基層醫(yī)療衛(wèi)生信息系統(tǒng) (3)

《基層醫(yī)療衛(wèi)生信息系統(tǒng) (3)》由會(huì)員分享，可在線閱讀，更多相關(guān)《基層醫(yī)療衛(wèi)生信息系統(tǒng) (3)（69頁珍藏版）》請(qǐng)?jiān)谘b配圖網(wǎng)上搜索。

1、http:/10.8.3.187:9001/phis/web應(yīng)用安全檢測(cè)報(bào)告TideSec安全團(tuán)隊(duì)2020年08月12日rpcServer/servlet-namecom. caucho. hessian, server. HessianServlethome-classctd. net. rpc. server. HessianServiceDispatherrpcServer/rpc/*/url-pattern/servlet-mapping!一 AuthorizationServletctd. oauth. AuthorizationCostomAuthLogonctd.oauth. A

2、uthLogonservlet-mappingsservlet-nameAuthorizationServlet/oauth/authorizeAuthLogon/oauth/authorize_logon/servlet-mappings -HttpForwardphis. source, controller. HttpControllerForward/servlet-classHttpForward/forward/*/url-pattern/servlet-mappingHTTP請(qǐng)求GET /phis/resources/phis/css/images/./././WEB-INF/w

3、eb.xml?HTTP/1.1Host: 10.8.3.187:9001Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0Safari/537.21Accept: */*加固建議過濾（點(diǎn)）等可能的惡意字符：這個(gè)試用于能夠修改線上代碼，最為推薦的方法正則判斷用戶輸入的參數(shù)的格式，看輸入的格式是否合法：這個(gè)方法的匹配最為準(zhǔn)確和細(xì)致，但是有很大

4、難度，需要大量時(shí)間配置規(guī)則。php.ini配置open_basedir：這個(gè)參數(shù)值得的是用戶只能訪問的目錄，作為不能修改線上代碼時(shí)的備用方案。4.4目錄遍歷漏洞漏洞描述此腳本可能容易受到目錄遍歷攻擊.Directory Traversal是一個(gè)漏洞，允許攻擊者訪問受限目錄并在Web服務(wù)器的根目錄之外執(zhí)行命令。風(fēng)險(xiǎn)等級(jí)高危文件路徑/phis/resources/sencha/ext3/css風(fēng)險(xiǎn)參數(shù)測(cè)試詳情This file was found using the pattern $dirName/./././WEB-INF/web.xml?.Original directory: /phis/

5、resources/sencha/ext3/cssDirectory traversal pattern found:webAppRootKeyphis. rootparam-name1og4jConfigLocati onclasspath:phis/spring/log4j. propertieslog4jRefreshInterval6000org. springframework, web. util. Log4jConfigListener/listener-classctd.mvc.controller, util. MVCSessionListenerspringServleto

6、rg. springframework, web. servlet. DispatcherServletcontextConfigLocationclasspath:ctd/mvc/controller/spring-mvc. xmlclasspath:phis/spring/spring, xmlload-on-startup1/load-on-startupspringServlet/servlet-mappingrpcServer/servlet-namecom. caucho. hessian, server. HessianServlethome-classctd. net. rpc

7、. server. HessianServiceDispatherrpcServer/servlet-name/rpc/*/servlet-mapping!一一 AuthorizationServlet/servlet-namectd. oauth. AuthorizationCostomAuthLogonctd. oauth. AuthLogonAuthorizationServlet/oauth/authorizeservlet-mappingsAuthLogon/oauth/authorize_logon/servlet-mappings 一HttpForwardservlet-clas

8、sphis. source, controller. HttpControllerForward/servlet-classHttpForward/servlet-name/forward/*/servlet-mappingHTTP請(qǐng)求GET /phis/resources/sencha/ext3/css/./././WEB-INF/web.xml?HTTP/1.1Host: 10.8.3.187:9001Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW

9、64)AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0Safari/537.21Accept: */*加固建議過濾.（點(diǎn)）等可能的惡意字符：這個(gè)試用于能夠修改線上代碼，最為推薦的方法正則判斷用戶輸入的參數(shù)的格式，看輸入的格式是否合法：這個(gè)方法的匹配最為準(zhǔn)確和細(xì)致，但是有很大難度，需要大量時(shí)間配置規(guī)則。php.ini配置open basedir：這個(gè)參數(shù)值得的是用戶只能訪問的目錄，作為不能修改線上代碼時(shí)的備用方案。4.5目錄遍歷漏洞漏洞描述此腳本可能容易受到目錄遍歷攻擊.Directory Traversal是一個(gè)漏洞，允許攻擊者

