当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0107154

漏洞标题:首都某iot系统getshell数据库信息一箩筐及服务器大量文件,包含监狱系统设计

相关厂商:cncert国家互联网应急中心

漏洞作者: 路人甲

提交时间:2015-04-13 18:16

修复时间:2015-05-30 15:02

公开时间:2015-05-30 15:02

漏洞类型:命令执行

危害等级:高

自评Rank:18

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-04-13: 细节已通知厂商并且等待厂商处理中
2015-04-15: 厂商已经确认,细节仅向厂商公开
2015-04-25: 细节向核心白帽子及相关领域专家公开
2015-05-05: 细节向普通白帽子公开
2015-05-15: 细节向实习白帽子公开
2015-05-30: 细节向公众公开

简要描述:

首都某iot系统getshell数据库信息一箩筐及服务器大量文件,包含监狱系统设计!数据库链接可以获取包括腾讯、百度、阿里等厂商以及国内较大博物馆厂商登陆账户。

详细说明:

网站:海淀区物联网综合应用平台-应用支撑系统
网址:http://218.249.38.206:9191/iot-hmi-web-museum/iot/user/login.jsp
描述:站点存在Struts2命令执行导致Getshell
Struts2测试入口:http://218.249.38.206:9191/iot-hmi-web-museum/iot/softWareVersion/softWareDownloadPage.action
127.0.0.1 : 3306 ................................. Open
0x01:getshell

1.png


0x02:数据库链接信息

jdbc.driverClassName=com.mysql.jdbc.Driver  
#jdbc.url=jdbc:mysql://localhost:3306/iotplatform201411?user=root&password=123456&useUnicode=true&characterEncoding=UTF-8
jdbc.url=jdbc:mysql://192.168.82.15:3306/iotplatform_bowuguan_20141219?user=root&password=root&useUnicode=true&characterEncoding=UTF-8


0x03:一处海淀区邮箱

mailHostName=mail.zhongguancun.com.cn
mailHostUserName=tanhc
mailHostPassWord=123ABC
mailQueueName=tfwMailQueue


0x04:一处敏感密码

zhjyiot12345


0x05:数据很多

555.png

666.png

777.png

0x01.png

0x02.png

0x03.png

0x04.png


更多自己排查

漏洞证明:

0x06:数据库信息

1.png


id
INT	moc_id
INT	ug_id
INT	status
INT	status_time
TIMESTAMP	hash_code
VARCHAR	account
VARCHAR	password
VARCHAR	old_password
VARCHAR	create_time
TIMESTAMP	bind_ip_address
VARCHAR	bind_mac_address
VARCHAR	name
VARCHAR	company_name
VARCHAR	validata_code
VARCHAR	out_date
DATETIME
95	24	1	0	2014-12-19 16:39:03.0	1d867569f2bfe510134cacb02a1f7b28	liuhao	liuhao	liuhao	2014-12-19 16:39:03.0	liuhao-PC/192.168.82.15	00:00:00:00:96:36	/运营管理方用户=liuhao	 	 	 
96	24	1	0	2014-12-19 17:15:33.0	fcbcfcd44cf28b088ba304743db58b30	0	0	0	2014-12-19 17:15:33.0	liuhao-PC/192.168.82.15	00:00:00:00:58:42	/运营管理方用户=0	 	 	 
97	23	2	0	2014-12-19 17:16:14.0	c85200c4afa048847dfd821955ce1ce0	1	1	1	2014-12-19 17:16:14.0	liuhao-PC/192.168.82.15	00:00:00:00:68:39	/展会管理方用户=1	 	 	 
98	21	5	0	2014-12-19 17:44:34.0	947bb6e0a6becd306d861d44532d7e84	94:DB:C9:5A:50:3E	 	 	2014-12-19 17:44:34.0	218.249.38.254	94:DB:C9:5A:50:3E	/用户=94:DB:C9:5A:50:3E	 	 	 
99	21	4	1	2014-12-19 17:46:19.0	af481bb1f4451a3337be35622a33d022	long	long	long	2014-12-19 17:46:18.0	218.249.38.254	94:DB:C9:5A:50:3E	/用户=long	 	 	 
100	21	4	1	2015-01-06 19:35:45.0	f981a74bacbe9dc0439c2d9d2bcf822c	xiezhongye	xiezhongye	xiezhongye	2014-12-19 18:14:30.0	218.249.38.254	AC:38:70:43:8F:74	/用户=xiezhongye	 	 	 
101	21	4	0	2015-01-09 12:01:07.0	2baf2ef43efab517850cb438e036207f	ni	ni	ni	2014-12-22 11:01:41.0	218.249.38.254	94:DB:C9:5A:50:3E	/用户=ni	 	 	 
102	22	3	2	2014-12-22 13:44:20.0	f72c5653340f6bf0035db19ff0fadf18	bqzt	bqzt	bqzt	2014-12-22 13:44:20.0	 	 	/展商管理房用户=bqzt	北区展厅(三楼)	 	 
103	22	3	2	2014-12-22 15:53:49.0	a11c020c6d215846a20119e99792c8a9	N18	N18	N18	2014-12-22 15:53:49.0	 	 	/展商管理房用户=N18	北区展厅N18(三楼)	 	 
104	22	3	2	2014-12-22 16:05:58.0	3152fbd9220ad0ee8fcfed335ae79376	N19	N19	N19	2014-12-22 16:05:58.0	 	 	/展商管理房用户=N19	北区展厅N19(三楼)	 	 
105	22	3	2	2014-12-22 16:07:18.0	575d645d0c4aae0458dfdb3eb390230c	N17	N17	N17	2014-12-22 16:07:18.0	 	 	/展商管理房用户=N17	北区展厅N17(三楼)	 	 
106	22	3	2	2014-12-22 17:45:37.0	dea9fb51f06e7aae20bd3ce64c28da59	fxzl	fxzl	fxzl	2014-12-22 17:45:37.0	 	 	/展商管理房用户=fxzl	复兴之路展厅(一楼)	 	 
107	22	3	2	2014-12-23 09:52:49.0	240591537b5e296067cb6cb6a652eaca	thd	thd	thd	2014-12-23 09:52:49.0	 	 	/展商管理房用户=thd	太和殿	 	 
108	22	3	2	2014-12-23 10:03:07.0	f6ad55cc34dd2539b0a273e3e265b146	zhd	zhd	zhd	2014-12-23 10:03:07.0	 	 	/展商管理房用户=zhd	中和殿	 	 
109	21	5	0	2014-12-24 10:35:46.0	b52de103161a9338be812b0d5010f2e3	AC:38:70:43:8F:74	 	 	2014-12-24 10:35:46.0	218.249.38.254	AC:38:70:43:8F:74	/用户=AC:38:70:43:8F:74	 	 	 
110	21	4	0	2015-01-09 11:56:15.0	afc602ceb926afc2265ca6109a268f05	liuhao2	liuhao2	liuhao2	2014-12-24 19:39:56.0	218.249.38.254	18:DC:56:F8:52:59	/用户=liuhao2	 	6722a1ce-5722-48cf-8f3d-120b3b2f552c	2015-01-12 17:02:58.0
111	23	2	2	2014-12-25 20:22:25.0	052d58d5e45566f8a3a4ad2e678090cb	yhysg	yhysg	yhysg	2014-12-25 20:22:25.0	liuhao-PC/192.168.82.15	00:00:00:00:81:80	/展会管理方用户=yhysg	炎黄艺术馆	 	 
