当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-098099

漏洞标题:学而思某服务器未授权访问

相关厂商:好未来集团学而思培优

漏洞作者: 路人甲

提交时间:2015-02-24 11:36

修复时间:2015-04-13 16:58

公开时间:2015-04-13 16:58

漏洞类型:未授权访问/权限绕过

危害等级:低

自评Rank:5

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-02-24: 细节已通知厂商并且等待厂商处理中
2015-02-28: 厂商已经确认,细节仅向厂商公开
2015-03-10: 细节向核心白帽子及相关领域专家公开
2015-03-20: 细节向普通白帽子公开
2015-03-30: 细节向实习白帽子公开
2015-04-13: 细节向公众公开

简要描述:

学而思某服务器未授权访问

详细说明:

学而思两台服务器rsync未授权访问,可查看部分子系统源代码、数据库备份文件、访问日志等内容,由于可读不可写,且源码中数据库配置为内网环境,无法远程访问,故rank设为低
115.182.69.66未授权访问:

rsync 115.182.69.66::webroot
4096 2014/11/18 10:33:17 .
-rw-r--r-- 308779209 2014/07/10 13:00:47 homeworkInterface-20140710.tar.gz
-rw-r--r-- 308779316 2014/08/05 15:01:16 homeworkInterface-20140805.tar.gz
-rw-r--r-- 30488675 2014/11/11 15:44:57 m_100tal_20141111.tar.gz
-rw-r--r-- 31469992 2014/11/14 17:49:28 m_100tal_20141114.tar.gz
-rw-r--r-- 31776041 2014/11/18 10:33:19 m_100tal_20141118.tar.gz
-rw-r--r-- 956546 2014/01/06 16:45:20 xueersi_toupiao_20140106.tar.gz
drwxr-xr-x 4096 2014/05/07 09:50:07 cms_v41
drwxr-xr-x 4096 2014/01/07 16:10:25 default
drwxr-xr-x 4096 2012/06/05 16:57:36 eduu_awstats
drwxr-xr-x 4096 2012/02/02 16:39:43 exam1.0
drwxr-xr-x 4096 2012/07/11 13:39:53 ftp
drwxr-xr-x 4096 2014/08/05 15:03:57 homeworkInterface
drwxr-xr-x 4096 2014/10/24 10:24:53 html
drwxr-xr-x 4096 2012/02/02 16:40:22 kaoshi
drwx------ 16384 2014/06/30 15:34:23 lost+found
drwxr-xr-x 4096 2015/02/23 10:24:30 m_100tal
drwxr-xr-x 4096 2014/01/10 11:07:57 sumlog
drwxr-xr-x 4096 2012/07/17 16:14:41 xueersi_toupiao
rsync 115.182.69.66::webroot/html/
4096 2014/10/24 10:24:53 .
drwxr-xr-x 4096 2013/01/31 17:25:16 jiajiao
drwxr-xr-x 4096 2013/04/08 15:27:00 newxueersi
drwxr-xr-x 4096 2015/01/09 18:25:34 speiyou
drwxr-xr-x 4096 2014/03/07 17:46:48 speiyou_cd
drwxr-xr-x 4096 2015/01/30 16:07:30 speiyou_cs
drwxr-xr-x 4096 2014/03/07 17:46:56 speiyou_hz
drwxr-xr-x 4096 2014/12/12 17:49:40 speiyou_jn
drwxr-xr-x 4096 2014/11/07 17:52:56 speiyou_qd
drwxr-xr-x 4096 2014/07/01 10:43:12 speiyou_scd
drwxr-xr-x 4096 2015/01/29 10:40:29 speiyou_scq
drwxr-xr-x 4096 2015/02/12 16:23:29 speiyou_sgz
drwxr-xr-x 4096 2015/01/22 15:47:17 speiyou_shz
drwxr-xr-x 4096 2014/10/27 19:36:07 speiyou_sjz
drwxr-xr-x 4096 2015/01/08 11:52:08 speiyou_snj
drwxr-xr-x 4096 2015/01/19 15:08:01 speiyou_ssh
drwxr-xr-x 4096 2014/02/13 15:04:28 speiyou_ssu
drwxr-xr-x 4096 2014/07/29 14:39:46 speiyou_ssz
drwxr-xr-x 4096 2014/11/06 13:57:10 speiyou_stj
drwxr-xr-x 4096 2014/11/25 15:35:46 speiyou_su
drwxr-xr-x 4096 2014/04/22 18:23:11 speiyou_swh
drwxr-xr-x 4096 2014/04/09 13:50:57 speiyou_sxa
drwxr-xr-x 4096 2015/01/27 17:29:50 speiyou_sy
drwxr-xr-x 4096 2014/02/17 14:28:08 speiyou_szz
drwxr-xr-x 4096 2015/02/09 11:53:01 speiyou_ty
drwxr-xr-x 4096 2015/02/02 11:24:01 speiyou_zz
drwxr-xr-x 4096 2013/12/12 14:24:35 style
drwxr-xr-x 4096 2014/02/25 17:14:06 xueersi


