乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-01: 细节已通知厂商并且等待厂商处理中 2015-05-05: 厂商已经确认,细节仅向厂商公开 2015-05-15: 细节向核心白帽子及相关领域专家公开 2015-05-25: 细节向普通白帽子公开 2015-06-04: 细节向实习白帽子公开 2015-06-19: 细节向公众公开
国家某安全培训平台getshell&服务器信息&多处数据库可查任何人证件以及身份资料
网站:中国食品安全培训网描述:站点存在Struts2命令执行漏洞可获取webshell权限0x01:getshell地址:http://182.18.30.163/zhengshuchaxun.action
活动连接 协议 本地地址 外部地址 状态 TCP 0.0.0.0:21 0.0.0.0:0 LISTENING TCP 0.0.0.0:80 0.0.0.0:0 LISTENING TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:554 0.0.0.0:0 LISTENING TCP 0.0.0.0:1158 0.0.0.0:0 LISTENING TCP 0.0.0.0:1521 0.0.0.0:0 LISTENING TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING TCP 0.0.0.0:3938 0.0.0.0:0 LISTENING TCP 0.0.0.0:5520 0.0.0.0:0 LISTENING TCP 0.0.0.0:5560 0.0.0.0:0 LISTENING TCP 0.0.0.0:5580 0.0.0.0:0 LISTENING TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING TCP 0.0.0.0:30001 0.0.0.0:0 LISTENING TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING TCP 0.0.0.0:49159 0.0.0.0:0 LISTENING TCP 0.0.0.0:49227 0.0.0.0:0 LISTENING TCP 0.0.0.0:49228 0.0.0.0:0 LISTENING TCP 127.0.0.1:1521 127.0.0.1:60977 ESTABLISHED TCP 127.0.0.1:1521 127.0.0.1:60986 ESTABLISHED TCP 127.0.0.1:1521 127.0.0.1:60987 ESTABLISHED TCP 127.0.0.1:1521 127.0.0.1:60992 ESTABLISHED TCP 127.0.0.1:1521 127.0.0.1:61502 ESTABLISHED TCP 127.0.0.1:1521 127.0.0.1:61595 ESTABLISHED TCP 127.0.0.1:1521 127.0.0.1:61610 ESTABLISHED TCP 127.0.0.1:1521 127.0.0.1:61616 ESTABLISHED TCP 127.0.0.1:1521 127.0.0.1:61621 ESTABLISHED TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING TCP 127.0.0.1:43958 0.0.0.0:0 LISTENING TCP 127.0.0.1:49156 0.0.0.0:0 LISTENING TCP 127.0.0.1:60977 127.0.0.1:1521 ESTABLISHED TCP 127.0.0.1:60986 127.0.0.1:1521 ESTABLISHED TCP 127.0.0.1:60987 127.0.0.1:1521 ESTABLISHED TCP 127.0.0.1:60992 127.0.0.1:1521 ESTABLISHED TCP 127.0.0.1:61502 127.0.0.1:1521 ESTABLISHED TCP 127.0.0.1:61582 127.0.0.1:1521 TIME_WAIT TCP 127.0.0.1:61590 127.0.0.1:1521 TIME_WAIT TCP 127.0.0.1:61595 127.0.0.1:1521 ESTABLISHED TCP 127.0.0.1:61610 127.0.0.1:1521 ESTABLISHED TCP 127.0.0.1:61616 127.0.0.1:1521 ESTABLISHED TCP 127.0.0.1:61621 127.0.0.1:1521 ESTABLISHED TCP 182.18.30.163:80 113.142.157.46:16878 ESTABLISHED TCP 182.18.30.163:139 0.0.0.0:0 LISTENING TCP 182.18.30.163:1521 182.18.30.163:49160 ESTABLISHED TCP 182.18.30.163:1521 182.18.30.163:49166 ESTABLISHED TCP 182.18.30.163:1521 182.18.30.163:49167 ESTABLISHED TCP 182.18.30.163:1521 182.18.30.163:49169 ESTABLISHED TCP 182.18.30.163:1521 182.18.30.163:49171 ESTABLISHED TCP 182.18.30.163:1521 182.18.30.163:49209 ESTABLISHED TCP 182.18.30.163:1521 182.18.30.163:49210 ESTABLISHED TCP 182.18.30.163:1521 182.18.30.163:61519 ESTABLISHED TCP 182.18.30.163:3938 182.18.30.163:61624 TIME_WAIT TCP 182.18.30.163:49160 182.18.30.163:1521 ESTABLISHED TCP 182.18.30.163:49166 182.18.30.163:1521 ESTABLISHED TCP 182.18.30.163:49167 182.18.30.163:1521 ESTABLISHED
