当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-078536

漏洞标题:优酷因某弱口令导致一次内网漫游小记

相关厂商:优酷

漏洞作者: if、so

提交时间:2014-10-07 13:30

修复时间:2014-11-21 13:32

公开时间:2014-11-21 13:32

漏洞类型:成功的入侵事件

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-10-07: 细节已通知厂商并且等待厂商处理中
2014-10-07: 厂商已经确认,细节仅向厂商公开
2014-10-17: 细节向核心白帽子及相关领域专家公开
2014-10-27: 细节向普通白帽子公开
2014-11-06: 细节向实习白帽子公开
2014-11-21: 细节向公众公开

简要描述:

优酷内网漫游

详细说明:

WooYun: 优酷某站配置不当导致getshell,用户泄露,内部邮件泄露,并可内网漫游
得知优酷的vpn是vpn.youku.com pptp
弱口令一枚

mask 区域 
*****ouku.co*****


3333.png


连接vpn,成功连上

1111.png


简单逛逛

5555.png


2222.png


4444.png


1.vbs

'********************************************************************
'* Main Function: 從AD中比對每一個使用者的Password LastSet,如果距離過期日剩5 天的使用者,則發信通知
'*
'* Usage: 
'   For Example : cscript QuerryAD.vbs
'*
'*Copyright (C) 2011 Kang Jia Youku Corporation
'********************************************************************
'Option Explicit
'For FileSystemObject
Const ForReading = 1
Const ForAppending = 8
Const ForWriting = 2
Const ADS_PROPERTY_DELETE = 4 
dim arrWillExpiredDays
'Please modify the variable
CONST MASTERMAIL = "web_admin@youku.com"          '寄信人的Email Address
'const strSMTPServer = "10.10.0.12"              '寄信ExchangeServer 
'const strSendUserName = "1verge\web_admin"         '有權限的使用者(寄信使用)
'const strSendPassword  = ""             '密碼
const strFullAdsiPath = "LDAP://1verge.com/dc=1verge,dc=com"   'LDAP路徑
arrWillExpiredDays = Array(5)            '將要過期天數的陣列
'Main Function
'Declare variables
Dim strTestMode
strTestMode = False  'use for debuging
'Cretae log file
Set WshSHell = CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
 
strFileName = Replace(Datevalue(Now), "-", "_")
strFileName = Replace(strFileName, "/", "_")
 
Public fLog
Set oLog = objFSO.OpenTextFile(strFileName & ".txt", ForWriting, TRUE)
PrintScreen Now
PrintScreen ""
 
sta = ListWillExpireUsers()
PrintScreen sta
PrintScreen ""
PrintScreen "The command runs successfully!"
PrintScreen Now
 
oLog.Close
'Program ending
wscript.quit
'======================================
' Function Area  
'======================================
'********************************************************************
'*
'* Function: PrintScreen
'* Purpose:  Show Message
'* Input:    Message
'*           
'* Output:   None
'*
'********************************************************************
Sub PrintScreen(strMessage)
 if strTestMode = True then
  Wscript.Echo strMessage
 end if
 oLog.WriteLine strMessage
End Sub
'********************************************************************
'*Function ListWillExpireUsers(nDays)
'* List all user objects whose password will be expired or is expired
'* nDays: how many days the password will be expired
'*
'*
'*
'*-------------------------------------------------------------------
 
Function ListWillExpireUsers()
 
 Dim strMailAddress
  
 ' Create User Object 
 Set objConnection = CreateObject("ADODB.Connection")
 Set objCommand = CreateObject("ADODB.Command")
 objConnection.Provider = "ADsDSOObject"
 objConnection.Open "Active Directory Provider"
 Set objCommand.ActiveConnection = objConnection
       
 objCommand.CommandText = "<" & strFullAdsiPath & ">;(&(objectCategory=person)(objectclass=user));AdsPath,cn;subTree" 
 objCommand.Properties("Page Size") = 99  'specifies the maximum number of objects to return in a results set. 
 
