当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0107426

漏洞标题:阿里巴巴某站可getshell入内网

相关厂商:阿里巴巴

漏洞作者: 杀器王子

提交时间:2015-04-12 11:37

修复时间:2015-05-28 14:04

公开时间:2015-05-28 14:04

漏洞类型:服务弱口令

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-04-12: 细节已通知厂商并且等待厂商处理中
2015-04-13: 厂商已经确认,细节仅向厂商公开
2015-04-23: 细节向核心白帽子及相关领域专家公开
2015-05-03: 细节向普通白帽子公开
2015-05-13: 细节向实习白帽子公开
2015-05-28: 细节向公众公开

简要描述:

阿里巴巴某站可getshell入内网

详细说明:

http://help.fenxi.cnzz.com/?p=36
虽然域名是cnzz 但是

Snip20150412_15.png


后台账号密码为 username password

Snip20150412_16.png

漏洞证明:

Snip20150412_17.png


root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi-autoipd:x:100:156:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
audit:x:2914:2914:Audit:/home/audit:/bin/sh
ads:x:1685:100:Ads:/home/ads:/usr/local/bin/bash
logs:x:1338:1338:Logs:/home/logs:/bin/sh
admin:x:505:505:Admin:/home/admin:/bin/bash
appadmin:x:507:507:appadmin:/home/appadmin:/bin/bash
guest:x:705:705:Guest:/home/guest:/bin/bash
mask 区域
*****i.h*****

x:55170:100::/home/zhihui.hzh:/bin/bash

mask 区域
*****g.xu*****

:x:54470:100::/home/xiaodong.xuexd:/bin/bash
cnzzrun:x:55171:55171::/home/cnzzrun:/bin/bash
mongodb:x:55172:55172::/home/mongodb:/bin/bash
mysql:x:55173:55173::/home/mysql:/sbin/nologin

mask 区域
*****g.li*****

:x:53956:100::/home/xingwang.liuxw:/bin/bash
fanye:x:50164:100::/home/fanye:/bin/bash
j

mask 区域
*****lon*****

:x:53790:100::/home/jiang.longj:/bin/bash

mask 区域
*****ong*****

:x:56732:100::/home/wei.longw:/bin/bash

mask 区域
*****zhu*****

:x:57075:100::/home/hong.zhuh:/bin/bash
hwnoc:x:120063:100::/home/hwnoc:/sbin/nologin

mask 区域
*****ian*****

.lcx:x:59843:100::/home/chaoxiang.lcx:/bin/bash
sekong.wsm:x:54140:100::/home/sekong.wsm:/bin/bash
h

mask 区域
*****hen*****

.hz:x:59458:100::/home/huangzheng.hz:/bin/bash
hongmeng:x:50791:100::/home/hongmeng:/bin/bash
w

mask 区域
*****do*****

g.wd:x:59502:100::/home/wangdong.wd:/bin/bash
dezhi:x:50015:100::/home/dezhi:/bin/bash

mask 区域
*****hu*****

:50016:100::/home/fanhua:/bin/bash
su.wang:x:55282:100::/home/su.wang:/bin/bash
ruohan.chen:x:55254:100::/home/ruohan.chen:/bin/bash
le

mask 区域
*****i.*****

:x:55287:100::/home/leilei.lin:/bin/bash
s

mask 区域
*****eng*****

h:x:57765:100::/home/shan.tengshsh:/bin/bash
j

mask 区域
*****ji*****

:x:54755:100::/home/jingjian:/bin/bash
w

mask 区域
*****an*****

.gwq:x:60349:100::/home/wuqiang.gwq:/bin/bash
july.liuj:x:55107:100::/home/july.liuj:/bin/bash
haohao.hhh:x:61086:100::/home/haohao.hhh:/bin/bash
g

mask 区域
*****in*****

.zgb:x:60095:100::/home/ganbin.zgb:/bin/bash
agent:x:59844:59844::/home/agent:/bin/bash
li

mask 区域
*****.x*****

l:x:53267:100::/home/linna.xjl:/bin/bash

mask 区域
*****.p*****

:x:57908:100::/home/min.peng:/bin/bash
y

mask 区域
*****ng*****

.chenyp:x:62166:100::/home/yupeng.chenyp:/bin/bash
m

mask 区域
*****ha*****

.xmh:x:60491:100::/home/minghao.xmh:/bin/bash
m

mask 区域
*****an*****

yang:x:55487:100::/home/mantang.yang:/bin/bash
z

mask 区域
*****gy*****

.zy:x:59545:100::/home/zhengyang.zy:/bin/bash
xi

mask 区域
*****yi*****

xy:x:62309:100::/home/xiongyi.xy:/bin/bash
h

mask 区域
*****en*****

x:54873:100::/home/hezhen:/bin/bash
m

mask 区域
*****.l*****

p:x:62047:100::/home/mogu.lwp:/bin/bash
q

mask 区域
*****yu*****

sxc:x:60552:100::/home/qingyu.sxc:/bin/bash
june.ww:x:60322:100::/home/june.ww:/bin/bash
g

mask 区域
*****on*****

.wzh:x:51391:100::/home/guodong.wzh:/bin/bash
z

mask 区域
*****gm*****

.llp:x:53575:100::/home/zhongmou.llp:/bin/bash
ljw2083:x:57092:100::/home/ljw2083:/bin/bash
ipdata:x:1024:1024::/home/a/share/ipdata:/sbin/nologin
tbip:x:125:125::/home/tbip:/sbin/nologin
x

mask 区域
*****han*****

zx:x:55336:100::/home/xiao.zhangzx:/bin/bash

修复方案:

版权声明:转载请注明来源 杀器王子@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:16

确认时间:2015-04-13 14:02

厂商回复:

漏洞已经在处理。感谢您对阿里巴巴安全的关注!

最新状态:

暂无