HW第二天0day以及恶意IP简单汇总

admin

138891
文章

114
评论

2023年8月12日12:30:32评论141 views字数 10548阅读35分9秒阅读模式

HW第二天0day以及恶意IP简单汇总

免责声明

请勿利用文章内的相关技术从事非法测试，如因此产生的一切不良后果与文章作者和本公众号无关。一旦造成后果请自行承担！如有侵权烦请告知，我们会立即删除并致歉。谢谢！

HW第二天0day以及恶意IP简单汇总

今天是2023年8月10号周四，HW开始第二天，风急天高猿啸哀，部分BT已飞回！（徐总写的文案就是有文采，笑死😆）

第一天被日穿的佬 HW第二天0day以及恶意IP简单汇总天启建议您：pip install -r kfc.txt试试呢

HW第二天0day以及恶意IP简单汇总

天启：纯情蓝高！！！，有看上的RT女师傅抓抓紧吧！

HW第二天0day以及恶意IP简单汇总天启：如果忘记带纸可以敲敲隔壁倾月师傅的门！

哦吼，小红书SRC开通了

一、今日份漏洞情报

PeiQiwiki文库漏洞更新

https://github.com/PeiQi0/PeiQi-WIKI-Book

HW第二天0day以及恶意IP简单汇总

360漏洞情报今日更新情况

【演练实时消息】
【消息时间】：2023-08-10 01:10
【消息标题】：绿盟SAS安全审计系统 GetFile 任意文件读取漏洞
【消息详情】：360漏洞云监测到《绿盟SAS安全审计系统 GetFile 任意文件读取漏洞》消息，经漏洞云复核，确认为【真实】漏洞，漏洞影响版本【未知】，该漏洞标准化POC已经上传漏洞云情报平台，平台编号：360LDYLD-2023-00002408，情报订阅用户可登录漏洞云情报平台( https://loudongyun.360.cn/bug/list )查看漏洞详情。

【演练实时消息】
【消息时间】：2023-08-10 00:50
【消息标题】：亿赛通电子文档安全管理系统 importFileType 文件上传漏洞
【消息详情】：360漏洞云监测到《亿赛通电子文档安全管理系统 importFileType 文件上传漏洞》消息，经漏洞云复核，确认为【真实】Nday漏洞，漏洞影响版本【未知】，该漏洞标准化POC已经上传漏洞云情报平台，平台编号：360LDYLD-2023-00002494，情报订阅用户可登录漏洞云情报平台( https://loudongyun.360.cn/bug/list )查看漏洞详情。

【演练实时消息】
【消息时间】：2023-08-10 10:30
【消息标题】：泛微 E-Office 任意文件上传漏洞
【消息详情】：360漏洞云监测到《泛微 E-Office 任意文件上传漏洞(CVE-2023-2523)》POC已公开，经漏洞云复核，确认为【真实】漏洞，POC真实有效，漏洞影响版本【泛微 E-office=9.5 】，该漏洞标准化POC已经上传漏洞云情报平台，平台编号：360LDYLD-2023-00002492，情报订阅用户可登录漏洞云情报平台( https://loudongyun.360.cn/bug/list )查看漏洞详情。

【演练实时消息】
【消息时间】：2023-08-10 11:00
【消息标题】：通达OA SQL注入漏洞
【消息详情】：360漏洞云监测到《通达OA SQL注入漏洞(CVE-2023-2523)》POC已公开，经漏洞云复核，确认为POC【真实】，漏洞影响版本【通达OA<11.10】，该漏洞标准化POC已经上传漏洞云情报平台，平台编号：360LDYLD-2023-00002486，情报订阅用户可登录漏洞云情报平台( https://loudongyun.360.cn/bug/list )查看漏洞详情。

【消息时间】：2023-08-10 11:10
【消息标题】：网神 SecGate 3600 防火墙 obj_app_upfile 任意文件上传漏洞
【消息详情】：360漏洞云监测到《网神 SecGate 3600 防火墙 obj_app_upfile 任意文件上传漏洞》消息，经漏洞云复核，确认为历史漏洞，相关Poc在往年攻防演练中已有出现，该漏洞标准化POC已经上传漏洞云情报平台，平台编号：360LDYLD-2022-00005790，情报订阅用户可登录漏洞云情报平台( https://loudongyun.360.cn/bug/list )查看漏洞详情。

