当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-067165

漏洞标题:中国电信天翼189漏洞打包

相关厂商:中国电信

漏洞作者: 乐乐、

提交时间:2014-07-04 17:57

修复时间:2014-08-18 17:58

公开时间:2014-08-18 17:58

漏洞类型:敏感信息泄露

危害等级:低

自评Rank:1

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-07-04: 细节已通知厂商并且等待厂商处理中
2014-07-09: 厂商已经确认,细节仅向厂商公开
2014-07-19: 细节向核心白帽子及相关领域专家公开
2014-07-29: 细节向普通白帽子公开
2014-08-08: 细节向实习白帽子公开
2014-08-18: 细节向公众公开

简要描述:

应该能发掘出很多大问题吧。

详细说明:

压缩包:
http://3g.tv189.com/portal/480/home/wdfw.tar.gz
http://3g.tv189.com/portal/wap/home/wdfw.tar.gz
http://3g.tv189.com/portal/480/480.tar.gz
http://m.ccg.tv189.com/portal/wap/home/wdfw.tar.gz
未授权访问:
http://jk.tv189.com/admin
ST2开发者模式:(好像没法利用)
http://law.tv189.com//struts/webconsole.html
DNS域传送:
root@bt:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl tv189.com
dnsenum.pl VERSION:1.2
----- tv189.com -----
-----------------
Host's addresses:
-----------------
tv189.com. 1800 IN A 180.153.149.206
-------------
Name servers:
-------------
dns2.tv189.com. 989 IN A 180.153.149.2
dns1.tv189.com. 978 IN A 180.153.149.1
dns.tv189.com. 979 IN A 180.153.149.1
-----------
MX record:
-----------
mta-ent.21cn.com. 600 IN A 121.14.129.85
mta-ent.21cn.com. 600 IN A 121.14.129.73
mta-ent.21cn.com. 600 IN A 121.14.129.83
mta-ent.21cn.com. 600 IN A 121.14.129.75
---------------------
Trying Zonetransfers:
---------------------
Trying zonetransfer for tv189.com on dns2.tv189.com ...
Trying zonetransfer for tv189.com on dns1.tv189.com ...
tv189.com. 1800 IN SOA dns.tv189.com. root.tv189.com. (
137 ; Serial
300 ; Refresh
14400 ; Retry
3600000 ; Expire
1800 ) ; Minimum TTL
tv189.com. 1800 IN A 180.153.149.206
tv189.com. 1800 IN NS dns.tv189.com.
tv189.com. 1800 IN NS dns1.tv189.com.
tv189.com. 1800 IN NS dns2.tv189.com.
tv189.com. 1800 IN MX 10 mta-ent.21cn.com.
21cn.tv189.com. 1800 IN CNAME wcp.tv189.com.
*.21cn.tv189.com. 1800 IN A 180.153.149.206
3a.tv189.com. 1800 IN A 61.145.115.79
3g.tv189.com. 1800 IN A 118.85.193.193
allook.tv189.com. 1800 IN CNAME wcp.tv189.com.
api.tv189.com. 1800 IN A 180.153.149.13
beta.tv189.com. 1800 IN A 180.153.149.206
bjtyjy.tv189.com. 1800 IN CNAME wcp.tv189.com.
*.bjtyjy.tv189.com. 1800 IN A 180.153.149.206
card.tv189.com. 1800 IN CNAME wcp.tv189.com.
m.ccg.tv189.com. 1800 IN A 118.85.193.193
wap.ccg.tv189.com. 1800 IN A 118.85.193.208
cjtest.tv189.com. 1800 IN CNAME cjtest.tv189.com.ctycdn.com.
daren.tv189.com. 1800 IN CNAME daren.tv189.com.lxdns.com.
dns.tv189.com. 1800 IN A 180.153.149.1
dns1.tv189.com. 1800 IN A 180.153.149.1
dns2.tv189.com. 1800 IN A 180.153.149.2
ent.tv189.com. 1800 IN CNAME wcp.tv189.com.
file.tv189.com. 1800 IN CNAME file.tv189.com.lxdns.com.
game.tv189.com. 1800 IN CNAME wcp.tv189.com.
gp.tv189.com. 1800 IN CNAME gp.tv189.com.wscdns.com.
gw.tv189.com. 1800 IN A 180.153.149.78 XXXXXXXXXXXXXXXXXXXXXXXXXXXX
hd.tv189.com. 1800 IN CNAME hd.tv189.com.lxdns.com.
help.tv189.com. 1800 IN CNAME help.tv189.com.lxdns.com.
hi.tv189.com. 1800 IN CNAME hi.tv189.com.lxdns.com.
house.tv189.com. 1800 IN CNAME house.tv189.com.wscdns.com.
m.house.tv189.com. 1800 IN A 175.102.15.141
m.house.tv189.com. 1800 IN A 140.207.194.141
ifengvip.tv189.com. 1800 IN CNAME ifengvip.tv189.com.wscdns.com.
