转载

中国联通全线站点svn导致源码泄露,真的有源码哟

漏洞标题 中国联通全线站点svn导致源码泄露,真的有源码哟
相关厂商 中国联通
漏洞作者 upload
提交时间 2012-10-15 15:55
公开时间 2012-11-29 15:55
漏洞类型 敏感信息泄露
危害等级
自评Rank 5
漏洞状态 已交由第三方合作机构(cncert国家互联网应急中心)处理
Tags标签

漏洞详情

1.之前的邮箱的

code 区域

http://mail.156.cn/help/css/.svn/entries

即(未修补的):

code 区域

WooYun: 中国联通156邮箱 SVN信息泄露 
  WooYun: 中国联通156邮箱可遍历目录

2.不小心发现主站也存在:

code 区域

http://www.156.cn/help/.svn/entries
 http://www.156.com.cn/.svn/entries

3.各二级域名也存在:

code 区域

http://hb.156.cn/web/album/.svn/entries
 http://cq.156.cn/.svn/entries
 http://ah.156.cn/.svn/entries
 http://mms.156.cn/web/album/.svn/entries
 .....
 ...
 ..

漏洞证明:

code 区域

2gForget.jsp         2gshuoming.jsp       forget.jsp           tiaokuan.jsp         wapGetSmsCode.jsp    waptiaokuan.jsp
 2gbanquan.jsp        2gtiaokuan.jsp       help.jsp             verificationCode.jsp waphelp.jsp          wapzhuce.jsp
 2ghelp.jsp           2gzhuce.jsp          shengming.jsp        wapForget.jsp        wapshuoming.jsp      zhuce.jsp

中国联通全线站点svn导致源码泄露,真的有源码哟

code 区域

http://www.156.cn/.svn/entries

code 区域

8
 dir
 8707
 http://220.194.55.12:8087/svn/albumII/gdbanlvweb/webapp
 http://220.194.55.12:8087/svn/albumII
 
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 
 svn:special svn:externals svn:needs-lock
 
 cacf1611-ccc3-ef4a-870a-b915fedcf1fa
 
 load
 dir
 
 mmsSuperMarket
 dir
 
 android
 dir
 
 load_resource.jsp
 file
 
 2012-07-13T06:52:29.000000Z
 b8f8993cb737c57f711c81dd45dbcb88
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 wapMeal.jsp
 file
 
 2012-07-13T06:52:29.000000Z
 9184c317ce2818953ceade49f58e03a4
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 zhipingke.jsp
 file
 8804
 
 
 
 2012-08-16T08:12:03.000000Z
 5a286e4c324fe4b0a4fa9e47c20875fb
 2012-08-16T08:45:11.484125Z
 8804
 zhangjige
 
 login1.jsp
 file
 
 
 
 
 2012-07-13T06:52:29.000000Z
 00af4d588d4da7f3d44bce82014b28a1
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 loginErroy.jsp
 file
 
 2012-07-13T06:52:29.000000Z
 90478a011338c5d468750a4736d885c0
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 wappush
 dir
 
 2g_waplogin_tc.jsp
 file
 8733
 
 2012-07-30T08:28:14.000000Z
 edc42c46bf2cff3af6da257d12a1471a
 2012-07-30T08:58:52.156559Z
 8733
 zhanglin
 
 pushmms
 dir
 
 shenqu.jsp
 file
 8988
 
 2012-09-29T01:52:59.000000Z
 6dff595254327c05dcebd1cfa87353b5
 2012-09-29T02:30:51.139000Z
 8988
 zhangjige
 
 addressbook
 dir
 
 2g_wapindex.jsp
 file
 8732
 
 
 
 2012-07-30T08:27:48.000000Z
 c5e1729b3c0944844a0423db3d771519
 2012-07-30T08:58:31.910706Z
 8732
 zhanglin
 
 warehouse
 dir
 
 index.jsp
 file
 
 
 
