乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2012-09-11: 细节已通知厂商并且等待厂商处理中 2012-09-15: 厂商已经确认,细节仅向厂商公开 2012-09-25: 细节向核心白帽子及相关领域专家公开 2012-10-05: 细节向普通白帽子公开 2012-10-15: 细节向实习白帽子公开 2012-10-26: 细节向公众公开
RT
ftp://125.64.3.6/其中有整站备份包和数据库备份ftp://125.64.3.6/web/Uploads/ 里面全是电信的图片。还有旁注查询是这个站:http://3g.yn.189.cn/直接访问IP会跳到一个办公管理系统,存在弱口令:admin/admin。
ftp> o 3g.yn.189.cnConnected to 3g.yn.189.cn.220 Serv-U FTP Server v6.4 for WinSock ready...Name (3g.yn.189.cn:FengGou): ftp331 User name okay, please send complete E-mail address as password.Password: 230 User logged in, proceed.Remote system type is UNIX.Using binary mode to transfer files.ftp> ls227 Entering Passive Mode (125,64,3,6,9,196)150 Opening ASCII mode data connection for /bin/ls.drw-rw-rw- 1 user group 0 Aug 4 15:07 .drw-rw-rw- 1 user group 0 Aug 4 15:07 ..drw-rw-rw- 1 user group 0 Nov 12 2010 Rewrite-rw-rw-rw- 1 user group 5333504 Oct 25 2010 bbs_189sc_com20101025.bak-rw-rw-rw- 1 user group 912129 Aug 4 15:07 bbs_189sc_com20101025.rardrw-rw-rw- 1 user group 0 Apr 9 2011 datadrw-rw-rw- 1 user group 0 Aug 4 14:09 web226 Transfer complete.ftp> ls web/227 Entering Passive Mode (125,64,3,6,9,197)150 Opening ASCII mode data connection for /bin/ls.total 5345418drw-rw-rw- 1 user group 0 Aug 4 14:09 .drw-rw-rw- 1 user group 0 Aug 4 14:09 ..-rw-rw-rw- 1 user group 91 Aug 7 2007 AddFavorite.aspx-rw-rw-rw- 1 user group 89 Aug 7 2007 AddFriend.aspx-rw-rw-rw- 1 user group 379 Aug 7 2007 Admin_Advertisement.aspx-rw-rw-rw- 1 user group 385 Aug 7 2007 Admin_AdvertisementAdd.aspx-rw-rw-rw- 1 user group 363 Aug 7 2007 Admin_Board.aspx-rw-rw-rw- 1 user group 369 Aug 7 2007 Admin_BoardAdd.aspx-rw-rw-rw- 1 user group 373 Aug 7 2007 Admin_BoardRight.aspx-rw-rw-rw- 1 user group 379 Aug 7 2007 Admin_BoardRightAdd.aspx-rw-rw-rw- 1 user group 371 Aug 7 2007 Admin_ConfigAll.aspx-rw-rw-rw- 1 user group 379 Aug 7 2007 Admin_ConfigPicture.aspx-rw-rw-rw- 1 user group 375 Aug 7 2007 Admin_ConfigPoint.aspx-rw-rw-rw- 1 user group 381 Aug 7 2007 Admin_ConfigSecurity.aspx-rw-rw-rw- 1 user group 377 Aug 7 2007 Admin_ConfigUpload.aspx-rw-rw-rw- 1 user group 363 Aug 7 2007 Admin_Emote.aspx-rw-rw-rw- 1 user group 369 Aug 7 2007 Admin_EmoteAdd.aspx-rw-rw-rw- 1 user group 363 Aug 7 2007 Admin_Error.aspx-rw-rw-rw- 1 user group 361 Aug 7 2007 Admin_Face.aspx-rw-rw-rw- 1 user group 367 Aug 7 2007 Admin_FaceAdd.aspx-rw-rw-rw- 1 user group 363 Aug 7 2007 Admin_Group.aspx-rw-rw-rw- 1 user group 369 Aug 7 2007 Admin_GroupAdd.aspx-rw-rw-rw- 1 user group 367 Aug 7 2007 Admin_History.aspx-rw-rw-rw- 