当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-034019

漏洞标题:赛迪网某分站未授权访问(发现疑似后门)

相关厂商:赛迪网

漏洞作者: niliu

提交时间:2013-08-10 09:38

修复时间:2013-08-15 09:38

公开时间:2013-08-15 09:38

漏洞类型:系统/服务运维配置不当

危害等级:中

自评Rank:8

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-08-10: 细节已通知厂商并且等待厂商处理中
2013-08-15: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RT。。。

详细说明:

地址:

http://bjjnds2011.ccidnet.com/fckeditor/


Parent Directory
_documentation.html
_samples/
_upgrade.html
_whatsnew.html
editor/
fckconfig.js
fckeditor.afp
fckeditor.asp
fckeditor.cfc
fckeditor.cfm
fckeditor.js
fckeditor.lasso
fckeditor.php
fckeditor.pl
fckeditor.py
fckeditor_php4.php
fckeditor_php5.php
fckpackager.xml
fckstyles.xml
fcktemplates.xml
htaccess.txt
license.txt


http://bjjnds2011.ccidnet.com/data/


Index of /data
Parent Directory 
1af339d2d06317bb0a797e31d882d025_safe.txt 
admin/ 
backupdata/ 
cache/ 
common.inc.php 
config.cache.bak.php 
config.cache.inc.php 
config.file.inc.php 
downmix.data.php 
enums/ 
helper.inc.php 
js/ 
mail/ 
mark/ 
mkall_cache_16.php 
module/ 
mysql_error_trace.inc 
mysqli_error_trace.inc 
payment/ 
rss/ 
safe/ 
safequestions.php 
servise.php 
sessions/ 
tag/ 
template.rand.php 
textdata/ 
time.lock 
time.lock.inc 
tplcache/ 
uploadtmp/ 
vote/ 
ziptmp/


http://bjjnds2011.ccidnet.com/include/


Index of /include
Parent Directory 
Lurd.class.php 
arc.archives.class.php 
arc.caicai.class.php 
arc.freelist.class.php 
arc.listview.class.php 
arc.memberlistview.class.php 
arc.partview.class.php 
arc.rssview.class.php 
arc.searchview.class.php 
arc.sglistview.class.php 
arc.sgpage.class.php 
arc.specview.class.php 
arc.taglist.class.php 
archives.func.php 
calendar/ 
channelunit.class.php 
channelunit.func.php 
charset.func.php 
ckeditor/ 
code/ 
common.func.php 
common.inc.php 
common.inc.php.bak 
control.class.php 
customfields.func.php 
data/ 
datalistcp.class.php 
dedeajax2.js 
dedeatt.class.php 
dedecollection.class.php 
dedecollection.func.php 
dedehtml2.class.php 
dedehttpdown.class.php 
dedemodule.class.php 
dedesql.class.php 
dedesqli.class.php 
dedetag.class.php 
dedetemplate.class.php 
dedevote.class.php 
dialog/ 
diyform.cls.php 
downmix.inc.php 
enums.func.php 
extend.func.php 
filter.inc.php 
ftp.class.php 
helpers/ 
image.class.php 
image.func.php 
inc/ 
js/ 
json.class.php 
mail.class.php 
memberlogin.class.php 
membermodel.cls.php 
model.class.php 
oxwindow.class.php 
payment/ 
request.class.php 
shopcar.class.php 
sitemap.class.php 
sphinxclient.class.php 
splitword.class.php 
taglib/ 
tpllib/ 
typelink.class.php 
typeunit.class.admin.php 
typeunit.class.menu.php 
typeunit.class.selector.php 
upload.class.php 
uploadsafe.inc.php 
userlogin.class.php 
vdimgck.php 
wap.inc.php 
zip.class.php


其中发现这个地址疑似后门,爆破为成功,请排查...

http://bjjnds2011.ccidnet.com/data/servise.php


12.jpg


还有大量数据库操作信息

http://bjjnds2011.ccidnet.com/data/1af339d2d06317bb0a797e31d882d025_safe.txt


4444.jpg


5555.jpg

漏洞证明:

1111.jpg


2222.jpg


33333.jpg


4444.jpg


5555.jpg


修复方案:

权限.
排查后门..
及时发放礼物...
O(∩_∩)O

版权声明:转载请注明来源 niliu@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2013-08-15 09:38

厂商回复:

最新状态:

暂无

漏洞评价:

评论

  1. 2013-08-15 10:04 | nauscript ( 普通白帽子 | Rank:291 漏洞数:57 | 我淫荡啊我淫荡)

    无良厂商,居然偷偷修复了!

  2. 2013-08-15 10:21 | niliu 认证白帽子 ( 核心白帽子 | Rank:1542 漏洞数:206 | 逆流而上)

    @nauscript 就是啊,修复了再忽略啊??哎 @赛迪网@赛迪网@赛迪网

  3. 2013-08-15 16:12 | July ( 路人 | Rank:9 漏洞数:8 | 红星闪闪)

    厂商,穷啊!!