乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-18: 细节已通知厂商并且等待厂商处理中 2016-04-20: 厂商已经确认,细节仅向厂商公开 2016-04-30: 细节向核心白帽子及相关领域专家公开 2016-05-10: 细节向普通白帽子公开 2016-05-20: 细节向实习白帽子公开 2016-06-04: 细节向公众公开
泛华保险Openfire后台弱口令(可命令执行),直接获取服务器系统权限
http://lzguat.cninsure.net:9090/adminadmin
安装插件,执行系统命令
eth0 Link encap:Ethernet HWaddr 52:54:00:03:35:71 inet addr:10.249.160.147 Bcast:10.249.163.255 Mask:255.255.252.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:292022162 errors:0 dropped:0 overruns:0 frame:0 TX packets:154062152 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:38258612676 (35.6 GiB) TX bytes:63956569588 (59.5 GiB)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:3723450884 errors:0 dropped:0 overruns:0 frame:0 TX packets:3723450884 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:247122256471 (230.1 GiB) TX bytes:247122256471 (230.1 GiB)
UID PID PPID C STIME TTY TIME CMDroot 1 0 0 2015 ? 00:00:51 /sbin/initroot 2 0 0 2015 ? 00:00:00 [kthreadd]root 3 2 0 2015 ? 00:00:11 [migration/0]root 4 2 0 2015 ? 00:00:14 [ksoftirqd/0]root 5 2 0 2015 ? 00:00:00 [migration/0]root 6 2 0 2015 ? 00:00:16 [watchdog/0]root 7 2 0 2015 ? 00:00:12 [migration/1]root 8 2 0 2015 ? 00:00:00 [migration/1]root 9 2 0 2015 ? 00:00:16 [ksoftirqd/1]root 10 2 0 2015 ? 00:00:13 [watchdog/1]root 11 2 0 2015 ? 00:00:12 [migration/2]root 12 2 0 2015 ? 00:00:00 [migration/2]root 13 2 0 2015 ? 00:00:16 [ksoftirqd/2]root 14 2 0 2015 ? 00:00:13 [watchdog/2]root 15 2 0 2015 ? 00:00:12 [migration/3]root 16 2 0 2015 ? 00:00:00 [migration/3]root 17 2 0 2015 ? 00:00:15 [ksoftirqd/3]root 18 2 0 2015 ? 00:00:13 [watchdog/3]root 19 2 0 2015 ? 00:00:12 [migration/4]root 20 2 0 2015 ? 00:00:00 [migration/4]root 21 2 0 2015 ? 00:00:16 [ksoftirqd/4]root 22 2 0 2015 ? 00:00:13 [watchdog/4]root 23 2 0 2015 ? 00:00:12 [migration/5]root 24 2 0 2015 ? 00:00:00 [migration/5]root 25 2 0 2015 ? 00:00:15 [ksoftirqd/5]root 26 2 0 2015 ? 00:00:13 [watchdog/5]root 27 2 0 2015 ? 00:00:12 [migration/6]root 28 2 0 2015 ? 00:00:00 [migration/6]root 29 2 0 2015 ? 00:00:15 [ksoftirqd/6]root 30 2 0 2015 ? 00:00:13 [watchdog/6]root 31 2 0 2015 ? 00:00:11 [migration/7]root 32 2 0 2015 ? 00:00:00 [migration/7]root 33 2 0 2015 ? 00:00:14 [ksoftirqd/7]root 34 2 0 2015 ? 00:00:12 [watchdog/7]root 35 2 0 2015 ? 00:05:13 [events/0]root 36 2 0 2015 ? 00:06:19 [events/1]root 37 2 0 2015 ? 00:08:21 [events/2]root 38 2 0 2015 ? 00:06:16 [events/3]root 39 2 0 2015 ? 00:06:23 [events/4]root 40 2 0 2015 ? 00:06:17 [events/5]root 41 2 0 2015 ? 00:07:06 [events/6]root 42 2 0 2015 ? 00:09:02 [events/7]root 43 2 0 2015 ? 00:00:00 [cgroup]root 44 2 0 2015 ? 00:00:06 [khelper]root 45 2 0 2015 ? 00:00:00 [netns]root 46 2 0 2015 ? 00:00:00 [async/mgr]root 47 2 0 2015 ? 00:00:00 [pm]root 48 2 0 2015 ? 00:00:43 [sync_supers]root 49 2 0 2015 ? 00:00:49 [bdi-default]root 50 2 0 2015 ? 00:00:00 [kintegrityd/0]root 51 2 0 2015 ? 00:00:00 [kintegrityd/1]root 52 2 0 2015 ? 