乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-04-15: 细节已通知厂商并且等待厂商处理中 2014-04-20: 厂商已经确认,细节仅向厂商公开 2014-04-30: 细节向核心白帽子及相关领域专家公开 2014-05-10: 细节向普通白帽子公开 2014-05-20: 细节向实习白帽子公开 2014-05-30: 细节向公众公开
中国电信某C段一系列问题
中国电信某C段一系列问题,太累了!1.电信会议助理
Target: http://202.102.41.37:8080/login/CmsSubmit.doWhoami: rootWebPath: /data/huiyy/huiyizhuli/
2.中国电信云会议管理系统
http://202.102.41.36/login/login.doTarget: http://202.102.41.36/login/login.doWhoami: rootWebPath: /opt/huiyy/newconference/
3.江苏天翼客服系统
http://202.102.41.159/robot/check-login.actionTarget: http://202.102.41.159/robot/check-login.actionWhoami: rootWebPath: /xiaoi_app/jstelecom_CN_wechat/webapps/robot
4.天翼通信助手后台管理系统
http://202.102.41.153:80/Logout.actionTarget: http://202.102.41.153:80/Logout.actionWhoami: nt authority\systemWebPath: D:\Core\Tomcat\webapps\web\
5.电信客服系统1
http://202.102.41.160/robot/check-login.actionTarget: http://202.102.41.160/robot/check-login.actionWhoami: rootWebPath: /xiaoi_app/jstelecom_CN_wechat/webapps/robot
6.电信客服系统2
arget: http://202.102.41.207/robot/check-login.actionWhoami: rootWebPath: /xiaoi_app/jstelecom_sms/webapps/robot
7.电信数字化校园短信平台
http://202.102.41.235/doLogin.actionTarget: http://202.102.41.235/doLogin.actionWhoami: rootWebPath: /var/tomcat/webapps/ROOT/
8.jboss jmx-console未授权访问,可shell
9.天翼看交通svn泄露,可读源码
,还有很多
/common /config /css /DownloadFiles /images /include /javascript /manage /manage/account /manage/AdPublish /manage/Area /manage/BusinessManage /manage/Character /manage/chart /manage/City /manage/cms /manage/code /manage/companySet /manage/css /manage/Customerauth /manage/customerReport /manage/Dict /manage/gbox /manage/gboxsetting /manage/images /manage/images/images /manage/news /manage/parking /manage/Product /manage/pu /manage/publicMsg /manage/Road /manage/serviceStation /manage/systemMsg /manage/User /manage/userlog /manage/userRecommend /manage/Vau /manage/version /manage/video /manage/Videocategory /manage/Videoerror /manage/vu /manage/win /My97DatePicker /My97DatePicker/lang /My97DatePicker/skin /My97DatePicker/skin/default /My97DatePicker/skin/whyGreen /portal /v /WebNews/image /WebNews/img /WebNews/res
以上目录都存在svn泄露,不重复10.全球眼视频监控系统存在svn泄露。可读源码
/download /HomePage /images /include /javascript /logs
以上目录都存在,不列举了
就不写了吧,不然篇幅会很长,见详细说明。
patch and del svn求40rank!!太累了,一个C段。。
危害等级:高
漏洞Rank:20
确认时间:2014-04-20 09:11
CNVD确认并复现所述情况,已经转由CNCERT直接通报给中国电信集团公司。根据多个案例及相关服务器影响评估,rank 40。分数不够请找剑心。
暂无