漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2013-035147
漏洞标题:东方煤炭电子交易中心存在命令执行漏洞
相关厂商:东方煤炭电子交易中心
漏洞作者: Restriedarea
提交时间:2013-08-25 11:20
修复时间:2013-10-09 11:20
公开时间:2013-10-09 11:20
漏洞类型:命令执行
危害等级:高
自评Rank:10
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2013-08-25: 积极联系厂商并且等待厂商认领中,细节不对外公开
2013-10-09: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
东方煤炭电子交易中心存在命令执行漏洞
详细说明:
??? 6428
drwxr-xr-x. 14 root root 4096 7? 11 17:00 apache
-rw-r--r--. 1 root root 6407210 7? 11 16:36 apache-tomcat-6.0.29.tar
drwxr-xr-x. 2 root root 4096 7? 17 11:00 auto_boot
drwxr-xr-x. 9 root root 4096 7? 11 16:37 coalWeb
drwxr-xr-x. 7 root root 4096 7? 15 08:59 download
drwxr-xr-x. 4 root root 4096 7? 11 16:45 index
drwxr-xr-x. 4 root root 4096 7? 15 09:09 mq
drwxr-xr-x. 3 root root 4096 7? 11 16:47 paoding
drwxr-xr-x. 2 root root 4096 8? 9 18:09 script
drwxr-xr-x. 12 root root 4096 8? 23 13:59 upd
-rw-r--r--. 1 root root 10240 8? 22 00:31 upload03.tar
-rw-r--r--. 1 root root 15673 8? 24 09:27 velocity.log
-rw-r--r--. 1 root root 100016 8? 23 19:24 velocity.log.1
root pts/1 218.1.19.26 Fri Aug 23 19:41 - 19:46 (00:05)
root pts/1 218.1.19.26 Fri Aug 23 17:16 - 19:40 (02:23)
root pts/2 218.1.19.26 Fri Aug 23 14:51 - 17:02 (02:11)
root pts/1 218.1.19.26 Fri Aug 23 13:58 - 16:10 (02:12)
root pts/3 218.1.19.26 Thu Aug 22 16:07 - 18:19 (02:11)
root pts/2 218.1.19.26 Thu Aug 22 15:36 - 17:47 (02:11)
root pts/1 218.1.19.26 Thu Aug 22 13:57 - 16:08 (02:11)
root pts/2 218.1.19.26 Thu Aug 22 10:37 - 12:49 (02:11)
root pts/1 218.1.19.26 Thu Aug 22 10:19 - 12:32 (02:12)
root pts/1 218.1.19.26 Thu Aug 22 00:34 - 00:50 (00:15)
root pts/1 218.1.19.26 Thu Aug 22 00:32 - 00:34 (00:02)
root pts/1 218.1.19.26 Thu Aug 22 00:05 - 00:31 (00:26)
root pts/2 218.1.19.26 Wed Aug 21 20:30 - 20:48 (00:17)
root pts/1 218.1.19.26 Wed Aug 21 19:52 - 22:03 (02:11)
root pts/2 218.1.19.26 Wed Aug 21 17:00 - 19:31 (02:30)
root pts/1 218.1.19.26 Wed Aug 21 17:00 - 19:11 (02:11)
root pts/1 218.1.19.26 Tue Aug 20 18:00 - 20:12 (02:12)
root pts/1 218.1.19.26 Sat Aug 17 15:17 - 15:17 (00:00)
root pts/1 218.1.19.26 Fri Aug 16 17:51 - 18:24 (00:32)
root pts/3 218.1.19.26 Fri Aug 16 15:57 - 18:08 (02:11)
root pts/2 218.1.19.26 Fri Aug 16 15:27 - 17:38 (02:11)
root pts/1 218.1.19.26 Fri Aug 16 14:30 - 17:00 (02:29)
root pts/1 218.1.19.26 Thu Aug 15 14:13 - 14:18 (00:05)
root pts/1 218.1.19.26 Wed Aug 14 14:22 - 14:25 (00:02)
root pts/1 218.1.19.26 Tue Aug 13 21:25 - 21:32 (00:07)
root pts/1 218.1.19.26 Tue Aug 13 18:51 - 18:59 (00:07)
root pts/1 218.1.19.26 Mon Aug 12 17:33 - 17:34 (00:01)
root pts/2 218.1.19.26 Mon Aug 12 15:00 - 15:02 (00:01)
root pts/1 218.1.19.26 Mon Aug 12 14:17 - 16:29 (02:11)
root pts/1 218.1.19.26 Fri Aug 9 22:59 - 01:33 (02:33)
root pts/1 218.1.19.26 Fri Aug 9 17:15 - 20:45 (03:30)
root pts/3 218.1.19.26 Fri Aug 9 15:36 - 16:07 (00:31)
