畅途网2台机器存在重要的信息泄露可致网站服务沦陷
1#
1·从畅途网主站用户反馈开始,存在过滤不严格导致后台权限泄露问题
重点关注其服务器IP和PORT
2·在这台服务器上跑了很多的应用,其中就有JBOSS
JBoss
JBoss Web Console JMX Invoker:
221.6.35.205:18888/web-console/Invoker
JBoss HttpAdaptor JMXInvokerServlet:
221.6.35.205:18888/invoker/JMXInvokerServlet
JBoss JMX Console Unrestricted Access:
221.6.35.205:18888/web-console/
可惜的是没找到jmx-console,可能是我技术不过关,不过没关系。
3·网站svn及部分 源码 泄露
SVN信息泄露
/editor/.svn/entries
/editor/js
/editor/lang
/editor/plugins
/editor/plugins/anchor
/editor/plugins/baidumap
/editor/plugins/code
/editor/plugins/emoticons
/editor/plugins/emoticons/images
/editor/plugins/filemanager
/editor/plugins/filemanager/images
/editor/plugins/flash
/editor/plugins/image
/editor/plugins/image/images
/editor/plugins/insertfile
/editor/plugins/lineheight
/editor/plugins/link
/editor/plugins/map
/editor/plugins/media
/editor/plugins/multiimage
/editor/plugins/multiimage/images
/editor/plugins/pagebreak
/editor/plugins/plainpaste
/editor/plugins/preview
/editor/plugins/quickformat
/editor/plugins/table
/editor/plugins/template
/editor/plugins/tree
/editor/plugins/tree/css
/editor/plugins/tree/images
/editor/plugins/wordpaste
/editor/themes
/editor/themes/common
/editor/themes/default
/editor/themes/qq
/editor/themes/simple
源码:
/editor/js/.svn/text-base/kindeditor.js.svn-base
/editor/plugins/image/.svn/text-base/image.js.svn-base
/editor/js/kindeditor.js
/editor/lang/ar.js
/editor/lang/en.js
/editor/lang/zh_CN.js
/editor/lang/zh_TW.js
/editor/plugins/code/prettify.js
4·此服务器上海部署了tomcat应用,不过在其他的端口
Tomcat
http://221.6.35.205:8089/
这是我无意中碰到的
2#在了解网站后台的时候,无意中又碰到了另外一个IP,也是畅途网的
1·
http://221.6.35.202/site/ttschina/这个网站是个关联网站
2·不过这台服务器使用JBOSS
http://221.6.35.202/jmx-console/
有了jmx-console就可以远程加载war包,然后xxxx
图中这两个函数都能够实现此功能
加载成功
3·
http://221.6.35.202/web-console/
4·还有一些sql报错就不贴出来了,比如招贤纳士页面职位搜索这块,就不细说了,自查一下吧(如果没有末日,我再分开提交下吧~哈哈)
修复方案:
一个字:删!
希望有帮助
查看更多关于畅途网某些服务器信息泄露可致沦陷 - 网站安全的详细内容...