SAE Sina cloud after the end of an arbitrary file read vulnerability and fix-vulnerability warning-the black bar safety net

2011-12-04T00:00:00
ID MYHACK58:62201132516
Type myhack58
Reporter 佚名
Modified 2011-12-04T00:00:00

Description

Describe: Sina SAE uses an unsafe third-party components, may result in any read after end of file

Detailed description: http://pma.tools.sinaapp.com/

Is a mysql management client, using phpmyadmin, according to a recent 80sec in the tick published on phpmyadmin arbitrary file reading vulnerability you can read the other file, and because the application is deployed in a more sensitive rear end, not subject to the sandbox restrictions

Vulnerability to prove:

root:x:0:0:root:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/nologin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

sync:x:5:0:sync:/sbin:/bin/sync

shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown

halt:x:7:0:halt:/sbin:/sbin/halt

mail:x:8:1 2:mail:/var/spool/mail:/sbin/nologin

news:x:9:1 3:news:/etc/news:

uucp:x:1 0:1 4:uucp:/var/spool/uucp:/sbin/nologin

operator:x:1 1:0:operator:/root:/sbin/nologin

games:x:1 2:1 0 0:games:/usr/games:/sbin/nologin

gopher:x:1 3:3 0:gopher:/var/gopher:/sbin/nologin

ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

nobody:x:9 9:9 9:Nobody:/:/sbin/nologin

nscd:x:2 8:2 8:NSCD Daemon:/:/sbin/nologin

ntp:x:3 8:3 8::/etc/ntp:/sbin/nologin

vcsa:x:6 9:6 9:virtual console memory owner:/dev:/sbin/nologin

oprofile:x:1 6:1 6:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin

sysmon:x:6 0 4 2 2:6 0 4 2 2::/nonexistent:/nologin

sshd:x:5 0 0:5 0 0::/home/sshd:/sbin/nologin

pcap:x:7 7:7 7::/var/arpwatch:/sbin/nologin

dbus:x:8 1:8 1:System message bus:/:/sbin/nologin

avahi:x:7 0:7 0:Avahi daemon:/:/sbin/nologin

rpc:x:3 2:3 2:Portmapper RPC user:/:/sbin/nologin

xfs:x:4 3:4 3:X Font Server:/etc/X11/fs:/sbin/nologin

mailnull:x:4 7:4 7::/var/spool/mqueue:/sbin/nologin

smmsp:x:5 1:5 1::/var/spool/mqueue:/sbin/nologin

rpcuser:x:2 9:2 9:RPC Service User:/var/lib/nfs:/sbin/nologin

nfsnobody:x:6 5 5 3 4:6 5 5 3 4:Anonymous NFS User:/var/lib/nfs:/sbin/nologin

haldaemon:x:6 8:6 8:HAL daemon:/:/sbin/nologin

avahi-autoipd:x:1 0 0:1 0 4:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin

sabayon:x:8 6:8 6:Sabayon user:/home/sabayon:/sbin/nologin

www:x:8 0:8 0::/usr/local/sinasrv2:/sbin/nologin

mysql:x:3 3 0 6:3 3 0 6::/usr/local/mysql:/sbin/nologin

nagios:x:1 0 1:1 0 5:nagios:/var/log/nagios:/sbin/nologin

xiongjun:x:3 3 0 7:3 3 0 8::/usr/home/xiongjun:/bin/bash

yongri:x:3 3 0 8:3 3 0 9::/usr/home/yongri:/bin/bash

xiaoyue1:x:3 3 0 9:3 3 1 0::/usr/home/xiaoyue1:/bin/bash

pengjie:x:3 3 1 0:3 3 1 1::/usr/home/pengjie:/bin/bash

weiliang:x:3 3 1 1:3 3 1 2::/usr/home/weiliang:/bin/bash

wangliang4:x:3 3 1 2:3 3 1 3::/usr/home/wangliang4:/bin/bash

yuli3:x:3 3 1 3:3 3 1 4::/usr/home/yuli3:/bin/bash

leilei3:x:3 3 1 5:3 3 1 6::/usr/home/leilei3:/bin/bash

xixi1:x:3 3 1 6:3 3 1 7::/usr/home/xixi1:/bin/bash

001ee000-0 0 2 8 1 0 0 0 r-xp 0 0 0 0 0 0 0 0 fd:0 1 8 3 2 8 5 /usr/lib/libkrb5. so. 3. 3

00281000-00284000 rw-p 0 0 0 9 2 0 0 0 fd:0 1 8 3 2 8 5 /usr/lib/libkrb5. so. 3. 3

002ba000-002df000 r-xp 0 0 0 0 0 0 0 0 fd:0 1 8 3 2 8 4 /usr/lib/libk5crypto.a so. 3. 1

002df000-002e0000 rw-p 0 0 0 2 5 0 0 0 fd:0 1 8 3 2 8 4 /usr/lib/libk5crypto.a so. 3. 1

00364000-00391000 r-xp 0 0 0 0 0 0 0 0 fd:0 1 8 3 2 8 6 /usr/lib/libgssapi_krb5.a so. 2. 2

00391000-00392000 rw-p 0002d000 fd:0 1 8 3 2 8 6 /usr/lib/libgssapi_krb5.a so. 2. 2

0 0 3 9 4 0 0 0-003b3000 r-xp 0 0 0 0 0 0 0 0 fd:0 1 1 7 5 7 6 3 8 /lib/libexpat.a so. 0. 5. 0

003b3000-003b5000 rw-p 0001e000 fd:0 1 1 7 5 7 6 3 8 /lib/libexpat.a so. 0. 5. 0

003b7000-004e3000 r-xp 0 0 0 0 0 0 0 0 fd:0 1 7 5 9 0 1 /usr/lib/libxml2.a so. 2. 6. 2 6

004e3000-004e8000 rw-p 0012c000 fd:0 1 7 5 9 0 1 /usr/lib/libxml2.a so. 2. 6. 2 6

004e8000-004e9000 rw-p 0 0 0 0 0 0 0 0 0 0:0 0 0

00606000-00620000 r-xp 0 0 0 0 0 0 0 0 fd:0 1 1 7 5 7 6 1 9 /lib/ld-2.5. so

00620000-00621000 r--p 0 0 0 1 9 0 0 0 fd:0 1 1 7 5 7 6 1 9 /lib/ld-2.5. so

00621000-00622000 rw-p 0001a000 fd:0 1 1 7 5 7 6 1 9 /lib/ld-2.5. so

00629000-00768000 r-xp 0 0 0 0 0 0 0 0 fd:0 1 1 7 5 7 6 2 0 /lib/libc-2.5. so

[1] [2] [3] [4] [5] next