1 user group 357 Aug 7 2007 Admin_IP.aspx-rw-rw-rw- 1 user group 363 Aug 7 2007 Admin_IPAdd.aspx-rw-rw-rw- 1 user group 168 Aug 7 2007 Admin_Index.aspx-rw-rw-rw- 1 user group 369 Aug 7 2007 Admin_Language.aspx-rw-rw-rw- 1 user group 166 Aug 7 2007 Admin_Left.aspx-rw-rw-rw- 1 user group 363 Aug 7 2007 Admin_Level.aspx-rw-rw-rw- 1 user group 369 Aug 7 2007 Admin_LevelAdd.aspx-rw-rw-rw- 1 user group 361 Aug 7 2007 Admin_Link.aspx-rw-rw-rw- 1 user group 367 Aug 7 2007 Admin_LinkAdd.aspx-rw-rw-rw- 1 user group 353 Aug 7 2007 Admin_Log.aspx-rw-rw-rw- 1 user group 367 Aug 7 2007 Admin_LogView.aspx-rw-rw-rw- 1 user group 358 Aug 7 2007 Admin_Login.aspx-rw-rw-rw- 1 user group 361 Aug 7 2007 Admin_Menu.aspx-rw-rw-rw- 1 user group 367 Aug 7 2007 Admin_MenuAdd.aspx-rw-rw-rw- 1 user group 366 Aug 7 2007 Admin_Message.aspx-rw-rw-rw- 1 user group 374 Aug 7 2007 Admin_MessageSend.aspx-rw-rw-rw- 1 user group 374 Aug 7 2007 Admin_MessageView.aspx-rw-rw-rw- 1 user group 361 Aug 7 2007 Admin_News.aspx-rw-rw-rw- 1 user group 367 Aug 7 2007 Admin_NewsAdd.aspx-rw-rw-rw- 1 user group 357 Aug 7 2007 Admin_OK.aspx-rw-rw-rw- 1 user group 377 Aug 7 2007 Admin_RefreshCache.aspx-rw-rw-rw- 1 user group 367 Aug 7 2007 Admin_Replace.aspx-rw-rw-rw- 1 user group 373 Aug 7 2007 Admin_ReplaceAdd.aspx-rw-rw-rw- 1 user group 361 Aug 7 2007 Admin_Skin.aspx-rw-rw-rw- 1 user group 367 Aug 7 2007 Admin_SkinAdd.aspx-rw-rw-rw- 1 user group 355 Jan 16 2008 Admin_Team.aspx-rw-rw-rw- 1 user group 367 Aug 7 2007 Admin_TeamAdd.aspx-rw-rw-rw- 1 user group 369 Aug 7 2007 Admin_Template.aspx-rw-rw-rw- 1 user group 375 Aug 7 2007 Admin_TemplateAdd.aspx-rw-rw-rw- 1 user group 350 Aug 7 2007 Admin_Top.aspx-rw-rw-rw- 1 user group 363 Aug 7 2007 Admin_Topic.aspx-rw-rw-rw- 1 user group 377 Aug 7 2007 Admin_TopicConfirm.aspx-rw-rw-rw- 1 user group 369 Aug 7 2007 Admin_TopicDel.aspx-rw-rw-rw- 1 user group 371 Aug 7 2007 Admin_TopicMove.aspx-rw-rw-rw- 1 user group 377 Aug 7 2007 Admin_TopicRecycle.aspx-rw-rw-rw- 1 user group 375 Aug 7 2007 Admin_TopicSearch.aspx-rw-rw-rw- 1 user group 373 Aug 7 2007 Admin_UploadFace.aspx-rw-rw-rw- 1 user group 373 Aug 7 2007 Admin_UploadFile.aspx-rw-rw-rw- 1 user group 361 Aug 7 2007 Admin_User.aspx-rw-rw-rw- 1 user group 367 Aug 7 2007 Admin_UserAdd.aspx-rw-rw-rw- 1 user group 373 Aug 7 2007 Admin_UserRename.aspx-rw-rw-rw- 1 user group 373 Aug 7 2007 Admin_UserSearch.aspx-rw-rw-rw- 1 user group 346 Aug 7 2007 Board.aspx-rw-rw-rw- 1 user group 351 Aug 7 2007 BoardLog.aspx-rw-rw-rw- 1 user group 354 Aug 7 2007 BoardNews.aspx-rw-rw-rw- 