其中m_100tal对应m.100tal.com源文件
speiyou对应sbj.speiyou.com源文件
speiyou_*对应各个省份源文件
115.182.69.16未授权访问:

rsync 115.182.69.16::
rsync 115.182.69.16::lec_queue_010等
rsync 115.182.69.16::ftp
drwxr-xr-x 4096 2014/07/22 11:30:31 .
-rw-r--r-- 0 2012/10/26 11:23:35 check_diskIO
-rw-r--r-- 28572170 2013/06/19 21:11:59 ftpServer-20130619.tar.gz
-rw-r--r-- 18569197 2012/11/13 16:44:57 ftpServer-hanxiao.tar.gz
-rw-r--r-- 13960160 2012/07/25 19:01:09 ftpServer.tar.gz
-rw-r--r-- 5853474 2012/07/25 19:00:33 ftpServer_20120725_1900.tar.gz
-rw-r--r-- 1633508021 2014/07/22 11:35:38 ftp_ics3-20140722.tar.gz
-rw-r--r-- 16052864 2012/06/27 16:19:40 mysqldata.tar.gz
drwxrwxrwx 4096 2014/12/08 15:26:36 BiVideo
drwxr-xr-x 4 2013/07/25 15:39:38 MobbyMsi
drwxr-xr-x 4096 2013/05/10 15:56:27 OaVideo
drwxr-xr-x 5 2012/11/19 15:57:30 OnlineServices
drwxr-xr-x 4096 2014/05/09 17:17:12 PCcheck
drwxr-xr-x 4096 2013/03/08 16:43:15 bk_2013
drwxr-xr-x 4096 2013/03/08 16:47:15 bk_test
drwxr-xr-x 26 2014/09/01 18:17:39 ftp010
drwxr-xr-x 4096 2010/12/20 18:07:28 ftp010_bk_bk
drwxr-xr-x 17 2013/05/17 18:28:15 ftp020
drwxr-xr-x 4096 2012/07/23 16:15:20 ftp021-bak
drwxr-xr-x 19 2013/12/03 17:20:34 ftp021
drwxr-xr-x 18 2013/12/02 10:12:12 ftp022
drwxr-xr-x 4096 2012/07/23 16:15:20 ftp023-bak
drwxr-xr-x 9 2013/05/17 18:29:07 ftp023
drwxr-xr-x 4096 2012/07/23 16:15:20 ftp024-bak
drwxr-xr-x 11 2013/12/03 17:21:31 ftp024
drwxr-xr-x 4096 2012/07/23 16:15:20 ftp025-bak
drwxr-xr-x 18 2013/12/02 10:25:56 ftp025
drwxr-xr-x 4096 2012/07/23 16:15:20 ftp027-bak
drwxr-xr-x 18 2014/04/22 19:04:24 ftp027
drwxr-xr-x 4096 2012/07/23 16:15:20 ftp028-bak
drwxr-xr-x 18 2013/12/03 17:22:43 ftp028
drwxr-xr-x 4096 2012/07/23 16:15:20 ftp029-bak
drwxr-xr-x 19 2013/12/31 16:28:06 ftp029
drwxr-xr-x 10 2014/06/25 18:05:57 ftp0311
drwxr-xr-x 4096 2012/07/23 16:15:20 ftp0351-bak
drwxr-xr-x 11 2014/03/11 19:37:13 ftp0351
drwxr-xr-x 4096 2012/07/23 16:15:20 ftp0371-bak
drwxr-xr-x 9 2013/05/17 18:29:24 ftp0371
drwxr-xr-x 4096 2012/07/23 16:15:20 ftp0512-bak
drwxr-xr-x 11 2014/01/21 17:38:57 ftp0512
drwxr-xr-x 10 2014/06/25 18:06:27 ftp0531
drwxr-xr-x 10 2014/06/25 18:06:39 ftp0532
drwxr-xr-x 4096 2012/07/23 16:15:20 ftp0571-bak
drwxr-xr-x 15 2012/07/23 16:15:20 ftp0571
drwxr-xr-x 10 2014/06/25 18:06:18 ftp0731
drwxr-xr-x 17 2013/05/17 18:29:33 ftp0755
drwxr-xr-x 4096 2013/12/19 15:24:02 ftpServer
drwxr-xr-x 4096 2014/02/14 14:55:56 ftpWuHanICS
drwxr-xr-x 4 2015/01/30 11:43:33 ftp_englishHomework
drwxr-xr-x 4096 2014/04/14 13:39:26 ftp_ics3-bak
drwxr-xr-x 23 2014/07/22 12:00:44 ftp_ics3
drwxr-xr-x 4096 2011/10/19 13:55:44 ftpmobby010-bak
drwxr-xr-x 17 2013/05/17 18:30:23 ftpmobby010
drwxr-xr-x 4096 2013/05/17 18:19:37 ftpzkjiaoyan_bk
drwxr-xr-x 4096 2011/04/20 09:05:04 logs
drwx------ 16384 2010/05/28 08:24:07 lost+found
drwxr-xr-x 4096 2014/02/18 15:52:21 nginx


包含多个ftp路径及备份文件,其中logs及nginx目录含访问日志

漏洞证明:

如上

修复方案:

添加访问权限

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-02-28 09:45

厂商回复:

非常感谢

最新状态:

暂无