-
Notifications
You must be signed in to change notification settings - Fork 58
/
Copy pathenterprise:server [WooYun WiKi].html
122 lines (98 loc) · 14.4 KB
/
enterprise:server [WooYun WiKi].html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><meta name="exporter-version" content="Evernote Mac 6.8 (453748)"/><meta name="created" content="2016-10-19 13:06:17 +0000"/><meta name="source" content="web.clip"/><meta name="source-url" content="http://wiki.wooyun.org/enterprise:server"/><meta name="updated" content="2016-10-19 13:06:17 +0000"/><title>enterprise:server [WooYun WiKi]</title></head><body><div style="-evernote-webclip:true"><br/><div style="font-size: 16px"><div style="box-sizing:border-box;font-family:sans-serif;text-size-adjust:100%;font-size:10px;-webkit-tap-highlight-color:rgba(0, 0, 0, 0);"><div style="box-sizing:border-box;font-family:"Helvetica Neue", Helvetica, Arial, sans-serif;font-size:small;line-height:1.42857;color:rgb(51, 51, 51);background:rgb(253, 253, 253);"><div style="box-sizing:border-box;"><span style="display:table;" /><div style="box-sizing:border-box;"><span style="box-sizing:border-box;display:block;margin-right:-15px;margin-left:-15px;"><span style="display:table;" /><div style="box-sizing:border-box;display:block;position:relative;min-height:1px;padding-right:15px;padding-left:15px;"><div style="box-sizing:border-box;margin-bottom:20px;background-color:rgb(255, 255, 255);border:1px solid transparent;border-radius:4px;box-shadow:rgba(0, 0, 0, 0.0470588) 0px 1px 1px;border-color:rgb(221, 221, 221);"><div style="box-sizing:border-box;padding:15px;display:block;"><span style="display:table;"/><h2 style="box-sizing:border-box;font-family:inherit;font-weight:500;line-height:1.1;color:inherit;margin-top:20px;margin-bottom:10px;font-size:30px;">服务配置</h2>
<div style="box-sizing:border-box;">
<hr style="border-left-style:initial;height:0px;margin-top:20px;margin-bottom:20px;border-width:1px 0px 0px;border-right-style:initial;border-bottom-style:initial;box-sizing:content-box;border-right-color:initial;border-bottom-color:initial;border-left-color:initial;border-image:initial;border-top-style:solid;border-top-color:rgb(238, 238, 238);"/>
</div>
<h3 style="box-sizing:border-box;font-family:inherit;font-weight:500;line-height:1.1;color:inherit;margin-top:20px;margin-bottom:10px;font-size:24px;">1、敏感系统或服务数据可被访问</h3>
<div style="box-sizing:border-box;">
<hr style="border-left-style:initial;height:0px;margin-top:20px;margin-bottom:20px;border-width:1px 0px 0px;border-right-style:initial;border-bottom-style:initial;box-sizing:content-box;border-right-color:initial;border-bottom-color:initial;border-left-color:initial;border-image:initial;border-top-style:solid;border-top-color:rgb(238, 238, 238);"/>
<ul style="box-sizing:border-box;margin-top:0px;margin-bottom:10px;">
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:ftp" title="server:ftp" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">FTP安全配置</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:mysql" title="server:mysql" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">MySQL安全配置</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:mssql" title="server:mssql" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">MSSQL安全配置</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:memcached" title="server:memcached" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">Memcached安全配置</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:mongodb" title="server:mongodb" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">MongoDB安全配置</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:redis" title="server:redis" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">Redis安全配置</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:nagios" title="server:nagios" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">Nagios安全配置</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:rsync" title="server:rsync" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">rsync安全配置</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:snmp" title="server:snmp" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">Snmp安全配置</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:zabbix" title="server:zabbix" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">Zabbix安全配置</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:cacti" title="server:cacti" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">Cacti安全配置</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:nfs" title="server:nfs" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">NFS安全配置</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:hadoop" title="server:hadoop" rel="nofollow" style="box-sizing:border-box;background-color:transparent;color:rgb(169, 68, 66);text-decoration:none;border-bottom:1px dashed;">Hadoop安全配置</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:elasticsearch" title="server:elasticsearch" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">ElasticSearch安全配置</a></div>
</li>
</ul>
</div>
