漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2013-032081
漏洞标题:通过网络整理出来的65个gov/47个edu命令执行漏洞大集合(目前仍为修复的)
相关厂商:政府/教育类站点
漏洞作者: lotte
提交时间:2013-07-24 12:07
修复时间:2013-09-07 12:07
公开时间:2013-09-07 12:07
漏洞类型:文件上传导致任意代码执行
危害等级:高
自评Rank:20
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2013-07-24: 细节已通知厂商并且等待厂商处理中
2013-07-25: 厂商已经确认,细节仅向厂商公开
2013-08-04: 细节向核心白帽子及相关领域专家公开
2013-08-14: 细节向普通白帽子公开
2013-08-24: 细节向实习白帽子公开
2013-09-07: 细节向公众公开
简要描述:
花了两个基本点通宵,通过baidu.com google.com搜索出来的所有 gov和edu CN 的网站,存在风险的漏洞
详细说明:
漏洞证明:
GOV+++++++++++++++++++++++++++++++++++++++++++++++++++++++
www.jcsqxj.gov.cn http://www.jcsqxj.gov.cn/html/pageMsg.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.C:\Program Files\Apache Software Foundation\Tomcat 6.0>)
www.heda.gov.cn http://www.heda.gov.cn/detail.action (Microsoft Windows [鐗堟湰 6.0.6002]鐗堟潈鎵€鏈?(C) 2006 Microsoft Corporation銆備繚鐣欐墍鏈夋潈鍒┿€?)
www.tzjt.gov.cn http://www.tzjt.gov.cn/detail.action (Microsoft Windows [鐗堟湰 5.2.3790](C) 鐗堟潈鎵€鏈?1985-2003 Microsoft Corp.E:\tomcat6-web\bin>)
www.ahxmgk.gov.cn http://www.ahxmgk.gov.cn/gk_340222035.action (f66uid=1001(ahxmgk) gid=100(users) groups=100(users) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023)
www.ylhrss.gov.cn http://www.ylhrss.gov.cn/indexAction.action (Microsoft Windows [H, 6.1.7601]HC@ (c) 2009 Microsoft Corporation軾@ C))
smeljd.jingan.gov.cn http://smeljd.jingan.gov.cn/remarksq!Findid.action (Microsoft Windows [?? 6.1.7601]???? (c) 2009 Microsoft Corporation????????D:\smel_tomcat_x64\bin>)
www.sxaic.gov.cn http://www.sxaic.gov.cn/index_downLoad.action (Microsoft Windows [H, 5.2.3790])
www.guangdongip.gov.cn:8080 http://www.guangdongip.gov.cn:8080/www/userCenter.action (Microsoft Windows [?? 6.0.6002]???? (C) 2006 Microsoft Corporation????????D:\new_project\apache-tomcat-7.0.11\bin>)
www.tailai.gov.cn http://www.tailai.gov.cn/newMsjs_showMsdaByIDZT.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.D:\Tomcat 6.0>)
www.zjls12380.gov.cn http://www.zjls12380.gov.cn/fgzd.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.C:\apache-tomcat-6.0.36-windows-x86\apache-tomcat-6.0.36\bin>)
tian.bjzx.gov.cn http://tian.bjzx.gov.cn/bjzx/cluenew/clueList_xstj.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.d:\Tomcat60>)
www.rzdj.gov.cn http://www.rzdj.gov.cn/toGetPass.action (Microsoft Windows [鐗堟湰 6.1.7600]鐗堟潈鎵€鏈?(c) 2009 Microsoft Corporation銆備繚鐣欐墍鏈夋潈鍒┿€?)
www.wzqx.gov.cn http://www.wzqx.gov.cn/site/article/readArc.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.D:\jboss4.2.2\bin>)
www.naggzy.gov.cn http://www.naggzy.gov.cn/webUser!list.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.)
www.qhd.gov.cn http://www.qhd.gov.cn/front/wmwindex.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.C:\Program Files\Apache Software Foundation\Tomcat 6.0>)
www.qdphb.gov.cn:7001 http://www.qdphb.gov.cn:7001/zlxzmore.action (Microsoft Windows [H, 5.2.3790](C) HC@ 1985-2003 Microsoft Corp.D:\bea\user_projects\domains\wsj_domain_7001>)
www.center.gov.cn http://www.center.gov.cn/dtxx/listFinish.action (uid=0(root) gid=0(root) ?=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) ??=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023)
www.masec.gov.cn http://www.masec.gov.cn/web/showCorpByArea.action (Microsoft Windows [鐗堟湰 6.1.7600]鐗堟潈鎵€鏈?(c) 2009 Microsoft Corporation銆備繚鐣欐墍鏈夋潈鍒┿€?)
