乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-09: 细节已通知厂商并且等待厂商处理中 2015-11-09: 厂商已经确认,细节仅向厂商公开 2015-11-09: 厂商已经修复漏洞并主动公开,细节向公众公开
rt
0x01:订单信息泄露
http://www.abc360.com/log.txt
0x02:.viminfo
http://tc.abc360.com/.viminfo
# This viminfo file was generated by Vim 7.2.# You may edit it if you're careful!# Value of 'encoding' when this file was written*encoding=utf-8# hlsearch on (H) or off (h):~H# Last Search Pattern:~MSle0~/openOneCl# Last Substitute String:$# Command Line History (newest to oldest)::q:w:e .:set nu# Search String History (newest to oldest):?/openOneCl? ^\d\{-}\/?/TestCon?/TestC? ^\d\{3}ÿ?/saveBookCp?/fix 3?/fix3?/fix:?/fix?/fix : de# Expression History (newest to oldest):# Input Line History (newest to oldest):# Input Line History (newest to oldest):# 寄存器:"0 LINE 0 // 请假过滤 if( M('TeacherLeaveRecords')->where('tid = %d AND begin_time <= %d AND end_time >= $d',array($tid,$begin_time,$begin_time))->count() > 0 ) { logtest('老师请假,开课失败'); return false; }""1 LINE 0 // 请假过滤 test if( M('TeacherLeaveRecords')->where('tid = %d AND begin_time <= %d AND end_time >= %d',array($tid,$begin_time,$begin_time))->count() > 0 ) { logtest('老师请假,开课失败'); return false; }else{ echo M('TeacherLeaveRecords')->getLastSql(); }"2 LINE 0 echo 'x';"3 LINE 0 "4 LINE 0 "5 LINE 0 "6 LINE 0 "7 LINE 0 "8 LINE 0 "9 LINE 0 " ============================================================================ " Netrw Directory Listing (netrw v134) " /home/vhost/abc360.com/www/Application/Admin " Sorted by name " Sort sequence: [\/]$,\.h$,\.c$,\.cpp$,*,\.o$,\.obj$,\.info$,\.swp$,\.bak$,\~$ " Quick Help: <F1>:help -:go up dir D:delete R:rename s:sort-by x:exec " ============================================================================ ../ Common/ Conf/ Controller/ Logic/ Model/ View/ index.html* .swp"- CHAR 0 $# 文件标记:'0 181 12 ~/Application/Common/Logic/TeacherBaseLogic.class.php'1 180 147 ~/Application/Common/Logic/TeacherBaseLogic.class.php'2 9 0 ~/Application/Admin/Controller'3 1 1 /cron/jobs/fixmemo/memo_exec.log'4 184 22 ~/Application/Students/Controller/BookController.class.php'5 111 0 /cron/jobs/getTodayZoommeeting/fixzoommeetingid.php'6 1 0 /cron/jobs/getTodayZoommeeting/fixzoommeetingid.php'7 1 0 /cron/jobs/getTodayZoommeeting/2014-11-07.log'8 18276 58 /home/vhost/abc360.com/log/2014-11-07.log'9 15691 57 /home/vhost/abc360.com/log/2014-11-07.log# 跳转列表 (从新到旧):-' 181 12 ~/Application/Common/Logic/TeacherBaseLogic.class.php-' 180 12 ~/Application/Common/Logic/TeacherBaseLogic.class.php-' 1 0 ~/Application/Common/Logic/TeacherBaseLogic.class.php-' 9 0 ~/Application/Admin/Controller-' 1 0 ~/Application/Admin/Controller-' 156 0 ~/Application/Admin/Controller-' 148 0 ~/Application/Admin/Controller-' 112 0 ~/Application/Admin/Controller-' 93 0 ~/Application/Admin/Controller-' 12 0 ~/Application/Admin-' 3 0 ~/Application/Admin-' 17 0 ~/Application-' 7 0 ~/Application-' 1 0 ~/Application-' 7 0 ~/Application/Admin/Common-' 1 0 ~/Application/Admin/Common-' 21 0 ~/Application/Admin-' 1 0 ~/Application/Admin-' 20 0 ~/Application/Admin-' 1 1 /cron/jobs/fixmemo/memo_exec.log-' 1031 0 /cron/jobs/fixmemo/memo_exec.log-' 3 0 /cron/jobs/fixmemo/memo_exec.log-' 184 22 ~/Application/Students/Controller/BookController.class.php-' 1 0 ~/Application/Students/Controller/BookController.class.php-' 111 0 /cron/jobs/getTodayZoommeeting/fixzoommeetingid.php-' 1 0 /cron/jobs/getTodayZoommeeting/fixzoommeetingid.php-' 1 0 /cron/jobs/getTodayZoommeeting/2014-11-07.log-' 18276 58 /home/vhost/abc360.com/log/2014-11-07.log-' 18269 58 /home/vhost/abc360.com/log/2014-11-07.log-' 18263 58 /home/vhost/abc360.com/log/2014-11-07.log-' 18255 58 /home/vhost/abc360.com/log/2014-11-07.log-' 18250 58 /home/vhost/abc360.com/log/2014-11-07.log-' 18248 58 /home/vhost/abc360.com/log/2014-11-07.log-' 18242 58 /home/vhost/abc360.com/log/2014-11-07.log-' 18322 58 /home/vhost/abc360.com/log/2014-11-07.log-' 18317 58 /home/vhost/abc360.com/log/2014-11-07.log-' 18311 58 /home/vhost/abc360.com/log/2014-11-07.log-' 18305 58 /home/vhost/abc360.com/log/2014-11-07.log-' 18300 58 /home/vhost/abc360.com/log/2014-11-07.log-' 18294 58 /home/vhost/abc360.com/log/2014-11-07.log-' 18288 58 /home/vhost/abc360.com/log/2014-11-07.log-' 18282 58 /home/vhost/abc360.com/log/2014-11-07.log-' 1 0 /home/vhost/abc360.com/log/2014-11-07.log-' 18241 58 /home/vhost/abc360.com/log/2014-11-07.log-' 15691 0 /home/vhost/abc360.com/log/2014-11-07.log-' 16721 53 /home/vhost/abc360.com/log/2014-11-07.log-' 16770 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16769 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16768 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16767 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16766 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16765 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16764 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16763 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16762 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16761 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16760 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16759 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16758 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16757 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16756 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16755 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16754 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16753 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16752 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16751 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16750 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16749 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16748 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16747 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16746 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16745 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16744 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16743 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16742 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16741 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16740 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16739 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16738 58 /home/vhost/abc360.com/log/2014-11-07.log-' 16737 58 /home/vhost/abc360.com/log/2014-11-07.log-' 9 0 ~/Application/Admin/Controller-' 1 0 ~/Application/Admin/Controller-' 156 0 ~/Application/Admin/Controller-' 148 0 ~/Application/Admin/Controller-' 112 0 ~/Application/Admin/Controller-' 93 0 ~/Application/Admin/Controller-' 12 0 ~/Application/Admin-' 3 0 ~/Application/Admin-' 17 0 ~/Application-' 7 0 ~/Application-' 1 0 ~/Application-' 7 0 ~/Application/Admin/Common-' 1 0 ~/Application/Admin/Common-' 21 0 ~/Application/Admin-' 1 0 ~/Application/Admin-' 20 0 ~/Application/Admin-' 1 1 /cron/jobs/fixmemo/memo_exec.log-' 1031 0 /cron/jobs/fixmemo/memo_exec.log-' 3 0 /cron/jobs/fixmemo/memo_exec.log# 文件内的标记历史记录 (从新到旧):> ~/Application/Common/Logic/TeacherBaseLogic.class.php " 181 12 ^ 180 148 . 171 0 + 175 65 + 171 28 + 171 1 + 171 0 + 171 6 + 171 91 + 171 0> /cron/jobs/fixmemo/memo_exec.log " 1 1> ~/Application/Students/Controller/BookController.class.php " 184 22> /cron/jobs/getTodayZoommeeting/fixzoommeetingid.php " 111 0> /cron/jobs/getTodayZoommeeting/2014-11-07.log " 1 0> /home/vhost/abc360.com/log/2014-11-07.log " 18276 58> ~/delete.me " 1 4 ^ 1 5 . 1 5 + 1 5
我是来找礼物的!
危害等级:中
漏洞Rank:6
确认时间:2015-11-09 18:20
感谢路人甲的反馈,我们将尽快修复漏洞。
2015-11-09:漏洞已修复