乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-08-10: 细节已通知厂商并且等待厂商处理中 2013-08-15: 厂商已经主动忽略漏洞,细节向公众公开
RT。。。
地址:
http://bjjnds2011.ccidnet.com/fckeditor/
Parent Directory_documentation.html_samples/_upgrade.html_whatsnew.htmleditor/fckconfig.jsfckeditor.afpfckeditor.aspfckeditor.cfcfckeditor.cfmfckeditor.jsfckeditor.lassofckeditor.phpfckeditor.plfckeditor.pyfckeditor_php4.phpfckeditor_php5.phpfckpackager.xmlfckstyles.xmlfcktemplates.xmlhtaccess.txtlicense.txt
http://bjjnds2011.ccidnet.com/data/
Index of /dataParent Directory 1af339d2d06317bb0a797e31d882d025_safe.txt admin/ backupdata/ cache/ common.inc.php config.cache.bak.php config.cache.inc.php config.file.inc.php downmix.data.php enums/ helper.inc.php js/ mail/ mark/ mkall_cache_16.php module/ mysql_error_trace.inc mysqli_error_trace.inc payment/ rss/ safe/ safequestions.php servise.php sessions/ tag/ template.rand.php textdata/ time.lock time.lock.inc tplcache/ uploadtmp/ vote/ ziptmp/
http://bjjnds2011.ccidnet.com/include/
Index of /includeParent Directory Lurd.class.php arc.archives.class.php arc.caicai.class.php arc.freelist.class.php arc.listview.class.php arc.memberlistview.class.php arc.partview.class.php arc.rssview.class.php arc.searchview.class.php arc.sglistview.class.php arc.sgpage.class.php arc.specview.class.php arc.taglist.class.php archives.func.php calendar/ channelunit.class.php channelunit.func.php charset.func.php ckeditor/ code/ common.func.php common.inc.php common.inc.php.bak control.class.php customfields.func.php data/ datalistcp.class.php dedeajax2.js dedeatt.class.php dedecollection.class.php dedecollection.func.php dedehtml2.class.php dedehttpdown.class.php dedemodule.class.php dedesql.class.php dedesqli.class.php dedetag.class.php dedetemplate.class.php dedevote.class.php dialog/ diyform.cls.php downmix.inc.php enums.func.php extend.func.php filter.inc.php ftp.class.php helpers/ image.class.php image.func.php inc/ js/ json.class.php mail.class.php memberlogin.class.php membermodel.cls.php model.class.php oxwindow.class.php payment/ request.class.php shopcar.class.php sitemap.class.php sphinxclient.class.php splitword.class.php taglib/ tpllib/ typelink.class.php typeunit.class.admin.php typeunit.class.menu.php typeunit.class.selector.php upload.class.php uploadsafe.inc.php userlogin.class.php vdimgck.php wap.inc.php zip.class.php
其中发现这个地址疑似后门,爆破为成功,请排查...
http://bjjnds2011.ccidnet.com/data/servise.php
还有大量数据库操作信息
http://bjjnds2011.ccidnet.com/data/1af339d2d06317bb0a797e31d882d025_safe.txt
权限.排查后门..及时发放礼物...O(∩_∩)O
危害等级:无影响厂商忽略
忽略时间:2013-08-15 09:38
暂无