112	23	2	2	2014-12-26 09:34:07.0	353c1a0e2348788c379f22670f1c0b86	msslbwg	msslbwg	msslbwg	2014-12-26 09:34:07.0	liuhao-PC/192.168.82.15	00:00:00:00:17:96	/展会管理方用户=msslbwg	明十三陵博物馆	 	 
113	24	1	0	2014-12-26 10:48:33.0	08ad4ae016aaeffe774adfce80ec446b	liuhao4	liuhao4	liuhao4	2014-12-26 10:48:33.0	liuhao-PC/192.168.82.15	00:00:00:00:25:90	/运营管理方用户=liuhao4	 	 	 
114	23	2	2	2014-12-26 11:26:55.0	73c0ca1d8745e4b29b0147228a2a709e	sdbwg	sdbwg	sdbwg	2014-12-26 11:26:55.0	liuhao-PC/192.168.82.15	00:00:00:00:40:1	/展会管理方用户=sdbwg	首都博物馆	 	 
115	23	2	2	2014-12-26 11:57:43.0	123456789	gjbwg	gjbwg	 	2014-12-26 11:55:46.0	liuhao-PC/192.168.82.15	00:00:00:00:40:2	/展会管理方用户=gjbwg	中国国家博物馆	 	 
116	23	2	2	2014-12-26 12:32:17.0	1a8ac2098e98353b99a6f3943f44b58d	bjzrbwg	bjzrbwg	bjzrbwg	2014-12-26 11:58:41.0	liuhao-PC/192.168.82.15	00:00:00:00:97:94	/展会管理方用户=bjzrbwb	北京自然博物馆	 	 
117	23	2	2	2014-12-26 15:24:17.0	7fd91bf51e048d19469abf8c64037a2c	dzsgzbwg	dzsgzbwg	dzsgzbwg	2014-12-26 15:24:17.0	liuhao-PC/192.168.82.15	00:00:00:00:87:36	/展会管理方用户=dzsgzbwg	大钟寺古钟博物馆	 	 
118	23	2	2	2014-12-26 15:26:12.0	0e61cfa8f17b95f39c23f2f024cb4253	bjlxbwg	bjlxbwg	bjlxbwg	2014-12-26 15:26:12.0	liuhao-PC/192.168.82.15	00:00:00:00:15:42	/展会管理方用户=bjlxbwg	北京鲁迅博物馆	 	 
119	23	2	2	2014-12-26 15:35:59.0	79602ccec92d28db5947a56a14c2ecbc	bjhkg	bjhkg	bjhkg	2014-12-26 15:35:59.0	liuhao-PC/192.168.82.15	00:00:00:00:81:72	/展会管理方用户=bjhkg	北京航空馆	 	 
120	23	2	2	2014-12-26 15:41:50.0	d5fc90305502ad27024de33a1b637b31	bjzhmzbwg	bjzhmzbwg	bjzhmzbwg	2014-12-26 15:41:50.0	liuhao-PC/192.168.82.15	00:00:00:00:82:17	/展会管理方用户=bjzhmzbwg	北京中华民族博物馆	 	 
121	23	2	2	2014-12-26 15:46:46.0	c2eab6342bfd5a29a3721c2dc72966ae	zgtdbwg	zgtdbwg	zgtdbwg	2014-12-26 15:46:46.0	liuhao-PC/192.168.82.15	00:00:00:00:68:92	/展会管理方用户=zgtdbwg	中国铁道博物馆	 	 
122	23	2	2	2014-12-26 16:03:18.0	4d8ad019454c5827980470936f0d3971	bjmlybwg	bjmlybwg	bjmlybwg	2014-12-26 16:03:18.0	liuhao-PC/192.168.82.15	00:00:00:00:73:5	/展会管理方用户=bjmlybwg	北京麋鹿苑博物馆	 	 
123	23	2	2	2014-12-26 17:14:07.0	eff9825835f8c623bf1abbabbca9df1b	bjhkhtbwg	bjhkhtbwg	bjhkhtbwg	2014-12-26 17:14:07.0	liuhao-PC/192.168.82.15	00:00:00:00:72:87	/展会管理方用户=bjhkhtbwg	北京航空航天博物馆	 	 
124	21	4	1	2015-01-07 10:43:07.0	2793fd40d4eacfd7a7e486250d410620	guocy	123456	123456	2015-01-06 15:43:13.0	210.73.73.173	F0:72:8C:7A:37:4D	/用户=guocy	 	 	 
125	21	4	1	2015-01-27 13:11:26.0	8fb2f963840aaed83eeb47efdcafba24	lirf	54484ECA67ED3E23E18A6DC5ACB2964D	lirf	2015-01-08 18:15:42.0	218.249.38.254	00:00:46:65:92:01	/用户=lirf	 	89a38649-adc9-4504-a717-3cbc5b034b19	2015-01-26 09:50:57.0
126	21	4	1	2015-01-12 17:01:36.0	abad866f663e9cfa7a4878cbc9c7c107	hash	hash	hash	2015-01-09 10:38:11.0	218.249.38.254	94:DB:C9:5A:50:3E	/用户=hash	 	ffba8ae1-f49e-4ec2-8c2c-444918e81083	2015-01-13 11:23:47.0
