当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0123828

漏洞标题:HTML5中国主站与分站存在svn代码泄露漏洞续(二)

相关厂商:html5cn.org

漏洞作者: 上岸的鱼

提交时间:2015-07-01 11:14

修复时间:2015-07-06 11:16

公开时间:2015-07-06 11:16

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-01: 细节已通知厂商并且等待厂商处理中
2015-07-06: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

本来本着测试的目的,没深入,没拿数据出来亮亮,但是尽然给我忽略了,我表示不服,那我就拿点数据出来亮亮
我们挥洒汗水,给你们测试,给你们告警,不要凉了我们的心啊,不然哪天数据在无声无息中传播整个网络就是你们挥洒汗水的时候

详细说明:

前戏: WooYun: HTML5中国主站与分站存在svn代码泄露漏洞
通过获取到数据库的配置信息,我们找到mysql数据库访问地址:211.155.82.185
直接mysql连接,内容还是很丰富的啊,313个表,11+w的用户数:

+----------------------------------+
| Tables_in_tx100_discuz |
+----------------------------------+
| t_common_addon |
| t_common_admincp_cmenu |
| t_common_admincp_group |
| t_common_admincp_member |
| t_common_admincp_perm |
| t_common_admincp_session |
| t_common_admingroup |
| t_common_adminnote |
| t_common_advertisement |
| t_common_advertisement_custom |
| t_common_banned |
| t_common_block |
| t_common_block_favorite |
| t_common_block_item |
| t_common_block_item_data |
| t_common_block_permission |
| t_common_block_pic |
| t_common_block_style |
| t_common_block_xml |
| t_common_cache |
| t_common_card |
| t_common_card_log |
| t_common_card_type |
| t_common_connect_guest |
| t_common_credit_log |
| t_common_credit_log_field |
| t_common_credit_rule |
| t_common_credit_rule_log |
| t_common_credit_rule_log_field |
| t_common_cron |
| t_common_devicetoken |
| t_common_district |
| t_common_diy_data |
| t_common_domain |
| t_common_failedip |
| t_common_failedlogin |
| t_common_friendlink |
| t_common_grouppm |
| t_common_invite |
| t_common_magic |
| t_common_magiclog |
| t_common_mailcron |
| t_common_mailqueue |
| t_common_member |
| t_common_member_action_log |
| t_common_member_connect |
| t_common_member_count |
| t_common_member_crime |
| t_common_member_field_forum |
| t_common_member_field_home |
| t_common_member_forum_buylog |
| t_common_member_grouppm |
| t_common_member_log |
| t_common_member_magic |
| t_common_member_medal |
| t_common_member_newprompt |
| t_common_member_profile |
| t_common_member_profile_setting |
| t_common_member_security |
| t_common_member_secwhite |
| t_common_member_stat_field |
| t_common_member_stat_fieldcache |
| t_common_member_stat_search |
| t_common_member_stat_searchcache |
| t_common_member_status |
| t_common_member_validate |
| t_common_member_verify |
| t_common_member_verify_info |
| t_common_moderate |
| t_common_myapp |
| t_common_myinvite |
| t_common_mytask |
| t_common_nav |
| t_common_onlinetime |
| t_common_optimizer |
| t_common_patch |
| t_common_plugin |
| t_common_pluginvar |
| t_common_process |
| t_common_regip |
| t_common_relatedlink |
| t_common_remote_port |
| t_common_report |
| t_common_searchindex |
| t_common_seccheck |
| t_common_secquestion |
| t_common_session |
| t_common_setting |
| t_common_smiley |
| t_common_sphinxcounter |
| t_common_stat |
| t_common_statuser |
| t_common_style |
| t_common_stylevar |
| t_common_syscache |
| t_common_tag |
| t_common_tagitem |
| t_common_task |
| t_common_taskvar |
| t_common_template |
| t_common_template_block |
| t_common_template_permission |
| t_common_uin_black |
| t_common_usergroup |
| t_common_usergroup_field |
| t_common_visit |
| t_common_word |
| t_common_word_type |
| t_connect_disktask |
| t_connect_feedlog |
| t_connect_memberbindlog |
| t_connect_postfeedlog |
| t_connect_tlog |
| t_connect_tthreadlog |
| t_dsu_paulsign |
| t_dsu_paulsignemot |
| t_dsu_paulsignset |
| t_forum_access |
| t_forum_activity |
| t_forum_activityapply |
| t_forum_announcement |
| t_forum_attachment |
| t_forum_attachment_0 |
| t_forum_attachment_1 |
| t_forum_attachment_2 |
| t_forum_attachment_3 |
| t_forum_attachment_4 |
| t_forum_attachment_5 |
| t_forum_attachment_6 |
| t_forum_attachment_7 |
| t_forum_attachment_8 |
| t_forum_attachment_9 |
| t_forum_attachment_exif |
| t_forum_attachment_unused |
| t_forum_attachtype |
| t_forum_bbcode |
| t_forum_collection |
| t_forum_collectioncomment |
| t_forum_collectionfollow |
| t_forum_collectioninvite |
| t_forum_collectionrelated |