10、訪問受限目錄并在Web服務(wù)器的根目錄之外執(zhí)行命令。風(fēng)險(xiǎn)等級(jí)高危文件路徑/phis/resources/app風(fēng)險(xiǎn)參數(shù)測(cè)試詳情This file was found using the pattern $dirName)/./WEB-INF/web.xml?.Original directory: /phis/resources/appDirectory traversal pattern found:webAppRootKeyphis. rootlog4jConfigLocationclasspath:phis/spring/log4j. propertiescontextparamlog4j

11、RefreshInterval6000/param-valueorg. springframework, web. util. Log4jConfigListenerctd.mvc.controller, util. MVCSessionListenerspringServletorg. springframework, web. servlet. DispatcherServlet/servlet-classcontextConfigLocationparam-valueclasspath:ctd/mvc/controller/spring-mvc. xmlclasspath:phis/sp

12、ring/spring, xml/param-valuelservlet-mappingspringServlet/rpcServer/servlet-namecom. caucho. hessian, server. HessianServlethome-classctd. net. rpc. server. HessianServiceDispatherrpcServer/rpc/*/urlpattern/servlet-mapping!一 AuthorizationServletctd. oauth. AuthorizationCostomAuthLogonservlet-classct

13、d. oauth. AuthLogonAuthorizationServlet/servlet-name/oauth/authorize/servlet-mappingsservlet-mappingsAuthLogon/oauth/authorize_logon/servlet-mappings 一HttpForward/servlet-namephis. source, controller. HttpControllerForward/servlet-classHttpForward/forwardA/servlet-mappingHTTP請(qǐng)求GET /phis/resources/ap

14、p/.AVEB-INF/web.xml? HTTP/1.1Host: 10.8.3.187:9001Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0Safari/537.21Accept: */*加固建議過濾（點(diǎn)）等可能的惡意字符：這個(gè)試用于能夠修改線上代碼，最為推薦的方法正則判斷用戶輸入的參數(shù)的格式，看輸入的格式是否合法：這個(gè)方法的匹

15、配最為準(zhǔn)確和細(xì)致，但是有很大難度，需要大量時(shí)間配置規(guī)則。php.ini配置open_basedir：這個(gè)參數(shù)值得的是用戶只能訪問的目錄，作為不能修改線上代碼時(shí)的備用方案。4.6目錄遍歷漏洞漏洞描述此腳本可能容易受到目錄遍歷攻擊.Directory Traversal是一個(gè)漏洞，允許攻擊者訪問受限目錄并在Web服務(wù)器的根目錄之外執(zhí)行命令。風(fēng)險(xiǎn)等級(jí)高危文件路徑/phis/resources/element風(fēng)險(xiǎn)參數(shù)測(cè)試詳情This file was found using the pattern $(dirName/./WEB-INF/web.xml?.Original directory: /ph

16、is/resources/elementDirectory traversal pattern found:webAppRootKeyphis. root/param-valueparam-name1og4jConfigLocati onclasspath:phis/spring/log4j. properties/context-paramlog4jRefreshInterval6000org.springframework, web. util. Log4jConfigListenerctd.mvc.controller, util. MVCSessionListenerspringSer

17、vletservlet-classorg. springframework, web. servlet. DispatcherServletcontextConfigLocationparam-valueclasspath:ctd/mvc/controller/spring-mvc. xmlclasspath:phis/spring/spring. xml1. 評(píng)估綜述本次評(píng)估對(duì)象為：網(wǎng)站URL： http:/10. 8. 3. 187:9001/phis/網(wǎng)站標(biāo)題：基層醫(yī)療衛(wèi)生信息系統(tǒng)IP地址：ErrorWEB安全掃描結(jié)果：高危漏洞：18個(gè)中危漏洞：6個(gè)低危漏洞：0個(gè)頁面安全檢測(cè)結(jié)果：URL

