转载

中国联通全线站点svn导致源码泄露,真的有源码哟

漏洞标题 中国联通全线站点svn导致源码泄露,真的有源码哟
相关厂商 中国联通
漏洞作者 upload
提交时间 2012-10-15 15:55
公开时间 2012-11-29 15:55
漏洞类型 敏感信息泄露
危害等级
自评Rank 5
漏洞状态 已交由第三方合作机构(cncert国家互联网应急中心)处理
Tags标签

漏洞详情

1.之前的邮箱的

code 区域

http://mail.156.cn/help/css/.svn/entries

即(未修补的):

code 区域

WooYun: 中国联通156邮箱 SVN信息泄露 
WooYun: 中国联通156邮箱可遍历目录

2.不小心发现主站也存在:

code 区域

http://www.156.cn/help/.svn/entries
http://www.156.com.cn/.svn/entries

3.各二级域名也存在:

code 区域

http://hb.156.cn/web/album/.svn/entries
http://cq.156.cn/.svn/entries
http://ah.156.cn/.svn/entries
http://mms.156.cn/web/album/.svn/entries
.....
...
..

漏洞证明:

code 区域

2gForget.jsp         2gshuoming.jsp       forget.jsp           tiaokuan.jsp         wapGetSmsCode.jsp    waptiaokuan.jsp
2gbanquan.jsp 2gtiaokuan.jsp help.jsp verificationCode.jsp waphelp.jsp wapzhuce.jsp
2ghelp.jsp 2gzhuce.jsp shengming.jsp wapForget.jsp wapshuoming.jsp zhuce.jsp

中国联通全线站点svn导致源码泄露,真的有源码哟

code 区域

http://www.156.cn/.svn/entries

code 区域

8
dir
8707
http://220.194.55.12:8087/svn/albumII/gdbanlvweb/webapp
http://220.194.55.12:8087/svn/albumII

2012-06-25T02:39:40.278125Z
8651
zhanglin


svn:special svn:externals svn:needs-lock

cacf1611-ccc3-ef4a-870a-b915fedcf1fa

load
dir

mmsSuperMarket
dir

android
dir

load_resource.jsp
file

2012-07-13T06:52:29.000000Z
b8f8993cb737c57f711c81dd45dbcb88
2012-06-25T02:39:40.278125Z
8651
zhanglin

wapMeal.jsp
file

2012-07-13T06:52:29.000000Z
9184c317ce2818953ceade49f58e03a4
2012-06-25T02:39:40.278125Z
8651
zhanglin

zhipingke.jsp
file
8804



2012-08-16T08:12:03.000000Z
5a286e4c324fe4b0a4fa9e47c20875fb
2012-08-16T08:45:11.484125Z
8804
zhangjige

login1.jsp
file




2012-07-13T06:52:29.000000Z
00af4d588d4da7f3d44bce82014b28a1
2012-06-25T02:39:40.278125Z
8651
zhanglin

loginErroy.jsp
file

2012-07-13T06:52:29.000000Z
90478a011338c5d468750a4736d885c0
2012-06-25T02:39:40.278125Z
8651
zhanglin

wappush
dir

2g_waplogin_tc.jsp
file
8733

2012-07-30T08:28:14.000000Z
edc42c46bf2cff3af6da257d12a1471a
2012-07-30T08:58:52.156559Z
8733
zhanglin

pushmms
dir

shenqu.jsp
file
8988

2012-09-29T01:52:59.000000Z
6dff595254327c05dcebd1cfa87353b5
2012-09-29T02:30:51.139000Z
8988
zhangjige

addressbook
dir

2g_wapindex.jsp
file
8732



2012-07-30T08:27:48.000000Z
c5e1729b3c0944844a0423db3d771519
2012-07-30T08:58:31.910706Z
8732
zhanglin

warehouse
dir

index.jsp
file




2012-07-13T06:52:29.000000Z
3ccdb77d81eb19937231a3db4903eede
2012-06-25T02:39:40.278125Z
8651
zhanglin

loginimg
dir

opera
dir

uploads
dir

js
dir

change.jsp
file




2012-07-13T06:52:29.000000Z
c0cea8f9998c1d415a881db053e834be
2012-06-25T02:39:40.278125Z
8651
zhanglin

WEB-INF
dir

wap
dir

META-INF
dir

waplogin_tc.jsp
file
8737



2012-07-30T08:29:32.000000Z
180ee60d755a0a1981268869c4cd65bd
2012-07-30T09:00:10.390533Z
8737
zhanglin

login_old.jsp
file

2012-07-13T06:52:29.000000Z
16f01b599e7c04cea6dbbedd2c27dcd2
2012-06-25T02:39:40.278125Z
8651
zhanglin

opera.jsp
file
8784


2012-08-08T04:56:18.000000Z
e9ef0ba82baa8a459e763adc9a90610e
2012-08-08T05:28:23.452875Z
8784
zhangjige

