当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-012041

漏洞标题:中国电信某处ftp匿名访问,秒杀后台

相关厂商:中国电信

漏洞作者: popok

提交时间:2012-09-11 18:35

修复时间:2012-10-26 18:36

公开时间:2012-10-26 18:36

漏洞类型:网络未授权访问

危害等级:中

自评Rank:5

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2012-09-11: 细节已通知厂商并且等待厂商处理中
2012-09-15: 厂商已经确认,细节仅向厂商公开
2012-09-25: 细节向核心白帽子及相关领域专家公开
2012-10-05: 细节向普通白帽子公开
2012-10-15: 细节向实习白帽子公开
2012-10-26: 细节向公众公开

简要描述:

RT

详细说明:

ftp://125.64.3.6/
其中有整站备份包和数据库备份
ftp://125.64.3.6/web/Uploads/ 里面全是电信的图片。
还有旁注查询是这个站:http://3g.yn.189.cn/
直接访问IP会跳到一个办公管理系统,存在弱口令:admin/admin。

漏洞证明:


ftp> o 3g.yn.189.cn
Connected to 3g.yn.189.cn.
220 Serv-U FTP Server v6.4 for WinSock ready...
Name (3g.yn.189.cn:FengGou): ftp
331 User name okay, please send complete E-mail address as password.
Password: 
230 User logged in, proceed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (125,64,3,6,9,196)
150 Opening ASCII mode data connection for /bin/ls.
drw-rw-rw-   1 user     group           0 Aug  4 15:07 .
drw-rw-rw-   1 user     group           0 Aug  4 15:07 ..
drw-rw-rw-   1 user     group           0 Nov 12  2010 Rewrite
-rw-rw-rw-   1 user     group     5333504 Oct 25  2010 bbs_189sc_com20101025.bak
-rw-rw-rw-   1 user     group      912129 Aug  4 15:07 bbs_189sc_com20101025.rar
drw-rw-rw-   1 user     group           0 Apr  9  2011 data
drw-rw-rw-   1 user     group           0 Aug  4 14:09 web
226 Transfer complete.
ftp> ls web/
227 Entering Passive Mode (125,64,3,6,9,197)
150 Opening ASCII mode data connection for /bin/ls.
total 5345418
drw-rw-rw-   1 user     group           0 Aug  4 14:09 .
drw-rw-rw-   1 user     group           0 Aug  4 14:09 ..
-rw-rw-rw-   1 user     group          91 Aug  7  2007 AddFavorite.aspx
-rw-rw-rw-   1 user     group          89 Aug  7  2007 AddFriend.aspx
-rw-rw-rw-   1 user     group         379 Aug  7  2007 Admin_Advertisement.aspx
-rw-rw-rw-   1 user     group         385 Aug  7  2007 Admin_AdvertisementAdd.aspx
-rw-rw-rw-   1 user     group         363 Aug  7  2007 Admin_Board.aspx
-rw-rw-rw-   1 user     group         369 Aug  7  2007 Admin_BoardAdd.aspx
-rw-rw-rw-   1 user     group         373 Aug  7  2007 Admin_BoardRight.aspx
-rw-rw-rw-   1 user     group         379 Aug  7  2007 Admin_BoardRightAdd.aspx
-rw-rw-rw-   1 user     group         371 Aug  7  2007 Admin_ConfigAll.aspx
-rw-rw-rw-   1 user     group         379 Aug  7  2007 Admin_ConfigPicture.aspx
-rw-rw-rw-   1 user     group         375 Aug  7  2007 Admin_ConfigPoint.aspx
-rw-rw-rw-   1 user     group         381 Aug  7  2007 Admin_ConfigSecurity.aspx
-rw-rw-rw-   1 user     group         377 Aug  7  2007 Admin_ConfigUpload.aspx
-rw-rw-rw-   1 user     group         363 Aug  7  2007 Admin_Emote.aspx
-rw-rw-rw-   1 user     group         369 Aug  7  2007 Admin_EmoteAdd.aspx
-rw-rw-rw-   1 user     group         363 Aug  7  2007 Admin_Error.aspx
-rw-rw-rw-   1 user     group         361 Aug  7  2007 Admin_Face.aspx
-rw-rw-rw-   1 user     group         367 Aug  7  2007 Admin_FaceAdd.aspx
-rw-rw-rw-   1 user     group         363 Aug  7  2007 Admin_Group.aspx
-rw-rw-rw-   1 user     group         369 Aug  7  2007 Admin_GroupAdd.aspx
-rw-rw-rw-   1 user     group         367 Aug  7  2007 Admin_History.aspx
-rw-rw-rw-   1 user     group         357 Aug  7  2007 Admin_IP.aspx
