乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-08: 细节已通知厂商并且等待厂商处理中 2015-05-08: 厂商已经确认,细节仅向厂商公开 2015-05-12: 厂商已经修复漏洞并主动公开,细节向公众公开
蓝港上市了,赶紧回来大乌云吧。
1.基本信息URL:adm.linekong.com站点名称:LineKong ADs2.存在的问题配置不当存在invoker/JMXInvokerServlet,可远程部署war来getshell。
3.可深入内网/etc/hosts
# Do not remove the following line, or various programs# that require network functionality will fail.127.0.0.1 a1-39-146.linekong.com a1-39-146 localhost.localdomain localhost::1 localhost6.localdomain6 localhost6115.182.54.238 img.linekong.com172.16.1.80 HBASE1172.16.1.81 HBASE2172.16.1.82 HBASE3172.16.1.83 HBASE4
线上环境重要配置文件:linekong-config.xml
<?xml version="1.0" encoding="UTF-8"?><linekong> <project name="epassportmid"> <property name="url">http://passportm.linekong.com/epassport_mid/xmlRpcServerServlet</property> <property name="key">linekongline</property> </project> <project name="eUnite"> <property name="filePath">/home/eunite/eadmfile</property> <property name="gilrSign">/</property> <property name="emailIP">59.151.39.156</property> <property name="sendEmailYeWu">[email protected]</property> <property name="sendEmailChengXu">[email protected]</property> <property name="debug">true</property> </project> <project name="eADUnion"> <!-- 游戏名称和ID --> <property name="product"> 倚天@1,问鼎@2,神兽@3,西游记@4,东邪西毒@7,佣兵天下体验区@508,佣兵天下@8,六脉神剑@99,倚天2@10,西游记仙尊@749,凡人修真@750,魔神无双体验区@513,热血西游@11,铁血丹心@15,魔神无双@13,开心大陆@509,魔神传@774 </property> <property name="webgame"> 热血西游@11,火影世界@16 </property> <!--计费类型--> <property name="chargeType">CPA@1,CPS@2</property> <!--广告分流页地址--> <property name="adCount">http://yt.linekong.com/adCount.php?mid=@1,http://hero.linekong.com/adCount.php?mid=@2,http://ss.linekong.com/adCount.php?mid=@3,http://xy.linekong.com/adCount.php?mid=@4,http://dxxd.linekong.com/adCount.php?mid=@7,http://yb.linekong.com/adCount.php?mid=@508,http://yb.linekong.com/adCount.php?mid=@8,http://yt2.linekong.com/adCount.php?mid=@10,http://xz.028yx.com/adCount.php?mid=@749,http://fr.linekong.com/adCount.php?mid=@750,http://ms.linekong.com/adCount.php?mid=@513,http://rx.linekong.com/adCount.php?mid=@11,http://ms.linekong.com/adCount.php?mid=@13,http://tx.028yx.com/adCount.php?mid=@15,http://kx.linekong.com/adCount.php?mid=@509,http://www.huoying.com/adCount.php?mid=@16,http://msz.028yx.com/adCount.php?mid=@774 </property> <!-- 文件上传路径 --> <property name="uploadPath">/home/eunite/eadmfile/</property> <!-- 露出统计代码 --> <property name="showStatCode"> http://www.linekong.com/adCount/show.php?mid=@1,http://www.linekong.com/adCount/show.php?mid=@2, http://www.linekong.com/adCount/show.php?mid=@3,http://www.linekong.com/adCount/show.php?mid=@4 </property> <property name="newsPath">/home/eunite/eadmfile/news/</property> <property name="mediaPath">/home/eunite/eadmfile/media/</property> <property name="weburl">http://59.151.39.186/common/interface/xmlrpc.php</property> </project> <!-- 邮件配置 --> <project name="eAdMailUserOrder"> <property name="username">eadmonitor</property> <property name="password">eadmonitor@</property> <property name="from">[email protected]</property> </project> <project name="EMail"> <property name="host"> 218.240.145.18 </property> <property name="auth">true</property> </project> </linekong>
5.发现某黑阔入侵痕迹
仅是对系统进行检测,相关配置文件和截图测试完后会进行删除处理。
1.删除接口2.限制访问3.仔细检查其他站点是否存在类似问题4.仔细检查站点是否存在其他后门
危害等级:高
漏洞Rank:10
确认时间:2015-05-08 14:22
感谢作者提出的问题,我们对线上所有服务,检查了一遍。。
2015-05-12:已修复