 PrintScreen objCommand.CommandText  
 PrintScreen "  "
    
 Set objRecordSet = objCommand.Execute
  
 If objRecordSet.RecordCount = 0 Then 
  PrintScreen "Error: Cannot found the user object in domain " & BaseDN & "."
 Else
 
 Dim intTotalAccount '計算找到幾位使用者
 intTotalAccount = 0
  
 objRecordSet.MoveFirst
  
 Do Until objRecordSet.EOF  
  intTotalAccount = intTotalAccount +1
  'Retrive user information
  Dim oUser    
     
  Set oUser = GetObject(objRecordSet.Fields("ADsPath").Value)
  
  For Each oUserProperty in oUser
   PrintScreen oUserProperty.Name    
  Next
     
  If (oUser.AccountDisabled = FALSE) Then
     
   PrintScreen vbTab & "User Name : " & oUser.Name
   sStatus = UserPwdExpire(oUser)
       
   Select Case sStatus
    Case 999999
     PrintScreen vbTab & " The user " & oUser.samaccountname & " Password never expires." 
           
    Case Else
     if sStatus >= 0 then  
      strMSG = "Your password is already expired in " & sStatus & " days!"
      PrintScreen vbTab & " The user " & oUser.samAccountName & " password is expired after " & sStatus & " days!" 
     elseif sStatus < 0 then
      strMSG = "Your mail account password will be expired in " & 0-sStatus & " days!" & vbcrlf & "Please change your password as soon as!"
      PrintScreen vbTab & " The user " & oUser.samAccountName & " password will be expired in " & 0-sStatus & " days!"
     end if 
                
           For each checkDays in arrWillExpiredDays
            if checkDays = (0-sStatus) then
             call fnCheck_SendMail(oUser,strMSG) 
            end if
           next      
   End Select 
  
  else 
   PrintScreen vbTab & "User Name : " & oUser.Name
   PrintScreen vbTab & " The user " & oUser.samaccountname & " Account Disabled." 
  end if
      
 objRecordSet.MoveNext
 
 
 PrintScreen "  "
   
 Loop
 End If
 PrintScreen "Total Accounts is " & intTotalAccount  
 
ListWillExpireUsers = "OK"
 
End Function
 
'********************************************************************
'* Function UserPwdExpire(objUser, nMaxPwdAge)
'* Check if user object password is or will be expired
'* objUser: the user object
'*  
'*  nMaxPwdAge: maximum password age of domain
'*
'*-------------------------------------------------------------------
Function UserPwdExpire(objUser)
 
 On Error Resume Next
 Const ADS_UF_DONT_EXPIRE_PASSWD  = &H10000 
 Const SEC_IN_DAY = 86400
 
 intCurrentValue = objUser.Get("userAccountControl")
 
 If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
  'The password does not expire.
  UserPwdExpire = 999999 '永遠不過期
 Else
  
  dtmValue = objUser.PasswordLastChanged 
  if err.number <> 0 then
   dtmValue = 0
   err.Clear
  end if
  
  
  PrintScreen vbTab & " The password was last changed on " & DateValue(dtmValue) & " at " & TimeValue(dtmValue)
  'PrintScreen vbTab & "The password was last changed on " & _
  'DateValue(dtmValue) & " at " & TimeValue(dtmValue) & VbCrLf & _
  ' "The difference between when the password was last set" & VbCrLf & _
  ' "and today is " & int(now - dtmValue) & " days"
  intTimeInterval = int(now - dtmValue)
  
  
  Set objSysInfo = CreateObject("ADSystemInfo")
  strDomain = objSysInfo.DomainShortName
  Set objSysInfo = Nothing
  
  Set objDomainNT = GetObject("WinNT://" & strDomain)
  intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
  
