当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0107862

漏洞标题:合享新创官网Getshell

相关厂商:合享新创

漏洞作者: 路人甲

提交时间:2015-04-16 12:50

修复时间:2015-05-31 12:52

公开时间:2015-05-31 12:52

漏洞类型:命令执行

危害等级:中

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-04-16: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-05-31: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

合享新创官网Getshell

详细说明:

网址:http://www.incoindex.com/incoindex/usermanager/tologin.action
站点存在St2沦陷

1.png

漏洞证明:

数据库包含邮箱:

############
incopat.properties.path =/home/soft/tomcat8080/webapps/ROOT/WEB-INF/classes/server.properties
#incopat.properties.path =E:/WorkTools/server/tomcat-6.0.36/webapps/incopat2/WEB-INF/classes/server.properties
#incopat.cloud.server = 10.1.2.102:2181,10.1.2.103:2181,10.1.2.104:2181
incopat.cloud.server = 10.1.2.202:2181,10.1.2.203:2181,10.1.2.204:2181
incopat.cloud.collection.default=ncn
incopat.cloud.collection.cn=ncn
incopat.cloud.collection.foreign=nwg1,nwg2,nus
############
incopat.cloud.server.myfolder = 10.1.2.205:2181,10.1.2.206:2181,10.1.2.207:2181
incopat.cloud.collection.myfolder=nfolder
############
incopat.cloud.server.optionallib =10.1.2.205:2181,10.1.2.206:2181,10.1.2.207:2181
incopat.cloud.collection.optionallib=nadvancedb
##incopatus,incopatwo
####incopat.cloud.collection.all=incopatcn,incopatus,incopatwo;
##ftp\u670d\u52a1\u5668 \uff0c\u5b58\u653exml\u6587\u4ef6
incopat.ftp.server=10.1.2.70
incopat.ftp.port=21
incopat.ftp.username=ftp
incopat.ftp.password=user
##ftp\u4e0b\u8f7d\u670d\u52a1\u5668\uff0c\u5b58\u653e\u4e0b\u8f7d\u6587\u4ef6
incopat.download.ftp.server=10.1.2.90
incopat.download.ftp.port=21
incopat.download.ftp.username=ftpuser
incopat.download.ftp.password=ftpincopat
##\u90ae\u4ef6\u670d\u52a1\u5668\uff0c\u7cfb\u7edf\u7528\u8fd9\u4e2a\u90ae\u7bb1\u5411\u5916\u53d1\u9001\u90ae\u4ef6
#incopat.email.server=smtp.ym.163.com
#incopat.email.serverport=25
#[email protected]
#[email protected]
#incopat.email.password=11111111
incopat.email.server=10.1.1.1
incopat.email.serverport=25
[email protected]
[email protected]
incopat.email.password=incopat#2013
[email protected]
##\u7528\u6237\u9884\u8b66\u8bbe\u7f6e\uff0c\u67e5\u8fc7\u8fd9\u4e2a\u6570\u503c\u5c31\u5411\u6307\u5b9a\u7684\u90ae\u7bb1\u53d1\u9001\u90ae\u4ef6\u63d0\u793a
incopat.usermanager.loadcounttop=2000
incopat.usermanager.readcounttop=2000
incopat.usermanager.loadpdfcounttop=2000
[email protected]
#incopat.usermanager.printcounttop=2000
#incopat.usermanager.emailcounttop=2000