<h3 style="box-sizing:border-box;font-family:inherit;font-weight:500;line-height:1.1;color:inherit;margin-top:20px;margin-bottom:10px;font-size:24px;">2、配置产生漏洞</h3>
<div style="box-sizing:border-box;">
<hr style="border-left-style:initial;height:0px;margin-top:20px;margin-bottom:20px;border-width:1px 0px 0px;border-right-style:initial;border-bottom-style:initial;box-sizing:content-box;border-right-color:initial;border-bottom-color:initial;border-left-color:initial;border-image:initial;border-top-style:solid;border-top-color:rgb(238, 238, 238);"/>
</div>
<h4 style="box-sizing:border-box;font-family:inherit;font-weight:500;line-height:1.1;color:inherit;margin-top:10px;margin-bottom:10px;font-size:18px;">2.1 HTTP Server</h4>
<div style="box-sizing:border-box;">
<ul style="box-sizing:border-box;margin-top:0px;margin-bottom:10px;">
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:file-disclosure" title="server:file-disclosure" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">文件泄露</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:httpput" title="server:httpput" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">HTTP请求方法(PUT)</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:resolve" title="server:resolve" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">解析漏洞</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:directory-list" title="server:directory-list" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">目录遍历</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:padding-oracle-attack" title="server:padding-oracle-attack" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">padding oracle attack</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:j2ee" title="server:j2ee" rel="nofollow" style="box-sizing:border-box;background-color:transparent;color:rgb(169, 68, 66);text-decoration:none;border-bottom:1px dashed;">j2ee架构配置</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:host" title="server:host" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">host绑定的不安全因素</a></div>
</li>
</ul>
</div>
<h4 style="box-sizing:border-box;font-family:inherit;font-weight:500;line-height:1.1;color:inherit;margin-top:10px;margin-bottom:10px;font-size:18px;">2.2 其他服务</h4>
<div style="box-sizing:border-box;">
<ul style="box-sizing:border-box;margin-top:0px;margin-bottom:10px;">
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:zone-transfer" title="server:zone-transfer" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">DNS 域传送漏洞</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:squid" title="server:squid" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">squid</a></div>
</li>
</ul>
</div>
<h3 style="box-sizing:border-box;font-family:inherit;font-weight:500;line-height:1.1;color:inherit;margin-top:20px;margin-bottom:10px;font-size:24px;">3、未修复公开漏洞</h3>
<div style="box-sizing:border-box;">
<hr style="border-left-style:initial;height:0px;margin-top:20px;margin-bottom:20px;border-width:1px 0px 0px;border-right-style:initial;border-bottom-style:initial;box-sizing:content-box;border-right-color:initial;border-bottom-color:initial;border-left-color:initial;border-image:initial;border-top-style:solid;border-top-color:rgb(238, 238, 238);"/>
<ul style="box-sizing:border-box;margin-top:0px;margin-bottom:10px;">
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:openssl" title="server:openssl" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">心脏滴血(openssl)</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:bash" title="server:bash" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;">bash漏洞(shellshock)</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"><a href="https://web.archive.org/web/20160102042252/http://wiki.wooyun.org/server:php" title="server:php" rel="nofollow" style="box-sizing:border-box;background-color:transparent;color:rgb(169, 68, 66);text-decoration:none;border-bottom:1px dashed;">PHP-CGI、RCE</a>
</div>
</li>
</ul>
</div>
<span style="display:table;clear:both;"/></div>
</div>
</div>
<span style="display:table;clear:both;" /></span>
<div style="box-sizing:border-box;display:block;font-size:85%;">
<a href="#" title="跳至内容>" style="vertical-align:middle;background-color:rgb(255, 255, 255);color:rgb(51, 51, 51);text-decoration:none;display:inline-block;padding:5px 10px;margin-bottom:0px;font-size:12px;font-weight:400;line-height:1.5;text-align:center;white-space:nowrap;box-sizing:border-box;touch-action:manipulation;cursor:pointer;-webkit-user-select:none;background-image:none;border:1px solid transparent;border-radius:3px;border-color:rgb(204, 204, 204);position:fixed;bottom:10px;right:10px;opacity:0.8;"><i style="box-sizing:border-box;position:relative;top:1px;display:inline-block;font-family:"Glyphicons Halflings";font-style:normal;font-weight:400;line-height:1;-webkit-font-smoothing:antialiased;"><span style="font-family:"Glyphicons Halflings";font-style:normal;font-weight:400;line-height:1;"></span></i></a>
<div style="box-sizing:border-box;text-align:center;">
<p style="box-sizing:border-box;margin:0px 0px 10px;"
/>
</div>
</div>
</div>
<span style="display:table;clear:both;" /></div></div></div></div><br/></div></body></html>