当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0138355

漏洞标题:树熊网络某信息泄露

相关厂商:witown.cn

漏洞作者: DNS

提交时间:2015-09-01 14:31

修复时间:2015-09-14 14:34

公开时间:2015-09-14 14:34

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:16

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-01: 细节已通知厂商并且等待厂商处理中
2015-09-01: 厂商已经确认,细节仅向厂商公开
2015-09-11: 细节向核心白帽子及相关领域专家公开
2015-09-14: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

RT,其实我是为了树熊路由器来的

详细说明:

https://github.com/Hancoson/treebear
首先是这你们的源码
涉及很多个系统
最近加班严重,看着代码就想睡觉
你们自己看着来吧
贴些代码

var img_db = {
	user:'root',
	pass:'123456',
	host:'mongodb://localhost/sx_images'
};
exports.db_config = img_db;


这里的代码是七牛数据存储接口吧

var urllib = require('url');
var qn = require('qn');
exports.uploadPic = function(filepath,imgKey,callback){
	var client = qn.create({
  		accessKey: '9Y0d9uyZcUeynzKVIorjEhzOle30xJuzX2rHMlbR',
	  	secretKey: 'mCRwCBK0Tml_a1v6EFqVTdZ5q2ELkbEQbJ1kCvHr',
	  	bucket: 'treebear',
	  	domain: 'http://treebear.u.qiniudn.com',
	  	// timeout: 3600000, // default rpc timeout: one hour, optional
	});
	//console.log(imgKey);
	client.uploadFile(filepath, {key: imgKey.key}, function (err, result) {
	  console.log(err);
	  console.log(result);
	  if(err){
	  	console.log(err);
	  }else{
	  	callback(err,result);
	  }
	  // {
	  //   hash: 'FhGbwBlFASLrZp2d16Am2bP5A9Ut',
	  //   key: 'qn/lib/client.js',
	  //   url: 'http://qtestbucket.qiniudn.com/qn/lib/client.js'
	  //   "x:ctime": "1378150371",
	  //   "x:filename": "client.js",
	  //   "x:mtime": "1378150359",
	  //   "x:size": "21944",
	  // }
	});
}


QQ图片20150901140930.png


这两个都在这里
感冒了,好难受
shop.treebear.cn
help.treebear.cn

22222222222.png

1111111.png


代码很多敏感信息,
还有一个APP

33333333.png


我看见想做点什么又怕引起问题和警觉
admin 123456

漏洞证明:

{
    "authStatus": 0,
    "bodyClass": "relativefooter",
    "header":{
        "componentCode":"TplDefaultHeader",
        "bgColor":"",
        "fontColor":"",
        "shortitle":"cai测试分店"
    },
    "footer":{
        "componentCode":"TplDefaultFooter",
        "hostname":"Randy-PC",
        "isDisplay":1,
        "footType":0,
        "portal_footer_support":"",
        "localeToChanege":"English"
    },
    "component": [
        {
            "componentCode": "TplDefaultLead",
            "crossMarketings": [
                {
                    "picUrl": "http://static.test1.witown.com/reception/templated/images/bg.jpg"
                },
                {
                    "picUrl": "http://static.test1.witown.com/reception/templated/images/bg.jpg"
                }
            ],
            "pageCompId": 18144,
            "portal_default_guide_noImage":"",
            "viewModel":"",
            "mid":"sgasdfasdfsfad",
            "edition":"2",
            "picChildren": [
                {
                    "picUrl": "http://static.test1.witown.com/reception/templated/images/bg.jpg"
                }
            ],
            "size": 1
        },
        {
            "bgColor": "",
            "bgImg": "",
            "componentCode": "TplDefaultFb1",
            "content": "",
            "fontColor": "",
            "isDisplay": "Y",
            "isOpenOneKeyLogin": "Y",
            "location": "",
            "pageCompId": 18145,
            "shape": 1,
            "pageType": "",
            "location": "",
            "shape": 0,
            "labelCss": "fb1-wrapper",
            "transparency": "",
            "authStatus": "0",
            "skey_disabled": "N",
            "portalVersion": "dasfd",
            "siteId": "2312",
            "mid": "dfasdfasdfsd",
            "vtoken": "asdfasdfasdf",
            "skey": "asdfasdfcx",
            "span": "btn_t",
            "bgColor": "",
            "fontColor": "",
            "btn_img": "freebtn",
            "portal_default_free_btn": "免费上网",
            "htdocsUrl": "http://s5.witown.com/",
            "portal_login_overdue": "1",
            "portal_login_timeout": "1"
        }
    ],
    "env": {
        "htdocsUrl": "http://static.witown.net:8888",
        "merchantUrl": "http://wifi.witown.com"
    },
    "error": 0,
    "hostname": "Randy-PC",
    "isFromMobile": "N",
    "jscommon": "build/common/jquery.min.js",
    "merchant": {
        "agentServicePhone": "400-101-1786",
        "agentShortName": "树熊网络",
        "del": false,
        "expired": false,
        "follow": false,
        "hasNuomi": "n",
        "merchantId": "8a7158794b6db057014b6db057b50000",
        "mobile": "",
        "phone": "0571-88812313",
        "shortitle": "cai测试分店"
    },
    "message": "success",
    "mobile": "N",
    "os": "w",
    "package": "reception",
    "page": {
        "id": 6318,
        "name": "封面",
        "staticCssSet": "parts/lead1/index.min.css,common/idangerous.swiper.min.css,parts/freebtn1/index.min.css?t=20150108",
        "staticJsSet": "common/idangerous.swiper.min.js,parts/freebtn1/index.min_20150106.js,parts/lead1/index.min.js?t=20150108",
        "type": "LANDING"
    },
    "pageType": "LANDING",
    "portalVersion": "/witown5.0",
    "portal_default_free_btn": "免费上网",
    "portal_default_guide_noImage": "引导图组件:请添加图片",
    "portal_footer_support": "技术支持",
    "portal_login_timeout": "您今天的免费上网时间已用完 ",
    "shortitle": "cai测试分店",
    "site": {
        "bgColor": "",
        "fontColor": "",
        "footType": 1,
        "id": 1548,
        "indexType": "LANDING",
        "isDisplay": "1",
        "shortitle": "默认店铺主题",
        "online": false,
        "templateCode": "default"
    },
    "skey_disabled": "Y",
    "viewModel": "pro",
    "vtoken": "8a7158794c080ad2014c2ae75cbb0068"
}

修复方案:

来个树熊公仔

版权声明:转载请注明来源 DNS@乌云

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:4

确认时间:2015-09-01 16:24

厂商回复:

已离职员工将一些日常开发的静态资源上传到了github,里面提到的一些信息几乎都是过时的,对系统的营销较小,现已让他把对应的项目删除;

最新状态:

2015-09-14:上次确认时已同步修复

漏洞评价:

评论