##web\u670d\u52a1\u5668\u5730\u5740\uff0c\u672cweb\u5e94\u7528\u670d\u52a1\u5916\u7684web\u5e94\u7528\u5730\u5740\uff08\u6bd4\u598290\u7684\u519980,80\u7684\u519990\uff09\uff0c\u591a\u4e2a\u5730\u5740\u4ee5\u9017\u53f7\u5206\u5f00\uff0c\u5982\u679c\u53ea\u6709\u4e00\u4e2aweb\u670d\u52a1\u5668\u5c31\u4e0d\u7528\u586b\u5199\u4e86\u3002
#incopat.webserver.addr=http://192.168.9.4:8080,http://192.168.9.3:8080
#incopat.webserver.addr=http://10.1.2.80:8080
incopat.webserver.addr=
##\u4e0b\u8f7d\u7684\u6587\u4ef6\u662f\u5426\u4e0a\u4f20\u5230ftp
##\u5f53\u503c\u8bbe\u7f6eyes\u65f6\u4e0a\u4f20\uff0c\u5f53\u503c\u8bbe\u7f6eno\u65f6\u4e0d\u4e0a\u4f20\u3002\u5f53\u53ea\u6709\u4e00\u4e2aweb\u5e94\u7528\u670d\u52a1\u5668\u7684\u65f6\u5019\u5c31\u6ca1\u5fc5\u8981\u4e0a\u4f20
incopat.download.ftp.flag=yes
##\u90ae\u4ef6\u529f\u80fd\u662f\u5426\u5f00\u901a
##\u5f53\u503c\u8bbe\u7f6e\u4e3ayes\u65f6\u8bf4\u660e\u5f00\u901a\uff0c\u5f53\u503c\u8bbe\u7f6e\u4e3ano\u7684\u65f6\u5019\u8bf4\u660e\u90ae\u4ef6\u529f\u80fd\u4e0d\u53ef\u7528
incopat.email.flag=yes
##\u6dfb\u52a0\u7528\u6237\u65f6\u7684\u5bc6\u7801
##\u503c\u662f\u4ec0\u4e48 \u5bc6\u7801\u5c31\u662f\u4ec0\u4e48\uff0c\u4e0d\u586b\u7cfb\u7edf\u968f\u673a\u751f\u62106\u4f4d\u6570\u5b57
incopat.usermanager.password=
##WORD\u516c\u5f00\u53f7\u94fe\u63a5\u524d\u7f00
WORDHREF=http://www.incopat.com
##\u7f29\u7565\u56fe\u524d\u6bb5\u8def\u5f84
#imagespath=d:home/ftpuser
incopat.imagespath=/home/ftpuser/Icoclipimg
#######################\u6253\u5370\u4e0b\u8f7d\u5b57\u6bb5
#\u516c\u5f00\u53f7\u5217\u8868
PNKEY=PN,PNLINK
#PNVALUE=\u516c\u5f00\u53f7
#\u68c0\u7d22\u7ed3\u679c\u5217\u8868
RESULTKEY=TIO,AP,PN,PNLINK,PD,IN,AN,AD,ABO,CLAIM
#RESULTVALUE=\u6807\u9898,\u7533\u8bf7\u4eba,\u516c\u5f00\u53f7,\u516c\u5f00\u65e5,\u53d1\u660e\u4eba,\u7533\u8bf7\u53f7,\u7533\u8bf7\u65e5,\u6458\u8981
#\u6743\u5229\u8981\u6c42
CLAIMRIGHTKEY=TIO,AP,PN,PNLINK,PD
#CLAIMRIGHTVALUE=\u6807\u9898,\u7533\u8bf7\u4eba,\u516c\u5f00\u53f7,\u516c\u5f00\u65e5
#\u6cd5\u5f8b\u72b6\u6001
LAWSTATUKEY=TIO,AP,PN,PNLINK,PD,AN
#LAWSTATUVALUE=\u6807\u9898,\u7533\u8bf7\u4eba,\u516c\u5f00\u53f7,\u516c\u5f00\u65e5
#\u81ea\u5b9a\u4e49
CUSTOMKEY=TIO,PN,PNLINK,PD,AP
#CUSTOMVALUE=\u6807\u9898,\u7533\u8bf7\u4eba,\u516c\u5f00\u53f7,\u516c\u5f00\u65e5
#\u6240\u6709 
ALLKEY=TIO,ABO,PN,PNLINK,PD,AN,AD,AP,TI-TS,TIOS,AB-TS,ABOS,APNOR,AP-COUNTRY,AP-PROVINCE,AP-ADD,CLAIM,NUMCLAIM,LAWINFO,STATUS-LITE,STATUS,IN,AT,AGC,IPC-MAIN,IPC,IOC,ECLA,CPC,UC,FI,FT,PR,MFAMILY,CFAMILY,IF,MFID,CFID,IFID,EXAM,CTFW,CT,CITETEXT,CTFW-TIMES,FCTFW-TIMES,PU-DATE,GRANT-DATE,PNK,PIC,IMG