  If intMaxPwdAge < 0 Then
   'WScript.Echo "The Maximum Password Age is set to 0 in the " & _
    '"domain. Therefore, the password does not expire."
  Else
   intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY)
   'Wscript.echo "The maximum password age is " & intMaxPwdAge & " days"
   If intTimeInterval >= intMaxPwdAge Then
    'PrintScreen vbTab &  "The password has expired."
    UserPwdExpire = int(intTimeInterval - intMaxPwdAge)
   Else
    'PrintScreen vbTab &  "The password will expire on " & _
    ' DateValue(dtmValue + intMaxPwdAge) & " (" & _
    ' int((dtmValue + intMaxPwdAge) - now) & " days from today" & ")."
    UserPwdExpire = int(now - (dtmValue + intMaxPwdAge)) 
   End If
  End If
 End If
End Function
  
'******************************
' Mail Message
'Reference : Creating and Sending a Message
'http://msdn.microsoft.com/library/en-us/cdosys/html/_cdosys_messaging_examples_creating_and_sending_a_message.asp?frame=true
'http://msdn.microsoft.com/library/en-us/cdosys/html/_cdosys_cdosendusing_enum.asp?frame=true
'******************************
Sub SendMail(strFrom, strTo, strSubject, strBodyText) 
 
Dim iMsg
Set iMsg = CreateObject("CDO.Message")
Dim iConf
Set iConf = CreateObject("CDO.Configuration")
 
Dim Flds
Set Flds = iConf.Fields
 
With Flds
  ' assume constants are defined within script file
  .Item("cdoSendUsingMethod") = 2       ' cdoSendUsingPickup:1:Local , cdoSendUsingPort:2:Network  
  .Item("cdoSendUsingPort")  = 25               'cdoSendUsingPort
  .Item("cdoSMTPServer")  = strSMTPServer
  .Item("cdoSMTPConnectionTimeout") = 10   ' quick timeout
  .Item("cdoSMTPAuthenticate") = cdoBasic
  .Item("cdoSendUserName")  = strSendUserName
  .Item("cdoSendPassword")  = strSendPassword
  '.Item("cdoURLProxyServer")  = "tpeproxy:80"
  .Item("cdoURLProxyBypass")  = "<local>"
  .Item("cdoURLGetLatestVersion")   = True
  .Update
End With
 
With iMsg
   Set .Configuration = iConf
      .To       = strTo
      .From    = strFrom
      .Subject  = strSubject
      '.CreateMHTMLBody "This folder [" & strFolderPath & "] Created in " & intDayNum & " Days"
      .TextBody =  strBodyText
      '.AddAttachment "C:\files\mybook.doc"
      .Send
End With
 
End Sub
 
'********************************************************************
'*
'* Function: fnCheck_SendMail
'* Purpose:  檢查是否有符合寄信標準的使用者(以arrWillExpiredDays為準)
'* Input:    objUser,MailMessage
'*           
'* Output:   None
'*
'********************************************************************
Function fnCheck_SendMail(objUser,strMSG)
 'Send email
 On Error Resume Next
 Err.Clear
  
 '某些User在此行發生Error
 Dim PropArray
  
 'PropArray = Array("proxyAddresses")       
 'oUser.GetInfoEx Array("proxyAddresses"), 0
 aProxyAddress = objUser.GetEx("proxyAddresses")       
  
 If Err<>0 Then 
  PrintScreen vbTab & Time & " The user doesn't have email address."        
  Err.Clear
 Else
  
  For Each saProxyAddress in aProxyAddress 
   
   'Need a string variable to transfer the saProxyAddress
   strMailAddress = saProxyAddress
   
   ePos = Instr(1,strMailAddress,"SMTP:",VbTextCompare)
   
   'PrintScreen vbTab & vbTab & "ePos = " & ePos         
    
   If ePos > 0 Then 
    
    strEmail = mid(strMailAddress,6)
    PrintScreen vbTab & " Email Address: " & strEmail
     
    'Use Exchange Server to send mail
    'SendMail MASTERMAIL, strEmail, "Password expiration notification!", strMSG
    
    'If server installed the SMTP Service
    SendMessage MASTERMAIL, strEmail, "Password expiration notification!", strMSG
       
    PrintScreen vbTab & " " & Time &  " Finish sending email!"
     
