乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-10-20: 细节已通知厂商并且等待厂商处理中 2014-10-20: 厂商已经确认,细节仅向厂商公开 2014-10-30: 细节向核心白帽子及相关领域专家公开 2014-11-09: 细节向普通白帽子公开 2014-11-19: 细节向实习白帽子公开 2014-12-04: 细节向公众公开
百度自动化运维泄露系统通用密码
<Url>http://cq01-hm-webtest01.vm.baidu.com:8800/web/welcome/login</Url>13 <Username>leeight</Username>14 <Password>MhxzKhl</Password>… 23 <Url>http://tongji.baidu.com/</Url>24 <Username>leeight</Username>25 <Password>MhxzKhl</Password>
#!/usr/bin/expectspawn ssh [email protected]expect "*CODE:*"send "7590[lrange $argv 0 0]\n"expect "*$*"send "ssh [email protected]\n"expect "*password:*"send "putian@09\n"send "ssh [email protected]\n"expect "*password:*"send "MhxzKhl\n"interact
[email protected]"root_pub="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2*****************+Ge2cGBPDFs9nKoquii6ORQuLtClF6y75Ud31rSN8t3m82IRAmtOwzVyWFtvf4jCiaXFPbtaADESToNAejvr8xUeirfefRF+IYliG9MuDxQCzX0ub6Nr71bVQq/BT3s1DQdd+avywevtArefvVTas= [email protected]"work_pub="$root_pub"rd_pub=""grep -q "$root_pub" /root/.ssh/authorized_keys || { echo -e "$root_pub" >> /root/.ssh/authorized_keys}grep -q "$work_pub" /home/work/.ssh/authorized_keys || { echo -e "$work_pub" >> /home/work/.ssh/authorized_keys}grep -q "$work_pub" /home/$init_user/.ssh/authorized_keys || { echo -e "$work_pub" >> /home/$init_user/.ssh/authorized_keys}grep -q "$rd_pub" /home/rd/.ssh/authorized_keys || { echo -e "$rd_pub" >> /home/rd/.ssh/authorized_keys}chmod 600 /root/.ssh/authorized_keyschmod 600 /home/work/.ssh/authorized_keyschmod 600 /home/$init_user/.ssh/authorized_keyschmod 600 /home/rd/.ssh/authorized_keys
#-----------------## personal scirpt ##-----------------#rm -f /bin/bak{,mv}wget -P /bin ftp://jp01-op-mon00.jp01//home/img/opbin/chenjun/bin/bak*chmod 755 /bin/bak{,mv}#-------------## add work rd ##-------------#/usr/sbin/useradd work || echo "work exist already."echo '#PRASkiKAWRECO' | passwd --stdin workchmod 755 /home/work/usr/sbin/useradd $init_user || echo "$init_user exist already."echo '123456' | passwd --stdin $init_userchmod 755 /home/$init_user/usr/sbin/useradd rd || echo "rd exist already."echo 'MhxzKhl' | passwd --stdin rdchmod 755 /home/rd#----------## rd limit ##----------#echo rd >> /etc/cron.denychmod 644 /etc/cron.deny
各种渠道泄露铭感信息
危害等级:低
漏洞Rank:5
确认时间:2014-10-20 15:58
已通过外界其他渠道得知。此密码为以前的密码,且之前只是部分产品线使用过,非通用密码。感谢对百度安全的支持。
暂无