乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-12-22: 细节已通知厂商并且等待厂商处理中 2014-12-22: 厂商已经确认,细节仅向厂商公开 2015-01-01: 细节向核心白帽子及相关领域专家公开 2015-01-11: 细节向普通白帽子公开 2015-01-21: 细节向实习白帽子公开 2015-02-05: 细节向公众公开
联想某站点存在远程命令执行
Struts 2命令执行:
https://ipgpassport.lenovo.com/security/forgetPassword.action
Whoami: ipgpassport\pmsadminWebPath: D:\jboss-5.1.0.GA\server\default\tmp\a45l1d-pgcxdu-i1oil27t-1-i1oilu5p-9n\passport.war\
netstat -an:
Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:80 0.0.0.0:0 LISTENING TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:443 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:1920 0.0.0.0:0 LISTENING TCP 0.0.0.0:3071 0.0.0.0:0 LISTENING TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING TCP 0.0.0.0:3661 0.0.0.0:0 LISTENING TCP 0.0.0.0:6014 0.0.0.0:0 LISTENING TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING TCP 0.0.0.0:25001 0.0.0.0:0 LISTENING TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING TCP 0.0.0.0:49158 0.0.0.0:0 LISTENING TCP 0.0.0.0:49178 0.0.0.0:0 LISTENING TCP 0.0.0.0:49180 0.0.0.0:0 LISTENING TCP 0.0.0.0:49181 0.0.0.0:0 LISTENING TCP 0.0.0.0:49182 0.0.0.0:0 LISTENING TCP 0.0.0.0:49258 0.0.0.0:0 LISTENING TCP 0.0.0.0:53089 0.0.0.0:0 LISTENING TCP 0.0.0.0:63635 0.0.0.0:0 LISTENING TCP 10.4.201.49:139 0.0.0.0:0 LISTENING TCP 10.4.201.49:443 101.227.20.219:58834 ESTABLISHED TCP 10.4.201.49:443 202.1xx.xx.xxx:63819 TIME_WAIT TCP 10.4.201.49:443 202.1xx.xx.xxx:63822 TIME_WAIT TCP 10.4.201.49:443 202.1xx.xx.xxx:63848 TIME_WAIT TCP 10.4.201.49:443 202.1xx.xx.xxx:63850 TIME_WAIT TCP 10.4.201.49:443 202.1xx.xx.xxx:63856 TIME_WAIT TCP 10.4.201.49:443 202.1xx.xx.xxx:63877 ESTABLISHED TCP 10.4.201.49:3071 10.4.201.49:52520 ESTABLISHED TCP 10.4.201.49:3071 10.96.22.110:11663 CLOSE_WAIT TCP 10.4.201.49:3071 10.96.22.110:40939 CLOSE_WAIT TCP 10.4.201.49:3071 10.96.22.110:52726 CLOSE_WAIT TCP 10.4.201.49:3071 10.96.22.110:52975 CLOSE_WAIT TCP 10.4.201.49:3071 10.96.22.110:61706 CLOSE_WAIT TCP 10.4.201.49:3071 10.100.77.178:229 ESTABLISHED TCP 10.4.201.49:3661 10.4.201.49:53188 ESTABLISHED TCP 10.4.201.49:8009 10.100.77.178:905 ESTABLISHED TCP 10.4.201.49:8009 10.100.77.178:43809 ESTABLISHED TCP 10.4.201.49:8009 10.100.77.178:43838 ESTABLISHED TCP 10.4.201.49:8009 10.100.77.178:43860 ESTABLISHED TCP 10.4.201.49:8009 10.100.77.178:43875 ESTABLISHED TCP 10.4.201.49:8009 10.100.77.178:43891 ESTABLISHED TCP 10.4.201.49:8009 10.100.77.178:43915 ESTABLISHED TCP 10.4.201.49:49158 10.100.77.178:43831 ESTABLISHED TCP 10.4.201.49:49695 10.96.22.119:63358 ESTABLISHED TCP 10.4.201.49:52520 10.4.201.49:3071 ESTABLISHED TCP 10.4.201.49:53188 10.4.201.49:3661 ESTABLISHED TCP 10.4.201.49:53704 10.4.10.55:1433 ESTABLISHED TCP 10.4.201.49:54045 10.4.10.55:1433 ESTABLISHED TCP 10.4.201.49:54204 10.96.39.4:1918 ESTABLISHED TCP 10.4.201.49:63658 10.176.1.138:8211 TIME_WAIT TCP 10.4.201.49:63702 10.4.10.55:1433 TIME_WAIT TCP 10.4.201.49:63703 10.4.10.55:1433 TIME_WAIT TCP 10.4.201.49:63704 10.4.10.55:1433 TIME_WAIT TCP 10.4.201.49:63705 10.4.10.55:1433 TIME_WAIT TCP 10.4.201.49:63706 10.4.10.55:1433 TIME_WAIT TCP 10.4.201.49:63707 10.4.10.55:1433 TIME_WAIT
内网IP:
10.4.201.49
升级Struts
危害等级:高
漏洞Rank:13
确认时间:2014-12-22 10:51
感谢您对联想安全工作的支持,我们会尽快修复漏洞
暂无