    Exit For
    
   Else         
    'PrintScreen vbTab & vbTab & " No SMTP: string"           
   End If
   
  Next
  
 End If
end Function
'******************************************************************************
' Send messages with CDO for Windows 2000
' strTo:   [in] To
' strFrom:  [in] From
' strSubject:  [in] Subject
' strBodyFile: [in] Body text file
'******************************************************************************
Sub SendMessage(strFrom, strTo, strSubject, strBodyText) 
 
 ' For more information about CDO for Windows 2000, please refer to 
 ' http://msdn.microsoft.com/library/en-us/exchanchor/htms/msexchsvr_cdowin2000.asp?frame=true
 
 'On Error Resume Next
 Dim oMessage ' as CDO.Message
 Set oMessage = CreateObject("CDO.Message")
 
 oMessage.TextBody = strBodyText
 oMessage.To = strTo
 oMessage.From = strFrom
 oMessage.Subject = strSubject
 Err.Clear
 oMessage.Send 
 
 If Err.number <> 0 then
  Wscript.Echo "Error in SendMessage: id=" & Err.number & ", source=" & Err.Source & ",Desc=" & Err.Description
  Err.Clear
 End If
 Set oMessage = nothing
 
End Sub


.....
人家内网,比较敏感,不再深入

漏洞证明:

1111.png


5555.png


2222.png


4444.png


1.vbs

'********************************************************************
'* Main Function: 從AD中比對每一個使用者的Password LastSet,如果距離過期日剩5 天的使用者,則發信通知
'*
'* Usage: 
'   For Example : cscript QuerryAD.vbs
'*
'*Copyright (C) 2011 Kang Jia Youku Corporation
'********************************************************************
'Option Explicit
'For FileSystemObject
Const ForReading = 1
Const ForAppending = 8
Const ForWriting = 2
Const ADS_PROPERTY_DELETE = 4 
dim arrWillExpiredDays
'Please modify the variable
CONST MASTERMAIL = "web_admin@youku.com"          '寄信人的Email Address
'const strSMTPServer = "10.10.0.12"              '寄信ExchangeServer 
'const strSendUserName = "1verge\web_admin"         '有權限的使用者(寄信使用)
'const strSendPassword  = ""             '密碼
const strFullAdsiPath = "LDAP://1verge.com/dc=1verge,dc=com"   'LDAP路徑
arrWillExpiredDays = Array(5)            '將要過期天數的陣列
'Main Function
'Declare variables
Dim strTestMode
strTestMode = False  'use for debuging
'Cretae log file
Set WshSHell = CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
 
strFileName = Replace(Datevalue(Now), "-", "_")
strFileName = Replace(strFileName, "/", "_")
 
Public fLog
Set oLog = objFSO.OpenTextFile(strFileName & ".txt", ForWriting, TRUE)
PrintScreen Now
PrintScreen ""
 
sta = ListWillExpireUsers()
PrintScreen sta
PrintScreen ""
PrintScreen "The command runs successfully!"
PrintScreen Now
 
oLog.Close
'Program ending
wscript.quit
'======================================
' Function Area  
'======================================
'********************************************************************
'*
'* Function: PrintScreen
'* Purpose:  Show Message
'* Input:    Message
'*           
'* Output:   None
'*
'********************************************************************
Sub PrintScreen(strMessage)
 if strTestMode = True then
  Wscript.Echo strMessage
 end if
 oLog.WriteLine strMessage
End Sub
'********************************************************************
'*Function ListWillExpireUsers(nDays)
'* List all user objects whose password will be expired or is expired
'* nDays: how many days the password will be expired
'*
'*
'*
'*-------------------------------------------------------------------
 
Function ListWillExpireUsers()
 
 Dim strMailAddress
  
 ' Create User Object 
 Set objConnection = CreateObject("ADODB.Connection")
 Set objCommand = CreateObject("ADODB.Command")
 objConnection.Provider = "ADsDSOObject"
 objConnection.Open "Active Directory Provider"
 Set objCommand.ActiveConnection = objConnection
       
 objCommand.CommandText = "<" & strFullAdsiPath & ">;(&(objectCategory=person)(objectclass=user));AdsPath,cn;subTree" 
 objCommand.Properties("Page Size") = 99  'specifies the maximum number of objects to return in a results set. 
 
