记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

星巴克官网备份可下载导致敏感信息泄露(含操作系统Administrator密码)

2015-02-05 21:40

code 区域
web.config核心配置文件可直接远程下载

http://www.starbucks.com.cn/web.rar



后台

http://cms.starbucks.com.cn:8888/





操作系统管理员密码

code 区域
<httpRuntime executionTimeout="600" maxRequestLength="51200" useFullyQualifiedRedirectUrl="false" />

<identity impersonate="true" userName="administrator" password="Flipscript@0502" />

漏洞证明:

mask 区域
*****ot; encoding=&q*****

*****;!*****

*****外,您还可以*****

*****序的*****

*****网站”->“As*****

*****在 machine.c*****

*****通*****

*****t\Framework\v*****

*****gt*****

*****ration*****

*****gSecti*****

**********

*****et.Config.Log4NetConfiguratio*****

**********

*****ExtensionsSectionGroup, System.Web.Extensions, Versio*****

*****SectionGroup, System.Web.Extensions, Version=3.5*****

*****tensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E3*****

*****ervicesSectionGroup, System.Web.Extensions, Version=*****

*****Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856A*****

*****ns, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35&q*****

*****tensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35*****

*****Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"*****

*****section*****

*****ctionGr*****

*****ctionG*****

*****igSect*****

**********

*****og4ne*****

*****uot; type="log4net.App*****

*****uot; value="log*****

*****ndToFile" valu*****

*****ingStyle" valu*****

*****ern" value="*****

*****LogFileName" va*****

*****;log4net.Layout.P*****

*****ttern" value="%*****

*****lt;/lay*****

*****;/appe*****

*****uot; type="log4net.A*****

*****;log4net.Layout.P*****

*****ttern" value="%*****

*****lt;/lay*****

*****;/appe*****

*****lt;ro*****

*****alue="D*****

*****"RollingFile*****

*****f="ConsoleA*****

*****;/root*****

*****log4n*****

**********

**********

**********

*****Settin*****

*****写绝对路径,如*****

*****ww.starbucks.com.cn.temp|\\172.16.1.2*****

**********

*****uot;D:\starbucks\rewards|\\17*****

1.://**.**.**//www.starbucks.com.cn/upload/" />_

2.://**.**.**//www.starbucks.com.cn/upload/" />_

3.://**.**.**//www.starbucks.com.cn/upload/" />_

4.://**.**.**//www.starbucks.com.cn/upload/" />_

5.://**.**.**//www.starbucks.com.cn/upload/" />_

6.://**.**.**//www.starbucks.com.cn/upload/" />_

*****path" value=&q*****

7.://**.**.**//www.starbucks.com.cn" />_

*****nid" value=*****

*****nid" value=*****

*****id" value=*****

*****id" value=*****

*****pSetti*****

*****ionStrin*****

*****tem.we*****

***** <*****

*****bug="true&qu*****

*****编译*****

*****,因此只在*****

*****置*****

***** --&*****

*****s mode="*****

***** debug="*****

*****;assembl*****

*****=3.5.0.0, Culture=neutral, Pub*****

*****sion=3.5.0.0, Culture=neutral, Pu*****

*****on=3.5.0.0, Culture=neutral, Pu*****

***** Version=3.5.0.0, Culture=neutral, *****

*****;/assemb*****

*****compila*****

***** <*****

*****on> 节可以*****

*****别进*****

*****份验*****

***** --&*****

*****mode="Win*****

***** <*****

*****的过程中出*****

*****gt; 节可以配置*****

*****体*****

*****通过该*****

*****误页以代替*****

**********

*****ot; defaultRedirect="*****

*****3" redirect=&quo*****

*****quot; redirect="F*****

*****customE*****

***** --&*****

*****;pages*****

*****lt;cont*****

*****y="System.Web.Extensions, Version=3.5.0.0,*****

*****ssembly="System.Web.Extensions, Version=3.5.0*****

*****lt;/con*****

*****;/page*****

*****ttpHand*****

*****;*" path=&qu*****

*****ipt.Services.ScriptHandlerFactory, System.Web.Extensions, *****

*****.Script.Services.ScriptHandlerFactory, System.Web.Extensions,*****

*****ystem.Web.Handlers.ScriptResourceHandler, System.Web.Extensio*****

*****httpHan*****

*****ttpModu*****

*****le, System.Web.Extensions, Version=3.5.0.0, Cu*****

*****httpMod*****

*****Length="51200" useFullyQ*****

*****ot;administrator" passw*****

*****stem.w*****

*****m.coded*****

*****;compi*****

*****p.CSharpCodeProvider,System, Version=2.0.0.0, Culture=ne*****

*****;CompilerVersion" *****

*****ot;WarnAsError" v*****

*****lt;/com*****

*****t.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Cultu*****

*****;CompilerVersion" *****

*****ot;OptionInfer" v*****

*****ot;WarnAsError" v*****

*****lt;/com*****

*****compile*****

*****em.code*****

*****serviceM*****

**********

*****;bindi*****

*****;wsHttpB*****

*****nsactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288000" maxRece*****

*****; maxArrayLength="1638400" maxBytesPerRea*****

*****; inactivityTimeout="00:10:*****

*****urity mode=&qu*****

*****t;Windows" proxyCredentialT*****

*****ctionPolicy policyEnfor*****

***** </*****

*****uot;Windows" negotiateSer*****

***** </s*****

***** </bi*****

*****ionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="52428800" maxReceived*****

*****; maxArrayLength="1638400" maxBytesPerRea*****

*****; inactivityTimeout="00:10:*****

*****urity mode=&qu*****

*****t;Windows" proxyCredentialT*****

*****ctionPolicy policyEnfor*****

***** </*****

*****negotiateServiceCredential="true&q*****

***** </s*****

***** </bi*****

*****wsHttpBin*****

*****;/bind*****

*****;clien*****

8.://**.**.**//172.16.1.32:8002/StarbucksGCService.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IStarbucksGCService" contract="StarbucksGCService.IStarbucksGCService" name="WSHttpBinding_IStarbucksGCService">_

***** <ide*****

*****alue="loca*****

***** </id*****

*****lt;/end*****

9.://**.**.**//172.16.1.32:8888/Service1.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService11" contract="MSRService.IService1" name="WSHttpBinding_IService1">_

***** <ide*****

*****alue="loca*****

***** </id*****

*****lt;/end*****

*****;/clie*****

*****.service*****

*****m.webSe*****

**********

**********

*****taticCo*****

*****quot; mimeType="appl*****

*****;.mp4" mimeType=&*****

*****;.webm" mimeType=*****

*****aticCont*****

*****aultDocu*****

***** <f*****

*****ue="via.h*****

*****lt;/fil*****

*****faultDoc*****

*****em.webS*****

*****uratio*****

修复方案:

# 删除备份文件

知识来源: www.wooyun.org/bugs/wooyun-2015-088195

阅读:397591 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“星巴克官网备份可下载导致敏感信息泄露(含操作系统Administrator密码)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

九层之台,起于累土;黑客之术,始于阅读

推广

工具

标签云