维也纳某业务系统命令执行GETSEHLL | wooyun-2015-0136930| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0136930

漏洞标题：维也纳某业务系统命令执行GETSEHLL

漏洞作者：路人甲

提交时间：2015-08-25 21:48

修复时间：2015-10-10 01:12

公开时间：2015-10-10 01:12

漏洞类型：系统/服务运维配置不当

危害等级：高

自评Rank：15

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-08-25：细节已通知厂商并且等待厂商处理中
2015-08-26：厂商已经确认，细节仅向厂商公开
2015-09-05：细节向核心白帽子及相关领域专家公开
2015-09-15：细节向普通白帽子公开
2015-09-25：细节向实习白帽子公开
2015-10-10：细节向公众公开

简要描述：

维也纳某业务系统命令执行

详细说明：

地址：http://aqe.wyn88.com:9002
jboss未禁止invoker/JMXInvokerServlet组件，导致命令执行，可shell
shell地址：http://aqe.wyn88.com:9002/jquery/wooyun_test.jsp wooyun
（麻烦管理员删除）

漏洞证明：

所在内网

数据库并未进行连接！

发现两个入侵痕迹

$ netstat -antp

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      17743/cupsd         
tcp        0      0 0.0.0.0:26776               0.0.0.0:*                   LISTEN      8566/java           
tcp        0      0 10.8.5.118:6200             0.0.0.0:*                   LISTEN      13920/opmn          
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      18024/master        
tcp        0      0 0.0.0.0:1626                0.0.0.0:*                   LISTEN      13961/tnslsnr       
tcp        0      0 0.0.0.0:4443                0.0.0.0:*                   LISTEN      3746/httpd          
tcp        0      0 0.0.0.0:4444                0.0.0.0:*                   LISTEN      8566/java           
tcp        0      0 0.0.0.0:4445                0.0.0.0:*                   LISTEN      8566/java           
tcp        0      0 0.0.0.0:4446                0.0.0.0:*                   LISTEN      8566/java           
tcp        0      0 127.0.0.1:24927             0.0.0.0:*                   LISTEN      8566/java           
tcp        0      0 0.0.0.0:8000                0.0.0.0:*                   LISTEN      3746/httpd          
tcp        0      0 0.0.0.0:3873                0.0.0.0:*                   LISTEN      8566/java           
tcp        0      0 0.0.0.0:1090                0.0.0.0:*                   LISTEN      8566/java           
tcp        0      0 0.0.0.0:18499               0.0.0.0:*                   LISTEN      8566/java           
tcp        0      0 127.0.0.1:6500              0.0.0.0:*                   LISTEN      13920/opmn          
tcp        0      0 10.8.5.118:6500             0.0.0.0:*                   LISTEN      13920/opmn          
tcp        0      0 0.0.0.0:4712                0.0.0.0:*                   LISTEN      8566/java           
tcp        0      0 0.0.0.0:8009                0.0.0.0:*                   LISTEN      8566/java           
tcp        0      0 0.0.0.0:4713                0.0.0.0:*                   LISTEN      8566/java           
tcp        0      0 0.0.0.0:4457                0.0.0.0:*                   LISTEN      8566/java           
tcp        0      0 0.0.0.0:9002                0.0.0.0:*                   LISTEN      8566/java           
tcp        0      0 0.0.0.0:1098                0.0.0.0:*                   LISTEN      8566/java           
tcp        0      0 0.0.0.0:1099                0.0.0.0:*                   LISTEN      8566/java           
tcp        0      0 0.0.0.0:5901                0.0.0.0:*                   LISTEN      23926/Xvnc          
tcp        0      0 0.0.0.0:55309               0.0.0.0:*                   LISTEN      17701/rpc.statd     
tcp        0      0 0.0.0.0:5902                0.0.0.0:*                   LISTEN      5253/Xvnc           
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      12981/rpcbind       
tcp        0      0 0.0.0.0:6001                0.0.0.0:*                   LISTEN      23926/Xvnc          
tcp        0      0 0.0.0.0:6002                0.0.0.0:*                   LISTEN      5253/Xvnc           
tcp        0      0 0.0.0.0:8083                0.0.0.0:*                   LISTEN      8566/java           
tcp        0      0 127.0.0.1:6100              0.0.0.0:*                   LISTEN      13920/opmn          
tcp        0      0 0.0.0.0:53110               0.0.0.0:*                   LISTEN      -                   
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1047/sshd           
tcp        0      0 10.8.5.118:41617            10.8.5.118:21500            ESTABLISHED 3890/httpd          
tcp        0      0 10.8.5.118:49283            10.8.8.18:80                CLOSE_WAIT  8566/java           
tcp        0      0 10.8.5.118:41599            10.8.5.118:21500            ESTABLISHED 3766/httpd          
tcp        0      0 10.8.5.118:9002             183.54.200.79:3245          ESTABLISHED 8566/java           
tcp        0      0 10.8.5.118:41602            10.8.5.118:21500            ESTABLISHED 3764/httpd          
tcp        0      0 10.8.5.118:41618            10.8.5.118:21500            ESTABLISHED 3953/httpd          
tcp        0      0 10.8.5.118:42068            10.8.5.118:21500            ESTABLISHED 3760/httpd          
tcp        0      0 10.8.5.118:49292            10.8.8.18:80                CLOSE_WAIT  8566/java           