 PrintScreen objCommand.CommandText  
 PrintScreen "  "
    
 Set objRecordSet = objCommand.Execute
  
 If objRecordSet.RecordCount = 0 Then 
  PrintScreen "Error: Cannot found the user object in domain " & BaseDN & "."
 Else
 
 Dim intTotalAccount '計算找到幾位使用者
 intTotalAccount = 0
  
 objRecordSet.MoveFirst
  
 Do Until objRecordSet.EOF  
  intTotalAccount = intTotalAccount +1
  'Retrive user information
  Dim oUser    
     
  Set oUser = GetObject(objRecordSet.Fields("ADsPath").Value)
  
  For Each oUserProperty in oUser
   PrintScreen oUserProperty.Name    
  Next
     
  If (oUser.AccountDisabled = FALSE) Then
     
   PrintScreen vbTab & "User Name : " & oUser.Name
   sStatus = UserPwdExpire(oUser)
       
   Select Case sStatus
    Case 999999
     PrintScreen vbTab & " The user " & oUser.samaccountname & " Password never expires." 
           
    Case Else
     if sStatus >= 0 then  
      strMSG = "Your password is already expired in " & sStatus & " days!"
      PrintScreen vbTab & " The user " & oUser.samAccountName & " password is expired after " & sStatus & " days!" 
     elseif sStatus < 0 then
      strMSG = "Your mail account password will be expired in " & 0-sStatus & " days!" & vbcrlf & "Please change your password as soon as!"
      PrintScreen vbTab & " The user " & oUser.samAccountName & " password will be expired in " & 0-sStatus & " days!"
     end if 
                
           For each checkDays in arrWillExpiredDays
            if checkDays = (0-sStatus) then
             call fnCheck_SendMail(oUser,strMSG) 
            end if
           next      
   End Select 
  
  else 
   PrintScreen vbTab & "User Name : " & oUser.Name
   PrintScreen vbTab & " The user " & oUser.samaccountname & " Account Disabled." 
  end if
      
 objRecordSet.MoveNext
 
 
 PrintScreen "  "
   
 Loop
 End If
 PrintScreen "Total Accounts is " & intTotalAccount  
 
ListWillExpireUsers = "OK"
 
End Function
 
'********************************************************************
'* Function UserPwdExpire(objUser, nMaxPwdAge)
'* Check if user object password is or will be expired
'* objUser: the user object
'*  
'*  nMaxPwdAge: maximum password age of domain
'*
'*-------------------------------------------------------------------
Function UserPwdExpire(objUser)
 
 On Error Resume Next
 Const ADS_UF_DONT_EXPIRE_PASSWD  = &H10000 
 Const SEC_IN_DAY = 86400
 
 intCurrentValue = objUser.Get("userAccountControl")
 
 If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
  'The password does not expire.
  UserPwdExpire = 999999 '永遠不過期
 Else
  
  dtmValue = objUser.PasswordLastChanged 
  if err.number <> 0 then
   dtmValue = 0
   err.Clear
  end if
  
  
  PrintScreen vbTab & " The password was last changed on " & DateValue(dtmValue) & " at " & TimeValue(dtmValue)
  'PrintScreen vbTab & "The password was last changed on " & _
  'DateValue(dtmValue) & " at " & TimeValue(dtmValue) & VbCrLf & _
  ' "The difference between when the password was last set" & VbCrLf & _
  ' "and today is " & int(now - dtmValue) & " days"
  intTimeInterval = int(now - dtmValue)
  
