漏洞标题 | 中国联通全线站点svn导致源码泄露,真的有源码哟 |
---|---|
相关厂商 | 中国联通 |
漏洞作者 | upload |
提交时间 | 2012-10-15 15:55 |
公开时间 | 2012-11-29 15:55 |
漏洞类型 | 敏感信息泄露 |
危害等级 | 低 |
自评Rank | 5 |
漏洞状态 | 已交由第三方合作机构(cncert国家互联网应急中心)处理 |
Tags标签 |
漏洞详情
1.之前的邮箱的
code 区域
http://mail.156.cn/help/css/.svn/entries
即(未修补的):
code 区域
WooYun: 中国联通156邮箱 SVN信息泄露
WooYun: 中国联通156邮箱可遍历目录
2.不小心发现主站也存在:
code 区域
http://www.156.cn/help/.svn/entries
http://www.156.com.cn/.svn/entries
3.各二级域名也存在:
code 区域
http://hb.156.cn/web/album/.svn/entries
http://cq.156.cn/.svn/entries
http://ah.156.cn/.svn/entries
http://mms.156.cn/web/album/.svn/entries
.....
...
..
漏洞证明:
code 区域
2gForget.jsp 2gshuoming.jsp forget.jsp tiaokuan.jsp wapGetSmsCode.jsp waptiaokuan.jsp
2gbanquan.jsp 2gtiaokuan.jsp help.jsp verificationCode.jsp waphelp.jsp wapzhuce.jsp
2ghelp.jsp 2gzhuce.jsp shengming.jsp wapForget.jsp wapshuoming.jsp zhuce.jsp
code 区域
http://www.156.cn/.svn/entries
code 区域
8
dir
8707
http://220.194.55.12:8087/svn/albumII/gdbanlvweb/webapp
http://220.194.55.12:8087/svn/albumII
2012-06-25T02:39:40.278125Z
8651
zhanglin
svn:special svn:externals svn:needs-lock
cacf1611-ccc3-ef4a-870a-b915fedcf1fa
load
dir
mmsSuperMarket
dir
android
dir
load_resource.jsp
file
2012-07-13T06:52:29.000000Z
b8f8993cb737c57f711c81dd45dbcb88
2012-06-25T02:39:40.278125Z
8651
zhanglin
wapMeal.jsp
file
2012-07-13T06:52:29.000000Z
9184c317ce2818953ceade49f58e03a4
2012-06-25T02:39:40.278125Z
8651
zhanglin
zhipingke.jsp
file
8804
2012-08-16T08:12:03.000000Z
5a286e4c324fe4b0a4fa9e47c20875fb
2012-08-16T08:45:11.484125Z
8804
zhangjige
login1.jsp
file
2012-07-13T06:52:29.000000Z
00af4d588d4da7f3d44bce82014b28a1
2012-06-25T02:39:40.278125Z
8651
zhanglin
loginErroy.jsp
file
2012-07-13T06:52:29.000000Z
90478a011338c5d468750a4736d885c0
2012-06-25T02:39:40.278125Z
8651
zhanglin
wappush
dir
2g_waplogin_tc.jsp
file
8733
2012-07-30T08:28:14.000000Z
edc42c46bf2cff3af6da257d12a1471a
2012-07-30T08:58:52.156559Z
8733
zhanglin
pushmms
dir
shenqu.jsp
file
8988
2012-09-29T01:52:59.000000Z
6dff595254327c05dcebd1cfa87353b5
2012-09-29T02:30:51.139000Z
8988
zhangjige
addressbook
dir
2g_wapindex.jsp
file
8732
2012-07-30T08:27:48.000000Z
c5e1729b3c0944844a0423db3d771519
2012-07-30T08:58:31.910706Z
8732
zhanglin
warehouse
dir
index.jsp
file
2012-07-13T06:52:29.000000Z
3ccdb77d81eb19937231a3db4903eede
2012-06-25T02:39:40.278125Z
8651
zhanglin
loginimg
dir
opera
dir
uploads
dir
js
dir
change.jsp
file
2012-07-13T06:52:29.000000Z
c0cea8f9998c1d415a881db053e834be
2012-06-25T02:39:40.278125Z
8651
zhanglin
WEB-INF
dir
wap
dir
META-INF
dir
waplogin_tc.jsp
file
8737
2012-07-30T08:29:32.000000Z
180ee60d755a0a1981268869c4cd65bd
2012-07-30T09:00:10.390533Z
8737
zhanglin
login_old.jsp
file
2012-07-13T06:52:29.000000Z
16f01b599e7c04cea6dbbedd2c27dcd2
2012-06-25T02:39:40.278125Z
8651
zhanglin
opera.jsp
file
8784
2012-08-08T04:56:18.000000Z
e9ef0ba82baa8a459e763adc9a90610e
2012-08-08T05:28:23.452875Z
