乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-08: 细节已通知厂商并且等待厂商处理中 2015-07-08: 厂商已经确认,细节仅向厂商公开 2015-07-18: 细节向核心白帽子及相关领域专家公开 2015-07-28: 细节向普通白帽子公开 2015-08-07: 细节向实习白帽子公开 2015-08-22: 细节向公众公开
000000 这样的口令可好。。
漏洞地方 https://mail.yundasys.com/owa/#一直没找到一个好的工具,把Exchange里面的通讯录弄出来。
Payload1 Payload2wangjianguo 000000 wangtingting 000000 zhanghaiyan 000000 wanglei 111111 liuyang 111111 liujun 111111 wangpeng 111111yangyong 111111 lixiuzhen 111111wanghua 111111chengang 111111liujun 111111liuyang 111111zhanglong 111111wanglong 111111wanglei 111111wangwei 000000lijing 000000wangfang 000000zhangwei 000000wangchao 000000zhangtao 000000lijie 000000wangyan 000000wangmin 000000zhangjing 000000wangli 000000wangyan 000000wanghui 000000liuyan 000000zhangjun 000000liutao 000000ligang 000000liuyong 000000wangying 000000lihua 000000zhangchao 000000wangling 000000liying 000000liujuan 000000liudan 000000lixin 000000wangli 000000yangli 000000zhangjian 000000liuyan 000000chenyan 000000chenyan 000000zhangming 000000wangning 000000wangxue 000000wangting 000000chenfang 000000zhangting 000000chenhao 000000wanglin 000000zhangjun 000000zhangbin 000000wanghui 000000liuhuan 000000wangliang 000000wangying 000000liyang 000000zhangqian 000000chenqiang 000000liyang 000000liuxin 000000wangqian 000000lifei 000000lijian 000000wangyu 000000zhangjian 000000zhangliang 000000wanghaiyan 000000chenbo 000000liufei 000000wangfeng 000000wangying 000000liukai 000000chenxia 000000chenyulan 000000wanglijuan 000000lijia 000000liuming 000000wanglin 000000liying 000000zhangjing 000000yanglei 000000lijing 000000lijie 000000lixin 000000zhangfeng 000000yangping 000000liyang 000000wangming 000000chenmei 000000wangyan 000000lijian 000000zhoujie 000000zhaojun 000000wangli 000000xumin 000000zhouyong 000000lifeng 1q2w3e4rwangcheng 123qwe
有的估计已经登录不上去了,有段时间了。貌似默认口令是000000,成功率很高啊!!
好累,不想去一个一个翻邮件了,应该有人已经察觉到了。
危害等级:高
漏洞Rank:20
确认时间:2015-07-08 12:36
感谢指出,我们将及时修复
暂无