乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2012-07-05: 细节已通知厂商并且等待厂商处理中 2012-07-10: 厂商已经主动忽略漏洞,细节向公众公开
都知道的structs2命令执行漏洞
http://www.dianping.com/login 大众点评网
-rwxr-xr-x 1 root root 3535 Oct 22 2007 classpath.sh-rwxr-xr-x 1 root root 8808 Oct 22 2007 jboss_init_hpux.sh-rwxr-xr-x 1 root root 2773 Oct 22 2007 jboss_init_redhat.sh-rwxr-xr-x 1 root root 3754 Oct 22 2007 jboss_init_suse.sh-rw-r--r-- 1 root root 535 Oct 22 2007 probe.bat-rwxr-xr-x 1 root root 918 Oct 22 2007 probe.sh-rw-r--r-- 1 root root 3830 Oct 22 2007 run.bat-rw-r--r-- 1 root root 3707 Jun 28 10:32 run.conf-rw-r--r-- 1 root root 43534 Oct 22 2007 run.jar-rwxr-xr-x 1 root root 6745 Oct 22 2007 run.sh-rw-r--r-- 1 root root 1809 Oct 22 2007 shutdown.bat-rw-r--r-- 1 root root 21713 Oct 22 2007 shutdown.jar-rwxr-xr-x 1 root root 1903 Oct 22 2007 shutdown.sh-rw-r--r-- 1 root root 2074 Oct 22 2007 twiddle.bat-rw-r--r-- 1 root root 47297 Oct 22 2007 twiddle.jar-rwxr-xr-x 1 root root 2348 Oct 22 2007 twiddle.sh-rw-r--r-- 1 root root 2579 Aug 17 2007 wsconsume.bat-rwxr-xr-x 1 root root 4064 Aug 17 2007 wsconsume.sh-rw-r--r-- 1 root root 2116 Aug 17 2007 wsprovide.bat-rwxr-xr-x 1 root root 4487 Aug 17 2007 wsprovide.sh-rw-r--r-- 1 root root 2986 Oct 12 2007 wsrunclient.bat-rwxr-xr-x 1 root root 2857 Oct 12 2007 wsrunclient.sh-rw-r--r-- 1 root root 2506 Oct 12 2007 wstools.bat-rwxr-xr-x 1 root root 3244 Oct 12 2007 wstools.sh
root:x:0:0:root:/root:/bin/dpshbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/nologinuucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologingopher:x:13:30:gopher:/var/gopher:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologindbus:x:81:81:System message bus:/:/sbin/nologinrpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologinvcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologinabrt:x:499:499::/etc/abrt:/sbin/nologinsaslauth:x:498:498:"Saslauthd user":/var/empty/saslauth:/sbin/nologinpostfix:x:89:89::/var/spool/postfix:/sbin/nologinhaldaemon:x:68:68:HAL daemon:/:/sbin/nologinavahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologinrpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologinnfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologinarpwatch:x:77:77::/var/lib/arpwatch:/sbin/nologinntp:x:38:38::/etc/ntp:/sbin/nologintcpdump:x:72:72::/:/sbin/nologinoprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologinnagios:x:500:500::/home/nagios:/sbin/nologinjavaer:x:2100:2100:DEV USER:/home/javaer:/bin/bashhawk:x:600:600:HAWK USER:/home/hawk:/bin/bashnscd:x:28:28:NSCD Daemon:/:/sbin/nologinnslcd:x:65:55:LDAP Client User:/:/sbin/nologinpuppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologindeploy:x:2000:2000:DianPing deploy user:/home/deploy:/bin/bashzabbix:x:2101:10002::/dev/null:/sbin/nologin
点评网,商家,用户数据太多了。
危害等级:无影响厂商忽略
忽略时间:2012-07-10 11:51
暂无