www.xmjj.gov.cn http://www.xmjj.gov.cn/xxfw/hjzx.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.D:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0>)
www.nydzjc.gov.cn http://www.nydzjc.gov.cn/getUser/getUser_logout.action (Microsoft Windows [鐗堟湰 6.1.7600]鐗堟潈鎵€鏈?(c) 2009 Microsoft Corporation銆備繚鐣欐墍鏈夋潈鍒┿€?)
www.qjeda.gov.cn http://www.qjeda.gov.cn/sjhd/index.action (Microsoft Windows [鐗堟湰 5.2.3790](C) 鐗堟潈鎵€鏈?1985-2003 Microsoft Corp.E:\tomcat-5.5.17\bin>)
wsbs.zjjxw.gov.cn http://wsbs.zjjxw.gov.cn/index.action (uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel))
www.cdswsjd.gov.cn http://www.cdswsjd.gov.cn/ws/news_newsData.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.)
www.bjjtw.gov.cn http://www.bjjtw.gov.cn/jtw_query/queryindex.action (5a2uid=500(weblogic) gid=600(bea) groups=600(bea))
policy.mofcom.gov.cn http://policy.mofcom.gov.cn/service/news.action (Microsoft Windows 2000 [Version 5.02.3790](C) ???? 1985-2000 Microsoft Corp.D:\Tomcat\Tomcat-6.0>)
czqw.gov.cn http://czqw.gov.cn/newsDatel.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.E:\tomcat\bin>)
www.informatization.gov.cn http://www.informatization.gov.cn/infoBrowser.action (uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel))
www.qahrss.gov.cn http://www.qahrss.gov.cn/newsMultiList.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.D:\Tomcat\bin>)
www.jstd.gov.cn http://www.jstd.gov.cn/kjxx/infoopen/xxgksq.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.D:\njusc\webServer\Tomcat\bin>)
www.llstj.gov.cn http://www.llstj.gov.cn/detail.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.D:\????\association\bin>)
www.jsfpc.gov.cn http://www.jsfpc.gov.cn/hdxx/infoopen/xxgksq.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.D:\jsrk\webServer\tomcat\bin>)
www.btyg.gov.cn http://www.btyg.gov.cn/newsView.action (Microsoft Windows [鐗堟湰 6.1.7600]鐗堟潈鎵€鏈?(c) 2009 Microsoft Corporation銆備繚鐣欐墍鏈夋潈鍒┿€?)
www.pdsspzx.gov.cn http://www.pdsspzx.gov.cn/index/index!list.action (uid=0(root) gid=0(root))
wlkt.yn.gov.cn http://wlkt.yn.gov.cn/onlinelearn/topic_main.action (Microsoft Windows [鐗堟湰 5.2.3790](C) 鐗堟潈鎵€鏈?1985-2003 Microsoft Corp.E:\apache-tomcat-7.0.26-new\bin>)
www.hnds.gov.cn http://www.hnds.gov.cn/taxlawDetail.action (uid=505(weblogic) gid=505(bea) groups=505(bea))
www.jlgs.gov.cn http://www.jlgs.gov.cn/download_fujian.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.E:\gsjTomcat\bin>)
www3.bjxch.gov.cn http://www3.bjxch.gov.cn/login.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.)
www.hedacgb.gov.cn http://www.hedacgb.gov.cn/detail.action (Microsoft Windows [鐗堟湰 6.0.6002]鐗堟潈鎵€鏈?(C) 2006 Microsoft Corporation銆備繚鐣欐墍鏈夋潈鍒┿€?)
www.hedazf.gov.cn http://www.hedazf.gov.cn/detail.action (Microsoft Windows [鐗堟湰 6.0.6002]鐗堟潈鎵€鏈?(C) 2006 Microsoft Corporation銆備繚鐣欐墍鏈夋潈鍒┿€?)
www.acc.gov.cn http://www.acc.gov.cn/portal/page/xkjzztx/qykjzz/qykjzzgd/downloadFile.action (uid=500(weblogic) gid=500(weblogic) groups=500(weblogic))
www.gdcourts.gov.cn http://www.gdcourts.gov.cn/gdcourt/front/case.action (Microsoft Windows [鐗堟湰 6.1.7601]鐗堟潈鎵€鏈?(c) 2009 Microsoft Corporation銆備繚鐣欐墍鏈夋潈鍒┿€?)
