乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-10-11: 积极联系厂商并且等待厂商认领中,细节不对外公开 2013-11-25: 厂商已经主动忽略漏洞,细节向公众公开
亚信联创某两个服务器命令执行漏洞root权限可SHELL
亚信联创股份有限公司(Asiainfo-Linkage, Inc.NASDAQ代码:ASIA)于2009年12月6日,由亚信集团股份有限公司和联创科技(南京)有限公司宣布合并而成,是中国最大、全球收入和市值均第二大的电信BSS/OSS提供商。所以就提交给cncert吧#1
http://218.94.61.17/OnlineServer/LoginAction.action
struts命令执行
eth0 Link encap:Ethernet HWaddr 78:2B:CB:15:4A:50 inet addr:192.168.4.180 Bcast:192.168.4.255 Mask:255.255.255.0 inet6 addr: fe80::7a2b:cbff:fe15:4a50/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:23055939 errors:0 dropped:0 overruns:0 frame:0 TX packets:12862125 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:7166504931 (6.6 GiB) TX bytes:6575029987 (6.1 GiB) Interrupt:25 Memory:f2000000-f2012800 eth1 Link encap:Ethernet HWaddr 78:2B:CB:15:4A:52 inet addr:192.168.15.21 Bcast:192.168.15.255 Mask:255.255.255.0 inet6 addr: fe80::7a2b:cbff:fe15:4a52/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:510165387 errors:0 dropped:0 overruns:0 frame:0 TX packets:79818823 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:42256120280 (39.3 GiB) TX bytes:1426072352449 (1.2 TiB)eth2 Link encap:Ethernet HWaddr 78:2B:CB:15:4A:54 inet addr:8.1.1.2 Bcast:8.1.1.3 Mask:255.255.255.252 inet6 addr: fe80::7a2b:cbff:fe15:4a54/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:36 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:4770 (4.6 KiB) Interrupt:27 Memory:f6000000-f6012800 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:66245857 errors:0 dropped:0 overruns:0 frame:0 TX packets:66245857 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:33792352507 (31.4 GiB) TX bytes:33792352507 (31.4 GiB)peth1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 RX packets:511416568 errors:0 dropped:34 overruns:0 frame:0 TX packets:997046965 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:44385214962 (41.3 GiB) TX bytes:1490499499805 (1.3 TiB) Interrupt:26 Memory:f4000000-f4012800 vif0.1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 RX packets:79818753 errors:0 dropped:0 overruns:0 frame:0 TX packets:510165387 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1426072276395 (1.2 TiB) TX bytes:42256120280 (39.3 GiB)virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:24 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:3395 (3.3 KiB)xenbr1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 RX packets:3984454 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:479625932 (457.4 MiB) TX bytes:0 (0.0 b)
shell地址:
http://218.94.61.17/OnlineServer/3.jsp
#2
http://221.6.15.107:58080/OnlineServer/LoginAction.action
eth0 Link encap:Ethernet HWaddr 78:2B:CB:3E:31:FC inet addr:192.168.5.22 Bcast:192.168.5.255 Mask:255.255.255.128 inet6 addr: fe80::7a2b:cbff:fe3e:31fc/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:16129633 errors:0 dropped:0 overruns:0 frame:0 TX packets:13270364 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6169142846 (5.7 GiB) TX bytes:5622127345 (5.2 GiB) Interrupt:98 Memory:f2000000-f2012800 eth1 Link encap:Ethernet HWaddr 78:2B:CB:3E:31:FE inet addr:192.168.15.10 Bcast:192.168.15.255 Mask:255.255.255.0 inet6 addr: fe80::7a2b:cbff:fe3e:31fe/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7310064 errors:0 dropped:0 overruns:0 frame:0 TX packets:1802263 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4026295622 (3.7 GiB) TX bytes:524288104 (500.0 MiB) Interrupt:106 Memory:f4000000-f4012800 eth3 Link encap:Ethernet HWaddr 78:2B:CB:3E:32:02 inet addr:192.168.168.11 Bcast:192.168.168.255 Mask:255.255.255.0 inet6 addr: fe80::7a2b:cbff:fe3e:3202/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:59911304 errors:0 dropped:0 overruns:0 frame:0 TX packets:65767494 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:14318383708 (13.3 GiB) TX bytes:70040124583 (65.2 GiB) Interrupt:122 Memory:f8000000-f8012800 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:16438 errors:0 dropped:0 overruns:0 frame:0 TX packets:16438 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:22339747 (21.3 MiB) TX bytes:22339747 (21.3 MiB)
shell地址
http://221.6.15.107:58080/OnlineServer/cd.jsp
#shell1
#shell2
升级!
未能联系到厂商或者厂商积极拒绝