root pts/2 218.1.19.26 Fri Aug 9 14:36 - 18:15 (03:38)
root pts/1 218.1.19.26 Fri Aug 9 13:43 - 16:13 (02:29)
root pts/1 218.1.19.26 Thu Aug 8 17:48 - 19:59 (02:11)
root pts/3 218.1.19.26 Thu Aug 8 15:30 - 18:35 (03:05)
root pts/2 218.1.19.26 Thu Aug 8 14:36 - 17:11 (02:34)
root pts/1 218.1.19.26 Thu Aug 8 14:33 - 16:48 (02:15)
root pts/2 218.1.19.26 Tue Aug 6 18:10 - 18:30 (00:19)
root pts/1 218.1.19.26 Tue Aug 6 17:57 - 18:30 (00:32)
root pts/1 218.1.19.26 Tue Aug 6 15:01 - 17:12 (02:11)
root pts/2 218.1.19.26 Tue Aug 6 11:06 - 13:34 (02:27)
root pts/1 218.1.19.26 Tue Aug 6 09:06 - 11:38 (02:31)
root pts/2 218.1.19.26 Fri Aug 2 17:58 - 20:10 (02:12)
root pts/1 218.1.19.26 Fri Aug 2 17:44 - 18:04 (00:20)
root pts/1 218.1.19.26 Fri Aug 2 08:44 - 11:00 (02:15)
root pts/1 218.1.19.26 Wed Jul 31 10:02 - 10:03 (00:01)
root pts/1 218.1.19.26 Fri Jul 26 16:31 - 18:42 (02:11)
root pts/1 218.1.19.26 Thu Jul 18 10:11 - 10:12 (00:00)
root pts/2 218.1.19.26 Wed Jul 17 10:47 - 10:49 (00:01)
root pts/1 218.1.19.26 Wed Jul 17 10:03 - 18:14 (08:10)
root pts/1 218.1.19.26 Wed Jul 17 09:54 - 09:54 (00:00)
root pts/1 218.1.19.26 Wed Jul 17 09:26 - 09:52 (00:25)
root pts/2
uid=0(root) gid=0(root) ?=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) ??=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
eth0 Link encap:Ethernet HWaddr E4:1F:13:30:BF:E4
inet addr:61.129.113.62 Bcast:61.255.255.255 Mask:255.255.255.248
inet6 addr: fe80::e61f:13ff:fe30:bfe4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:79536566 errors:0 dropped:0 overruns:0 frame:0
TX packets:6958599 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6697316090 (6.2 GiB) TX bytes:4529928411 (4.2 GiB)
Interrupt:28 Memory:92000000-92012800
eth1 Link encap:Ethernet HWaddr E4:1F:13:30:BF:E6
inet addr:192.168.100.189 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::e61f:13ff:fe30:bfe6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2049531 errors:0 dropped:0 overruns:0 frame:0
TX packets:2065797 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1003433365 (956.9 MiB) TX bytes:374946534 (357.5 MiB)
Interrupt:40 Memory:94000000-94012800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:9131094 errors:0 dropped:0 overruns:0 frame:0
TX packets:9131094 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2040931070 (1.9 GiB) TX bytes:2040931070 (1.9 GiB)
usb0 Link encap:Ethernet HWaddr E6:1F:13:2A:0F:E7
inet6 addr: fe80::e41f:13ff:fe2a:fe7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1511088 errors:0 dropped:0 overruns:0 frame:0
TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:98220720 (93.6 MiB) TX bytes:2178 (2.1 KiB)
Linux eastcoal01 2.6.32-131.0.15.el6.x86_64 #1 SMP Sat Nov 12 15:11:58 CST 2011 x86_64 x86_64 x86_64 GNU/Linux
漏洞证明:
修复方案:
你懂的 升级struts
版权声明:转载请注明来源 Restriedarea@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