乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-19: 细节已通知厂商并且等待厂商处理中 2015-01-19: 厂商已经确认,细节仅向厂商公开 2015-01-29: 细节向核心白帽子及相关领域专家公开 2015-02-08: 细节向普通白帽子公开 2015-02-18: 细节向实习白帽子公开 2015-03-05: 细节向公众公开
用友,用友,来三发。
1.问题站点:http://shenpi.yonyou.com/
2.存在该CVE-2013-4810,invoker/JMXInvokerServlet接口可远程命令执行,部署war包,getshel.
3.内网发现
主机名: WIN-Q2B6RUDSSBROS 名称: Microsoft Windows Server 2008 R2 Enterprise OS 版本: 6.1.7600 暂缺 Build 7600OS 制造商: Microsoft CorporationOS 配置: 独立服务器OS 构件类型: Multiprocessor Free注册的所有人: Windows 用户注册的组织: 产品 ID: 00486-001-0001076-84062初始安装日期: 2012/4/19, 16:29:56系统启动时间: 2014/10/13, 23:42:45系统制造商: VMware, Inc.系统型号: VMware Virtual Platform系统类型: x64-based PC处理器: 安装了 8 个处理器。 [01]: Intel64 Family 6 Model 37 Stepping 1 GenuineIntel ~2533 Mhz [02]: Intel64 Family 6 Model 37 Stepping 1 GenuineIntel ~2533 Mhz [03]: Intel64 Family 6 Model 37 Stepping 1 GenuineIntel ~2533 Mhz [04]: Intel64 Family 6 Model 37 Stepping 1 GenuineIntel ~2533 Mhz [05]: Intel64 Family 6 Model 37 Stepping 1 GenuineIntel ~2533 Mhz [06]: Intel64 Family 6 Model 37 Stepping 1 GenuineIntel ~2533 Mhz [07]: Intel64 Family 6 Model 37 Stepping 1 GenuineIntel ~2533 Mhz [08]: Intel64 Family 6 Model 37 Stepping 1 GenuineIntel ~2533 MhzBIOS 版本: Phoenix Technologies LTD 6.00, 2013/7/30Windows 目录: C:\Windows系统目录: C:\Windows\system32启动设备: \Device\HarddiskVolume1系统区域设置: zh-cn;中文(中国)输入法区域设置: zh-cn;中文(中国)时区: (UTC+08:00)北京,重庆,香港特别行政区,乌鲁木齐物理内存总量: 16,384 MB可用的物理内存: 14,397 MB虚拟内存: 最大值: 32,765 MB虚拟内存: 可用: 30,777 MB虚拟内存: 使用中: 1,988 MB页面文件位置: C:\pagefile.sys域: WORKGROUP登录服务器: \\WIN-Q2B6RUDSSBR修补程序: 安装了 2 个修补程序。 [01]: KB2621440 [02]: KB2667402网卡: 安装了 1 个 NIC。 [01]: Intel(R) PRO/1000 MT Network Connection 连接名: 本地连接 启用 DHCP: 否 IP 地址 [01]: 10.10.5.170
4.某重要配置文件
##Sat Oct 11 08:44:01 CST 2014adminpwd=PC0qLTRtY4U0EpKhg58LsQ\=\=url=http\://mcloud.yonyou.com?enterprise\=yonyou_gufenenterprisecode=yonyou_gufenn=102654283753881592752082220853390942741788891706829256229141163307758406581748089886689563863465869630471398838849614236700937325853782489683465990243865283858393539955295954086912280841430626571314716364089136009114528156266883298681605154530675515627561940407633799074925339323617567858726097488141297803899m=102654283753881592752082220853390942741788891706829256229141163307758406581748089886689563863465869630471398838849614236700937325853782489683465990243865283858393539955295954086912280841430626571314716364089136009114528156266883298681605154530675515627561940407633799074925339323617567858726097488141297803899e=65537d=49905673660412002787342900019987012324276910427259211326680601860757901522820328850570154176326137484115068410281025362703946841311432685411369301542026506507522663212537610933805014537584867797910963455235947999635475748663002748331729663326358570761545257011586074690471425785614248043325270377746278662265adminaccount=zhaochengprivatekey=MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAJIvPtTC/nnlTe0w0MdyCLTQLbieUl7ALC+rdSYO8auHEJcd/r3BFS1oULNNM3NneA6lgyyaZly+kw0LWhvt5kmlRDIlKBCmihPEPE4IlIJ9a054jrV/4pqmoYthlb53dqG5v77Nsw8KcQb0X3CowdIPfo9hQ6w/Zvpdj1MItmJ7AgMBAAECgYBHEWr1WrsGncDtwB6v57Nt3AtuRqH66GhS4IM6dmdtIWOiY/W1YIogIiehk7WgtDu8uyBzbbi3+/pXjB5Jl7WteBGRgm49j6GrMEBBuTfGqPYGrVgmXQxzthv6XM+tsxLjYBtcZ1aB1Pn7LAe0HNoVhPtWmZOE7QxyVnARQPBAeQJBAN6xTwfAnTKlq1Lcqf0CcJ/uxgp/FxNDM57PlkcN2B+OgE9Rq6Q4hewWHH48dN/PaL3Ub/bZEJouLoACbzKIrA8CQQCoDIPOC57DCL5Ft2Xwi5IOXYNZUPgTfjRFAievXnnLOhtly8QHWNwnyBW6tR8FhTz7XODno7EiWruQRHU0OybVAkBg9gS6FGSdo8Knzop5LjHJgRZbhaCPc4grUqlVALMkclBtuNqqIy40cCAx2rLsrAsn9DJX4YU4DHmUpPqznwyDAkAO4pTmMldMtUCNUlJgPSyhwxy4U5i1uU8N8cPsH7UwECSPHr5tXCycBXgPQq3NwmCFb1OokPJGtby5aabsCnVFAkB6V6Faa2G4WnI/uajFyywpKKHojmQ9BQXyPGETh9QNr2iOYdG3uUzxbmih6nWBpIdbmKoZFA4zcNGtm9buOA+x
1.删除接口
危害等级:高
漏洞Rank:10
确认时间:2015-01-19 10:55
多谢!
暂无