 
 2012-07-13T06:52:29.000000Z
 3ccdb77d81eb19937231a3db4903eede
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 loginimg
 dir
 
 opera
 dir
 
 uploads
 dir
 
 js
 dir
 
 change.jsp
 file
 
 
 
 
 2012-07-13T06:52:29.000000Z
 c0cea8f9998c1d415a881db053e834be
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 WEB-INF
 dir
 
 wap
 dir
 
 META-INF
 dir
 
 waplogin_tc.jsp
 file
 8737
 
 
 
 2012-07-30T08:29:32.000000Z
 180ee60d755a0a1981268869c4cd65bd
 2012-07-30T09:00:10.390533Z
 8737
 zhanglin
 
 login_old.jsp
 file
 
 2012-07-13T06:52:29.000000Z
 16f01b599e7c04cea6dbbedd2c27dcd2
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 opera.jsp
 file
 8784
 
 
 2012-08-08T04:56:18.000000Z
 e9ef0ba82baa8a459e763adc9a90610e
 2012-08-08T05:28:23.452875Z
 8784
 zhangjige
 
 404.jsp
 file
 
 
 
 
 2012-07-13T06:52:29.000000Z
 f84011e20c2d2017c9d22c138ff0913e
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 sms
 dir
 
 wapExplain.jsp
 file
 
 
 
 
 2012-07-13T06:52:29.000000Z
 f56b1131b81aa958e198ffb97108af56
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 2g_waplogin.jsp
 file
 8734
 
 
 
 2012-07-30T08:28:29.000000Z
 c385e38ccf5970e7dd74b73977a78a21
 2012-07-30T08:59:11.308886Z
 8734
 zhanglin
 
 login.jsp
 file
 8927
 
 
 
 2012-09-11T06:49:17.000000Z
 7a9625e545be74a973ad7f40a9f44c1e
 2012-09-11T07:27:15.765375Z
 8927
 zhangjige
 
 inc
 dir
 
 qunfa
 dir
 
 wapindex.jsp
 file
 8997
 
 
 
 2012-09-29T02:50:34.000000Z
 3ac90322501559f946558c33ce2c575a
 2012-09-29T03:28:44.764000Z
 8997
 zhangjige
 
 mmsplugin
 dir
 
 unicom_query
 dir
 
 androidTest
 dir
 
 jumpNew.jsp
 file
 
 
 
 
 2012-07-13T06:52:29.000000Z
 25da5a351bf3409074849c56f97e6e91
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 jumpNew.wml
 file
 
 
 
 
 2012-07-13T06:52:29.000000Z
 c6ec67ba24bcead2d4a2a759c3104d47
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 sra
 dir
 
 fsend.jsp
 file
 
 
 
 
 2012-07-13T06:52:29.000000Z
 badbee06f1bab16dac53a9dfd196839a
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 wapHow.jsp
 file
 
 
 
 
 2012-07-13T06:52:29.000000Z
 8202e0f6a7f08cbe0b24902491b6e6b3
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 jqm_html5
 dir
 
 users
 dir
 
 diymms
 dir
 
 altercontent
 dir
 
 .mymetadata
 file
 
 
 2012-07-13T06:52:29.000000Z
 484dc257f1b7fabcfd98f0f99c6111bf
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 images
 dir
 
 waplogin.jsp
 file
 8995
 
 
 
 2012-09-29T02:39:20.000000Z
 1e07b687cb799d668145cd24011aab50
 2012-09-29T03:17:32.139000Z
 8995
 zhangjige
 
 npe.jsp
 file
 
 
 
 
 2012-07-13T06:52:29.000000Z
 ac275fc1ec3ff631184bf848838c61b4
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 wo.jsp
 file
 
 
 
 
 2012-07-13T06:52:29.000000Z
 f2cc7d68e967a226263d0d35ca80072f
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 event
 dir
 
 old_time.jsp
 file
 
 
 