8784
zhangjige
404.jsp
file
2012-07-13T06:52:29.000000Z
f84011e20c2d2017c9d22c138ff0913e
2012-06-25T02:39:40.278125Z
8651
zhanglin
sms
dir
wapExplain.jsp
file
2012-07-13T06:52:29.000000Z
f56b1131b81aa958e198ffb97108af56
2012-06-25T02:39:40.278125Z
8651
zhanglin
2g_waplogin.jsp
file
8734
2012-07-30T08:28:29.000000Z
c385e38ccf5970e7dd74b73977a78a21
2012-07-30T08:59:11.308886Z
8734
zhanglin
login.jsp
file
8927
2012-09-11T06:49:17.000000Z
7a9625e545be74a973ad7f40a9f44c1e
2012-09-11T07:27:15.765375Z
8927
zhangjige
inc
dir
qunfa
dir
wapindex.jsp
file
8997
2012-09-29T02:50:34.000000Z
3ac90322501559f946558c33ce2c575a
2012-09-29T03:28:44.764000Z
8997
zhangjige
mmsplugin
dir
unicom_query
dir
androidTest
dir
jumpNew.jsp
file
2012-07-13T06:52:29.000000Z
25da5a351bf3409074849c56f97e6e91
2012-06-25T02:39:40.278125Z
8651
zhanglin
jumpNew.wml
file
2012-07-13T06:52:29.000000Z
c6ec67ba24bcead2d4a2a759c3104d47
2012-06-25T02:39:40.278125Z
8651
zhanglin
sra
dir
fsend.jsp
file
2012-07-13T06:52:29.000000Z
badbee06f1bab16dac53a9dfd196839a
2012-06-25T02:39:40.278125Z
8651
zhanglin
wapHow.jsp
file
2012-07-13T06:52:29.000000Z
8202e0f6a7f08cbe0b24902491b6e6b3
2012-06-25T02:39:40.278125Z
8651
zhanglin
jqm_html5
dir
users
dir
diymms
dir
altercontent
dir
.mymetadata
file
2012-07-13T06:52:29.000000Z
484dc257f1b7fabcfd98f0f99c6111bf
2012-06-25T02:39:40.278125Z
8651
zhanglin
images
dir
waplogin.jsp
file
8995
2012-09-29T02:39:20.000000Z
1e07b687cb799d668145cd24011aab50
2012-09-29T03:17:32.139000Z
8995
zhangjige
npe.jsp
file
2012-07-13T06:52:29.000000Z
ac275fc1ec3ff631184bf848838c61b4
2012-06-25T02:39:40.278125Z
8651
zhanglin
wo.jsp
file
2012-07-13T06:52:29.000000Z
f2cc7d68e967a226263d0d35ca80072f
2012-06-25T02:39:40.278125Z
8651
zhanglin
event
dir
old_time.jsp
file
2012-07-13T06:52:29.000000Z
aa2a82d0f2d60b2b41d084610550360e
2012-06-25T02:39:40.278125Z
8651
zhanglin
admin
dir
css
dir
help
dir
weidiaocha.jsp
file
8989
2012-09-29T01:53:16.000000Z
1040165f341220311ba61a313d0449c4
2012-09-29T02:31:29.560875Z
8989
zhangjige
swf
dir
500.jsp
file
2012-07-13T06:52:29.000000Z
9a28edd219fa7959b37f5ad6a3034ba1
2012-06-25T02:39:40.278125Z
8651
zhanglin
loginJump.jsp
file
2012-07-13T06:52:29.000000Z
66e1ccc20acd276fafbe6d7b50b093d6
2012-06-25T02:39:40.278125Z
8651
zhanglin
tmp
dir
jump.jsp
file
2012-07-13T06:52:29.000000Z
8eb2a92568f70a1100efde50d4690abb
2012-06-25T02:39:40.278125Z
8651
zhanglin
2g_mealChange.jsp
file
2012-07-13T06:52:29.000000Z
7ff34c59de2831af157612182a61487b
2012-06-25T02:39:40.278125Z
8651
zhanglin
session_test.jsp
file
2012-07-13T06:52:29.000000Z
87baabfa8ae76d6218cf74b753853ad5
2012-06-25T02:39:40.278125Z
8651
zhanglin
MyHtml.html
file
2012-07-13T06:52:29.000000Z
2a06f79c58b30dfbd30801e0569df467
2012-06-25T02:39:40.278125Z
8651
zhanglin
wapTg.jsp
file
2012-07-13T06:52:29.000000Z
83963daf97278a0a5686d97a53b96f88
2012-06-25T02:39:40.278125Z
8651
zhanglin
修复方案:
此处略–!