乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-21: 细节已通知厂商并且等待厂商处理中 2015-10-23: 厂商已经确认,细节仅向厂商公开 2015-11-02: 细节向核心白帽子及相关领域专家公开 2015-11-12: 细节向普通白帽子公开 2015-11-22: 细节向实习白帽子公开 2015-12-07: 细节向公众公开
地址**.**.**.**:9080/gamesK3.action?playId=11存在命令执行漏洞
net start
?????? Windows ??: Application Experience Application Host Helper Service Base Filtering Engine Certificate Propagation COM+ Event System Cryptographic Services DCOM Server Process Launcher Desktop Window Manager Session Manager DHCP Client Diagnostic Policy Service Distributed Link Tracking Client Distributed Transaction Coordinator DNS Client Group Policy Client IBM WebSphere Application Server V8.0 - WIN-50R5LCHFVOPNode01 IKE and AuthIP IPsec Keying Modules IP Helper IPsec Policy Agent Microsoft FTP Service Network Connections Network List Service
netstat /ano
???? ?? ???? ???? ?? PID TCP **.**.**.**:21 **.**.**.**:0 LISTENING 1128 TCP **.**.**.**:80 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:135 **.**.**.**:0 LISTENING 740 TCP **.**.**.**:445 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:902 **.**.**.**:0 LISTENING 1680 TCP **.**.**.**:912 **.**.**.**:0 LISTENING 1680 TCP **.**.**.**:2809 **.**.**.**:0 LISTENING 2316 TCP **.**.**.**:3389 **.**.**.**:0 LISTENING 2552 TCP **.**.**.**:8880 **.**.**.**:0 LISTENING 2316 TCP **.**.**.**:9043 **.**.**.**:0 LISTENING 2316 TCP **.**.**.**:9060 **.**.**.**:0 LISTENING 2316 TCP **.**.**.**:9080 **.**.**.**:0 LISTENING 2316 TCP **.**.**.**:9100 **.**.**.**:0 LISTENING 2316 TCP **.**.**.**:9443 **.**.**.**:0 LISTENING 2316 TCP **.**.**.**:47001 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:49152 **.**.**.**:0 LISTENING 452 TCP **.**.**.**:49153 **.**.**.**:0 LISTENING 828 TCP **.**.**.**:49154 **.**.**.**:0 LISTENING 876 TCP **.**.**.**:49155 **.**.**.**:0 LISTENING 556 TCP **.**.**.**:49169 **.**.**.**:0 LISTENING 548 TCP **.**.**.**:49170 **.**.**.**:0 LISTENING 2716 TCP **.**.**.**:139 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:5500 **.**.**.**:0 LISTENING 1288 TCP **.**.**.**:5500 **.**.**.**:49164 ESTABLISHED 1288 TCP **.**.**.**:5500 **.**.**.**:49165 ESTABLISHED 1288 TCP **.**.**.**:5500 **.**.**.**:49166 ESTABLISHED 1288 TCP **.**.**.**:5500 **.**.**.**:49167 ESTABLISHED 1288 TCP **.**.**.**:5500 **.**.**.**:49168 ESTABLISHED 1288 TCP **.**.**.**:5500 **.**.**.**:60210 TIME_WAIT 0 TCP **.**.**.**:9080 **.**.**.**:44659 TIME_WAIT 0 TCP **.**.**.**:9080 **.**.**.**:13704 TIME_WAIT 0 TCP **.**.**.**:9080 **.**.**.**:13715 TIME_WAIT 0 TCP **.**.**.**:9080 **.**.**.**:13782 TIME_WAIT 0 TCP **.**.**.**:9080 **.**.**.**:13789 ESTABLISHED 2316 TCP **.**.**.**:9080 **.**.**.**:13806 ESTABLISHED 2316 TCP **.**.**.**:9080 **.**.**.**:2540 FIN_WAIT_2 2316 TCP **.**.**.**:9080 **.**.**.**:2556 FIN_WAIT_2 2316 TCP **.**.**.**:9080 **.**.**.**:2612 ESTABLISHED 2316 TCP **.**.**.**:49164 **.**.**.**:5500 ESTABLISHED 2316 TCP **.**.**.**:49165 **.**.**.**:5500 ESTABLISHED 2316 TCP **.**.**.**:49166 **.**.**.**:5500 ESTABLISHED 2316 TCP **.**.**.**:49167 **.**.**.**:5500 ESTABLISHED 2316 TCP **.**.**.**:49168 **.**.**.**:5500 ESTABLISHED 2316 TCP **.**.**.**:9633 **.**.**.**:0 LISTENING 2316 TCP **.**.**.**:49161 **.**.**.**:49162 ESTABLISHED 2316 TCP **.**.**.**:49162 **.**.**.**:49161 ESTABLISHED 2316 TCP [::]:21 [::]:0 LISTENING 1128 TCP [::]:80 [::]:0 LISTENING 4 TCP [::]:135 [::]:0 LISTENING 740 TCP [::]:445 [::]:0 LISTENING 4 TCP [::]:2809 [::]:0 LISTENING 2316 TCP [::]:3389 [::]:0 LISTENING 2552 TCP [::]:8880 [::]:0 L
加强安全意识
危害等级:高
漏洞Rank:11
确认时间:2015-10-23 11:03
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发对应分中心,由其后续协调网站管理单位处置。
暂无