127	21	4	1	2015-01-19 10:22:45.0	7509a54be588d4a6c9e59e096acfce37	myhash	DA810830CCF26CC3FCFD19370BDB9C4B	da810830ccf26cc3fcfd19370bdb9c4b	2015-01-09 10:47:07.0	218.249.38.254	94:DB:C9:5A:50:3E	/用户=myhash	 	48e331a6-69fe-4b7b-b1d0-89626ceee2c3	2015-01-12 17:02:45.0
128	21	4	0	2015-01-09 11:58:49.0	7c5e578d4c2652ceeb42e4aeb170b62f	aaaa	74B87337454200D4D33F80C4663DC5E5	74B87337454200D4D33F80C4663DC5E5	2015-01-09 11:56:23.0	192.168.1.106	AC:F7:F3:DE:C8:13	/用户=aaaa	 	 	 
129	21	4	0	2015-01-12 09:39:25.0	8f2ced7f097f097bbc4893bc772e88f2	bbbb	65BA841E01D6DB7733E90A5B7F9E6F80	65BA841E01D6DB7733E90A5B7F9E6F80	2015-01-09 12:00:08.0	192.168.1.106	AC:F7:F3:DE:C8:13	/用户=bbbb	 	8388ef17-980a-48b3-a5aa-e4d8e4d8b7a0	2015-01-12 12:21:43.0
130	21	4	1	2015-01-12 15:36:53.0	2ffde4464e4ee198424295633e57da7d	lrf	lrf	lrf	2015-01-12 08:46:48.0	218.249.38.254	18:DC:56:F8:6F:4E	/用户=lrf	 	0a5e712c-e91c-4d16-8d75-45d76a33d660	2015-01-12 17:11:15.0
131	21	4	1	2015-01-19 10:38:07.0	345d20626d4c1f8ee51a5fdc25c7ba14	xie	5D8C2594BCADC362111E408374955F69	5D8C2594BCADC362111E408374955F69	2015-01-12 09:01:22.0	218.249.38.254	AC:38:70:43:8F:74	/用户=xie	 	b133bc3c-f0d5-4cd3-804c-cc4e45e21e5a	2015-01-12 18:32:10.0
132	21	5	0	2015-01-12 09:39:34.0	cb4d35165023c8192bb9c11559693869	AC:F7:F3:DE:C8:13	 	 	2015-01-12 09:39:34.0	218.249.38.254	AC:F7:F3:DE:C8:13	/用户=AC:F7:F3:DE:C8:13	 	 	 
133	21	4	0	2015-01-17 17:25:12.0	ec5917a62a063add06bfa80811eadfcf	liuhao3	A5A0802FC641BBCD0AF8CB8138624098	A5A0802FC641BBCD0AF8CB8138624098	2015-01-12 14:32:23.0	218.249.38.254	AC:F7:F3:DE:C8:13	/用户=liuhao3	 	 	 
134	21	4	1	2015-01-16 09:54:51.0	5c52fa434e082706244382443e8b6d39	陈明奇	323EC888710E7833E3AABDD6941F6E4D	323EC888710E7833E3AABDD6941F6E4D	2015-01-16 09:54:50.0	159.226.99.38	B0:DF:3A:C3:34:82	/用户=陈明奇	 	 	 
135	21	4	1	2015-02-09 13:06:41.0	3e84b1f2513b4854e0391ea4d391be1e	123	202CB962AC59075B964B07152D234B70	202CB962AC59075B964B07152D234B70	2015-02-09 13:06:40.0	111.136.159.201	B4:52:7D:BB:81:01	/用户=123	 	 	 
136	21	5	0	2015-03-10 11:44:32.0	3ecf5a91d3f00cb7e0261b32c48abab5	5C:3C:27:5B:B8:81	 	 	2015-03-10 11:44:32.0	114.242.249.26	5C:3C:27:5B:B8:81	/用户=5C:3C:27:5B:B8:81	 	 	 
137	21	5	0	2015-03-11 09:46:00.0	4d4bbed62603132213eb63c006c01c01	CC:C3:EA:63:84:7A	 	 	2015-03-11 09:46:00.0	114.242.249.162	CC:C3:EA:63:84:7A	/用户=CC:C3:EA:63:84:7A	 	 	 
138	21	4	0	2015-04-08 16:40:54.0	75970f3c0e95ddfcd38cee3ac3f75529	mliuhao	mliuhao	mliuhao	2015-04-08 16:40:54.0	liuhao-PC/192.168.82.15	00:00:00:00:31:99	/观众用户=mliuhao	 	 	 
139	23	2	2	2015-04-08 16:42:08.0	4b4195226117a85f2c93f5271a30bd04	lh	123456	123456	2015-04-08 16:42:08.0	liuhao-PC/192.168.82.15	00:00:00:00:100:74	/展会管理方用户=lh	六号博物馆


3.png

1.png

修复方案:

权限很充足,涉及资料等也很多!希望尽快修复!未做任何破坏,作为白帽子这是我应该做的,希望正确面对漏洞!Rank20有木有~

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:14

确认时间:2015-04-15 15:00

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向国家上级信息安全协调机构上报,由其后续协调网站管理单位处置.

最新状态:

暂无