1 user group 360 Aug 7 2007 ControlPanel.aspxdrw-rw-rw- 1 user group 0 Nov 14 2010 Controls-rw-rw-rw- 1 user group 86 Aug 7 2007 Download.aspx-rw-rw-rw- 1 user group 4335441 Jan 18 2011 FTP.rardrw-rw-rw- 1 user group 0 Sep 19 2010 FindPassword-rw-rw-rw- 1 user group 364 Aug 27 2007 ForgetPassword.aspx-rw-rw-rw- 1 user group 3915 Dec 7 2010 Forum.config-rw-rw-rw- 1 user group 339 Aug 7 2007 ForumTopic.aspx-rw-rw-rw- 1 user group 426 Aug 7 2007 Frame.aspx-rw-rw-rw- 1 user group 682 Aug 20 2007 Frame.htmdrw-rw-rw- 1 user group 0 Oct 3 2010 FreeTextBox-rw-rw-rw- 1 user group 92 Apr 23 2010 GetTopicListJs.aspx-rw-rw-rw- 1 user group 4884 Dec 20 2010 Help.aspx-rw-rw-rw- 1 user group 346 Aug 7 2007 Index.aspx-rw-rw-rw- 1 user group 2986 Dec 3 2007 IndexSearch.htm-rw-rw-rw- 1 user group 358 Aug 7 2007 Information.aspx-rw-rw-rw- 1 user group 478 Aug 7 2007 Left.aspx-rw-rw-rw- 1 user group 346 Aug 7 2007 Login.aspx-rw-rw-rw- 1 user group 84 Aug 7 2007 Logout.aspx-rw-rw-rw- 1 user group 43828873 Oct 20 2010 McAfee85i.rar-rw-rw-rw- 1 user group 336 Aug 7 2007 Members.aspx-rw-rw-rw- 1 user group 358 Aug 7 2007 MessageView.aspx-rw-rw-rw- 1 user group 352 Aug 7 2007 NewsView.aspx-rw-rw-rw- 1 user group 93 Oct 6 2010 Office_DownLoad.aspx-rw-rw-rw- 1 user group 367 Oct 5 2010 Office_Index.aspx-rw-rw-rw- 1 user group 362 Dec 7 2010 Office_Login.aspx-rw-rw-rw- 1 user group 379 Nov 23 2010 Office_Resources.aspx-rw-rw-rw- 1 user group 382 Dec 9 2010 Office_ShareInfoPub.aspx-rw-rw-rw- 1 user group 402 Dec 7 2010 Office_ShareInfos.aspx-rw-rw-rw- 1 user group 379 Dec 7 2010 Office_setting.aspx-rw-rw-rw- 1 user group 318 Nov 7 2010 Office_tmp.aspx-rw-rw-rw- 1 user group 344 Aug 7 2007 Post.aspx-rw-rw-rw- 1 user group 352 Aug 7 2007 PostEdit.aspxdrw-rw-rw- 1 user group 0 Sep 19 2010 Properties-rw-rw-rw- 1 user group 83 Aug 7 2007 Quote.aspx-rw-rw-rw- 1 user group 81 Aug 7 2007 RSS.aspx-rw-rw-rw- 1 user group 352 Aug 7 2007 Register.aspx-rw-rw-rw- 1 user group 346 Aug 7 2007 Reply.aspxdrw-rw-rw- 1 user group 0 Nov 7 2010 Resources-rw-rw-rw- 1 user group 1277240939 Oct 25 2010 SQLServer2005.rar-rw-rw-rw- 1 user group 348 Aug 7 2007 Search.aspx-rw-rw-rw- 1 user group 357 Aug 7 2007 SendMessage.aspx-rw-rw-rw- 1 user group 111 Aug 7 2007 ShowCode.aspx-rw-rw-rw- 1 user group 344 Aug 7 2007 Team.aspx-rw-rw-rw- 1 user group 343 Aug 7 2007 Topic.aspx-rw-rw-rw- 1 user group 354 Aug 7 2007 TopicEdit.aspx-rw-rw-rw- 1 user group 417 Aug 7 2007 Upload.aspx-rw-rw-rw- 1 user group 421 Aug 7 2007 UploadFace.aspxdrw-rw-rw- 1 user group 0 Sep 