18、總數(shù)：52動(dòng)態(tài)URL： 1暗鏈頁面： 敏感字頁面：壞鏈頁面：快照頁面：信息泄露測(cè)試結(jié)果：開放端口： Error個(gè)子域名：1個(gè)敏感信息：02. WDScanner簡介近幾年，隨著互聯(lián)網(wǎng)各種安全漏洞愈演愈烈，OPENSSL心臟滴血漏洞、JAVA反序列化漏洞、STRUTS命令執(zhí)行漏洞、ImageMagick命令執(zhí)行漏洞等高危漏洞頻繁爆發(fā)。在這種情況下，為了能在漏洞爆發(fā)后快速形成漏洞檢測(cè)能力，同時(shí)能對(duì)網(wǎng)站或主機(jī)進(jìn)行全面快速的安全檢測(cè)，TideSec安全團(tuán)隊(duì)開發(fā)了分布式web安全監(jiān)測(cè)平臺(tái)WDScanneroWDScanner平臺(tái)主要包括如下功能：分布式web漏洞掃描、客戶管理、漏洞定期掃描、網(wǎng)站爬蟲、暗

19、鏈檢測(cè)、網(wǎng)站指紋識(shí)別、漏洞定向檢測(cè)、代理搜集及部署、密碼定向破解、社工庫查詢等功能。lspringServlet/servlet-mappingrpcServercom. caucho. hessian, server. HessianServlethome-classctd. net. rpc. server. HessianServiceDispatherrpcServer/rpc/*/url-pattern!一一 servlet-nameAuthorizationServletctd. oauth. AuthorizationCostomAuthLogonctd.oauth. AuthL

20、ogonservlet-mappingsAuthorizationServlet/oauth/authorizeservlet-mappingsAuthLogon/servlet-name/oauth/authorize_logon/servlet-mappings 一HttpForwardservlet-classphis. source, controller. HttpControllerForward/servlet-classHttpForward/servlet-name/forward/*/servlet-mappingHTTP請(qǐng)求GET /phis/resources/elem

21、ent/./WEB-INF/web.xml? HTTP/1.1Host: 10.8.3.187:9001Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0Safari/537.21Accept: */*加固建議過濾.（點(diǎn)）等可能的惡意字符：這個(gè)試用于能夠修改線上代碼，最為推薦的方法正則判斷用戶輸入的參數(shù)的格式，看輸入的格式是否合法：這個(gè)方

22、法的匹配最為準(zhǔn)確和細(xì)致，但是有很大難度，需要大量時(shí)間配置規(guī)則。php.ini配置open_basedir：這個(gè)參數(shù)值得的是用戶只能訪問的目錄，作為不能修改線上代碼時(shí)的備用方案。4.7目錄遍歷漏洞漏洞描述此腳本可能容易受到目錄遍歷攻擊.Directory Traversal是一個(gè)漏洞，允許攻擊者訪問受限目錄并在Web服務(wù)器的根目錄之外執(zhí)行命令。風(fēng)險(xiǎn)等級(jí)高危文件路徑/phis/resources/phis風(fēng)險(xiǎn)參數(shù)測(cè)試詳情This file was found using the pattern $dirName/./WEB-INF/web.xml?.Original directory: /phi

23、s/resources/phisDirectory traversal pattern found:webAppRootKeyphis. rootlog4jConfigLocationclasspath:phis/spring/log4j. propertieslog4jRefreshInterval6000/param-valueorg. springframework, web. util. Log4jConfigListener/listener-classctd.mvc. controller, util. MVCSessionListener/listenerclassspringS

24、ervletorg. springframework, web. servlet. DispatcherServletcontextConfigLocationclasspath:ctd/mvc/controller/spring-mvc. xmlclasspath:phis/spring/spring, xml/param-valuelspringServlet/rpcServercom. caucho. hessian, server. HessianServlethome-classparam-valuectd. net. rpc. server. HessianServiceDispa

25、therrpcServer/servlet-name/rpc/*/urlpattern/servlet-mapping!一一 AuthorizationServlet/servlet-namectd. oauth. AuthorizationCostomAuthLogonctd. oauth. AuthLogonservlet-mappingsservlet-nameAuthorizationServlet/oauth/authorizeAuthLogon/oauth/authorize_logon/servlet-mappings -HttpForward/servlet-namephis.

