全球第二大电信BSS/OSS提供商亚信联创某系统存在命令执行已getshell

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0129695

漏洞标题：全球第二大电信BSS/OSS提供商亚信联创某系统存在命令执行已getshell

漏洞作者：路人甲

提交时间：2015-07-28 09:27

修复时间：2015-09-15 15:34

公开时间：2015-09-15 15:34

漏洞类型：命令执行

危害等级：高

自评Rank：15

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-07-28：细节已通知厂商并且等待厂商处理中
2015-08-01：厂商已经确认，细节仅向厂商公开
2015-08-11：细节向核心白帽子及相关领域专家公开
2015-08-21：细节向普通白帽子公开
2015-08-31：细节向实习白帽子公开
2015-09-15：细节向公众公开

简要描述：

详细说明：

漏洞地址：

http://cuc.asiainfo.com/office/optorLogin_toLogin.so

strut2命令执行

漏洞证明：

木马地址：http://cuc.asiainfo.com/office/bak.jsp 密码：chopper

[/tomcat/apache-tomcat-7.0.27/webapps/office/office/]$ netstat -an | grep ESTABLISHED
tcp        0      0 10.1.248.58:80              66.249.64.208:41129         ESTABLISHED 
tcp        0      0 10.1.248.58:80              218.94.58.194:48930         ESTABLISHED 
tcp        0      0 10.1.248.58:49436           10.1.248.58:8080            ESTABLISHED 
tcp        0      0 127.0.0.1:32000             127.0.0.1:31001             ESTABLISHED 
tcp        0      0 10.1.248.58:80              218.94.58.194:48897         ESTABLISHED 
tcp        0      0 10.1.248.58:80              124.74.110.98:49888         ESTABLISHED 
tcp        0      0 10.1.248.58:80              10.20.12.202:10153          ESTABLISHED 
tcp        0      0 10.1.248.58:80              218.94.58.194:49572         ESTABLISHED 
tcp        0      0 10.1.248.58:80              218.94.58.194:49569         ESTABLISHED 
tcp        0      0 10.1.248.58:80              218.94.58.194:49571         ESTABLISHED 
tcp        0      0 10.1.248.58:80              218.94.58.194:49570         ESTABLISHED 
tcp        0      0 10.1.248.58:80              218.94.58.194:49577         ESTABLISHED 
tcp        0      0 10.1.248.58:80              66.249.64.198:34403         ESTABLISHED 
tcp        0      0 10.1.248.58:80              221.11.140.1:3077           ESTABLISHED 
tcp        0      0 10.1.248.58:80              221.11.140.1:3076           ESTABLISHED 
tcp        0      0 10.1.248.58:80              221.11.140.1:3073           ESTABLISHED 
tcp        0      0 10.1.248.58:80              221.11.140.1:3072           ESTABLISHED 
tcp        0      0 10.1.248.58:80              221.11.140.1:3075           ESTABLISHED 
tcp        0      0 10.1.248.58:80              221.11.140.1:3074           ESTABLISHED 
tcp        0      0 10.1.248.58:80              14.23.125.234:49691         ESTABLISHED 
tcp        0      0 10.1.248.58:80              14.23.125.234:49690         ESTABLISHED 
tcp        0      0 10.1.248.58:80              221.11.140.1:3069           ESTABLISHED 
tcp        0      0 10.1.248.58:80              221.11.140.1:3071           ESTABLISHED 
tcp        0      0 10.1.248.58:80              221.11.140.1:3067           ESTABLISHED 
tcp        0      0 10.1.248.58:80              10.1.39.72:60243            ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:8080     ::ffff:10.1.248.58:49436    ESTABLISHED 
tcp        0      0 ::ffff:127.0.0.1:31001      ::ffff:127.0.0.1:32000      ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:59035    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:59034    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:59039    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:59036    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:59066    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:59065    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:59042    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:59041    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:59040    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:59047    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51221    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51220    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51217    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51216    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51219    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51218    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51213    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51212    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51215    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51214    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51209    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51208    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51211    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51210    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51205    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51204    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51207    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51206    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:51203    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:42709    ::ffff:10.1.248.59:3306     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:42708    ::ffff:10.1.248.59:3306     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:42711    ::ffff:10.1.248.59:3306     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:42710    ::ffff:10.1.248.59:3306     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:42712    ::ffff:10.1.248.59:3306     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:42161    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:42157    ::ffff:10.1.248.59:1521     ESTABLISHED 
tcp        0      0 ::ffff:10.1.248.58:22       ::ffff:10.1.39.72:56352     ESTABLISHED

大量内部敏感信息漏洞，估计有几千份相关内部文档

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：11

确认时间：2015-08-01 15:32

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0129695

漏洞标题：全球第二大电信BSS/OSS提供商亚信联创某系统存在命令执行已getshell

相关厂商：亚信联创

漏洞作者：路人甲

提交时间：2015-07-28 09:27

修复时间：2015-09-15 15:34

公开时间：2015-09-15 15:34

漏洞类型：命令执行

危害等级：高

自评Rank：15

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0129695

漏洞标题：全球第二大电信BSS/OSS提供商亚信联创某系统存在命令执行已getshell

相关厂商：亚信联创

漏洞作者： 路人甲

提交时间：2015-07-28 09:27

修复时间：2015-09-15 15:34

公开时间：2015-09-15 15:34

漏洞类型：命令执行

危害等级：高

自评Rank：15

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0129695"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云