当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-086365

漏洞标题:我乐网主站某服务配置不当

相关厂商:56.com

漏洞作者: 路人甲

提交时间:2014-12-08 13:30

修复时间:2015-01-22 13:32

公开时间:2015-01-22 13:32

漏洞类型:系统/服务运维配置不当

危害等级:高

自评Rank:11

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-12-08: 细节已通知厂商并且等待厂商处理中
2014-12-08: 厂商已经确认,细节仅向厂商公开
2014-12-18: 细节向核心白帽子及相关领域专家公开
2014-12-28: 细节向普通白帽子公开
2015-01-07: 细节向实习白帽子公开
2015-01-22: 细节向公众公开

简要描述:

我乐网主站某服务配置不当

详细说明:

我乐网 squid ACL配置当导致信息泄露。

lala@lala:~$ squidclient -h www.56.com -p 80 mgr:
HTTP/1.0 200 OK
Server: Cdn Cache Server V2.0
Date: Mon, 08 Dec 2014 05:11:40 GMT
Content-Type: text/plain
Expires: Mon, 08 Dec 2014 05:11:40 GMT
Last-Modified: Mon, 08 Dec 2014 05:11:40 GMT
X-Via: 1.0 sccdxx14:4 (Cdn Cache Server V2.0)
Connection: close
 mem                   	Memory Utilization	public
 cbdata                	Callback Data Registry Contents	public
 events                	Event Queue	public
 squidaio_counts       	Async IO Function Counters	public
 coss                  	COSS Stats	public
 config                	Current Squid Configuration	hidden
 plugin                	plugin info	public
 ipcache               	IP Cache Stats and Contents	public
 ipaccess              	IP Access Stats and Contents	public
 fqdncache             	FQDN Cache Stats and Contents	public
 idns                  	Internal DNS Statistics	public
 external_acl          	External ACL stats	public
 http_headers          	HTTP Header Statistics	public
 menu                  	This Cachemanager Menu	public
 ##注意这个!##shutdown              	Shut Down the Squid Process	hidden
 offline_toggle        	Toggle offline_mode setting	hidden
 malloc_print          	Print malloc statistic	public
 denyattack_dynconf    	This Cachemanager denyattack_dynconf	public
 denyattack_dynconf_del	This Cachemanager denyattack_dynconf_del	public
 denyattack_dynconf_print	This Cachemanager denyattack_dynconf_print	public
 put_ip_blackwhite_list	This Cachemanager put_ip_blackwhite_list	public
 del_ip_blackwhite_list	This Cachemanager del_ip_blackwhite_list	public
 get_ip_blackwhite_list	This Cachemanager get_ip_blackwhite_list	public
 put_url_blackwhite_list	This Cachemanager put_url_blackwhite_list	public
 del_url_blackwhite_list	This Cachemanager del_url_blackwhite_list	public
 get_url_blackwhite_list	This Cachemanager get_url_blackwhite_list	public
 get_ahtml_content     	This Cachemanager get_ahtml_content	public
 put_rate_limit        	This Cachemanager put_rate_limit	public
 del_rate_limit        	This Cachemanager del_rate_limit	public
 put_miss_rate_limit   	This Cachemanager put_miss_rate_limit	public
 del_miss_rate_limit   	This Cachemanager del_miss_rate_limit	public
 put_miss_times_limit  	This Cachemanager put_miss_times_limit	public
 del_miss_times_limit  	This Cachemanager del_miss_times_limit	public
 put_times_limit       	This Cachemanager put_times_limit	public
 del_times_limit       	This Cachemanager del_times_limit	public
 put_bwctrl_para       	This Cachemanager put_bwctrl_para	public
 put_max_conns         	This Cachemanager put_max_conns	public
 get_bwctrl_limit      	This Cachemanager get_bwctrl_limit	public
 reconfigure           	Interface for dynamic reconfigure	public
 host_list             	Interface for list host info	public
 forward_warning       	Forward Error Warning 	public
 traffic               	Traffic count by host	public
 traffic_n             	Traffic count by host	public
 traffic_time          	Traffic count by host(cleared every 5 min)	public
 traffic_bw            	Traffic count by host for bwctrl	public
 process_info          	get the ports that are listened by precesses	public
 404                   	Request count by host	public
 status                	Response status code count by host	public
 info                  	General Runtime Information	public
 qos_stat              	Get QoS Statistics	public
 qos                   	Get QoS Statistics	public
 filedescriptors       	Process Filedescriptor Allocation	public
 objects               	All Cache Objects	public
 vm_objects            	In-Memory and In-Transit Objects	public
 openfd_objects        	Objects with Swapout files open	public
 pending_objects       	Objects being retreived from the network	public
 client_objects        	Objects being sent to clients	public
 io                    	Server-side network read() size histograms	public
 counters              	Traffic and Resource Counters	public
 peer_select           	Peer Selection Algorithms	public
 digest_stats          	Cache Digest and ICP blob	public
 5min                  	5 Minute Average of Counters	public
 60min                 	60 Minute Average of Counters	public
 utilization           	Cache Utilization	public
 histograms            	Full Histogram Counts	public
 active_requests       	Client-side Active Requests	public
 ssd_hot               	show top hot file of every cache dir	public
 conns_table           	show host cons num	public
 websocket             	WebSocket information	public
 purge_dir             	Purge Dir Stats	public
 storedir              	Store Directory Stats	public
 lrulist               	lrulist	public
 store_check_cachable_stats	storeCheckCachable() Stats	public
 store_io              	Store IO Interface Stats	public
 store_stat_by_domain  	Number of Files, Store Size and The Oldest Lastref Time according to host	public
 tcp_retrans           	tcp_retrans	public
 pconn                 	Persistent Connection Utilization Histograms	public
 refresh               	Refresh Algorithm Statistics	public
 delay                 	Delay Pool Levels	public
 forward               	Request Forwarding Statistics	public
 server_list           	Peer Cache Statistics	public
 carp                  	CARP information	public
 client_list           	Cache Client List	public
 asndb                 	AS Number Database	public

漏洞证明:

~$ squidclient -h www.56.com -p 80 mgr:idns
HTTP/1.0 200 OK
Server: Cdn Cache Server V2.0
Date: Mon, 08 Dec 2014 05:14:22 GMT
Content-Type: text/plain
Expires: Mon, 08 Dec 2014 05:14:22 GMT
Last-Modified: Mon, 08 Dec 2014 05:14:22 GMT
X-Via: 1.0 cdxx63:6 (Cdn Cache Server V2.0)
Connection: close
Internal DNS Statistics:
The Queue:
                       DELAY SINCE
  ID   SIZE SENDS FIRST SEND LAST SEND
------ ---- ----- ---------- ---------
Nameservers:
IP ADDRESS      #NHOST # QUERIES # REPLIES
--------------- ------ --------- ---------
115.x.x.90     3953      6925      6728
121.x.x.73      3953       197       197
61.x.x.200     3953        12        12
111.x.x.88     3953        12        12
218.x.x.86     3953        12        12
202.x.x.166      7       378       378
61.x.x.254       7         0         0
202.x.x.55        7         0         0
Rcode Matrix:
RCODE ATTEMPT1 ATTEMPT2 ATTEMPT3
    0     6979        0        0
    1        0        0        0
    2        0        0        0
    3      312        0        0
    4        0        0        0
    5        0        0        0

修复方案:

cachemgr_passwd password_here all

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2014-12-08 16:50

厂商回复:

很感激漏洞发现者,已经修复。

最新状态:

暂无