当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0137810

漏洞标题:派路由某漏洞导致多个服务器沦陷

相关厂商:派路由

漏洞作者: 路人甲

提交时间:2015-09-01 13:51

修复时间:2015-10-16 13:52

公开时间:2015-10-16 13:52

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-01: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-10-16: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

派路由全线服务器沦陷

详细说明:

http://www.pifii.com/
测试发现,派路由的机房大概IP
电信:
#125.89.70.204
125.89.70.205
125.89.70.206
125.89.70.207
125.89.70.208
125.89.70.209
联通:
#218.104.193.204
218.104.193.205
218.104.193.206
218.104.193.207
218.104.193.208
218.104.193.209
大部分都存在通用密码,root/ZH@id#0427。
可以看出来,已经被入侵过了,上面有msf。

1.png


官网服务器也是这个密码,沦陷

2.png


泄漏用户数据库信息

3.png


4.png


同时还存在备份文件下载。

6.png


5.png


泄漏大量用户信息

7.png


[root@localhost classes]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:24:E8:4C:C9:D1  
          inet addr:113.106.98.92  Bcast:113.106.98.95  Mask:255.255.255.248
          inet6 addr: fe80::224:e8ff:fe4c:c9d1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:95221119 errors:0 dropped:0 overruns:0 frame:0
          TX packets:56340346853 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:9039936849 (8.4 GiB)  TX bytes:32532548286964 (29.5 TiB)
eth1      Link encap:Ethernet  HWaddr 00:24:E8:4C:C9:D3  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:96330 errors:0 dropped:0 overruns:0 frame:0
          TX packets:96330 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:4043552 (3.8 MiB)  TX bytes:4043552 (3.8 MiB)
virbr0    Link encap:Ethernet  HWaddr 0E:CB:43:28:7F:6C  
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
windows远程服务器:
IP:113.106.98.60
用户名:administrator
密码:!@#$1234ifidc****
IP:113.106.98.233
用户名:administrator
密码:ZH@id#****
113.106.98.234
用户名:administrator
密码:ZH@id#****
113.106.98.91
用户名:administrator
密码:ZH@id#1028
113.106.98.92
root
ZH@id#****
223.82.251.52:2403
administrator
jxyd!@#$****

漏洞证明:

http://www.pifii.com/
测试发现,派路由的机房大概IP
电信:
#125.89.70.204
125.89.70.205
125.89.70.206
125.89.70.207
125.89.70.208
125.89.70.209
联通:
#218.104.193.204
218.104.193.205
218.104.193.206
218.104.193.207
218.104.193.208
218.104.193.209
大部分都存在通用密码,root/ZH@id#0427。
可以看出来,已经被入侵过了,上面有msf。

1.png


官网服务器也是这个密码,沦陷

2.png


泄漏用户数据库信息

3.png


4.png


同时还存在备份文件下载。

6.png


5.png


泄漏大量用户信息

7.png


[root@localhost classes]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:24:E8:4C:C9:D1  
          inet addr:113.106.98.92  Bcast:113.106.98.95  Mask:255.255.255.248
          inet6 addr: fe80::224:e8ff:fe4c:c9d1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:95221119 errors:0 dropped:0 overruns:0 frame:0
          TX packets:56340346853 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:9039936849 (8.4 GiB)  TX bytes:32532548286964 (29.5 TiB)
eth1      Link encap:Ethernet  HWaddr 00:24:E8:4C:C9:D3  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:96330 errors:0 dropped:0 overruns:0 frame:0
          TX packets:96330 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:4043552 (3.8 MiB)  TX bytes:4043552 (3.8 MiB)
virbr0    Link encap:Ethernet  HWaddr 0E:CB:43:28:7F:6C  
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
windows远程服务器:
IP:113.106.98.60
用户名:administrator
密码:!@#$1234ifidc****
IP:113.106.98.233
用户名:administrator
密码:ZH@id#****
113.106.98.234
用户名:administrator
密码:ZH@id#****
113.106.98.91
用户名:administrator
密码:ZH@id#1028
113.106.98.92
root
ZH@id#****
223.82.251.52:2403
administrator
jxyd!@#$****

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)