乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-03-02: 细节已通知厂商并且等待厂商处理中 2016-03-06: 厂商已经确认,细节仅向厂商公开 2016-03-09: 细节向第三方安全合作伙伴开放(绿盟科技、唐朝安全巡航、无声信息) 2016-04-30: 细节向核心白帽子及相关领域专家公开 2016-05-10: 细节向普通白帽子公开 2016-05-20: 细节向实习白帽子公开 2016-06-04: 细节向公众公开
rt
/data/fetchPlanStatus.php
<?php include('../common/connDb.php'); $dbQuery = new DataBaseQuery(); $page=$_POST['page']; $rows=$_POST['rows']; $guid=$_POST['guid']; $start=($page -1)*$rows; $result = $dbQuery->query('select * from planinfo where rule_guid="'.$guid.'" order by update_time desc limit '.$start.','.$rows); $count = $dbQuery->querySingle('select count(*) from planinfo where rule_guid="'.$guid.'"'); $jsonStr =""; while ($row = $dbQuery->fetchArray($result)){ $row['status']= get_plan_status_name($row['status']); $jsonStr = $jsonStr.json_encode($row).","; } if($jsonStr !=""){ $jsonStr = substr($jsonStr,0,strlen($jsonStr)-1); } $str ='{"total":'.$count.',"rows":['.$jsonStr.']}'; $dbQuery->closeDb(); echo ($str); function get_plan_status_name($plan_status){
/data/fetchBackupPlan.php
<?php include('../common/connDb.php'); $dbQuery = new DataBaseQuery(); $page=$_POST['page']; $rows=$_POST['rows']; $sort=$_POST['sort']; $order=$_POST['order']; $start=($page -1)*$rows; $re = $dbQuery->query('select guid,description,plan_type,device_type,server_ip,device_ip,channel_id,channel_no,update_time,"" statusName from planrule limit '.$start.','.$rows); $count = $dbQuery->querySingle('select count(*) from planrule'); $jsonStr =""; while ($row = $dbQuery->fetchArray($re)){ //$row['statusName']=get_plan_status($row['guid'],$dbQuery); $jsonStr = $jsonStr.json_encode($row).","; } if($jsonStr !=""){ $jsonStr = substr($jsonStr,0,strlen($jsonStr)-1); } $str ='{"total":'.$count.',"rows":['.$jsonStr.']}'; $dbQuery->closeDb(); echo ($str); function get_plan_status($guid,$dbQuery){ $result = $dbQuery->query('select * from planinfo where rule_guid="'.$guid.'" order by begin_time asc');
影响众多监控服务器了,随便20个案例:
**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/http://**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/**.**.**.**:8080/
过滤
危害等级:低
漏洞Rank:3
确认时间:2016-03-06 10:07
您好,该问题属于与WooYun-2016-重复问题,该产品线目前已停产,已使用java架构取代php架构。我们会通过各种渠道对使用旧版本的客户平台进行加固升级。
暂无