imap.tv189.com. 1800 IN CNAME imap-ent.21cn.com.
iptvcdn.tv189.com. 1800 IN CNAME wcp.tv189.com.
jk.tv189.com. 1800 IN A 180.153.149.51
jsyx.tv189.com. 1800 IN CNAME jsyx.tv189.com.lxdns.com.
kork.tv189.com. 1800 IN A 180.153.149.66
law.tv189.com. 1800 IN A 118.85.192.224
live.tv189.com. 1800 IN CNAME live.tv189.com.lxdns.com.
lteams.tv189.com. 1800 IN A 180.153.149.15
lteop.tv189.com. 1800 IN A 180.153.149.72
ltepush.tv189.com. 1800 IN A 180.153.149.16
ltetp.tv189.com. 1800 IN A 118.85.193.210
ltetp2.tv189.com. 1800 IN A 180.153.149.13
ltetp3.tv189.com. 1800 IN A 118.85.192.228
ltewap.tv189.com. 1800 IN A 118.85.193.193
ltewap2.tv189.com. 1800 IN A 118.85.193.208
m.tv189.com. 1800 IN A 118.85.193.193
m1905.tv189.com. 1800 IN CNAME wcp.tv189.com.
mail.tv189.com. 1800 IN CNAME 21cnentmail.com.
movie.tv189.com. 1800 IN CNAME wcp.tv189.com.
mpadmusic.tv189.com. 1800 IN CNAME hmdn.tv189.cn.hmdn.tv380.com.
my.tv189.com. 1800 IN CNAME my.tv189.com.lxdns.com.
myjs.tv189.com. 1800 IN CNAME myjs.tv189.com.lxdns.com.
myoung.tv189.com. 1800 IN CNAME wcp.tv189.com.
onlinemovie.tv189.com. 1800 IN CNAME wcp.tv189.com.
*.onlinemovie.tv189.com. 1800 IN A 180.153.149.206
*.onlinevideo.tv189.com. 1800 IN A 180.153.149.207
ott.tv189.com. 1800 IN A 180.153.149.202
paymentgw.tv189.com. 1800 IN A 118.85.193.204
pop.tv189.com. 1800 IN CNAME pop-ent.21cn.com.
qnk.tv189.com. 1800 IN CNAME qnk.tv189.com.lxdns.com.
real.tv189.com. 1800 IN CNAME wcp.tv189.com.
sconline.tv189.com. 1800 IN CNAME jsyx.tv189.com.lxdns.com.
*.sconline.tv189.com. 1800 IN A 180.153.149.206
seo.tv189.com. 1800 IN CNAME seo.tv189.com.lxdns.com.
show.tv189.com. 1800 IN CNAME wcp.tv189.com.
smtp.tv189.com. 1800 IN CNAME smtp-ent.21cn.com.
so.tv189.com. 1800 IN CNAME so.tv189.com.wscdns.com.
taste.tv189.com. 1800 IN CNAME taste.tv189.com.lxdns.com.
tv.tv189.com. 1800 IN CNAME wcp.tv189.com.
tykk.tv189.com. 1800 IN A 180.153.149.24
vpn.tv189.com. 1800 IN A 180.168.69.117
wcp.tv189.com. 1800 IN A 180.153.149.206
web.tv189.com. 1800 IN A 180.153.149.207
corp.webmail.tv189.com. 1800 IN CNAME corp.webmail.21cn.com.
corpw1.webmail.tv189.com. 1800 IN CNAME corpw1.webmail.21cn.com.
corpw2.webmail.tv189.com. 1800 IN CNAME corpw2.webmail.21cn.com.
corpw3.webmail.tv189.com. 1800 IN CNAME corpw3.webmail.21cn.com.
corpw4.webmail.tv189.com. 1800 IN CNAME corpw4.webmail.21cn.com.
corpw5.webmail.tv189.com. 1800 IN CNAME corpw5.webmail.21cn.com.
corpw6.webmail.tv189.com. 1800 IN CNAME corpw6.webmail.21cn.com.
www.tv189.com. 1800 IN CNAME www.tv189.com.lxdns.com.
yingchao.tv189.com. 1800 IN CNAME wcp.tv189.com.
young.tv189.com. 1800 IN CNAME young.tv189.com.wscdns.com.
yx.tv189.com. 1800 IN CNAME yx.tv189.com.lxdns.com.
yxb.tv189.com. 1800 IN A 180.153.149.5
yxbwbsc.tv189.com. 1800 IN A 180.153.149.5
yxm.tv189.com. 1800 IN CNAME m.tv189.com.
zgws.tv189.com. 1800 IN CNAME wcp.tv189.com.
zj.tv189.com. 1800 IN A 220.191.131.219
zy.tv189.com. 1800 IN CNAME wcp.tv189.com.

漏洞证明:

未授权的:

1.png


压缩包的:(3G的那个站点还有个SVN)

3.png

修复方案:

看着修呗

版权声明:转载请注明来源 乐乐、@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2014-07-09 13:56

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT直接通报中国电信集团公司,按多个信息泄露风险点进行综合评分,rank 10

最新状态:

暂无