当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0139272

漏洞标题:上海三零卫士漏洞一枚

相关厂商:30wish.net

漏洞作者: 路人甲

提交时间:2015-09-06 14:52

修复时间:2015-10-23 12:16

公开时间:2015-10-23 12:16

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:8

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-06: 细节已通知厂商并且等待厂商处理中
2015-09-08: 厂商已经确认,细节仅向厂商公开
2015-09-18: 细节向核心白帽子及相关领域专家公开
2015-09-28: 细节向普通白帽子公开
2015-10-08: 细节向实习白帽子公开
2015-10-23: 细节向公众公开

简要描述:

2333

详细说明:

上海三零卫士
https://itsm.30wish.net/occ/.svn/entries

dir 6 http://192.168.33.52/svn/occ http://192.168.33.52/svn/occ 2014-10-08T09:12:13.956976Z 6 zhum_sh ec62a58a-7000-4468-92b7-46b06ac312b0 module_itsm_document dir module_itsm_process dir module_pmos_web dir module_occ_org dir module_itsm_billing dir module_itsm_occ_invoice dir module_itsm_maintenance dir module_itsm_stock dir module_itsm_renshi_zp_lytz dir module_itsm_back_section dir module_itsm_procurement_more dir module_g_00 dir module_itsm_renshi_zp_fs dir module_itsm_fcc dir module_itsm_ci dir module_itsm_report_model dir module_itsm_renshi_zp_js dir module_itsm_reimburse dir module_itsm_renshi_gd_gdjl dir module_itsm_equipment_list dir module_itsm_renshi_gh_shaixuan dir module_itsm_project dir module_itsm_occ_reportforms dir module_itsm_stat dir basic.inc.php file 2014-10-08T09:55:53.641125Z 995f7b33e7aec8c3079377ec65163489 2014-09-30T07:15:57.058830Z 1 lijingjing 3286 module_occ_bf dir module_occ_stock_xm dir include dir module_itsm_ou dir module_itsm_balance dir module_itsm_renshi_zp_cs dir module_itsm_resource dir module_itsm_renshi dir module_itsm_loan dir new_message.mp3 file 2014-10-08T09:55:53.641125Z 9ccb4fb8f5e00b113c977240d1b1a2f1 2014-09-30T07:15:57.058830Z 1 lijingjing has-props 44348 module_itsm_contact dir index.php file 702 2015-06-26T05:01:48.734375Z ad74023d0c4512f48b82ad221f1630ef 2015-06-26T04:57:24.837212Z 702 zhum_sh 5681 cli.php file 2014-10-08T09:55:53.641125Z 3f0b27277fec249ff8e2bc8a457b9224 2014-09-30T07:15:57.058830Z 1 lijingjing 1551 module_manage dir module_itsm_invoice dir module_itsm_subject dir module_itsm_human_cost dir module_occ_score dir module_itsm_finance dir module_itsm_renshi_office dir changelog.txt file 2014-10-08T09:55:53.641125Z ebe4944edf2c0072723729bef7c79cee 2014-09-30T07:15:57.058830Z 1 lijingjing 3617 module_itsm_equipment dir module_itsm_00 dir config.inc.sample.php file 2014-10-08T09:55:53.641125Z c3e102b7afb1db9406e55f319d8d4f49 2014-09-30T07:15:57.058830Z 1 lijingjing 783 module_itsm_renshi_job dir module_itsm_org dir module_itsm_renshi_ly_yd dir module_occ_muen dir login.php file 2014-10-08T09:55:53.641125Z 5b6462aaa7f291732fe0c133d34e19a2 2014-09-30T07:15:57.058830Z 1 lijingjing 475 logout.php file 2014-10-08T09:55:53.656750Z d46b62c615572adf582f4612de471c7e 2014-09-30T07:15:57.058830Z 1 lijingjing 479 module_itsm_project_zb dir module_itsm_given_financial_code dir module_itsm_renshi_performance dir module_itsm_training dir module_itsm_contract_decompose dir module_itsm_renshi_finance dir module_pmos_01 dir module_pmos dir module_basic dir module_itsm_renshi_lizhi dir email_upload_file dir module_itsm_renshi_job_fb dir module_itsm_plan dir module_itsm_guide dir module_itsm_procurement_requisition dir module_kb dir module_itsm_renshi_cx_jlcx dir module_itsm_task dir module_itsm_procurement dir module_occ_report dir module_occ_procurement_plan dir module_itsm_electronic_sign dir module_occ_file dir module_itsm_renshi_fuzhu dir module_itsm_budget dir module_itsm_budget_control dir readme.txt file 2014-10-08T09:55:53.656750Z 9e0983c5d36bc03c420e77ba74cf0a06 2014-10-08T05:00:43.654626Z 3 lijingjing 289 module_itsm_renshi_attendance_record dir module_itsm_payment dir module_itsm_contract dir


9.jpg


0.jpg


可以用脚本下载~
查看下文件:
https://itsm.30wish.net/occ/email_upload_file/KB2014060002.pdf

9.jpg


等等..

漏洞证明:

···

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-09-08 12:15

厂商回复:

积极修复,感谢督促!

最新状态:

暂无