www.ychdj.gov.cn http://www.ychdj.gov.cn/list.action (Microsoft Windows [?? 6.1.7600]???? (c) 2009 Microsoft Corporation????????)
share.escience.gov.cn http://share.escience.gov.cn/index/pageIndex_contact.action (uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=root:system_r:unconfined_t:SystemLow-SystemHigh
invest.heda.gov.cn http://invest.heda.gov.cn/english/index.action (Microsoft Windows [鐗堟湰 5.2.3790](C) 鐗堟潈鎵€鏈?1985-2003 Microsoft Corp.D:\tomcat-6-heda\bin>)
www.czwater.gov.cn http://www.czwater.gov.cn/zxdc.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.F:\Tomcat 6.0\webapps>)
app01.szaic.gov.cn http://app01.szaic.gov.cn/Bzzl/pageProjectQueryNotPostBack.action (Microsoft Windows [?? 6.1.7601]???? (c) 2009 Microsoft Corporation????????)
app.mps.gov.cn:8686 http://app.mps.gov.cn:8686/lowAction_view.action (Microsoft Windows [鐗堟湰 6.1.7600]鐗堟潈鎵€鏈?(c) 2009 Microsoft Corporation銆備繚鐣欐墍鏈夋潈鍒┿€?)
hncg.gov.cn http://hncg.gov.cn/caigou/common/open!getBidView.action (Microsoft Windows [H, 5.2.3790](C) HC@ 1985-2003 Microsoft Corp.E:\bea\user_projects\domains\base_domain>)
credit.jms.gov.cn http://credit.jms.gov.cn/news_more.action (uid=0(root) gid=0(root) 缁?0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) 鐜=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
sfjd.miit.gov.cn http://sfjd.miit.gov.cn/BaseInfoAction!findListIndustry.action (Microsoft Windows [?? 6.0.6001]???? (C) 2006 Microsoft Corporation????????)
aqbzh.chinasafety.gov.cn:8080 http://aqbzh.chinasafety.gov.cn:8080/wss/abxxfbAction1!listXxfbMore.action (Microsoft Windows [H, 5.2.3790](C) HC@ 1985-2003 Microsoft Corp.D:\bea\user_projects\domains\wss>)
www.jswst.gov.cn:8083 http://www.jswst.gov.cn:8083/wsapp/nrglIndex.action (uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel))
www.szgswljg.gov.cn http://www.szgswljg.gov.cn/getcompanyinfor.action (uid=501(oracle) gid=502(oinstall) groups=501(dba),502(oinstall) context=user_u:system_r:unconfined_t)
www.wuhan.gov.cn http://www.wuhan.gov.cn/frontpage/cga/qiyeShow.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.C:\WINDOWS\system32>)
www.jianhu.gov.cn http://www.jianhu.gov.cn/jhapp/nrglIndex.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.E:\zgjh\webServer\apache-tomcat-5.5.28\bin>)
www.jngp.gov.cn http://www.jngp.gov.cn/cms/website/detailCategoryContent_getChildNum.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.E:\apache-tomcat-5.5.30\bin>)
www.ntsp.gov.cn http://www.ntsp.gov.cn/xzspweb/spAppoExamine/spAppoExamine!queryBanjian.action (Microsoft Windows [?? 6.0.6002]?? (C) 2006 Microsoft Corporation????????)
xkpt.mot.gov.cn http://xkpt.mot.gov.cn/default/wssq/queryWssqJggs.action (uid=0(root) gid=0(root) groups=0(root))
www.zqas.gov.cn http://www.zqas.gov.cn/website/approve/approveSiteAction!listNews.action (Microsoft Windows [?? 6.1.7600]???? (c) 2009 Microsoft Corporation????????)
zao.lwnykj.gov.cn http://zao.lwnykj.gov.cn/gongqiu!gongqiuListFront.action (Microsoft Windows [?? 6.0.6002]???? (C) 2006 Microsoft Corporation????????)
www.bjghw.gov.cn http://www.bjghw.gov.cn/web/dynamic/user/userAction%24goAddUser.action (uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel))
gsics.nsmc.cma.gov.cn http://gsics.nsmc.cma.gov.cn/fy2dterra.action (uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),488(sfcb) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
www.jswater.gov.cn http://www.jswater.gov.cn/slxxgk/nrglIndex.action (uid=0(root) gid=0(root))
sswz.spb.gov.cn http://sswz.spb.gov.cn/index/froinfo!newsView.action (uid=8062(tomcat) gid=8062(tomcat) groups=8062(tomcat))
sdet.gov.cn http://sdet.gov.cn/portal/level!infoList.action (Microsoft Windows [鐗堟湰 6.1.7601]鐗堟潈鎵€鏈?(c) 2009 Microsoft Corporation銆備繚鐣欐墍鏈夋潈鍒┿€?)