404.jsp
file




2012-07-13T06:52:29.000000Z
f84011e20c2d2017c9d22c138ff0913e
2012-06-25T02:39:40.278125Z
8651
zhanglin

sms
dir

wapExplain.jsp
file




2012-07-13T06:52:29.000000Z
f56b1131b81aa958e198ffb97108af56
2012-06-25T02:39:40.278125Z
8651
zhanglin

2g_waplogin.jsp
file
8734



2012-07-30T08:28:29.000000Z
c385e38ccf5970e7dd74b73977a78a21
2012-07-30T08:59:11.308886Z
8734
zhanglin

login.jsp
file
8927



2012-09-11T06:49:17.000000Z
7a9625e545be74a973ad7f40a9f44c1e
2012-09-11T07:27:15.765375Z
8927
zhangjige

inc
dir

qunfa
dir

wapindex.jsp
file
8997



2012-09-29T02:50:34.000000Z
3ac90322501559f946558c33ce2c575a
2012-09-29T03:28:44.764000Z
8997
zhangjige

mmsplugin
dir

unicom_query
dir

androidTest
dir

jumpNew.jsp
file




2012-07-13T06:52:29.000000Z
25da5a351bf3409074849c56f97e6e91
2012-06-25T02:39:40.278125Z
8651
zhanglin

jumpNew.wml
file




2012-07-13T06:52:29.000000Z
c6ec67ba24bcead2d4a2a759c3104d47
2012-06-25T02:39:40.278125Z
8651
zhanglin

sra
dir

fsend.jsp
file




2012-07-13T06:52:29.000000Z
badbee06f1bab16dac53a9dfd196839a
2012-06-25T02:39:40.278125Z
8651
zhanglin

wapHow.jsp
file




2012-07-13T06:52:29.000000Z
8202e0f6a7f08cbe0b24902491b6e6b3
2012-06-25T02:39:40.278125Z
8651
zhanglin

jqm_html5
dir

users
dir

diymms
dir

altercontent
dir

.mymetadata
file


2012-07-13T06:52:29.000000Z
484dc257f1b7fabcfd98f0f99c6111bf
2012-06-25T02:39:40.278125Z
8651
zhanglin

images
dir

waplogin.jsp
file
8995



2012-09-29T02:39:20.000000Z
1e07b687cb799d668145cd24011aab50
2012-09-29T03:17:32.139000Z
8995
zhangjige

npe.jsp
file




2012-07-13T06:52:29.000000Z
ac275fc1ec3ff631184bf848838c61b4
2012-06-25T02:39:40.278125Z
8651
zhanglin

wo.jsp
file




2012-07-13T06:52:29.000000Z
f2cc7d68e967a226263d0d35ca80072f
2012-06-25T02:39:40.278125Z
8651
zhanglin

event
dir

old_time.jsp
file




2012-07-13T06:52:29.000000Z
aa2a82d0f2d60b2b41d084610550360e
2012-06-25T02:39:40.278125Z
8651
zhanglin

admin
dir

css
dir

help
dir

weidiaocha.jsp
file
8989



2012-09-29T01:53:16.000000Z
1040165f341220311ba61a313d0449c4
2012-09-29T02:31:29.560875Z
8989
zhangjige

swf
dir

500.jsp
file




2012-07-13T06:52:29.000000Z
9a28edd219fa7959b37f5ad6a3034ba1
2012-06-25T02:39:40.278125Z
8651
zhanglin

loginJump.jsp
file


2012-07-13T06:52:29.000000Z
66e1ccc20acd276fafbe6d7b50b093d6
2012-06-25T02:39:40.278125Z
8651
zhanglin

tmp
dir

jump.jsp
file




2012-07-13T06:52:29.000000Z
8eb2a92568f70a1100efde50d4690abb
2012-06-25T02:39:40.278125Z
8651
zhanglin

2g_mealChange.jsp
file




2012-07-13T06:52:29.000000Z
7ff34c59de2831af157612182a61487b
2012-06-25T02:39:40.278125Z
8651
zhanglin

session_test.jsp
file




2012-07-13T06:52:29.000000Z
87baabfa8ae76d6218cf74b753853ad5
2012-06-25T02:39:40.278125Z
8651
zhanglin

MyHtml.html
file




2012-07-13T06:52:29.000000Z
2a06f79c58b30dfbd30801e0569df467
2012-06-25T02:39:40.278125Z
8651
zhanglin
wapTg.jsp
file
2012-07-13T06:52:29.000000Z
83963daf97278a0a5686d97a53b96f88
2012-06-25T02:39:40.278125Z
8651
zhanglin

修复方案:

此处略–!

版权声明:转载请注明来源 upload @ 乌云

正文到此结束
Loading...