当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-080073

漏洞标题:大众点评某分站存在远程命令执行漏洞(可导致内网渗透)

相关厂商:大众点评

漏洞作者: 猪猪侠

提交时间:2014-10-20 00:07

修复时间:2014-12-04 00:08

公开时间:2014-12-04 00:08

漏洞类型:命令执行

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-10-20: 细节已通知厂商并且等待厂商处理中
2014-10-20: 厂商已经确认,细节仅向厂商公开
2014-10-30: 细节向核心白帽子及相关领域专家公开
2014-11-09: 细节向普通白帽子公开
2014-11-19: 细节向实习白帽子公开
2014-12-04: 细节向公众公开

简要描述:

大众点评某分站存在远程命令执行漏洞(可导致内网渗透)

详细说明:

struts2最新的漏洞都补了,结果2010的老漏洞还存在

http://mobile.dper.com/dper/login
Whoami: nobody
WebPath: /data/webapps/ba-es-employeeport-mobile-web/current/ba-es-employeeport-mobile-web.war
OS.Name: Linux
OS.Version: 2.6.32-279.el6.x86_64
Java.Home: /usr/local/jdk/jre
Java.Version: 1.6.0_26
OS.arch: amd64
User.Name: nobody
User.Home: /
User.Dir: /
Java.Class.Path: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/../lib/cookie-java-agent-0.1.jar:/usr/local/tomcat/bin/../lib/byteman-2.1.2.jar
Java.IO.Tmpdir: /tmp

漏洞证明:

/sbin/arp -a
==============================================================================
user-base-service12.nh (10.1.9.21) at 52:54:e6:4a:e0:c9 [ether] on eth0
? (10.1.9.1) at 00:00:0c:07:ac:31 [ether] on eth0
user-base-service14.nh (10.1.9.44) at 52:54:a9:c5:8a:b4 [ether] on eth0
user-base-service15.nh (10.1.9.14) at 52:54:0f:45:6e:78 [ether] on eth0
user-base-service13.nh (10.1.9.47) at 52:54:6f:59:4a:c0 [ether] on eth0
user-base-service11.nh (10.1.9.31) at 52:54:7c:fa:83:d9 [ether] on eth0


eth0      Link encap:Ethernet  HWaddr 52:54:DA:03:F8:28  
          inet addr:10.1.9.41  Bcast:10.1.9.255  Mask:255.255.255.0
          inet6 addr: fe80::5054:daff:fe03:f828/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1087533437 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1440545959 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:176710255811 (164.5 GiB)  TX bytes:325606545744 (303.2 GiB)
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:130731271 errors:0 dropped:0 overruns:0 frame:0
          TX packets:130731271 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:32430403222 (30.2 GiB)  TX bytes:32430403222 (30.2 GiB)

修复方案:

更新存在漏洞的模块

版权声明:转载请注明来源 猪猪侠@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2014-10-20 00:12

厂商回复:

thx

最新状态:

暂无