0x02:数据库&配置
##########sqlserver2005 configsdriverClass=net.sourceforge.jtds.jdbc.DrivermaxPoolSize=100minPoolSize=2acquireIncrement=2user=sapassword=1jdbcUrl=jdbc:jtds:sqlserver://127.0.0.1:1431;DatabaseName=e_gdgat;SelectMethod\=cursorcheckouttimeout=10000maxidletime =60idleconnectiontestperiod=60#jdbcUrl=jdbc\:jtds\:sqlserver\://210.51.174.182\:1431;DatabaseName\=elearning_;SelectMethod\=cursor##########mysql configs#driverClass=com.mysql.jdbc.Driver#maxPoolSize=100#minPoolSize=2#acquireIncrement=2#user=root#password=1#jdbcUrl=jdbc\:mysql\://localhost\:3306/elearning_qqhr?autoreconnect\=true##########openmeetingsopenmeetings.jdbcUrl=jdbc\:mysql\://localhost\:3306/openmeetings?autoreconnect\=trueopenmeetings.user =rootopenmeetings.password =1
二、
##########mysql configsdriverClass=oracle.jdbc.driver.OracleDrivermaxPoolSize=100minPoolSize=2initialpoolsize=10acquireIncrement=2user=wsj20140712password=wsj20140712jdbcUrl=jdbc:oracle:thin:@localhost:1521:orclcheckouttimeout=10000maxidletime =60idleconnectiontestperiod=60##########openmeetingsopenmeetings.driverClass=com.mysql.jdbc.Driveropenmeetings.jdbcUrl=jdbc:mysql://192.168.9.200:3306/openmeetings_jnt?autoreconnect=trueopenmeetings.user =rootopenmeetings.password =1
三、
##########mysql configsdriverClass=com.mysql.jdbc.DrivermaxPoolSize=100minPoolSize=2acquireIncrement=2user=rootpassword=1jdbcUrl=jdbc:mysql://localhost:3306/e_wx?autoreconnect=truecheckouttimeout=10000maxidletime =60idleconnectiontestperiod=60##########openmeetingsopenmeetings.jdbcUrl=jdbc\:mysql\://localhost\:3306/openmeetings?autoreconnect\=trueopenmeetings.user =rootopenmeetings.password =1
四、
system_jtm_open_jtm=falsesystem_jtm_my_evaluation_url=http\://182.18.31.226\:8081/kaihangtest/User_login.aspxsystem_jtm_report_eval_url = http\://182.18.31.226\:8081/kaihangtest/ReportEval.aspxsystem_jtm_peoplePost_url=http\://182.18.31.226\:8081/kaihanghrm/manage/PDjlcx2.aspxsystem_jtm_my_report_url=http\://182.18.31.226\:8081/kaihanghrm/manage/ReportPD/reportbmself.aspxsystem_jtm_courses_aynchronization_url=http\://182.18.31.226\:8081/kaihanghrm/Manage/courseinfo.aspxsystem_jtm_my_cepingCourses_url=http\://182.18.31.226\:8081/kaihanghrm/Manage/getpushclass.aspx##Wed Apr 22 16:30:05 CST 