来自红蓝攻防实验室

2023HW-Day nday集合


1、Hillstone LMS 系统命令执行漏洞
2、天翼云网页防篡改系统命令执行漏洞
3、中远麒麟堡垒机系统 SQL 注入漏洞
4、致远 OA 系统命令执行漏洞
5、致远 OA 系统 V5-V6 模块命令执行漏洞
6、山石网科 EDR 系统 PHP 模块命令执行漏洞
7、H3C NX54 系统 web 模块信息泄露漏洞
8、锐捷 EG 易网关系统命令执行漏洞
9、H3C 虚拟授权管理系统系统命令执行漏洞
10、H3C 虚拟授权管理系统系统 web 模块命令执行漏洞
11、H3C 综合日志审计平台系统命令执行漏洞
12、Logbase 堡垒机系统 web 模块 SQL 注入漏洞
13、绿盟 SAS堡垒机localuser.php 任意用户登录漏洞
14、绿盟SAS堡垒机 GetFile 任意文件读取漏洞
15、绿盟SAS堡垒机 Exec 远程命令执行漏洞
16、HiKVISION综合安防管理平台env 信息泄漏漏洞
17、安恒明御运维审计与风险控制系统 xmlrpc.sock 任意用户添加漏洞
18、锐捷 NBR 路由器 fileupload.php 任意文件上传漏洞
19、H3C Magic CVE-2023-34928 远程代码执行漏洞
20、JCG路由器命令执行漏洞
21、通达 OA getdata 远程代码执行漏洞
22、红帆OA ioRepPicAdd 前台任意文件上传漏洞
23、九思OA wap.do SQL注入漏洞
24、九思OA wap.do 任意文件下载漏洞
25、Finetree-5MP-摄像机未授权任意用户添加漏洞（老）

