新浪某重要主站命令执行漏洞入内网 | wooyun-2016-0205561| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0205561

漏洞标题：新浪某重要主站命令执行漏洞入内网

漏洞作者： Q1NG

提交时间：2016-05-06 09:22

修复时间：2016-05-09 10:40

公开时间：2016-05-09 10:40

漏洞类型：命令执行

危害等级：高

自评Rank：20

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2016-05-06：细节已通知厂商并且等待厂商处理中
2016-05-09：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

详细说明：

http://bbs.sina.com.cn/ 新浪论坛命令执行
随便点击一个帖子进行回服,同样是命令执行 NC反弹,直接入服务器

漏洞证明：

这在服务器竟然装了nmap 那就索性扫了下, 不知是有人已经来过还是你们自己人装的

Host is up (0.00018s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.195
Host is up (0.00013s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.196
Host is up (0.00020s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.197
Host is up (0.00023s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.198
Host is up (0.00018s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.199
Host is up (0.00021s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.200
Host is up (0.00020s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.201
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.202
Host is up (0.00025s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.203
Host is up (0.00021s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.204
Host is up (0.00013s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.205
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.206
Host is up (0.00020s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.207
Host is up (0.00023s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.208
Host is up (0.00020s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.209
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.210
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.211
Host is up (0.00022s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.212
Host is up (0.00030s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.213
Host is up (0.00018s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.214
Host is up (0.00016s latency).
Not shown: 988 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
873/tcp  open     rsync
3306/tcp open     mysql
6001/tcp open     X11:1
6003/tcp open     X11:3
6004/tcp open     X11:4
6005/tcp open     X11:5
6006/tcp filtered X11:6
6007/tcp open     X11:7
6009/tcp open     X11:9
7443/tcp open     oracleas-https
8000/tcp open     http-alt
Nmap scan report for 172.16.187.215
Host is up (0.00022s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
843/tcp  open  unknown
873/tcp  open  rsync
3306/tcp open  mysql
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.216
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.217
Host is up (0.00018s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.218
Host is up (0.00021s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.219
Host is up (0.00016s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.220
Host is up (0.00021s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.221
Host is up (0.00023s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.222
Host is up (0.00017s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.223
Host is up (0.00017s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.224
Host is up (0.00023s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.225
Host is up (0.00025s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.226
Host is up (0.00023s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.227
Host is up (0.00014s latency).
Not shown: 986 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7103/tcp open  unknown
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.228
Host is up (0.00020s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.229
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.230
Host is up (0.00018s latency).
Not shown: 987 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
873/tcp  open     rsync
3306/tcp open     mysql
6001/tcp filtered X11:1
6002/tcp open     X11:2
6003/tcp open     X11:3
6004/tcp open     X11:4
6005/tcp open     X11:5
6006/tcp open     X11:6
6007/tcp open     X11:7
6009/tcp open     X11:9
7443/tcp open     oracleas-https
8000/tcp open     http-alt
Nmap scan report for 172.16.187.232
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.233
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.234
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.235
Host is up (0.00020s latency).
Not shown: 988 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.236
Host is up (0.00019s latency).
Not shown: 986 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
843/tcp  open  unknown
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.237
Host is up (0.00020s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.238
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.239
Host is up (0.00021s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.240
Host is up (0.00020s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.241
Host is up (0.00025s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.242
Host is up (0.00022s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.243
Host is up (0.00022s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.244
Host is up (0.00022s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.245
Host is up (0.00022s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.246
Host is up (0.00021s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.247
Host is up (0.00021s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.248
Host is up (0.00021s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.249
Host is up (0.00021s latency).
Not shown: 986 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
8090/tcp open  unknown
Nmap scan report for 172.16.187.250
Host is up (0.00021s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.251
Host is up (0.00024s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.253
Host is up (0.00020s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
873/tcp  open  rsync
5666/tcp open  nrpe
Nmap scan report for 172.16.187.254
Host is up (0.00028s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh

继续玩代码执行内网就不深入了这么都开了 22 ssh 3306 怎么也能找到几台弱口令的吧

修复方案：

你们懂的

版权声明：转载请注明来源 Q1NG@乌云

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2016-05-09 10:40

厂商回复：

已有白帽子报过，故忽略，感谢支持~

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0205561

漏洞标题：新浪某重要主站命令执行漏洞入内网

相关厂商：新浪

漏洞作者： Q1NG

提交时间：2016-05-06 09:22

修复时间：2016-05-09 10:40

公开时间：2016-05-09 10:40

漏洞类型：命令执行

危害等级：高

自评Rank：20

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 Q1NG@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0205561

漏洞标题：新浪某重要主站命令执行漏洞入内网

相关厂商：新浪

漏洞作者： Q1NG

提交时间：2016-05-06 09:22

修复时间：2016-05-09 10:40

公开时间：2016-05-09 10:40

漏洞类型：命令执行

危害等级：高

自评Rank：20

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2016-0205561"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 Q1NG@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：