  
  Set objSysInfo = CreateObject("ADSystemInfo")
  strDomain = objSysInfo.DomainShortName
  Set objSysInfo = Nothing
  
  Set objDomainNT = GetObject("WinNT://" & strDomain)
  intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
  
  If intMaxPwdAge < 0 Then
   'WScript.Echo "The Maximum Password Age is set to 0 in the " & _
    '"domain. Therefore, the password does not expire."
  Else
   intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY)
   'Wscript.echo "The maximum password age is " & intMaxPwdAge & " days"
   If intTimeInterval >= intMaxPwdAge Then
    'PrintScreen vbTab &  "The password has expired."
    UserPwdExpire = int(intTimeInterval - intMaxPwdAge)
   Else
    'PrintScreen vbTab &  "The password will expire on " & _
    ' DateValue(dtmValue + intMaxPwdAge) & " (" & _
    ' int((dtmValue + intMaxPwdAge) - now) & " days from today" & ")."
    UserPwdExpire = int(now - (dtmValue + intMaxPwdAge)) 
   End If
  End If
 End If
End Function
  
'******************************
' Mail Message
'Reference : Creating and Sending a Message
'http://msdn.microsoft.com/library/en-us/cdosys/html/_cdosys_messaging_examples_creating_and_sending_a_message.asp?frame=true
'http://msdn.microsoft.com/library/en-us/cdosys/html/_cdosys_cdosendusing_enum.asp?frame=true
'******************************
Sub SendMail(strFrom, strTo, strSubject, strBodyText) 
 
Dim iMsg
Set iMsg = CreateObject("CDO.Message")
Dim iConf
Set iConf = CreateObject("CDO.Configuration")
 
Dim Flds
Set Flds = iConf.Fields
 
With Flds
  ' assume constants are defined within script file
  .Item("cdoSendUsingMethod") = 2       ' cdoSendUsingPickup:1:Local , cdoSendUsingPort:2:Network  
  .Item("cdoSendUsingPort")  = 25               'cdoSendUsingPort
  .Item("cdoSMTPServer")  = strSMTPServer
  .Item("cdoSMTPConnectionTimeout") = 10   ' quick timeout
  .Item("cdoSMTPAuthenticate") = cdoBasic
  .Item("cdoSendUserName")  = strSendUserName
  .Item("cdoSendPassword")  = strSendPassword
  '.Item("cdoURLProxyServer")  = "tpeproxy:80"
  .Item("cdoURLProxyBypass")  = "<local>"
  .Item("cdoURLGetLatestVersion")   = True
  .Update
End With
 
With iMsg
   Set .Configuration = iConf
      .To       = strTo
      .From    = strFrom
      .Subject  = strSubject
      '.CreateMHTMLBody "This folder [" & strFolderPath & "] Created in " & intDayNum & " Days"
      .TextBody =  strBodyText
      '.AddAttachment "C:\files\mybook.doc"
      .Send
End With
 
End Sub
 
'********************************************************************
'*
'* Function: fnCheck_SendMail
'* Purpose:  檢查是否有符合寄信標準的使用者(以arrWillExpiredDays為準)
'* Input:    objUser,MailMessage
'*           
'* Output:   None
'*
'********************************************************************
Function fnCheck_SendMail(objUser,strMSG)
 'Send email
 On Error Resume Next
 Err.Clear
  
 '某些User在此行發生Error
 Dim PropArray
  
 'PropArray = Array("proxyAddresses")       
 'oUser.GetInfoEx Array("proxyAddresses"), 0
 aProxyAddress = objUser.GetEx("proxyAddresses")       
  
 If Err<>0 Then 
  PrintScreen vbTab & Time & " The user doesn't have email address."        
  Err.Clear
 Else
  
  For Each saProxyAddress in aProxyAddress 
   
   'Need a string variable to transfer the saProxyAddress
   strMailAddress = saProxyAddress
   
   ePos = Instr(1,strMailAddress,"SMTP:",VbTextCompare)
   