POC可以直接去PeiQiwiki文库搜一下哦！

二、恶意IP（建议封禁）

来源：知道创宇安全智脑，微步情报社区，CT情报，以及本小弟收集

185.191.171.4205.210.31.2479.174.13.220205.210.31.5198.235.24.220119.52.208.2185.191.171.22205.210.31.85185.201.9.209205.210.31.193176.58.110.137205.210.31.3927.124.42.18154.41.228.146198.235.24.255121.60.81.17066.36.234.18198.235.24.193212.237.37.217198.235.24.22661.75.17.124119.52.216.106198.235.24.21438.54.88.17454.193.34.2219.151.149.152205.210.31.43205.210.31.167205.210.31.99205.210.31.57185.191.171.12205.210.31.44205.210.31.172135.125.234.192164.92.155.72171.212.209.20992.42.107.232198.235.24.230116.50.239.166205.210.31.5385.208.139.70118.107.46.131124.248.69.8385.208.98.20194.163.144.192198.235.24.178205.210.31.9885.208.98.16185.191.171.25217.76.53.63153.120.7.63198.235.24.161198.235.24.227205.210.31.76198.235.24.238198.235.24.228205.210.31.221205.210.31.84198.235.24.144205.210.31.79205.210.31.22185.191.171.19203.146.170.155198.235.24.194205.210.31.16945.81.39.20205.210.31.87198.235.24.129205.210.31.5645.141.215.19139.213.210.216188.65.36.6885.208.96.202119.52.106.108205.210.31.24638.242.241.17927.210.138.12285.208.96.200198.235.24.162205.210.31.171119.52.106.117172.104.181.101205.210.31.90205.210.31.17205.210.31.254198.235.24.184205.210.31.237198.235.24.229151.106.108.24198.235.24.246185.191.171.16198.235.24.14927.18.27.235198.235.24.23138.242.249.157103.136.221.238185.191.171.8205.210.31.106205.210.31.109205.210.31.110205.210.31.143198.235.24.204222.163.61.199175.27.223.15205.210.31.92205.210.31.15446.229.237.101205.210.31.198222.213.119.61198.235.24.175185.191.171.1122.138.102.141205.210.31.81107.189.12.105205.210.31.250162.55.85.21585.208.96.193137.226.113.44198.235.24.223222.163.46.119205.210.31.222205.210.31.97205.210.31.6685.208.96.20450.18.246.37124.248.69.175205.210.31.30205.210.31.225198.235.24.248205.210.31.19205.210.31.100205.210.31.22385.208.96.19894.102.61.75205.210.31.128205.210.31.251139.209.175.83205.210.31.163154.204.35.133205.210.31.73198.235.24.16513.57.15.9205.210.31.19285.208.96.205205.210.31.144198.235.24.205205.210.31.134205.210.31.142205.210.31.162205.210.31.72198.235.24.139103.20.220.64205.210.31.23205.210.31.3205.210.31.185205.210.31.15327.124.10.187198.235.24.155205.210.31.83122.10.45.233170.187.237.228172.245.205.158198.235.24.182185.191.171.6139.209.171.51119.52.215.4046.101.193.196205.210.31.226171.212.116.210122.138.100.103205.210.31.23285.208.96.209185.191.171.34205.210.31.40216.244.66.247205.210.31.164210.16.189.4205.210.31.95101.71.140.6205.210.31.203198.235.24.216205.210.31.8085.208.96.206205.210.31.75198.235.24.199198.235.24.136222.160.184.6173.224.126.236159.69.61.17820.171.240.220101.71.140.985.208.96.197205.210.31.11187.120.84.184198.235.24.159217.182.134.106205.210.31.27216.244.66.243157.90.182.23139.214.87.19551.144.113.144205.210.31.227198.235.24.147205.210.31.78194.169.175.167135.148.237.208205.210.31.129198.235.24.141122.138.96.207205.210.31.23885.208.96.201198.235.24.20285.217.144.60198.235.24.13034.27.12.1413.215.135.50137.117.121.68205.210.31.132198.235.24.183198.235.24.224205.210.31.151198.235.24.242205.210.31.137115.85.21.85103.42.58.103222.163.47.186198.235.24.252205.210.31.21351.75.133.70205.210.31.103205.210.31.18443.128.11.242185.191.171.14205.210.31.208185.191.171.3202.79.169.18159.223.17.119124.248.69.230205.210.31.18195.191.219.131205.210.31.195198.235.24.154218.146.39.67162.55.85.220205.210.31.236205.210.31.231198.235.24.215198.235.24.196139.214.87.85205.210.31.65205.210.31.7436.134.130.57205.210.31.24435.87.158.36205.210.31.10121.22.5.241104.160.42.76205.210.31.141198.235.24.168205.210.31.220205.210.31.48205.210.31.89205.210.31.239205.210.31.183198.235.24.237198.235.24.212198.235.24.201205.210.31.8205.210.31.14885.208.98.22198.235.24.235198.235.24.225205.210.31.13054.177.102.232198.235.24.23646.19.136.74205.210.31.25538.55.128.10287.121.221.210222.163.61.159185.191.171.183.226.97.26205.210.31.170205.210.31.34205.210.31.215208.91.69.21103.115.164.8127.124.40.56205.210.31.47198.235.24.148198.235.24.169154.9.228.19985.208.96.210101.71.140.7205.210.31.38119.52.233.95205.210.31.207109.237.98.53122.138.96.16747.243.189.7793.188.165.7543.153.174.46119.52.105.201205.210.31.54198.235.24.232143.244.138.155185.191.171.20107.148.73.7038.49.39.117208.91.69.30198.235.24.146205.210.31.253205.210.31.24585.208.96.196205.210.31.194205.210.31.96205.210.31.42205.210.31.