4 10:51 Uploads-rw-rw-rw- 1 user group 435 Aug 7 2007 UserFace.aspx-rw-rw-rw- 1 user group 355 Aug 7 2007 UserOnline.aspx-rw-rw-rw- 1 user group 352 Aug 7 2007 VoteView.aspx-rw-rw-rw- 1 user group 352 Nov 21 2010 Wap_HomeView.aspxdrw-rw-rw- 1 user group 0 Sep 29 2010 aspnet_clientdrw-rw-rw- 1 user group 0 May 20 2011 bin-rw-rw-rw- 1 user group 4203 Apr 7 2009 color.htmdrw-rw-rw- 1 user group 0 Sep 19 2010 css-rw-rw-rw- 1 user group 449436309 Oct 25 2010 dot.rardrw-rw-rw- 1 user group 0 Sep 19 2010 editordrw-rw-rw- 1 user group 0 Nov 15 2010 emote-rw-rw-rw- 1 user group 2603 Jun 17 2010 ftb.colorpicker.aspx-rw-rw-rw- 1 user group 15130 May 3 2011 ftb.imagegallery.aspx-rw-rw-rw- 1 user group 10288 May 23 2010 ftb.insertAvi.aspx-rw-rw-rw- 1 user group 8418 May 22 2010 ftb.insertFlash.aspx-rw-rw-rw- 1 user group 3712 Jun 17 2010 ftb.inserttable.aspx-rw-rw-rw- 1 user group 1532 Jun 17 2010 ftb.view.aspxdrw-rw-rw- 1 user group 0 Dec 20 2010 helpdrw-rw-rw- 1 user group 0 Oct 29 2010 images-rw-rw-rw- 1 user group 14808 Oct 5 2010 index.htmdrw-rw-rw- 1 user group 0 Sep 19 2010 jsdrw-rw-rw- 1 user group 0 Nov 15 2010 microblogdrw-rw-rw- 1 user group 0 Sep 19 2010 objdrw-rw-rw- 1 user group 0 Dec 6 2010 office-rw-rw-rw- 1 user group 24 Dec 11 2010 robots.txt-rw-rw-rw- 1 user group 82 Nov 12 2010 t.aspxdrw-rw-rw- 1 user group 0 Sep 19 2010 teamphotodrw-rw-rw- 1 user group 0 Apr 9 2011 templatedrw-rw-rw- 1 user group 0 Nov 1 2011 uploaddrw-rw-rw- 1 user group 0 Nov 13 2010 uploadfacedrw-rw-rw- 1 user group 0 Dec 9 2010 userface-rw-rw-rw- 1 user group 346 Nov 21 2010 wap_Friends.aspx-rw-rw-rw- 1 user group 348 Dec 5 2010 wap_Groups.aspx-rw-rw-rw- 1 user group 360 Dec 5 2010 wap_GroupsDetail.aspx-rw-rw-rw- 1 user group 350 Dec 5 2010 wap_ImgView.aspx-rw-rw-rw- 1 user group 346 Nov 21 2010 wap_Index.aspx-rw-rw-rw- 1 user group 346 Nov 21 2010 wap_MyAttentions.aspx-rw-rw-rw- 1 user group 348 Dec 5 2010 wap_Replay.aspx-rw-rw-rw- 1 user group 352 Dec 5 2010 wap_Timeline.aspx-rw-rw-rw- 1 user group 344 Nov 21 2010 wap_home.aspx-rw-rw-rw- 1 user group 346 Dec 5 2010 wap_login.aspx-rw-rw-rw- 1 user group 22953 Nov 23 2010 web.config-rw-rw-rw- 1 user group 7992399 Aug 4 14:04 web.rar-rw-rw-rw- 1 user group 951391539 Aug 4 14:08 web2.rar-rw-rw-rw- 1 user group 580109 Feb 17 2011 wwwroot.rar-rw-rw-rw- 1 user group 1885893 Oct 25 2010 ???????.rar226 Transfer complete.ftp>
我不瞎掺和了
危害等级:高
漏洞Rank:11
确认时间:2012-09-15 18:29
CNVD确认漏洞并复现所情况,并在周五已经由CNCERT四川分中心协调基础电信运营企业(信息系统所属单位为电信运营商直属单位)处置。按完全影响机密性,部分影响完整性进行评分,rank=8.47*1.0*1.2=10.764
暂无