当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0194834

漏洞标题:四川长虹一处补丁不及时导致命令执行/可探测内网

相关厂商:四川长虹

漏洞作者: 路人甲

提交时间:2016-04-11 09:54

修复时间:2016-05-26 15:40

公开时间:2016-05-26 15:40

漏洞类型:命令执行

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-04-11: 细节已通知厂商并且等待厂商处理中
2016-04-11: 厂商已经确认,细节仅向厂商公开
2016-04-21: 细节向核心白帽子及相关领域专家公开
2016-05-01: 细节向普通白帽子公开
2016-05-11: 细节向实习白帽子公开
2016-05-26: 细节向公众公开

简要描述:

rt

详细说明:

111.png


https://103.245.128.110:8880/
websphere java反序列化命令执行

111.png


可以写shell
ipconfig /all

Windows IP Configuration
   Host Name . . . . . . . . . . . . : media
   Primary Dns Suffix  . . . . . . . : changhongit.com
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : changhongit.com
Ethernet adapter 鏈湴杩炴帴 2:
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)
   Physical Address. . . . . . . . . : E4-1F-13-BC-BF-EE
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 172.28.4.104
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 172.28.4.254
   DNS Servers . . . . . . . . . . . : 10.37.199.4
=================================================================


net view

鏈嶅姟鍣ㄥ悕绉�            娉ㄩ噴
-------------------------------------------------------------------------------
\\145ZONGHECHAXUN      145ZongHeChaXun                                         
\\1600ROM-C96D66C                                                              
\\4031BAOJIADANSH                                                              
\\4042SHENPIRIZHI                                                              
\\4090AVATEST          4090javatest                                            
\\4091WJHSERVER        4091                                                    
\\4136CFCARAORACL                                                              
\\4173ZARVASERVER      4173zarvaserver                                         
\\4177DAKAAPP2000                                                              
\\4181MUKOOL                                                                   
\\4221-MSTR2000                                                                
\\4233ITYW                                                                     
\\4234-MSTR2003X3                                                              
\\4237YGGZZX           4237gzzx                                                
\\5046-236TOMCATT      5046-236TomcatTest                                      
\\5067YQZLCX           4029                                                    
\\9600ROM-BC6B800                                                              
\\AR-CHIT                                                                      
\\ATTACHMENT           attachment                                              
\\AVAYAWEB                                                                     
\\BIEE423              BIEE423                                                 
\\BLADE1-9             blade1-9                                                
\\BLADE10                                                                      
\\BLADE20                                                                      
\\BLADE5                                                                       
\\BLADE7                                                                       
\\CHANGHON-1A7666                                                              
\\CHANGHONGIT          ChangHongIt Auto Build                                  
\\CHCLOUD                                                                      
\\CHISA                CHISA                                                   
\\CHIT-YTKMF6KV18                                                              
\\CHIT041                                                                      
\\CHIT164                                                                      
\\CHITDY-A41461B2                                                              
\\CHITOA                                                                       
\\COGNOS               Cognos                                                  
\\DAKA                                                                         
\\DISCUZ                                                                       
\\DNS3                                                                         
\\DOMINOBUSHUCESH      DominoKaiFa                                             
\\DYNATRACE                                                                    
\\E2FAXPOR                                                                     
\\JIA                  Jia                                                     
\\JIACOGNOS            jiacognos.changhongit.com                               
\\JIADB                JiaDB                                                   
\\MAIL01               4006mail01                                              
\\MAIL02                                                                       
\\MAIL03                                                                       
\\MAIL04                                                                       
\\MEDIA                                                                        
\\MEETING                                                                      
\\MINSHENG                                                                     
\\NBUMANAGE                                                                    
\\OSGI1                                                                        
\\OSGITEST                                                                     
\\PRONGSIS                                                                     
\\PROXY                                                                        
\\SAMETIME                                                                     
\\SBESERVER            SBEserver                                               
\\SHENFAZHAN           shenfazhan                                              
\\SHUMA-SVN                                                                    
\\SM06                                                                         
\\SQL                                                                          
\\TEST1                test1                                                   
\\TEST2                DominoKaiFa                                             
\\VCENTER                                                                      
\\WEBSERVER002         Webserver002                                            
\\WEBSERVER2012        4014webserver2012                                       
\\WIKI                                                                         
\\WIN-00B6Q4SAEJC                                                              
\\WIN-1BJMVBIVO08                                                              
\\WIN-71M4409T19C                                                              
\\WIN-C1D8HRD139A                                                              
\\WIN-MAUAUOTO4VJ                                                              
\\WIN2003-AF6AC0F                                                              
\\WINDOWS-2481GPW      WINDOWS-2481GPW                                         
\\WINDOWS-CK67NPI                                                              
\\WJH225               wjh                                                     
\\WMS                                                                          
\\ZARVA03                                                                      
\\ZARVA08              zarva08                                                 
\\ZHONGHANG                                                                    
鍛戒护鎴愬姛瀹屾垚銆�
=================================================================