 
 2012-07-13T06:52:29.000000Z
 aa2a82d0f2d60b2b41d084610550360e
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 admin
 dir
 
 css
 dir
 
 help
 dir
 
 weidiaocha.jsp
 file
 8989
 
 
 
 2012-09-29T01:53:16.000000Z
 1040165f341220311ba61a313d0449c4
 2012-09-29T02:31:29.560875Z
 8989
 zhangjige
 
 swf
 dir
 
 500.jsp
 file
 
 
 
 
 2012-07-13T06:52:29.000000Z
 9a28edd219fa7959b37f5ad6a3034ba1
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 loginJump.jsp
 file
 
 
 2012-07-13T06:52:29.000000Z
 66e1ccc20acd276fafbe6d7b50b093d6
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 tmp
 dir
 
 jump.jsp
 file
 
 
 
 
 2012-07-13T06:52:29.000000Z
 8eb2a92568f70a1100efde50d4690abb
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 2g_mealChange.jsp
 file
 
 
 
 
 2012-07-13T06:52:29.000000Z
 7ff34c59de2831af157612182a61487b
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 session_test.jsp
 file
 
 
 
 
 2012-07-13T06:52:29.000000Z
 87baabfa8ae76d6218cf74b753853ad5
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 
 MyHtml.html
 file
 
 
 
 
 2012-07-13T06:52:29.000000Z
 2a06f79c58b30dfbd30801e0569df467
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin
 wapTg.jsp
 file
 2012-07-13T06:52:29.000000Z
 83963daf97278a0a5686d97a53b96f88
 2012-06-25T02:39:40.278125Z
 8651
 zhanglin

修复方案:

此处略–!

版权声明:转载请注明来源 upload @ 乌云

正文到此结束
所属分类: 编程技术

热门推荐

相关文章

阿里云首购8折
说给你听

本文目录
随机标签
书籍教程
springboot-demo Java入门教程 bootstrap3 CSS Apache基础教程 php ionic 教程 Python mysql教程 eclipse Ubuntu VPS系统配置 AngularJS 教程 MongoDB教程 Struts2教程 Redis教程 Spring教程 Git教程 Jenkins进阶系列 openfire参考指南 Java设计模式 HBase教程 Maven教程 hibernate教程 Docker 教程 memcached教程 Quartz指南 Hive教程 Ant教程 ANTLR教程 SpringCloud java实例教程 springcloud-demo XStream教程 Hazelcast教程 Elastic-Job-Lite 深入浅出MyBatis SVN教程 ibaties教程 rabittmq教程 solr教程 Hadoop教程 WebService CXF学习 JPA教程 ActiveMQ中文指南 java-demo Java内存模型 dubbo教程 python3-demo Linux入门视频教程
近期评论
  1. 1 Spring Cloud Consul实现选举机制
  2. 2 Spring Boot集成ShedLock实现分布式定时任务
  3. 3 利用oss进行数据库和网站图片备份
  4. 4 Spring Cloud Stream实现数据流处理
  5. 5 Python3访问MySQL数据库快速入门Demo
  6. 6 Github开源项目作者可以免费申请 JetBrains 全家桶
  7. 7 Spring Cloud Vault快速入门Demo
  8. 8 Spring Cloud Gateway快速入门Demo
  9. 9 Spring Cloud Contract快速入门Demo
  10. 10 Spring Cloud Consul快速入门Demo
网站信息
  • 文章总数:82,714 篇
  • 文件总数:284,287 个
  • 标签总数:2,393 个
  • 分类总数:85 个
  • 留言数量:2,560 条
  • 在线人数:659 人
  • 运行天数:4,409天
  • 最后更新:2024年11月22日05点
Loading...

其他链接

关于本站

本站定位:个人技术类博客

本站作用:写博客、记日志、闲聊扯淡鼓捣技术。

问题交流

[HBLOG]公众号 HBLOG HBLOG