EDU++++++++++++++++++++++++++++++++++++++++++++++++
news.scut.edu.cn http://news.scut.edu.cn/imgnews.action (uid=500(new) gid=500(new) groups=500(new)
www.meeting.edu.cn http://www.meeting.edu.cn/meeting/academicAction!getFirstSubjectslist.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.C:\Program Files\Apache Software Foundation\Tomcat 6.0>)
www.press.zju.edu.cn http://www.press.zju.edu.cn/press/eduResCenterIndex.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.E:\apache-tomcat-5.5.28\bin>)
display.sysu.edu.cn http://display.sysu.edu.cn/web/culture.action (Microsoft Windows XP [?? 5.1.2600](C) ???? 1985-2001 Microsoft Corp.C:\WINDOWS\system32>)
kczx.zju.edu.cn http://kczx.zju.edu.cn/yjskczx/Index.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.C:\WINDOWS\system32>)
zjlll.zjtvu.edu.cn http://zjlll.zjtvu.edu.cn/zsjypt/YhIndex.action (fa0uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),102(pkcs11)
zuir.zju.edu.cn http://zuir.zju.edu.cn/irdp/sjts/tingBook_index.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.E:\apache-tomcat-5.5.28\bin>)
lygl.jnu.edu.cn http://lygl.jnu.edu.cn/articleDetail.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.)
jszy.zju.edu.cn http://jszy.zju.edu.cn/zjuiptp/res/Expert_info.action (Microsoft Windows [鐗堟湰 5.2.3790](C) 鐗堟潈鎵€鏈?1985-2003 Microsoft Corp.D:\apache-tomcat-6.0.30\bin>)
www.tbook.edu.cn http://www.tbook.edu.cn/LoginAction.action (Microsoft Windows [Version 5.2.3790](C) Copyright 1985-2003 Microsoft Corp.D:\work\Tomcat 5.5\bin>)
ggw.hunnu.edu.cn http://ggw.hunnu.edu.cn/ActionArticle!display.action (Microsoft Windows [?? 5.2.3790])
net.wh.sdu.edu.cn http://net.wh.sdu.edu.cn/show.action (uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
dyxx.hust.edu.cn http://dyxx.hust.edu.cn/detail.action (Microsoft Windows [鐗堟湰 5.2.3790](C) 鐗堟潈鎵€鏈?1985-2003 Microsoft Corp.C:\WINDOWS\system32>)
tutv.tju.edu.cn http://tutv.tju.edu.cn/viewByCategory_BY.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.)
se.sjtu.edu.cn http://se.sjtu.edu.cn/news.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.)
www.xgc.hbnu.edu.cn http://www.xgc.hbnu.edu.cn/indexAction_megList.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.C:\Program Files\Apache Software Foundation\Tomcat 7.0>)
lib.cugb.edu.cn http://lib.cugb.edu.cn/retrieval.action (uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
www.tsnc.edu.cn http://www.tsnc.edu.cn/xiaozhang_mail.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.D:\apache-tomcat-7.0.30\bin>)
www.cs.sjtu.edu.cn http://www.cs.sjtu.edu.cn/people_faculty.action (uid=0(root) gid=0(root) groups=0(root)
gdx.sdp.edu.cn http://gdx.sdp.edu.cn/main-newsInfo.action (Microsoft Windows [鐗堟湰 5.2.3790](C) 鐗堟潈鎵€鏈?1985-2003 Microsoft Corp.)
www.heut.edu.cn http://www.heut.edu.cn/main/getAllUINews2SD.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.)
www.rcloud.edu.cn http://www.rcloud.edu.cn/chargerPersonModifyPwdLogAction!to_chargerPersonInputEmail.action (uid=0(root) gid=0(root) 缁?0(root),1(bin),2(daemon),3(sys),6(disk),10(wheel) 鐜=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
psych.ccnu.edu.cn http://psych.ccnu.edu.cn/viewsiteteacher.action (Microsoft Windows [?? 5.2.3790])
gs.hhu.edu.cn:8088 http://gs.hhu.edu.cn:8088/yjsyweb/searchSingleNewsPageWebAction.action (Microsoft Windows [?? 5.2.3790])
inmedia.sjtu.edu.cn http://inmedia.sjtu.edu.cn/newspaper.action (Microsoft Windows [鐗堟湰 5.2.3790](C) 鐗堟潈鎵€鏈?1985-2003 Microsoft Corp.)
