当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-075386

漏洞标题:阿里云某网段存在100+mongodb数据库未授权访问

相关厂商:阿里巴巴

漏洞作者: 路人N

提交时间:2014-09-07 22:16

修复时间:2014-10-22 22:18

公开时间:2014-10-22 22:18

漏洞类型:未授权访问/权限绕过

危害等级:低

自评Rank:1

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-09-07: 细节已通知厂商并且等待厂商处理中
2014-09-09: 厂商已经确认,细节仅向厂商公开
2014-09-19: 细节向核心白帽子及相关领域专家公开
2014-09-29: 细节向普通白帽子公开
2014-10-09: 细节向实习白帽子公开
2014-10-22: 细节向公众公开

简要描述:

:-)

详细说明:

1.png


42.96.128.17
42.96.129.242
42.96.134.175
42.96.136.134
42.96.136.157
42.96.136.162
42.96.136.180
42.96.138.143
42.96.140.96
42.96.141.53
42.96.142.170
42.96.142.26
42.96.143.182
42.96.143.216
42.96.143.217
42.96.145.114
42.96.145.17
42.96.145.186
42.96.146.0
42.96.148.157
42.96.148.72
42.96.149.191
42.96.149.210
42.96.150.137
42.96.150.204
42.96.150.229
42.96.150.231
42.96.151.145
42.96.151.75
42.96.153.152
42.96.157.104
42.96.157.223
42.96.157.244
42.96.159.84
42.96.160.123
42.96.160.145
42.96.160.191
42.96.161.36
42.96.161.91
42.96.162.229
42.96.162.33
42.96.163.123
42.96.164.195
42.96.164.48
42.96.165.138
42.96.165.20
42.96.165.77
42.96.167.126
42.96.167.54
42.96.168.152
42.96.168.195
42.96.168.234
42.96.168.241
42.96.168.45
42.96.169.13
42.96.169.25
42.96.170.56
42.96.172.179
42.96.173.172
42.96.173.182
42.96.173.5
42.96.173.8
42.96.174.154
42.96.174.72
42.96.175.133
42.96.175.134
42.96.175.210
42.96.176.143
42.96.177.32
42.96.177.44
42.96.185.78
42.96.187.61
42.96.187.69
42.96.189.20
42.96.189.228
42.96.190.190
42.96.190.242
42.96.190.48
42.96.191.104
42.96.191.202
42.96.191.49
42.96.191.52
42.96.192.11
42.96.192.13
42.96.192.160
42.96.192.169
42.96.192.191
42.96.192.40
42.96.192.93
42.96.193.62
42.96.193.86
42.96.194.177
42.96.194.206
42.96.194.47
42.96.194.53
42.96.195.145
42.96.195.222
42.96.195.7
42.96.196.206
42.96.196.57
42.96.197.88
42.96.198.211
42.96.198.241
42.96.199.233
42.96.200.150
42.96.200.170
42.96.200.52
42.96.201.186
42.96.202.168
42.96.204.209
42.96.204.74
42.96.205.231
42.96.205.59

漏洞证明:

3.png

修复方案:

版权声明:转载请注明来源 路人N@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:1

确认时间:2014-09-09 16:51

厂商回复:

感谢您对我们的支持与关注,该问题是阿里云客户的机器,已经通知到客户。

最新状态:

暂无


漏洞评价:

评论

  1. 2014-09-20 11:43 | 神奇=路人甲 ( 路人 | Rank:0 漏洞数:1 | 神奇=路人甲=神奇=bug)

    日阿里云!!

  2. 2014-10-22 23:55 | Arthur ( 实习白帽子 | Rank:77 漏洞数:33 | USA,I am coming!!!!!)

    呵呵,1rank,真好意思......

  3. 2014-12-07 03:45 | 你大爷在此 百无禁忌 ( 路人 | Rank:10 漏洞数:6 | Hello 各位小伙伴们 大家好 我是王尼玛)

    @Arthur 因为不是阿里巴巴的 是他们客户的 懂了么