| t_forum_collectionteamworker |
| t_forum_collectionthread |
| t_forum_creditslog |
| t_forum_debate |
| t_forum_debatepost |
| t_forum_faq |
| t_forum_filter_post |
| t_forum_forum |
| t_forum_forum_threadtable |
| t_forum_forumfield |
| t_forum_forumrecommend |
| t_forum_groupcreditslog |
| t_forum_groupfield |
| t_forum_groupinvite |
| t_forum_grouplevel |
| t_forum_groupranking |
| t_forum_groupuser |
| t_forum_hotreply_member |
| t_forum_hotreply_number |
| t_forum_imagetype |
| t_forum_medal |
| t_forum_medallog |
| t_forum_memberrecommend |
| t_forum_moderator |
| t_forum_modwork |
| t_forum_newthread |
| t_forum_onlinelist |
| t_forum_order |
| t_forum_poll |
| t_forum_polloption |
| t_forum_polloption_image |
| t_forum_pollvoter |
| t_forum_post |
| t_forum_post_location |
| t_forum_post_moderate |
| t_forum_post_tableid |
| t_forum_postcache |
| t_forum_postcomment |
| t_forum_postlog |
| t_forum_postposition |
| t_forum_poststick |
| t_forum_promotion |
| t_forum_ratelog |
| t_forum_relatedthread |
| t_forum_replycredit |
| t_forum_rsscache |
| t_forum_sofa |
| t_forum_spacecache |
| t_forum_statlog |
| t_forum_thread |
| t_forum_thread_moderate |
| t_forum_threadaddviews |
| t_forum_threadcalendar |
| t_forum_threadclass |
| t_forum_threadclosed |
| t_forum_threaddisablepos |
| t_forum_threadhidelog |
| t_forum_threadhot |
| t_forum_threadimage |
| t_forum_threadlog |
| t_forum_threadmod |
| t_forum_threadpartake |
| t_forum_threadpreview |
| t_forum_threadprofile |
| t_forum_threadprofile_group |
| t_forum_threadrush |
| t_forum_threadtype |
| t_forum_trade |
| t_forum_tradecomment |
| t_forum_tradelog |
| t_forum_typeoption |
| t_forum_typeoptionvar |
| t_forum_typevar |
| t_forum_warning |
| t_home_album |
| t_home_album_category |
| t_home_appcreditlog |
| t_home_blacklist |
| t_home_blog |
| t_home_blog_category |
| t_home_blog_moderate |
| t_home_blogfield |
| t_home_class |
| t_home_click |
| t_home_clickuser |
| t_home_comment |
| t_home_comment_moderate |
| t_home_docomment |
| t_home_doing |
| t_home_doing_moderate |
| t_home_favorite |
| t_home_feed |
| t_home_feed_app |
| t_home_follow |
| t_home_follow_feed |
| t_home_follow_feed_archiver |
| t_home_friend |
| t_home_friend_request |
| t_home_friendlog |
| t_home_notification |
| t_home_pic |
| t_home_pic_moderate |
| t_home_picfield |
| t_home_poke |
| t_home_pokearchive |
| t_home_share |
| t_home_share_moderate |
| t_home_show |
| t_home_specialuser |
| t_home_userapp |
| t_home_userappfield |
| t_home_visitor |
| t_mobile_setting |
| t_mobileoem_member |
| t_mobileoem_pushthreads |
| t_plugin_auction |
| t_plugin_auction_message |
| t_plugin_auction_xml |
| t_plugin_auctionapply |
| t_plugin_dsuampper |
| t_portal_article_content |
| t_portal_article_count |
| t_portal_article_moderate |
| t_portal_article_related |
| t_portal_article_title |
| t_portal_article_trash |
| t_portal_attachment |
| t_portal_category |
| t_portal_category_permission |
| t_portal_comment |
| t_portal_comment_moderate |
| t_portal_rsscache |
| t_portal_topic |
| t_portal_topic_pic |
| t_security_evilpost |
| t_security_eviluser |
| t_security_failedlog |
| t_ucenter_admins |
| t_ucenter_applications |
| t_ucenter_badwords |
| t_ucenter_domains |
| t_ucenter_failedlogins |
| t_ucenter_feeds |
| t_ucenter_friends |
| t_ucenter_mailqueue |
| t_ucenter_memberfields |
| t_ucenter_members |
| t_ucenter_mergemembers |
| t_ucenter_newpm |
| t_ucenter_notelist |
| t_ucenter_pm_indexes |
| t_ucenter_pm_lists |
| t_ucenter_pm_members |
| t_ucenter_pm_messages_0 |
| t_ucenter_pm_messages_1 |
| t_ucenter_pm_messages_2 |
| t_ucenter_pm_messages_3 |
| t_ucenter_pm_messages_4 |
| t_ucenter_pm_messages_5 |
| t_ucenter_pm_messages_6 |
| t_ucenter_pm_messages_7 |
| t_ucenter_pm_messages_8 |
| t_ucenter_pm_messages_9 |
| t_ucenter_protectedmembers |
| t_ucenter_settings |
| t_ucenter_sqlcache |
| t_ucenter_tags |
| t_ucenter_vars |
| t_zywx_forum_postfield |
| t_zywx_home_blogfield |
| t_zywx_useroperation |
| t_zywx_useroperation_log |
+----------------------------------+
313 rows in set (0.02 sec)