sr.shmtu.edu.cn http://sr.shmtu.edu.cn/siteEnIndex.action (uid=91(tomcat) gid=91(tomcat) groups=91(tomcat)
student.zttc.edu.cn http://student.zttc.edu.cn/query_queryInput.action (uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=root:system_r:unconfined_t
trs.jstvu.edu.cn:8080 http://trs.jstvu.edu.cn:8080/newPlay.action (Microsoft Windows [?? 6.1.7601]???? (c) 2009 Microsoft Corporation????????)
zwwyh.nau.edu.cn http://zwwyh.nau.edu.cn/web/server_nproblem.action (Microsoft Windows [?? 5.2.3790])
seg.nju.edu.cn:8280 http://seg.nju.edu.cn:8280/people.action (uid=0(root) gid=0(root) groups=0(root)
xyh.hebut.edu.cn http://xyh.hebut.edu.cn/xyw/index.action (Microsoft Windows [?? 5.2.3790])
cose-sz.seu.edu.cn http://cose-sz.seu.edu.cn/user/inter/Com_listInter.action (Microsoft Windows [?? 6.1.7600]???? (c) 2009 Microsoft Corporation????????)
hlxy.wzmc.edu.cn http://hlxy.wzmc.edu.cn/detailnoticeAction.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.E:\apache-tomcat-7.0.39\bin>)
maizegfdb.ahau.edu.cn http://maizegfdb.ahau.edu.cn/web/JyjzcyDetail.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.)
hi.ustc.edu.cn:8080 http://hi.ustc.edu.cn:8080/PASmiR/pasmirAction_searchDetail.action (uid=114(tomcat6) gid=123(tomcat6) ?=123(tomcat6)
wuxi.ss.pku.edu.cn http://wuxi.ss.pku.edu.cn/getFNL.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.C:\WINDOWS\system32>)
jwc.scu.edu.cn http://jwc.scu.edu.cn/jwc/newsListShow.action (uid=0(root) gid=0(root) groups=0(root)
xflt.hust.edu.cn http://xflt.hust.edu.cn/people/peopleInfo.action (Microsoft Windows [鐗堟湰 5.2.3790](C) 鐗堟潈鎵€鏈?1985-2003 Microsoft Corp.C:\WINDOWS\system32>)
lib.swufe.edu.cn http://lib.swufe.edu.cn/webs/front_showSomePerson.action (Microsoft Windows [?? 5.2.3790])
career.qdgw.edu.cn:8080 http://career.qdgw.edu.cn:8080/topic/topicManage!showSpecialty.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.)
cip.shisu.edu.cn http://cip.shisu.edu.cn/siteIndex.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.d:\Program Files\Apache Software Foundation\Tomcat 6.0>)
lib.zufe.edu.cn http://lib.zufe.edu.cn/webs/res_resourcesGet.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.E:\apache-tomcat-6.0.18\bin>)
kjc.njtu.edu.cn http://kjc.njtu.edu.cn/listNotice.action (Microsoft Windows [?? 6.1.7601])
ltxc.zjgsu.edu.cn http://ltxc.zjgsu.edu.cn/HealthView.action (Microsoft Windows [?? 5.2.3790])
www.sxzz.hbnu.edu.cn http://www.sxzz.hbnu.edu.cn/FrontAction_urllist.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.C:\Program Files\Apache Software Foundation\Tomcat 7.0>)
physics.tongji.edu.cn http://physics.tongji.edu.cn/wlx.action (Microsoft Windows [?? 5.2.3790](C) ???? 1985-2003 Microsoft Corp.C:\WINDOWS\system32>)
修复方案:
你们懂得
版权声明:转载请注明来源 lotte@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:20
确认时间:2013-07-25 12:18
厂商回复:
CNVD确认并复现所述大部分情况,已经在25日分成两个通报(政府、教育)转由CNCERT分别下发江苏、山西、内蒙古、河南、云南、广东、湖南、黑龙江、山东、四川、浙江、重庆、安徽等分中心,并将教育行业相关通报转报教育部教育管理中心、中国教育和科研计算机网(CCERT)和上海交通大学网络中心。
系统只能最多给rank 20,但就工作量来讲,应该是>20的。
最新状态:
暂无