2015product_fabu_can_alter=truesystem.conf.isexam=falsesystem.conf.msg.password=zahjpublish_option=0sysconf.ktxzEditorHtml=sysconf.jsbySwf=elstuffs/1515/1519.swfsysconf.pxEditorHtml=study.class.need.sh=falsesystem.conf.register=1learning.dl.dl=0.1stuff_op=falsesystem_release_question_need_sh=falsesystem.conf.allowMultipleSign=truesysconf.sd=1sysconf.kdhxzSwf=elstuffs/1515/1519.swflearning.ks.cj=0.0system.conf.userimp.ischeck=truesystem.conf.email.smtp=smtp.qq.comforum.need.sh=falsesysconf.tyxtEditorHtml=sysconf.kdhxzEditorHtml=system.conf.msg.username=zahjmodel_working=2stuff_url_local=1system.conf.login.addip=0public_end=elstuffs/1273/1370.wmaknowledge.need.sh=falselearning.xs.xs=3.0[email protected]sysconf.pxSwf=elstuffs/1515/1519.swfsysconf.jsbyEditorHtml=system_conf_login_failure_max=0system_conf_login_max=0sysconf.wjm=1system.conf.registerinfo.isall=trueopenmeetings.url=http\://localhostopenmeetings.admin.user\=adminsystem.conf.email.pwds=hlWzjC@610903sysconf.intelligentTutoringPoints=60system.conf.ctype.8=4system.conf.ctype.7=5learning.xz.xz=0.0system.conf.ctype.6=4system.conf.ctype.5=2system.conf.ctype.4=3system.conf.database.type=oraclesystem.conf.ctype.3=2system.conf.ctype.2=1system.conf.ctype.1=1register.need.sh=falsesystem.conf.is_enquiry_in_table=falsetitle_rule=1learning.bxz.bxz=0.0sysconf.similarity=60system.conf.office.home=C\:/Program Files (x86)/OpenOffice.org 3system_answer_question_need_sh=truestuff_url=http\://www.cfeu.org/sysconf.tzSwf=elstuffs/1515/1519.swflearning.lx.lx=0.0system.mac_need=falselearning.ft.ft=0.5line_training_course_add_need_sh=truelearning.btj.btj=0.0study.course.need.sh=falsesystem.conf.yzcode.open=0openmeetings.admin.pwd=adminsysconf.mac_need=falsesystem.conf.pdf2swf.path=C\:/Program Files (x86)/SWFTools/pdf2swf.execatalogue_place=/htmlopenmeetings.admin.user=\u65E0\u8BB0\u5F55learning.sc.sc=5.0product_need_sh=truelearning.fy.fy=0.1duandian_need_xc=falsestuff_isftopic=falseshouye.url=\u65E0\u8BB0\u5F55coursemake.need.sh=falseshipin_need_zh=falseproduct_baoxian_need_sh=truelearning.bj.bj=0.0sysconf.tzEditorHtml=zhenshu.need.sh=falsestudy.course.ctype.z=0study.course.ctype.x=0system_conf_https_port=9443sysconf.newShouye=0list_page_number=3system.conf.email.sendcount=30sd.elclass=\u65E0\u8BB0\u5F55system.conf.office.size=10system_cong_is_receive_by_judge=truepublic_begin=elstuffs/1273/1371.wmastudy.course.ctype.b=0learning.jh.jh=5.0public_end2=elstuffs/1273/1419.wmashebei_need_sh=truezdy_html=/zdyhtmlshouye.img=\u65E0\u8BB0\u5F55learning.mk.mk=0.0system_conf_login_max_sd=0search_need=falsestuff_size=0sysconf.tyxtSwf=elstuffs/1515/1519.swflearning.xf.xf=5.0fileupload_need_zh=trueindex_classid=0system_conf_http_port=9080sysconf.ktxzSwf=elstuffs/1515/1519.swf
0x03:一处FTP
##########serv-u configsip=192.168.1.101port=21username=sopiapassword=123
连接一处数据库作为测试:
安全不可忽视!希望正确面对网络安全问题。更多隐患自己排查!
危害等级:高
漏洞Rank:11
确认时间:2015-05-05 17:00
CNVD未直接复现所述情况,已经由CNVD通过网站公开联系方式向网站管理单位通报。
暂无