-rw-rw-rw-   1 user     group         363 Aug  7  2007 Admin_IPAdd.aspx
-rw-rw-rw-   1 user     group         168 Aug  7  2007 Admin_Index.aspx
-rw-rw-rw-   1 user     group         369 Aug  7  2007 Admin_Language.aspx
-rw-rw-rw-   1 user     group         166 Aug  7  2007 Admin_Left.aspx
-rw-rw-rw-   1 user     group         363 Aug  7  2007 Admin_Level.aspx
-rw-rw-rw-   1 user     group         369 Aug  7  2007 Admin_LevelAdd.aspx
-rw-rw-rw-   1 user     group         361 Aug  7  2007 Admin_Link.aspx
-rw-rw-rw-   1 user     group         367 Aug  7  2007 Admin_LinkAdd.aspx
-rw-rw-rw-   1 user     group         353 Aug  7  2007 Admin_Log.aspx
-rw-rw-rw-   1 user     group         367 Aug  7  2007 Admin_LogView.aspx
-rw-rw-rw-   1 user     group         358 Aug  7  2007 Admin_Login.aspx
-rw-rw-rw-   1 user     group         361 Aug  7  2007 Admin_Menu.aspx
-rw-rw-rw-   1 user     group         367 Aug  7  2007 Admin_MenuAdd.aspx
-rw-rw-rw-   1 user     group         366 Aug  7  2007 Admin_Message.aspx
-rw-rw-rw-   1 user     group         374 Aug  7  2007 Admin_MessageSend.aspx
-rw-rw-rw-   1 user     group         374 Aug  7  2007 Admin_MessageView.aspx
-rw-rw-rw-   1 user     group         361 Aug  7  2007 Admin_News.aspx
-rw-rw-rw-   1 user     group         367 Aug  7  2007 Admin_NewsAdd.aspx
-rw-rw-rw-   1 user     group         357 Aug  7  2007 Admin_OK.aspx
-rw-rw-rw-   1 user     group         377 Aug  7  2007 Admin_RefreshCache.aspx
-rw-rw-rw-   1 user     group         367 Aug  7  2007 Admin_Replace.aspx
-rw-rw-rw-   1 user     group         373 Aug  7  2007 Admin_ReplaceAdd.aspx
-rw-rw-rw-   1 user     group         361 Aug  7  2007 Admin_Skin.aspx
-rw-rw-rw-   1 user     group         367 Aug  7  2007 Admin_SkinAdd.aspx
-rw-rw-rw-   1 user     group         355 Jan 16  2008 Admin_Team.aspx
-rw-rw-rw-   1 user     group         367 Aug  7  2007 Admin_TeamAdd.aspx
-rw-rw-rw-   1 user     group         369 Aug  7  2007 Admin_Template.aspx
-rw-rw-rw-   1 user     group         375 Aug  7  2007 Admin_TemplateAdd.aspx
-rw-rw-rw-   1 user     group         350 Aug  7  2007 Admin_Top.aspx
-rw-rw-rw-   1 user     group         363 Aug  7  2007 Admin_Topic.aspx
-rw-rw-rw-   1 user     group         377 Aug  7  2007 Admin_TopicConfirm.aspx
-rw-rw-rw-   1 user     group         369 Aug  7  2007 Admin_TopicDel.aspx
-rw-rw-rw-   1 user     group         371 Aug  7  2007 Admin_TopicMove.aspx
-rw-rw-rw-   1 user     group         377 Aug  7  2007 Admin_TopicRecycle.aspx
-rw-rw-rw-   1 user     group         375 Aug  7  2007 Admin_TopicSearch.aspx
-rw-rw-rw-   1 user     group         373 Aug  7  2007 Admin_UploadFace.aspx
-rw-rw-rw-   1 user     group         373 Aug  7  2007 Admin_UploadFile.aspx
-rw-rw-rw-   1 user     group         361 Aug  7  2007 Admin_User.aspx
-rw-rw-rw-   1 user     group         367 Aug  7  2007 Admin_UserAdd.aspx
-rw-rw-rw-   1 user     group         373 Aug  7  2007 Admin_UserRename.aspx
-rw-rw-rw-   1 user     group         373 Aug  7  2007 Admin_UserSearch.aspx
-rw-rw-rw-   1 user     group         346 Aug  7  2007 Board.aspx
-rw-rw-rw-   1 user     group         351 Aug  7  2007 BoardLog.aspx
-rw-rw-rw-   1 user     group         354 Aug  7  2007 BoardNews.aspx
-rw-rw-rw-   1 user     group         360 Aug  7  2007 ControlPanel.aspx