111.png

漏洞证明:

111.png


https://103.245.128.110:8880/
websphere java反序列化命令执行

111.png


可以写shell
ipconfig /all

Windows IP Configuration
   Host Name . . . . . . . . . . . . : media
   Primary Dns Suffix  . . . . . . . : changhongit.com
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : changhongit.com
Ethernet adapter 鏈湴杩炴帴 2:
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)
   Physical Address. . . . . . . . . : E4-1F-13-BC-BF-EE
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 172.28.4.104
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 172.28.4.254
   DNS Servers . . . . . . . . . . . : 10.37.199.4
=================================================================


net view

鏈嶅姟鍣ㄥ悕绉�            娉ㄩ噴
-------------------------------------------------------------------------------
\\145ZONGHECHAXUN      145ZongHeChaXun                                         
\\1600ROM-C96D66C                                                              
\\4031BAOJIADANSH                                                              
\\4042SHENPIRIZHI                                                              
\\4090AVATEST          4090javatest                                            
\\4091WJHSERVER        4091                                                    
\\4136CFCARAORACL                                                              
\\4173ZARVASERVER      4173zarvaserver                                         
\\4177DAKAAPP2000                                                              
\\4181MUKOOL                                                                   
\\4221-MSTR2000                                                                
\\4233ITYW                                                                     
\\4234-MSTR2003X3                                                              
\\4237YGGZZX           4237gzzx                                                
\\5046-236TOMCATT      5046-236TomcatTest                                      
\\5067YQZLCX           4029                                                    
\\9600ROM-BC6B800                                                              
\\AR-CHIT                                                                      
\\ATTACHMENT           attachment                                              
\\AVAYAWEB                                                                     
\\BIEE423              BIEE423                                                 
\\BLADE1-9             blade1-9                                                
\\BLADE10                                                                      
\\BLADE20                                                                      
\\BLADE5                                                                       
\\BLADE7                                                                       
\\CHANGHON-1A7666                                                              
\\CHANGHONGIT          ChangHongIt Auto Build                                  
\\CHCLOUD                                                                      
\\CHISA                CHISA                                                   
\\CHIT-YTKMF6KV18                                                              
\\CHIT041                                                                      
\\CHIT164                                                                      
\\CHITDY-A41461B2                                                              
\\CHITOA                                                                       
\\COGNOS               Cognos                                                  
\\DAKA                                                                         
\\DISCUZ                                                                       
\\DNS3                                                                         
\\DOMINOBUSHUCESH      DominoKaiFa                                             
\\DYNATRACE                                                                    
\\E2FAXPOR                                                                     
\\JIA                  Jia                                                     
\\JIACOGNOS            jiacognos.changhongit.com                               
\\JIADB                JiaDB                                                   
\\MAIL01               4006mail01                                              
\\MAIL02                                                                       
\\MAIL03                                                                       
\\MAIL04                                                                       
\\MEDIA                                                                        
\\MEETING                                                                      
\\MINSHENG                                                                     
\\NBUMANAGE                                                                    
\\OSGI1                                                                        
\\OSGITEST                                                                     
\\PRONGSIS                                                                     
\\PROXY                                                                        
\\SAMETIME                                                                     
\\SBESERVER            SBEserver                                               
\\SHENFAZHAN           shenfazhan                                              
\\SHUMA-SVN                                                                    
\\SM06                                                                         
\\SQL                                                                          
\\TEST1                test1                                                   
\\TEST2                DominoKaiFa                                             
\\VCENTER                                                                      
\\WEBSERVER002         Webserver002                                            
\\WEBSERVER2012        4014webserver2012                                       
\\WIKI                                                                         
\\WIN-00B6Q4SAEJC                                                              
\\WIN-1BJMVBIVO08                                                              
\\WIN-71M4409T19C                                                              
\\WIN-C1D8HRD139A                                                              
\\WIN-MAUAUOTO4VJ                                                              
\\WIN2003-AF6AC0F                                                              
\\WINDOWS-2481GPW      WINDOWS-2481GPW                                         
\\WINDOWS-CK67NPI                                                              
\\WJH225               wjh                                                     
\\WMS                                                                          
\\ZARVA03                                                                      
\\ZARVA08              zarva08                                                 
\\ZHONGHANG                                                                    
鍛戒护鎴愬姛瀹屾垚銆�
=================================================================


111.png

修复方案:

补丁不及时

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2016-04-11 15:32

厂商回复:

正在处理!

最新状态:

暂无