当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0152162

漏洞标题:上海飞语电话存在远程命令执行漏洞

相关厂商:飞语电话

漏洞作者: 路人甲

提交时间:2015-11-08 19:11

修复时间:2015-12-23 19:12

公开时间:2015-12-23 19:12

漏洞类型:系统/服务补丁不及时

危害等级:高

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-08: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-12-23: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

飞语是一款基于通讯录的电话软件,它通过在全世界范围内向客户提供高质量通话服务。
http://login.italk24.com/

详细说明:

http://login.italk24.com/createorder!createOrder.action
Useage: S2-016
Whoami: tomcat
WebPath: /usr/local/work/apache-tomcat-7.0.61-italk24-login/webapps/ROOT/

漏洞证明:

ls -l /usr/local/work/apache-tomcat-7.0.61-italk24-login/webapps/ROOT 已经有前人来过了
/usr/local/work/apache-tomcat-7.0.61-italk24-login/webapps/ROOT/:
total 836
drwxr-xr-x. 2 sunguohua www 4096 Oct 14 17:43 META-INF
-rwxr-xr-x. 1 sunguohua www 700 Oct 14 17:43 Silic.jsp
drwxr-xr-x. 5 sunguohua www 4096 Oct 14 17:43 WEB-INF
-rwxr-xr-x. 1 sunguohua www 170 Oct 14 17:43 aaa.jsp
-rwxr-xr-x. 1 sunguohua www 6481 Oct 14 17:43 alipayapi.jsp
drwxr-xr-x. 2 sunguohua www 4096 Oct 14 17:43 calendar
-rwxr-xr-x. 1 sunguohua www 0 Oct 14 17:43 cd.txt
drwxr-xr-x. 7 sunguohua www 4096 Oct 14 17:43 common
drwxr-xr-x. 2 sunguohua www 4096 Oct 14 17:43 css
-rwxr-xr-x. 1 sunguohua www 1 Oct 14 17:43 css.jsp
-rwxr-xr-x. 1 sunguohua www 7025 Oct 14 17:43 d.png
-rwxr-xr-x. 1 sunguohua www 2320 Oct 14 17:43 donateHistory-pc.jsp
-rwxr-xr-x. 1 sunguohua www 5130 Oct 14 17:43 donateHistory.jsp
-rwxr-xr-x. 1 sunguohua www 4385 Oct 14 17:43 druidDataSource.jsp
-rwxr-xr-x. 1 sunguohua www 3097 Oct 14 17:43 hong.png
drwxr-xr-x. 2 sunguohua www 4096 Oct 14 17:43 images
-rwxr-xr-x. 1 sunguohua www 711 Oct 14 17:43 include.jsp
-rwxr-xr-x. 1 sunguohua www 92556 Oct 14 17:43 jquery-1.8.0.min.js
drwxr-xr-x. 6 sunguohua www 4096 Oct 14 17:43 jquery.mobile-1.3.1
drwxr-xr-x. 3 sunguohua www 4096 Oct 14 17:43 js
-rwxr-xr-x. 1 sunguohua www 716 Oct 14 17:43 k8cmd.jsp
-rwxr-xr-x. 1 sunguohua www 0 Oct 14 17:43 k8cmdss.jsp
-rwxr-xr-x. 1 sunguohua www 5018 Oct 14 17:43 new_notify_url.jsp
-rwxr-xr-x. 1 sunguohua www 5012 Oct 14 17:43 notify_url.jsp
-rwxr-xr-x. 1 sunguohua www 170 Oct 14 17:43 one8.jsp
-rwxr-xr-x. 1 sunguohua www 1 Oct 14 17:43 one8.txt
-rwxr-xr-x. 1 sunguohua www 9493 Oct 14 17:43 payonline.html
drwxr-xr-x. 3 sunguohua www 4096 Oct 14 17:43 plugins
-rwxr-xr-x. 1 sunguohua www 7397 Oct 14 17:43 receive.jsp
-rwxr-xr-x. 1 sunguohua www 44581 Oct 14 17:43 recharge.html
-rwxr-xr-x. 1 sunguohua www 32339 Oct 14 17:43 recharge0old.html
-rwxr-xr-x. 1 sunguohua www 4402 Oct 14 17:43 return_url.jsp
-rwxr-xr-x. 1 sunguohua www 2567 Oct 14 17:43 send.jsp
-rwxr-xr-x. 1 sunguohua www 11037 Oct 14 17:43 send.jspold
-rwxr-xr-x. 1 sunguohua www 11280 Oct 14 17:43 send_kuaiqian.jsp
-rwxr-xr-x. 1 sunguohua www 2683 Oct 14 17:43 send_ofcard.jsp
-rwxr-xr-x. 1 sunguohua www 170 Oct 14 17:43 shell.jsp
-rwxr-xr-x. 1 sunguohua www 1347 Oct 14 17:43 show.jsp
drwxr-xr-x. 3 sunguohua www 4096 Oct 14 17:43 styles
-rwxr-xr-x. 1 sunguohua www 29302 Oct 14 17:43 syUtil.js
-rwxr-xr-x. 1 sunguohua www 1 Oct 14 17:43 test.html
-rwxr-xr-x. 1 sunguohua www 2 Oct 14 17:43 test.jsp
-rwxr-xr-x. 1 sunguohua www 1 Oct 14 17:43 test.txt
-rwxr-xr-x. 1 sunguohua www 1590 Oct 14 17:43 upmp_notify_url.jsp
-rwxr-xr-x. 1 sunguohua www 170 Oct 14 17:43 ver007.jsp

修复方案:

升级struts

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