26、 source, controller. HttpControllerForwardHttpForward/servlet-name/forward/*/url-pattern/servlet-mappingHTTP請(qǐng)求GET /phis/resources/phis/./WEB-INF/web.xml? HTTP/1.1Host: 10.8.3.187:9001Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21

27、(KHTML, like Gecko) Chrome/41.0.2228.0Safari/537.21Accept: */*加固建議過濾.（點(diǎn)）等可能的惡意字符：這個(gè)試用于能夠修改線上代碼，最為推薦的方法正則判斷用戶輸入的參數(shù)的格式，看輸入的格式是否合法：這個(gè)方法的匹配最為準(zhǔn)確和細(xì)致，但是有很大難度，需要大量時(shí)間配置規(guī)則。php.ini配置open_basedir：這個(gè)參數(shù)值得的是用戶只能訪問的目錄，作為不能修改線上代碼時(shí)的備用方案。4.8目錄遍歷漏洞漏洞描述此腳本可能容易受到目錄遍歷攻擊.Directory Traversal是一個(gè)漏洞，允許攻擊者訪問受限目錄并在Web服務(wù)器的根目錄之外執(zhí)行

28、命令。風(fēng)險(xiǎn)等級(jí)高危文件路徑/phis/resources/app/desktop風(fēng)險(xiǎn)參數(shù)This file was found using the pattern $dirName)/././WEB-INF/web.xml?.Original directory: /phis/resources/app/desktopDirectory traversal pattern found:測(cè)試詳情webAppRootKeyphis. rootlog4jConfigLocati onclasspath:phis/spring/log4j. propertieslog4jRefreshInterval

29、6000/param-valueorg. springframework, web. util. Log4jConfigListener/listener-classctd.mvc.controller, util. MVCSessionListenerspringServletorg. springframework, web. servlet. DispatcherServlet/servlet-classcontextConfigLocationparam-valueclasspath:ctd/mvc/controller/spring-mvc. xmlclasspath:phis/sp

30、ring/spring. xml/param-valuelspringServlet/servlet-mappingrpcServer/servlet-namecom. caucho. hessian, server. HessianServlethome-classctd. net. rpc. server. HessianServiceDispatherrpcServer/rpc/*/url-pattern/servlet-mapping!一 AuthorizationServletctd. oauth. AuthorizationCostomAuthLogonctd. oauth. Au

31、thLogonservlet-mappingsservlet-nameAuthorizationServlet/oauth/authorizeAuthLogon/oauth/authorize_logon/servlet-mappings -HttpForwardphis. source, controller. HttpControllerForward/servlet-classHttpForward/forward/*/url-pattern/servlet-mappingHTTP請(qǐng)求GET /phis/resources/app/desktop/./.AVEB-INF/web.xml?

32、HTTP/1.1Host: 10.8.3.187:9001Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0Safari/537.21Accept: */*加固建議過濾（點(diǎn)）等可能的惡意字符：這個(gè)試用于能夠修改線上代碼，最為推薦的方法正則判斷用戶輸入的參數(shù)的格式，看輸入的格式是否合法：這個(gè)方法的匹配最為準(zhǔn)確和細(xì)致，但是有很大難度，需要大量

33、時(shí)間配置規(guī)則。php.ini配置open_basedir：這個(gè)參數(shù)值得的是用戶只能訪問的目錄，作為不能修改線上代碼時(shí)的備用方案。4.9目錄遍歷漏洞漏洞描述此腳本可能容易受到目錄遍歷攻擊.Directory Traversal是一個(gè)漏洞，允許攻擊者訪問受限目錄并在Web服務(wù)器的根目錄之外執(zhí)行命令。風(fēng)險(xiǎn)等級(jí)高危文件路徑/phis/resources風(fēng)險(xiǎn)參數(shù)測(cè)試詳情This file was found using the pattern $dirName/./WEB-INF/web.xml?.Original directory: /phis/resourcesDirectory traversal pattern found:webapp xmlns=z，http: /java. sun. com/xml/ns/javaee/zxmlns: xsi=/，http:/www. w3. org/2001/XMLSchema-instancez，xsi: schemaLocation=z/http:/java. sun. com/xml/ns/javaeehttp:/java. sun. com/xml/ns/javaee/we