   'PrintScreen vbTab & vbTab & "ePos = " & ePos         
    
   If ePos > 0 Then 
    
    strEmail = mid(strMailAddress,6)
    PrintScreen vbTab & " Email Address: " & strEmail
     
    'Use Exchange Server to send mail
    'SendMail MASTERMAIL, strEmail, "Password expiration notification!", strMSG
    
    'If server installed the SMTP Service
    SendMessage MASTERMAIL, strEmail, "Password expiration notification!", strMSG
       
    PrintScreen vbTab & " " & Time &  " Finish sending email!"
     
    Exit For
    
   Else         
    'PrintScreen vbTab & vbTab & " No SMTP: string"           
   End If
   
  Next
  
 End If
end Function
'******************************************************************************
' Send messages with CDO for Windows 2000
' strTo:   [in] To
' strFrom:  [in] From
' strSubject:  [in] Subject
' strBodyFile: [in] Body text file
'******************************************************************************
Sub SendMessage(strFrom, strTo, strSubject, strBodyText) 
 
 ' For more information about CDO for Windows 2000, please refer to 
 ' http://msdn.microsoft.com/library/en-us/exchanchor/htms/msexchsvr_cdowin2000.asp?frame=true
 
 'On Error Resume Next
 Dim oMessage ' as CDO.Message
 Set oMessage = CreateObject("CDO.Message")
 
 oMessage.TextBody = strBodyText
 oMessage.To = strTo
 oMessage.From = strFrom
 oMessage.Subject = strSubject
 Err.Clear
 oMessage.Send 
 
 If Err.number <> 0 then
  Wscript.Echo "Error in SendMessage: id=" & Err.number & ", source=" & Err.Source & ",Desc=" & Err.Description
  Err.Clear
 End If
 Set oMessage = nothing
 
End Sub

修复方案:

。。。

版权声明:转载请注明来源 if、so@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2014-10-07 17:22

厂商回复:

多谢提醒,马上修复。

最新状态:

暂无

漏洞评价:

评论

  1. 2014-10-07 13:31 | 疯狗 认证白帽子 ( 实习白帽子 | Rank:44 漏洞数:2 | 阅尽天下漏洞,心中自然无码。)

    mark,明天开始企业会比较忙活

  2. 2014-10-07 13:46 | scanf ( 核心白帽子 | Rank:1232 漏洞数:186 | 。)

    mark

  3. 2014-10-07 15:56 | 胖子 ( 实习白帽子 | Rank:75 漏洞数:16 | 加大你的带宽!加大你的内存!加大你的显示器...)

    马克

  4. 2014-10-07 16:01 | if、so 认证白帽子 ( 核心白帽子 | Rank:1008 漏洞数:91 | 梦想还是要有的,万一实现了呢?)

    @胖子 不要调皮,我在用你的神器。哈哈

  5. 2014-10-07 16:11 | huc-ray ( 路人 | Rank:25 漏洞数:7 | 菜鸟一枚)

    @疯狗 mark 审核

  6. 2014-10-07 16:20 | 子非海绵宝宝 认证白帽子 ( 核心白帽子 | Rank:1044 漏洞数:106 | 发扬海绵宝宝的精神!你不是海绵宝宝,你怎...)

    mark

  7. 2014-10-07 21:51 | 基佬库克 ( 实习白帽子 | Rank:75 漏洞数:15 | 简介什么的是直接爆菊吧..)

    一直很好奇,大神找行的点

  8. 2014-10-07 21:52 | 基佬库克 ( 实习白帽子 | Rank:75 漏洞数:15 | 简介什么的是直接爆菊吧..)

    @基佬库克 怎么找

  9. 2014-10-08 00:27 | 深蓝 ( 普通白帽子 | Rank:960 漏洞数:220 | 我们不是骇客,我们是黑客,我们维护互联网...)

    @疯狗 企业就是因为我们这些闲着蛋疼的人 天天在维护服务器