乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-02-13: 细节已通知厂商并且等待厂商处理中 2014-02-13: 厂商已经确认,细节仅向厂商公开 2014-02-23: 细节向核心白帽子及相关领域专家公开 2014-03-05: 细节向普通白帽子公开 2014-03-15: 细节向实习白帽子公开 2014-03-30: 细节向公众公开
豆瓣某站配置不当存在命令执行漏洞,加上设计上的一些问题可导致劫持他人账号,整准备测试劫持呢,站升级了,悲催啊~
http://blog.douban.com/wp-admin/mockee mockee
lighttpd也有解析漏洞哟~
211.147.4.7 mail mail3 mail.douban.com mail3.douban.com211.147.4.7 mail3 mail3.douban.com10.12.14.2 arwen arwen.douban.com10.12.14.3 pippin pippin.douban.com10.12.14.4 merry merry.douban.com foreman10.12.14.5 sam sam.douban.com10.12.14.6 gimli gimli.douban.com10.12.14.7 legolas legolas.douban.com10.12.14.8 elrond elrond.douban.com it_m hobbiton_b music_m ark_b luz_b10.12.14.9 galadriel galadriel.douban.com eag_b urk_b10.12.14.10 cirdan cirdan.douban.com it_s it_b accounts_b dae_b doublo_b rivendell_m zxcrawler10.12.14.11 elros elros.douban.com nes_m blog_s rohan_m ark_s alg_mongo3 elf_b10.12.14.12 aragorn aragorn.douban.com10.12.14.13 boromir boromir.douban.com portage.douban.com10.12.14.14 faramir faramir.douban.com10.12.14.15 theoden theoden.douban.com kdblog
再看主站登陆之后的set-cookie
Cache-Control:must-revalidate, no-cache, privateConnection:keep-aliveContent-Length:65Content-Type:text/plainDate:Thu, 13 Feb 2014 03:33:21 GMTExpires:Sun, 1 Jan 2006 01:00:00 GMTKeep-Alive:timeout=10Location:http://www.douban.com/P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"Pragma:no-cacheServer:nginxSet-Cookie:as="deleted"; max-age=0; domain=.douban.com; expires=Thu, 01-Jan-1970 00:00:00 GMTSet-Cookie:ue="[email protected]"; domain=.douban.com; expires=Fri, 13-Feb-2015 03:33:21 GMT; httponlySet-Cookie:dbcl2="2025898:RxSxqemxX5Qd4"; path=/; domain=.douban.com; httponlyX-Douban-Mobileapp:0X-Douban-Splittest:sns.is_recommended_user,movie.new-cinema-section,movie.has_video
关键信息都是.douban.com域的,搞定blog就可以直接收集这些信息鸟,全网大劫持
危害等级:中
漏洞Rank:10
确认时间:2014-02-13 11:49
谢谢反馈〜之前监控探测到入侵行为后,即对系统进行了调整。现在应该已经无此漏洞了。
暂无