211195.191.219.132205.210.31.35205.210.31.252198.235.24.195198.235.24.142198.235.24.203205.210.31.19727.203.244.107205.210.31.155112.237.3.7121.196.195.153143.198.32.12205.210.31.14205.210.31.196205.210.31.8685.208.98.29185.191.171.11205.210.31.5574.249.156.221198.187.28.23185.191.171.338.222.188.8343.136.181.37119.52.107.175205.210.31.205205.210.31.168175.23.128.80205.210.31.5234.223.106.245185.191.171.17205.210.31.201154.61.74.7205.210.31.135205.210.31.18685.208.98.19198.235.24.156216.244.66.228185.191.171.1085.208.96.199198.235.24.247205.210.31.41205.210.31.214205.210.31.14685.208.96.203205.210.31.241205.210.31.233198.235.24.21147.107.66.8119.52.107.249205.210.31.156205.210.31.216205.210.31.3685.208.98.1797.74.94.186154.43.165.6198.235.24.166198.235.24.208198.235.24.239198.235.24.19854.93.164.158185.191.171.24205.210.31.2205.210.31.60205.210.31.249205.210.31.229205.210.31.45205.210.31.16185.208.98.18205.210.31.180205.210.31.68103.27.62.17442.91.178.75122.138.105.5344.210.236.62207.154.254.20985.208.96.194205.210.31.69129.204.197.13392.204.138.222213.136.75.229154.9.228.159205.210.31.6198.235.24.163205.210.31.176205.210.31.46198.235.24.24087.76.8.76222.160.187.180216.118.246.34205.210.31.150198.235.24.145205.210.31.248205.210.31.230205.210.31.5185.208.98.23205.210.31.71185.191.171.26198.235.24.13185.208.98.24205.210.31.105198.235.24.213205.210.31.202205.210.31.20205.210.31.82198.235.24.233198.235.24.132217.160.232.32122.141.192.35205.210.31.217142.93.56.228120.38.11.4459.59.14.221198.235.24.18045.81.39.227198.235.24.153198.235.24.197205.210.31.181205.210.31.13185.191.171.9198.235.24.150185.191.171.35198.235.24.245198.235.24.134208.91.69.19205.210.31.32139.209.171.12205.210.31.212205.210.31.26205.210.31.107205.210.31.158205.210.31.88222.163.58.250198.235.24.13720.150.220.19723.88.67.81198.235.24.21795.111.226.15119.52.210.182198.235.24.151205.210.31.7744.203.94.250198.235.24.24485.208.96.208205.210.31.15198.235.24.185205.210.31.177205.210.31.178205.210.31.25205.210.31.1383.237.254.838.45.123.162119.8.180.84198.235.24.158198.235.24.254205.210.31.209153.120.43.14918.208.210.158124.248.69.223205.210.31.104198.235.24.186124.248.69.22185.208.96.212185.191.171.23205.210.31.2154.175.183.40167.86.122.200124.248.69.143101.71.140.8148.251.4.36198.235.24.251198.235.24.207205.210.31.235198.235.24.135119.52.106.99198.235.24.152198.235.24.241205.210.31.28198.235.24.222103.136.220.238185.191.171.2198.235.24.128198.235.24.249198.235.24.133205.210.31.108185.191.171.21205.210.31.140205.210.31.219205.210.31.175112.44.190.143205.210.31.206205.210.31.37185.191.171.13205.210.31.210198.235.24.243129.146.41.159205.210.31.59162.215.212.39198.235.24.209205.210.31.1165.108.125.120119.52.208.95205.210.31.204205.210.31.242205.210.31.165198.235.24.143205.210.31.21814.128.13.2205.210.31.50198.235.24.219205.210.31.9185.208.96.207205.210.31.152216.244.66.195205.210.31.243205.210.31.1285.208.98.31198.235.24.234205.210.31.9367.211.214.155107.172.5.251205.210.31.17394.102.61.7198.235.24.177103.174.87.250216.244.66.239162.55.86.59205.210.31.67103.136.221.2393.99.47.227205.210.31.240205.210.31.199185.191.171.754.218.46.79175.178.215.205154.12.240.15015.228.79.181198.235.24.171110.82.17.90205.210.31.149122.138.100.4652.8.247.135205.210.31.15934.222.201.120198.235.24.140198.235.24.19285.208.96.195205.210.31.102139.214.91.169117.27.161.171103.114.162.188205.210.31.224192.241.141.91205.210.31.147205.210.31.31198.235.24.253205.210.31.94185.65.207.26216.244.66.244205.210.31.136205.210.31.3385.208.96.211205.210.31.29198.235.24.164120.38.159.233104.236.104.29198.235.24.17645.81.39.17436.157.11.43205.210.31.145205.210.31.139185.191.171.15207.244.248.83195.191.219.13374.208.34.76198.235.24.218205.210.31.166205.210.31.9198.235.24.174183.60.21.9119.52.213.177185.191.171.5

使用需知

由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，文章作者不为此承担任何责任。

封面图片来源网络，如有侵权联系必删。

安全小白，不喜绕过。

仅供参考，请勿用于违法行为，如有侵权以及各种情况可以私聊！

原文始发于微信公众号（天启实验室）：HW第二天0day以及恶意IP简单汇总

免责声明:文章中涉及的程序(方法)可能带有攻击性，仅供安全研究与教学之用，读者将其信息做其他用途，由读者承担全部法律及连带责任，本站不承担任何法律及连带责任；如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截，联系方式见首页)，望知悉。

左青龙
微信扫一扫

右白虎
微信扫一扫

HW第二天0day以及恶意IP简单汇总

如何利用图像验证技术识别钓鱼攻击？

HVV重点保障工作清单

实战 | 记一次某地HVV中的木马逆向分析

如何筹备网络安全攻防演练工作

【红队思路】钓鱼-资源捆绑Bypass国内AV

护网5年0失陷，全靠封IP

护网主防照着这份清单执行，红队只能等着下课

记录某地市HW绕WAF后BYpass

利用DeepSeek开展钓鱼邮件演练

HW流程以及岗位职责

发表评论

在线咨询

微信