mysql> select count(*) from t_ucenter_members;
+----------+
| count(*) |
+----------+
| 111155 |
+----------+
1 row in set (0.01 sec)
mysql> select * from t_ucenter_members limit 1,6;
+-----+------------+----------------------------------+-------------------------+------+---------+-----------------+------------+-------------+---------------+--------+---------+
| uid | username | password | email | myid | myidkey | regip | regdate | lastloginip | lastlogintime | salt | secques |
+-----+------------+----------------------------------+-------------------------+------+---------+-----------------+------------+-------------+---------------+--------+---------+
| 2 | esldcf1989 | 1f2d2455b870046cac0d679a2f42aa33 | nihsiede@163.com | | | 182.87.64.31 | 1328067569 | 0 | 0 | 127ae1 | |
| 3 | nouf62w | e7a00da53fde94b08ae2be00075a3686 | xmi794ryo65@163.com | | | 112.220.216.11 | 1328075562 | 0 | 0 | a63a73 | |
| 4 | Joan | 50d3993ca23a9f354e1b0f354b5ce6ec | joanluoqiong@163.com | | | 58.246.12.28 | 1328086142 | 0 | 0 | ed7307 | |
| 5 | tizenol | 7338893f92cba1139eeda162096973f4 | sky@tizenol.com | | | 218.82.7.244 | 1328143833 | 0 | 0 | 94ec7b | |
| 6 | suxunbo | a2d49ac89c93d754e47b2b5c9edefc8f | suxunbu@3g2win.com | | | 218.240.157.195 | 1328148452 | 0 | 0 | 4cff5b | |
| 7 | tingtingxj | fd1e502b701341258edfaa86cd32bf54 | tingting.shi@3g2win.com | | | 218.240.157.195 | 1328151733 | 0 | 0 | 5d7cea | |
+-----+------------+----------------------------------+-------------------------+------+---------+-----------------+------------+-------------+---------------+--------+---------+
6 rows in set (0.02 sec)


漏洞证明:

看详细说明
若有后续,就是直接拿shell了
不说了,说多了都是泪,测试很辛苦的,NND,都凌晨了

修复方案:

我要唱《征服》

版权声明:转载请注明来源 上岸的鱼@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-07-06 11:16

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无


漏洞评价:

评论

  1. 2015-07-13 12:21 | 路人癸 ( 路人 | Rank:4 漏洞数:2 | 随意路过)

    还是忽略。。洞主不哭