tcp        0      0 10.8.5.118:42069            10.8.5.118:21500            ESTABLISHED 3951/httpd          
tcp        0      0 127.0.0.1:52241             127.0.0.1:6100              ESTABLISHED 3759/httpd          
tcp        0      0 10.8.5.118:22               10.8.4.24:54891             ESTABLISHED 3307/sshd           
tcp        0      0 10.8.5.118:49293            10.8.8.18:80                CLOSE_WAIT  8566/java           
tcp    16220      0 10.8.5.118:44800            10.8.5.54:1521              ESTABLISHED 8566/java           
tcp        0      0 127.0.0.1:53145             127.0.0.1:8000              TIME_WAIT   -                   
tcp    16220      0 10.8.5.118:45637            10.8.5.53:1521              ESTABLISHED 8566/java           
tcp        0      0 10.8.5.118:49290            10.8.8.18:80                CLOSE_WAIT  8566/java           
tcp        0      0 10.8.5.118:49284            10.8.8.18:80                CLOSE_WAIT  8566/java           
tcp    17210      0 10.8.5.118:30693            10.8.5.53:1521              ESTABLISHED 8566/java           
tcp        0      0 10.8.5.118:41619            10.8.5.118:21500            ESTABLISHED 3952/httpd          
tcp        0      0 10.8.5.118:22               10.8.4.24:52255             ESTABLISHED 25110/sshd          
tcp        0      0 10.8.5.118:41616            10.8.5.118:21500            ESTABLISHED 3767/httpd          
tcp        0      0 127.0.0.1:53137             127.0.0.1:8000              TIME_WAIT   -                   
tcp        0      0 127.0.0.1:6100              127.0.0.1:43718             ESTABLISHED 13920/opmn          
tcp    16220      0 10.8.5.118:44801            10.8.5.54:1521              ESTABLISHED 8566/java           
tcp        0      0 10.8.5.118:41683            10.8.5.118:21500            ESTABLISHED 3763/httpd          
tcp    17210      0 10.8.5.118:30835            10.8.5.53:1521              ESTABLISHED 8566/java           
tcp        0      0 10.8.5.118:49289            10.8.8.18:80                CLOSE_WAIT  8566/java           
tcp        0      0 127.0.0.1:6100              127.0.0.1:31424             ESTABLISHED 13920/opmn          
tcp        0      0 10.8.5.118:807              10.8.5.41:2049              ESTABLISHED -                   
tcp        0      0 127.0.0.1:6100              127.0.0.1:43679             ESTABLISHED 13920/opmn          
tcp        0      0 10.8.5.118:41621            10.8.5.118:21500            ESTABLISHED 3954/httpd          
tcp        0      0 127.0.0.1:53141             127.0.0.1:8000              TIME_WAIT   -                   
tcp        0      0 127.0.0.1:6100              127.0.0.1:52241             ESTABLISHED 13920/opmn          
tcp        0      0 ::1:631                     :::*                        LISTEN      17743/cupsd         
tcp        0      0 :::23000                    :::*                        LISTEN      13707/java          
tcp        0      0 :::43640                    :::*                        LISTEN      17701/rpc.statd     
tcp        0      0 ::ffff:10.8.5.118:12345     :::*                        LISTEN      13707/java          
tcp        0      0 ::1:25                      :::*                        LISTEN      18024/master        
tcp        0      0 :::21500                    :::*                        LISTEN      13707/java          
tcp        0      0 :::25500                    :::*                        LISTEN      14272/java          
tcp        0      0 :::20000                    :::*                        LISTEN      13707/java          
tcp        0      0 :::60995                    :::*                        LISTEN      13707/java          
tcp        0      0 ::ffff:10.8.5.118:48328     :::*                        LISTEN      13707/java          
tcp        0      0 :::25000                    :::*                        LISTEN      14272/java          
tcp        0      0 :::26443                    :::*                        LISTEN      -                   
tcp        0      0 :::23500                    :::*                        LISTEN      14203/java          
tcp        0      0 :::111                      :::*                        LISTEN      12981/rpcbind       
tcp        0      0 :::22000                    :::*                        LISTEN      14203/java          
tcp        0      0 :::6001                     :::*                        LISTEN      23926/Xvnc          
tcp        0      0 :::6002                     :::*                        LISTEN      5253/Xvnc           
tcp        0      0 :::24500                    :::*                        LISTEN      14272/java          
tcp        0      0 :::20500                    :::*                        LISTEN      14203/java          
tcp        0      0 :::22                       :::*                        LISTEN      1047/sshd           
