当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0138355

漏洞标题:树熊网络某信息泄露

相关厂商:witown.cn

漏洞作者: DNS

提交时间:2015-09-01 14:31

修复时间:2015-09-14 14:34

公开时间:2015-09-14 14:34

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:16

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-01: 细节已通知厂商并且等待厂商处理中
2015-09-01: 厂商已经确认,细节仅向厂商公开
2015-09-11: 细节向核心白帽子及相关领域专家公开
2015-09-14: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

RT,其实我是为了树熊路由器来的

详细说明:

https://github.com/Hancoson/treebear
首先是这你们的源码
涉及很多个系统
最近加班严重,看着代码就想睡觉
你们自己看着来吧
贴些代码

var img_db = {
user:'root',
pass:'123456',
host:'mongodb://localhost/sx_images'
};
exports.db_config = img_db;


这里的代码是七牛数据存储接口吧

var urllib = require('url');
var qn = require('qn');
exports.uploadPic = function(filepath,imgKey,callback){
var client = qn.create({
accessKey: '9Y0d9uyZcUeynzKVIorjEhzOle30xJuzX2rHMlbR',
secretKey: 'mCRwCBK0Tml_a1v6EFqVTdZ5q2ELkbEQbJ1kCvHr',
bucket: 'treebear',
domain: 'http://treebear.u.qiniudn.com',
// timeout: 3600000, // default rpc timeout: one hour, optional
});
//console.log(imgKey);
client.uploadFile(filepath, {key: imgKey.key}, function (err, result) {
console.log(err);
console.log(result);
if(err){
console.log(err);
}else{
callback(err,result);
}
// {
// hash: 'FhGbwBlFASLrZp2d16Am2bP5A9Ut',
// key: 'qn/lib/client.js',
// url: 'http://qtestbucket.qiniudn.com/qn/lib/client.js'
// "x:ctime": "1378150371",
// "x:filename": "client.js",
// "x:mtime": "1378150359",
// "x:size": "21944",
// }
});
}


QQ图片20150901140930.png


这两个都在这里
感冒了,好难受
shop.treebear.cn
help.treebear.cn

22222222222.png

1111111.png


代码很多敏感信息,
还有一个APP

33333333.png


我看见想做点什么又怕引起问题和警觉
admin 123456

漏洞证明:

{
"authStatus": 0,
"bodyClass": "relativefooter",
"header":{
"componentCode":"TplDefaultHeader",
"bgColor":"",
"fontColor":"",
"shortitle":"cai测试分店"
},
"footer":{
"componentCode":"TplDefaultFooter",
"hostname":"Randy-PC",
"isDisplay":1,
"footType":0,
"portal_footer_support":"",
"localeToChanege":"English"
},
"component": [
{
"componentCode": "TplDefaultLead",
"crossMarketings": [
{
"picUrl": "http://static.test1.witown.com/reception/templated/images/bg.jpg"
},
{
"picUrl": "http://static.test1.witown.com/reception/templated/images/bg.jpg"
}
],
"pageCompId": 18144,
"portal_default_guide_noImage":"",
"viewModel":"",
"mid":"sgasdfasdfsfad",
"edition":"2",
"picChildren": [
{
"picUrl": "http://static.test1.witown.com/reception/templated/images/bg.jpg"
}
],
"size": 1
},
{
"bgColor": "",
"bgImg": "",
"componentCode": "TplDefaultFb1",
"content": "",
"fontColor": "",
"isDisplay": "Y",
"isOpenOneKeyLogin": "Y",
"location": "",
"pageCompId": 18145,
"shape": 1,
"pageType": "",
"location": "",
"shape": 0,
"labelCss": "fb1-wrapper",
"transparency": "",
"authStatus": "0",
"skey_disabled": "N",
"portalVersion": "dasfd",
"siteId": "2312",
"mid": "dfasdfasdfsd",
"vtoken": "asdfasdfasdf",
"skey": "asdfasdfcx",
"span": "btn_t",
"bgColor": "",
"fontColor": "",
"btn_img": "freebtn",
"portal_default_free_btn": "免费上网",
"htdocsUrl": "http://s5.witown.com/",
"portal_login_overdue": "1",
"portal_login_timeout": "1"
}
],
"env": {
"htdocsUrl": "http://static.witown.net:8888",
"merchantUrl": "http://wifi.witown.com"
},
"error": 0,
"hostname": "Randy-PC",
"isFromMobile": "N",
"jscommon": "build/common/jquery.min.js",
"merchant": {
"agentServicePhone": "400-101-1786",
"agentShortName": "树熊网络",
"del": false,
"expired": false,
"follow": false,
"hasNuomi": "n",
"merchantId": "8a7158794b6db057014b6db057b50000",
"mobile": "",
"phone": "0571-88812313",
"shortitle": "cai测试分店"
},
"message": "success",
"mobile": "N",
"os": "w",
"package": "reception",
"page": {
"id": 6318,
"name": "封面",
"staticCssSet": "parts/lead1/index.min.css,common/idangerous.swiper.min.css,parts/freebtn1/index.min.css?t=20150108",
"staticJsSet": "common/idangerous.swiper.min.js,parts/freebtn1/index.min_20150106.js,parts/lead1/index.min.js?t=20150108",
"type": "LANDING"
},
"pageType": "LANDING",
"portalVersion": "/witown5.0",
"portal_default_free_btn": "免费上网",
"portal_default_guide_noImage": "引导图组件:请添加图片",
"portal_footer_support": "技术支持",
"portal_login_timeout": "您今天的免费上网时间已用完 ",
"shortitle": "cai测试分店",
"site": {
"bgColor": "",
"fontColor": "",
"footType": 1,
"id": 1548,
"indexType": "LANDING",
"isDisplay": "1",
"shortitle": "默认店铺主题",
"online": false,
"templateCode": "default"
},
"skey_disabled": "Y",
"viewModel": "pro",
"vtoken": "8a7158794c080ad2014c2ae75cbb0068"
}

修复方案:

来个树熊公仔

版权声明:转载请注明来源 DNS@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:4

确认时间:2015-09-01 16:24

厂商回复:

已离职员工将一些日常开发的静态资源上传到了github,里面提到的一些信息几乎都是过时的,对系统的营销较小,现已让他把对应的项目删除;

最新状态:

2015-09-14:上次确认时已同步修复