drw-rw-rw-   1 user     group           0 Nov 14  2010 Controls
-rw-rw-rw-   1 user     group          86 Aug  7  2007 Download.aspx
-rw-rw-rw-   1 user     group     4335441 Jan 18  2011 FTP.rar
drw-rw-rw-   1 user     group           0 Sep 19  2010 FindPassword
-rw-rw-rw-   1 user     group         364 Aug 27  2007 ForgetPassword.aspx
-rw-rw-rw-   1 user     group        3915 Dec  7  2010 Forum.config
-rw-rw-rw-   1 user     group         339 Aug  7  2007 ForumTopic.aspx
-rw-rw-rw-   1 user     group         426 Aug  7  2007 Frame.aspx
-rw-rw-rw-   1 user     group         682 Aug 20  2007 Frame.htm
drw-rw-rw-   1 user     group           0 Oct  3  2010 FreeTextBox
-rw-rw-rw-   1 user     group          92 Apr 23  2010 GetTopicListJs.aspx
-rw-rw-rw-   1 user     group        4884 Dec 20  2010 Help.aspx
-rw-rw-rw-   1 user     group         346 Aug  7  2007 Index.aspx
-rw-rw-rw-   1 user     group        2986 Dec  3  2007 IndexSearch.htm
-rw-rw-rw-   1 user     group         358 Aug  7  2007 Information.aspx
-rw-rw-rw-   1 user     group         478 Aug  7  2007 Left.aspx
-rw-rw-rw-   1 user     group         346 Aug  7  2007 Login.aspx
-rw-rw-rw-   1 user     group          84 Aug  7  2007 Logout.aspx
-rw-rw-rw-   1 user     group    43828873 Oct 20  2010 McAfee85i.rar
-rw-rw-rw-   1 user     group         336 Aug  7  2007 Members.aspx
-rw-rw-rw-   1 user     group         358 Aug  7  2007 MessageView.aspx
-rw-rw-rw-   1 user     group         352 Aug  7  2007 NewsView.aspx
-rw-rw-rw-   1 user     group          93 Oct  6  2010 Office_DownLoad.aspx
-rw-rw-rw-   1 user     group         367 Oct  5  2010 Office_Index.aspx
-rw-rw-rw-   1 user     group         362 Dec  7  2010 Office_Login.aspx
-rw-rw-rw-   1 user     group         379 Nov 23  2010 Office_Resources.aspx
-rw-rw-rw-   1 user     group         382 Dec  9  2010 Office_ShareInfoPub.aspx
-rw-rw-rw-   1 user     group         402 Dec  7  2010 Office_ShareInfos.aspx
-rw-rw-rw-   1 user     group         379 Dec  7  2010 Office_setting.aspx
-rw-rw-rw-   1 user     group         318 Nov  7  2010 Office_tmp.aspx
-rw-rw-rw-   1 user     group         344 Aug  7  2007 Post.aspx
-rw-rw-rw-   1 user     group         352 Aug  7  2007 PostEdit.aspx
drw-rw-rw-   1 user     group           0 Sep 19  2010 Properties
-rw-rw-rw-   1 user     group          83 Aug  7  2007 Quote.aspx
-rw-rw-rw-   1 user     group          81 Aug  7  2007 RSS.aspx
-rw-rw-rw-   1 user     group         352 Aug  7  2007 Register.aspx
-rw-rw-rw-   1 user     group         346 Aug  7  2007 Reply.aspx
drw-rw-rw-   1 user     group           0 Nov  7  2010 Resources
-rw-rw-rw-   1 user     group    1277240939 Oct 25  2010 SQLServer2005.rar
-rw-rw-rw-   1 user     group         348 Aug  7  2007 Search.aspx
-rw-rw-rw-   1 user     group         357 Aug  7  2007 SendMessage.aspx
-rw-rw-rw-   1 user     group         111 Aug  7  2007 ShowCode.aspx
-rw-rw-rw-   1 user     group         344 Aug  7  2007 Team.aspx
-rw-rw-rw-   1 user     group         343 Aug  7  2007 Topic.aspx
-rw-rw-rw-   1 user     group         354 Aug  7  2007 TopicEdit.aspx
-rw-rw-rw-   1 user     group         417 Aug  7  2007 Upload.aspx
-rw-rw-rw-   1 user     group         421 Aug  7  2007 UploadFace.aspx
drw-rw-rw-   1 user     group           0 Sep  4 10:51 Uploads