tcp       10      0 ::ffff:10.8.5.118:47508     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:22000     ::ffff:10.8.5.118:25939     TIME_WAIT   -                   
tcp      350      0 ::ffff:10.8.5.118:18240     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:21500     ::ffff:10.8.5.118:42117     TIME_WAIT   -                   
tcp     1650      0 ::ffff:10.8.5.118:23163     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:21500     ::ffff:10.8.5.118:41618     ESTABLISHED 13707/java          
tcp     1530      0 ::ffff:10.8.5.118:24525     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp     4220      0 ::ffff:10.8.5.118:44993     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp     1640      0 ::ffff:10.8.5.118:22534     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     1680      0 ::ffff:10.8.5.118:21981     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     4550      0 ::ffff:10.8.5.118:39189     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp      790      0 ::ffff:10.8.5.118:34872     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:46937     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     3060      0 ::ffff:10.8.5.118:59193     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp       10      0 ::ffff:10.8.5.118:46663     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     4900      0 ::ffff:10.8.5.118:33615     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     1750      0 ::ffff:10.8.5.118:20740     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:47772     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp     5620      0 ::ffff:10.8.5.118:25911     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:21500     ::ffff:10.8.5.118:41617     ESTABLISHED 13707/java          
tcp     1510      0 ::ffff:10.8.5.118:23420     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp     5950      0 ::ffff:10.8.5.118:20646     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp     3060      0 ::ffff:10.8.5.118:60019     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp     1950      0 ::ffff:10.8.5.118:17658     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     5900      0 ::ffff:10.8.5.118:21240     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp      570      0 ::ffff:10.8.5.118:37304     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:22000     ::ffff:10.8.5.118:25942     TIME_WAIT   -                   
tcp        0      0 ::ffff:10.8.5.118:21500     ::ffff:10.8.5.118:42113     TIME_WAIT   -                   
tcp        0      0 ::ffff:10.8.5.118:21500     ::ffff:10.8.5.118:41599     ESTABLISHED 13707/java          
tcp     6010      0 ::ffff:10.8.5.118:19768     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     2120      0 ::ffff:10.8.5.118:14825     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     5750      0 ::ffff:10.8.5.118:24216     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:21500     ::ffff:10.8.5.118:41683     ESTABLISHED 13707/java          
tcp      300      0 ::ffff:10.8.5.118:40488     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:46911     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     4650      0 ::ffff:10.8.5.118:38313     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:28960     ::ffff:10.8.5.117:32278     ESTABLISHED 13707/java          
tcp     4490      0 ::ffff:10.8.5.118:40149     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:21500     ::ffff:10.8.5.118:42109     TIME_WAIT   -                   
tcp        0      0 ::ffff:10.8.5.118:21500     ::ffff:10.8.5.118:41621     ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:21500     ::ffff:10.8.5.118:41602     ESTABLISHED 13707/java          
tcp     6040      0 ::ffff:10.8.5.118:19121     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     4590      0 ::ffff:10.8.5.118:37899     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:25000     ::ffff:10.8.5.118:27453     TIME_WAIT   -                   
tcp     3390      0 ::ffff:10.8.5.118:54987     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     1910      0 ::ffff:10.8.5.118:18421     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:48328     ::ffff:10.8.5.117:20924     ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:46905     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     4990      0 ::ffff:10.8.5.118:33198     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     6050      0 ::ffff:10.8.5.118:18814     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp      660      0 ::ffff:10.8.5.118:36555     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:46247     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:22000     ::ffff:10.8.5.118:25946     TIME_WAIT   -                   
tcp     2080      0 ::ffff:10.8.5.118:15520     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:127.0.0.1:31424      ::ffff:127.0.0.1:6100       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:21500     ::ffff:10.8.5.118:42068     ESTABLISHED 13707/java          