ALLVALUE=\u6807\u9898,\u6458\u8981,\u516c\u5f00\u53f7,\u94fe\u63a5\u5230incoPat,\u516c\u5f00\u65e5,\u7533\u8bf7\u53f7,\u7533\u8bf7\u65e5,\u7533\u8bf7\u4eba,\u6807\u9898\uff08\u7ffb\u8bd1\uff09,\u6807\u9898\uff08\u5c0f\u8bed\u79cd\u539f\u6587\uff09,\u6458\u8981\uff08\u7ffb\u8bd1\uff09,\u6458\u8981\uff08\u5c0f\u8bed\u79cd\u539f\u6587\uff09,\u6807\u51c6\u5316\u7533\u8bf7\u4eba,\u7533\u8bf7\u4eba\u56fd\u522b\u4ee3\u7801,\u7533\u8bf7\u4eba\u7701\u5e02\u4ee3\u7801,\u7533\u8bf7\u4eba\u5730\u5740,\u9996\u9879\u6743\u5229\u8981\u6c42,\u6743\u5229\u8981\u6c42\u6570\u91cf,\u6cd5\u5f8b\u72b6\u6001,\u5f53\u524d\u6cd5\u5f8b\u72b6\u6001,\u4e13\u5229\u6709\u6548\u6027,\u53d1\u660e\u4eba,\u4ee3\u7406\u4eba,\u4ee3\u7406\u673a\u6784,\u4e3b\u5206\u7c7b\u53f7,IPC,\u6d1b\u8fe6\u8bfa\u5206\u7c7b\u53f7,EC,CPC,UC,FI,F-term,\u4f18\u5148\u6743,\u7b80\u5355\u540c\u65cf,\u6269\u5c55\u540c\u65cf,inpadoc\u540c\u65cf,\u7b80\u5355\u540c\u65cfID,\u6269\u5c55\u540c\u65cfID,inpadoc\u540c\u65cfID,\u5ba1\u67e5\u5458,\u524d\u5f15\u8bc1\u4e13\u5229,\u540e\u5f15\u8bc1\u4e13\u5229,\u524d\u5f15\u8bc1\u79d1\u6280\u6587\u732e,\u88ab\u5f15\u8bc1\u6b21\u6570,\u5bb6\u65cf\u88ab\u5f15\u8bc1\u6b21\u6570,\u516c\u5f00\u65e5,\u6388\u6743\u516c\u544a\u65e5,\u6587\u732e\u7c7b\u578b\u4ee3\u7801,\u6458\u8981\u9644\u56fe,\u5168\u6587\u9644\u56fe
#ALLKEY=TIO,TI-TS,TIOS,ABO,IMG,AB-TS,ABOS,PN,PNLINK,PD,AN,AD,PR,AP,APNOR,AP-ADD,COUNTRY,IN,AT,AGC,EXAM,IPC-MAIN,IPC,ECLA,CPC,UC,FT,FI,IOC,NUMCLAIM,LAWINFO,MFAMILY,CFAMILY,CTFW,CT,CITETEXT,CLAIM,FAN,IPA,IPN,ECD,PIC
#ALLVALUE=\u6807\u9898,\u6807\u9898\uff08\u7ffb\u8bd1\uff09,\u6807\u9898\uff08\u5c0f\u8bed\u79cd\u539f\u6587\uff09,\u6458\u8981,\u6458\u8981\u9644\u56fe,\u6458\u8981\uff08\u7ffb\u8bd1\uff09,\u6458\u8981\uff08\u5c0f\u8bed\u79cd\u539f\u6587\uff09,\u516c\u5f00\u53f7,\u94fe\u63a5\u5230incoPat,\u516c\u5f00\u65e5,\u7533\u8bf7\u53f7,\u7533\u8bf7\u65e5,\u4f18\u5148\u6743,\u7533\u8bf7\u4eba,\u6807\u51c6\u5316\u7533\u8bf7\u4eba,\u7533\u8bf7\u4eba\u5730\u5740,\u56fd\u7701\u4ee3\u7801,\u53d1\u660e\u4eba,\u4ee3\u7406\u4eba,\u4ee3\u7406\u673a\u6784,\u5ba1\u67e5\u5458,\u4e3b\u5206\u7c7b\u53f7,IPC,EC,CPC,UC,F-term,FI,\u6d1b\u8fe6\u8bfa\u5206\u7c7b\u53f7,\u6743\u5229\u8981\u6c42\u6570\u91cf,\u6cd5\u5f8b\u72b6\u6001,\u7b80\u5355\u540c\u65cf,\u6269\u5c55\u540c\u65cf,\u524d\u5f15\u8bc1\u4e13\u5229,\u540e\u5f15\u8bc1\u4e13\u5229,\u524d\u5f15\u8bc1\u79d1\u6280\u6587\u732e,\u6743\u5229\u8981\u6c42,\u540c\u65cf\u4e13\u5229\u7533\u8bf7\u53f7,PCT\u7533\u8bf7\u53f7,PCT\u516c\u5f00\u53f7,PCT\u8fdb\u5165\u4e2d\u56fd\u65e5\u671f,\u5168\u6587\u9644\u56fe

修复方案:

补丁+配置

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