漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0108653
漏洞标题:新华网某系统命令执行
相关厂商:新华网
漏洞作者: 朱元璋
提交时间:2015-04-22 16:55
修复时间:2015-06-08 17:52
公开时间:2015-06-08 17:52
漏洞类型:成功的入侵事件
危害等级:高
自评Rank:20
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-04-22: 细节已通知厂商并且等待厂商处理中
2015-04-24: 厂商已经确认,细节仅向厂商公开
2015-05-04: 细节向核心白帽子及相关领域专家公开
2015-05-14: 细节向普通白帽子公开
2015-05-24: 细节向实习白帽子公开
2015-06-08: 细节向公众公开
简要描述:
感觉网站安全不是做的很好
详细说明:
http://219.153.9.73:8080/submitted/login.action
netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1031 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1158 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1521 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1830 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3938 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5001 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5500 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5520 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5521 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5560 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5580 0.0.0.0:0 LISTENING
TCP 0.0.0.0:6009 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
TCP 0.0.0.0:9073 0.0.0.0:0 LISTENING
TCP 0.0.0.0:9090 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1071 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1115 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1175 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1176 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1233 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1235 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1240 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1244 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1245 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1246 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1247 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1248 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1308 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1309 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1310 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1311 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1312 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1115 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1175 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1176 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1233 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1235 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1240 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1244 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1245 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1246 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1247 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1248 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1308 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1309 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1310 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1311 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1312 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1592 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2787 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2788 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2789 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2790 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2791 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.
ipconfig
Windows IP Configuration
Ethernet adapter 本地连接 3:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter 本地连接:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter 本地连接 4:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter 本地连接 2:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 219.153.9.73
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Default Gateway . . . . . . . . . : 219.153.9.1
whoami
svctag-h3n513x\haododo
ls F:\founder_tomcat\webapps\submitted\
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
漏洞证明:
http://219.153.9.73:8080/submitted/login.action
netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1031 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1158 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1521 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1830 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3938 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5001 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5500 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5520 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5521 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5560 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5580 0.0.0.0:0 LISTENING
TCP 0.0.0.0:6009 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
TCP 0.0.0.0:9073 0.0.0.0:0 LISTENING
TCP 0.0.0.0:9090 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1071 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1115 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1175 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1176 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1233 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1235 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1240 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1244 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1245 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1246 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1247 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1248 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1308 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1309 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1310 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1311 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1312 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1115 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1175 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1176 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1233 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1235 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1240 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1244 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1245 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1246 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1247 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1248 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1308 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1309 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1310 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1311 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1312 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1592 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2787 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2788 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2789 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2790 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2791 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.
ipconfig
Windows IP Configuration
Ethernet adapter 本地连接 3:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter 本地连接:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter 本地连接 4:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter 本地连接 2:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 219.153.9.73
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Default Gateway . . . . . . . . . : 219.153.9.1
whoami
svctag-h3n513x\haododo
ls F:\founder_tomcat\webapps\submitted\
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
修复方案:
自己看着办
版权声明:转载请注明来源 朱元璋@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:8
确认时间:2015-04-24 17:51
厂商回复:
CNVD确认并复现所述情况,已经转由CNCERT向新华网上级管理单位通报,由其后续协调网站管理单位处置.
最新状态:
暂无