tcp     2040      0 ::ffff:10.8.5.118:17070     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp     1520      0 ::ffff:10.8.5.118:23571     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:37871     ::ffff:10.8.5.117:46445     ESTABLISHED 13707/java          
tcp      330      0 ::ffff:10.8.5.118:42668     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp      460      0 ::ffff:10.8.5.118:40613     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp     1590      0 ::ffff:10.8.5.118:23071     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp     1620      0 ::ffff:10.8.5.118:23193     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp     4490      0 ::ffff:10.8.5.118:40156     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     2980      0 ::ffff:10.8.5.118:60372     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     4290      0 ::ffff:10.8.5.118:43687     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp       40      0 ::ffff:10.8.5.118:46240     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     2000      0 ::ffff:10.8.5.118:14878     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     6050      0 ::ffff:10.8.5.118:18822     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:127.0.0.1:43679      ::ffff:127.0.0.1:6100       ESTABLISHED 14203/java          
tcp        0      0 ::ffff:10.8.5.118:46934     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:46239     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     3400      0 ::ffff:10.8.5.118:47546     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp     1420      0 ::ffff:10.8.5.118:26800     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:25000     ::ffff:10.8.5.118:27457     TIME_WAIT   -                   
tcp       10      0 ::ffff:10.8.5.118:46668     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     4530      0 ::ffff:10.8.5.118:40034     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp      170      0 ::ffff:10.8.5.118:42407     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:39755     ::ffff:10.8.5.117:23118     ESTABLISHED 13707/java          
tcp      190      0 ::ffff:10.8.5.118:41412     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:18818     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     1810      0 ::ffff:10.8.5.118:20501     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:48328     ::ffff:10.8.5.117:20939     ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:21500     ::ffff:10.8.5.118:41619     ESTABLISHED 13707/java          
tcp     2060      0 ::ffff:10.8.5.118:15087     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:127.0.0.1:43718      ::ffff:127.0.0.1:6100       ESTABLISHED 14272/java          
tcp       80      0 ::ffff:10.8.5.118:45582     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     4950      0 ::ffff:10.8.5.118:33208     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp       10      0 ::ffff:10.8.5.118:46660     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:21500     ::ffff:10.8.5.118:42069     ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:25000     ::ffff:10.8.5.118:27461     TIME_WAIT   -                   
tcp      410      0 ::ffff:10.8.5.118:38908     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     4940      0 ::ffff:10.8.5.118:34076     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:21500     ::ffff:10.8.5.118:41616     ESTABLISHED 13707/java          
tcp     2120      0 ::ffff:10.8.5.118:15664     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp      430      0 ::ffff:10.8.5.118:39990     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp        0      0 ::ffff:10.8.5.118:17256     ::ffff:10.8.5.117:16484     ESTABLISHED 13707/java          
tcp     4650      0 ::ffff:10.8.5.118:39122     ::ffff:10.8.5.53:1521       ESTABLISHED 13707/java          
tcp      790      0 ::ffff:10.8.5.118:34028     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     4960      0 ::ffff:10.8.5.118:33624     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java          
tcp     2720      0 ::ffff:10.8.5.118:63686     ::ffff:10.8.5.54:1521       ESTABLISHED 13707/java

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：10

确认时间：2015-08-26 01:11

厂商回复：

感谢关注，已安排工程师修复

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0136930

漏洞标题：维也纳某业务系统命令执行GETSEHLL

相关厂商：wyn88.com

漏洞作者：路人甲

提交时间：2015-08-25 21:48

修复时间：2015-10-10 01:12

公开时间：2015-10-10 01:12

漏洞类型：系统/服务运维配置不当

危害等级：高

自评Rank：15

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0136930

漏洞标题：维也纳某业务系统命令执行GETSEHLL

相关厂商：wyn88.com

漏洞作者： 路人甲

提交时间：2015-08-25 21:48

修复时间：2015-10-10 01:12

公开时间：2015-10-10 01:12

漏洞类型：系统/服务运维配置不当

危害等级：高

自评Rank：15

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0136930"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云