-rw-rw-rw-   1 user     group         435 Aug  7  2007 UserFace.aspx
-rw-rw-rw-   1 user     group         355 Aug  7  2007 UserOnline.aspx
-rw-rw-rw-   1 user     group         352 Aug  7  2007 VoteView.aspx
-rw-rw-rw-   1 user     group         352 Nov 21  2010 Wap_HomeView.aspx
drw-rw-rw-   1 user     group           0 Sep 29  2010 aspnet_client
drw-rw-rw-   1 user     group           0 May 20  2011 bin
-rw-rw-rw-   1 user     group        4203 Apr  7  2009 color.htm
drw-rw-rw-   1 user     group           0 Sep 19  2010 css
-rw-rw-rw-   1 user     group    449436309 Oct 25  2010 dot.rar
drw-rw-rw-   1 user     group           0 Sep 19  2010 editor
drw-rw-rw-   1 user     group           0 Nov 15  2010 emote
-rw-rw-rw-   1 user     group        2603 Jun 17  2010 ftb.colorpicker.aspx
-rw-rw-rw-   1 user     group       15130 May  3  2011 ftb.imagegallery.aspx
-rw-rw-rw-   1 user     group       10288 May 23  2010 ftb.insertAvi.aspx
-rw-rw-rw-   1 user     group        8418 May 22  2010 ftb.insertFlash.aspx
-rw-rw-rw-   1 user     group        3712 Jun 17  2010 ftb.inserttable.aspx
-rw-rw-rw-   1 user     group        1532 Jun 17  2010 ftb.view.aspx
drw-rw-rw-   1 user     group           0 Dec 20  2010 help
drw-rw-rw-   1 user     group           0 Oct 29  2010 images
-rw-rw-rw-   1 user     group       14808 Oct  5  2010 index.htm
drw-rw-rw-   1 user     group           0 Sep 19  2010 js
drw-rw-rw-   1 user     group           0 Nov 15  2010 microblog
drw-rw-rw-   1 user     group           0 Sep 19  2010 obj
drw-rw-rw-   1 user     group           0 Dec  6  2010 office
-rw-rw-rw-   1 user     group          24 Dec 11  2010 robots.txt
-rw-rw-rw-   1 user     group          82 Nov 12  2010 t.aspx
drw-rw-rw-   1 user     group           0 Sep 19  2010 teamphoto
drw-rw-rw-   1 user     group           0 Apr  9  2011 template
drw-rw-rw-   1 user     group           0 Nov  1  2011 upload
drw-rw-rw-   1 user     group           0 Nov 13  2010 uploadface
drw-rw-rw-   1 user     group           0 Dec  9  2010 userface
-rw-rw-rw-   1 user     group         346 Nov 21  2010 wap_Friends.aspx
-rw-rw-rw-   1 user     group         348 Dec  5  2010 wap_Groups.aspx
-rw-rw-rw-   1 user     group         360 Dec  5  2010 wap_GroupsDetail.aspx
-rw-rw-rw-   1 user     group         350 Dec  5  2010 wap_ImgView.aspx
-rw-rw-rw-   1 user     group         346 Nov 21  2010 wap_Index.aspx
-rw-rw-rw-   1 user     group         346 Nov 21  2010 wap_MyAttentions.aspx
-rw-rw-rw-   1 user     group         348 Dec  5  2010 wap_Replay.aspx
-rw-rw-rw-   1 user     group         352 Dec  5  2010 wap_Timeline.aspx
-rw-rw-rw-   1 user     group         344 Nov 21  2010 wap_home.aspx
-rw-rw-rw-   1 user     group         346 Dec  5  2010 wap_login.aspx
-rw-rw-rw-   1 user     group       22953 Nov 23  2010 web.config
-rw-rw-rw-   1 user     group     7992399 Aug  4 14:04 web.rar
-rw-rw-rw-   1 user     group    951391539 Aug  4 14:08 web2.rar
-rw-rw-rw-   1 user     group      580109 Feb 17  2011 wwwroot.rar
-rw-rw-rw-   1 user     group     1885893 Oct 25  2010 ???????.rar
226 Transfer complete.
ftp>

修复方案:

我不瞎掺和了

版权声明:转载请注明来源 popok@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2012-09-15 18:29

厂商回复:

CNVD确认漏洞并复现所情况,并在周五已经由CNCERT四川分中心协调基础电信运营企业(信息系统所属单位为电信运营商直属单位)处置。
按完全影响机密性,部分影响完整性进行评分,rank=8.47*1.0*1.2=10.764

最新状态:

暂无