111-4 - 0/0/1105 . 21.87 975786 0 0.0 0.00 3.69 127.0.0.1 www.jiankongbao.com GET /scripts/index.js?1387787460 HTTP/1.1
112-4 - 0/0/1156 . 23.09 975782 113 0.0 0.00 3.86 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=9607710f5d0000001791000025148046982643
113-4 - 0/0/592 . 12.25 977089 0 0.0 0.00 1.53 127.0.0.1 www.jiankongbao.com GET /images/sn_add_images/product/http.png HTTP/1.1
114-4 - 0/0/1361 . 5.44 976777 37 0.0 0.00 4.20 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=b51197e47d000000196200002514807f57dda4
115-4 - 0/0/1234 . 0.85 977035 20 0.0 0.00 5.59 127.0.0.1 plugin.jiankongbao.com POST /agent_post.php?key=eacc8fff8800000027160000286899c4352790
116-4 - 0/0/2454 . 19.65 977063 0 0.0 0.00 8.52 127.0.0.1 www.jiankongbao.com GET /images/logo/xibushuma.gif HTTP/1.1
117-4 - 0/0/2203 . 3.25 977073 0 0.0 0.00 7.26 127.0.0.1 www.jiankongbao.com GET /images/logo/yupoo.gif HTTP/1.1
118-4 - 0/0/610 . 4.28 977013 0 0.0 0.00 2.15 127.0.0.1 www.jiankongbao.com GET /images/logo/51idc.gif HTTP/1.1
119-4 - 0/0/454 . 11.00 977033 0 0.0 0.00 1.70 127.0.0.1 plugin.jiankongbao.com GET /agent/plugin/CustomPlugin.py HTTP/1.1
Srv Child Server number - generation
PID OS process ID
Acc Number of accesses this connection / this child / this slot
M Mode of operation
CPU CPU usage, number of seconds
SS Seconds since beginning of most recent request
Req Milliseconds required to process most recent request
Conn Kilobytes transferred this connection
Child Megabytes transferred this child
Slot Total megabytes transferred this slot
SSL/TLS Session Cache Status:
cache type: SHMCB, shared memory: 512000 bytes, current sessions: 15
subcaches: 32, indexes per subcache: 133
time left on oldest entries' SSL sessions: avg: 191 seconds, (range: 66...204)
index usage: 0%, cache usage: 0%
total sessions stored since starting: 31472
total sessions expired since starting: 31457
total (pre-expiry) sessions scrolled out of the cache: 0
total retrieves since starting: 38505 hit, 15669 miss
total removes since starting: 0 hit, 0 miss
Apache/2.2.22 (Ubuntu) Server at www.jiankongbao.com Port 80


访问多次还是会报

You don't have permission to access /server-status on this server.
Apache/2.2.20 (Ubuntu) Server at www.jiankongbao.com Port 80


显然你们知道限制权限了,但是不够严谨。

修复方案:

仍借用上次漏洞作者的话,身为专业运维的你,肯定比我更懂啦。

版权声明:转载请注明来源 木头影子@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:6

确认时间:2014-05-29 20:08

厂商回复:

 非常感谢 “木头影子” 同学的“敲打”!

最新状态:

暂无


漏洞评价:

评论