当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0132695

漏洞标题:多个OA系统任意文件上传漏洞打包

相关厂商:cncert国家互联网应急中心

漏洞作者: 路人甲

提交时间:2015-08-14 14:31

修复时间:2015-09-28 10:52

公开时间:2015-09-28 10:52

漏洞类型:文件上传导致任意代码执行

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-14: 细节已通知厂商并且等待厂商处理中
2015-08-14: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-08-24: 细节向核心白帽子及相关领域专家公开
2015-09-03: 细节向普通白帽子公开
2015-09-13: 细节向实习白帽子公开
2015-09-28: 细节向公众公开

简要描述:

要上学去了,没时间一个一个的提交,所以决定打包了。[email protected]

详细说明:

**.**.**.**/defaultroot/upload/information/2015080414353934005452034.jsp k8
**.**.**.**/defaultroot/upload/information/2015080414322354364248413.jsp k8
**.**.**.**/defaultroot/upload/information/2015080414304748258242144.jsp k8
**.**.**.**/defaultroot/upload/information/2015080414281848984668894.jsp k8
**.**.**.**:7777/defaultroot/upload/information/2015080414201669564376069.jsp k8
**.**.**.**/defaultroot/upload/information/2015080414171959826703297.jsp k8
**.**.**.**:8080/defaultroot/upload/information/2015080414125621390885378.jsp k8
**.**.**.**:7777/defaultroot/upload/information/2015080414102053236638254.jspk8
**.**.**.**/defaultroot/upload/information/2015080413471163838657461.jsp k8
**.**.**.**/defaultroot/upload/information/2015080413431740703146487.jsp k8
**.**.**.**/defaultroot/upload/information/2015080413171176685776495.jsp k8
**.**.**.**/defaultroot/upload/information/2015080413042058149664516.jsp k8
**.**.**.**:7777/defaultroot/upload/information/2015080413015300800888746.jsp k8
**.**.**.**/defaultroot/upload/information/2015080412462715143165521.jsp k8
**.**.**.**/defaultroot/upload/information/2015080412375781763808781.jsp k8
**.**.**.**/defaultroot/upload/information/2015080412353836588696286.jsp k8
**.**.**.**/defaultroot/upload/information/2015080412251789413816547.jsp k8
**.**.**.**/defaultroot/upload/information/2015080412055427426029005.jsp k8
**.**.**.**/defaultroot/upload/information/2015080412013366494164851.jsp k8
**.**.**.**/defaultroot/upload/information/2015080411585204423275445.jsp k8
**.**.**.**/defaultroot/upload/information/2015080404044505661362952.jsp k8
**.**.**.**/defaultroot/upload/information/2015080403592302314957522.jsp k8
**.**.**.**/defaultroot/upload/information/2015080403531780230087662.jsp k8
**.**.**.**/defaultroot/upload/information/2015080412532552173894958.jsp k8
**.**.**.**/defaultroot/upload/information/2015080403441831142640845.jsp k8
**.**.**.**/defaultroot/upload/information/2015080403412110839581622.jsp k8
**.**.**.**/defaultroot/upload/information/2015080403332487247350183.jsp k8
**.**.**.**/defaultroot/upload/information/2015080403293896153964132.jsp k8
**.**.**.**/defaultroot/upload/information/2015080403274490590063635.jsp k8
**.**.**.**/defaultroot/upload/information/2015080403233693660528081.jsp k8
**.**.**.**/defaultroot/upload/information/2015080403204098345762961.jsp k8
**.**.**.**/defaultroot/upload/information/2015080403092566639723286.jsp k8
**.**.**.**/defaultroot/upload/information/2015080402380674464016676.jsp k8
**.**.**.**/defaultroot/upload/information/2015080402585024657488573.jsp k8
**.**.**.**/defaultroot/upload/information/2015080413153116939349526.jsp
**.**.**.**/defaultroot/upload/information/2015080413122233865686167.jsp
**.**.**.**:8080/defaultroot/upload/information/2015080413054590626444281.jsp
**.**.**.**/defaultroot/upload/information/2015080411513367257532705.jsp
**.**.**.**/defaultroot/upload/information/2015080403511053507852295.jsp
**.**.**.**/defaultroot/upload/information/2015080403272680891377084.jsp
**.**.**.**/defaultroot/upload/information/2015080403141310318295273.jsp
**.**.**.**/defaultroot/upload/information/2015080319070133216707362.jsp
**.**.**.**/defaultroot/upload/information/2015080404053055547049728.jsp
**.**.**.**/defaultroot/upload/information/2015080412335014518150049.jsp

漏洞证明:

以东风汽车股份有限公司为例:
**.**.**.**/defaultroot/upload/information/2015080403531780230087662.jsp
密码为tom
使用k8飞刀连接。

11.png


可能有些链接已经失效了,按照wooyun-2014-064324提供的方法复现即可。
谢谢作者提供的方法。

修复方案:

速度修复!!!上学去了。

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-08-14 10:50

厂商回复:

CNVD确认所述情况,已由CNVD通过软件生产厂商公开联系渠道向其邮件通报,由其后续提供解决方案并协调相关用户单位处置。

最新状态:

暂无