当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-096079

漏洞标题:豌豆荚某站配置不当可未授权访问导致多个敏感信息泄露(可以看公司员工伙食)

相关厂商:豌豆荚

漏洞作者: 我是小号

提交时间:2015-02-10 10:19

修复时间:2015-02-18 15:17

公开时间:2015-02-18 15:17

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:10

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-02-10: 细节已通知厂商并且等待厂商处理中
2015-02-10: 厂商已经确认,细节仅向厂商公开
2015-02-18: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

配置不当未授权访问

详细说明:

站点:
fan.wandoulabs.com
是豌豆荚员工点餐的平台(应该算是内部平台吧,怎么会公网可以访问呢?)

07.png


#1.log目录未授权访问
http://fan.wandoulabs.com/log

03.png


http://fan.wandoulabs.com/api/rank
http://fan.wandoulabs.com/api/data/%E8%B5%9B%E7%99%BE%E5%91%B3%28%E8%A5%BF%E5%B0%8F%E5%8F%A3%29


访问得里面有Unicode编码数据解码可以知道午餐有:
雪梨银耳百合粥、香滑蒸蛋等等,伙食不错的!
#2.git代码托管服务配置不当

http://uowechat.wandoujia.com/.git/config


上面的链接可以未授权访问,表示整个git服务的源代码都可以被遍历获取
拿出perl脚本自动化遍历可得:

D:\>perl 1.pl -v -u http://fan.wandoulabs.com/.git
[i] Downloading git files from http://fan.wandoulabs.com/.git
[!] Not found for COMMIT_EDITMSG: 404 Not Found
[d] found config
[d] found description
[d] found HEAD
[d] found index
[d] found packed-refs
[!] Not found for objects/info/alternates: 404 Not Found
[!] Not found for info/grafts: 404 Not Found
[d] found logs/HEAD
[!] Not found for objects/22/c454f74f434bc3303c5538825b5528adb10f36: 404 Not Fou
nd
[d] found objects/6f/858fe11be5607433e63f2ca91b39089ac3940e
[d] found objects/16/55132c58f76fa46457ce4987c65de2051b2539
[d] found objects/50/3563d459e2ba0d5ef7b74b2b9555a20cef408b
[d] found objects/44/cdfce8beb9129c0986b6903000cedf07b70297
[d] found objects/da/92170fdf2a71d6a40453d71763ce23218088dc
[d] found objects/d2/02abe5e479b5bad632ceef0b8e1b3ca7f5b83e
[d] found objects/81/9a3ce8b2df290cacda94d2ca0467d6c4c568ed
[d] found objects/5f/c5c945f29951813c669cf6f358a28d8dadb888
[d] found objects/bc/2597a3cd290668ae39c15b96d6e50ffdb02358
[d] found objects/29/885214c8a90a7a75bfbac743d8ee9e9b944d52
[d] found objects/44/6bd616618caffb2248c4fefbd3c221c2c33c4c
[d] found objects/0a/ee1372e64dff6cfc61e57075d19869c6f730d3
[d] found objects/ab/f8acb45ed99e5c695db70c3710dce8eb65b8b3
[d] found objects/83/11801845758c1e01b40b8979489d194ebd28f7
[d] found objects/78/3d646e3c583b9cdbec38fc4b08473a9a9e4668
[d] found objects/64/a78a2bdc0f16d3638218822976c6f2f4857a12
[d] found objects/e7/f62e4cae87091ca6619573ff3c5bbec545e7a6
[d] found objects/57/06af10f2a2d4505571a696cee5cfa805c90e08
[d] found objects/ca/be86f69713ca678f55e0a8672a0243ee702b15
[d] found objects/44/b7ab3bab31d40485fe67d295c1496033d76c21
[d] found refs/heads/master
[i] Running git fsck to check for missing items


漏洞证明:

~!1./refs/heads/master:

06.png


~!2./logs/HEAD

05.png


~!3.objects/44/b7ab3bab31d40485fe67d295c1496033d76c21
其他不一一证明了.
利用方式: 

git reset --hard


还原整站

修复方案:

网站合理配置

版权声明:转载请注明来源 我是小号@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-02-10 10:31

厂商回复:

和上个漏洞一起处理了,感谢对豌豆荚安全的帮助

最新状态:

2015-02-18:已修复。