00:00:00 [kintegrityd/2]root 53 2 0 2015 ? 00:00:00 [kintegrityd/3]root 54 2 0 2015 ? 00:00:00 [kintegrityd/4]root 55 2 0 2015 ? 00:00:00 [kintegrityd/5]root 56 2 0 2015 ? 00:00:00 [kintegrityd/6]root 57 2 0 2015 ? 00:00:00 [kintegrityd/7]root 58 2 0 2015 ? 00:06:58 [kblockd/0]root 59 2 0 2015 ? 00:08:53 [kblockd/1]root 60 2 0 2015 ? 00:08:58 [kblockd/2]root 61 2 0 2015 ? 00:08:46 [kblockd/3]root 62 2 0 2015 ? 00:08:52 [kblockd/4]root 63 2 0 2015 ? 00:08:46 [kblockd/5]root 64 2 0 2015 ? 00:08:52 [kblockd/6]root 65 2 0 2015 ? 00:08:41 [kblockd/7]root 66 2 0 2015 ? 00:00:00 [kacpid]root 67 2 0 2015 ? 00:00:00 [kacpi_notify]root 68 2 0 2015 ? 00:00:00 [kacpi_hotplug]root 69 2 0 2015 ? 00:00:00 [ata_aux]root 70 2 0 2015 ? 00:00:00 [ata_sff/0]root 71 2 0 2015 ? 00:00:00 [ata_sff/1]root 72 2 0 2015 ? 00:00:00 [ata_sff/2]root 73 2 0 2015 ? 00:00:00 [ata_sff/3]root 74 2 0 2015 ? 00:00:00 [ata_sff/4]root 75 2 0 2015 ? 00:00:00 [ata_sff/5]root 76 2 0 2015 ? 00:00:00 [ata_sff/6]root 77 2 0 2015 ? 00:00:00 [ata_sff/7]root 78 2 0 2015 ? 00:00:00 [ksuspend_usbd]root 79 2 0 2015 ? 00:00:00 [khubd]root 80 2 0 2015 ? 00:00:00 [kseriod]root 81 2 0 2015 ? 00:00:00 [md/0]root 82 2 0 2015 ? 00:00:00 [md/1]root 83 2 0 2015 ? 00:00:00 [md/2]root 84 2 0 2015 ? 00:00:00 [md/3]root 85 2 0 2015 ? 00:00:00 [md/4]root 86 2 0 2015 ? 00:00:00 [md/5]root 87 2 0 2015 ? 00:00:00 [md/6]root 88 2 0 2015 ? 00:00:00 [md/7]root 89 2 0 2015 ? 00:00:00 [md_misc/0]root 90 2 0 2015 ? 00:00:00 [md_misc/1]root 91 2 0 2015 ? 00:00:00 [md_misc/2]root 92 2 0 2015 ? 00:00:00 [md_misc/3]root 93 2 0 2015 ? 00:00:00 [md_misc/4]root 94 2 0 2015 ? 00:00:00 [md_misc/5]root 95 2 0 2015 ? 00:00:00 [md_misc/6]root 96 2 0 2015 ? 00:00:00 [md_misc/7]root 97 2 0 2015 ? 00:00:00 [linkwatch]root 98 2 0 2015 ? 00:00:15 [khungtaskd]root 99 2 0 2015 ? 00:00:02 [kswapd0]root 100 2 0 2015 ? 00:00:00 [ksmd]root 101 2 0 2015 ? 00:01:00 [khugepaged]root 102 2 0 2015 ? 00:00:00 [aio/0]root 103 2 0 2015 ? 00:00:00 [aio/1]root 104 2 0 2015 ? 00:00:00 [aio/2]root 105 2 0 2015 ? 00:00:00 [aio/3]root 106 2 0 2015 ? 00:00:00 [aio/4]root 107 2 0 2015 ? 00:00:00 [aio/5]root 108 2 0 2015 ? 00:00:00 [aio/6]root 109 2 0 2015 ? 00:00:00 [aio/7]root 110 2 0 2015 ? 00:00:00 [crypto/0]root 111 2 0 2015 ? 00:00:00 [crypto/1]root 112 2 0 2015 ? 00:00:00 [crypto/2]root 113 2 0 2015 ? 00:00:00 [crypto/3]root 114 2 0 2015 ? 00:00:00 [crypto/4]root 115 2 0 2015 ? 00:00:00 [crypto/5]root 116 2 0 2015 ? 00:00:00 [crypto/6]root 117 2 0 2015 ? 00:00:00 [crypto/7]root 122 2 0 2015 ? 00:00:00 [kthrotld/0]root 123 2 0 2015 ? 00:00:00 [kthrotld/1]root 124 2 0 2015 ? 00:00:00 [kthrotld/2]root 125 2 0 2015 ? 00:00:00 [kthrotld/3]root 126 2 0 2015 ? 00:00:00 [kthrotld/4]root 127 2 0 2015 ? 00:00:00 [kthrotld/5]root 128 2 0 2015 ? 00:00:00 [kthrotld/6]root 129 2 0 2015 ? 00:00:00 [kthrotld/7]root 131 2 0 2015 ? 00:00:00 [kpsmoused]root 132 2 0 2015 ? 00:00:00 [usbhid_resumer]root 162 2 0 2015 ? 00:00:00 [kstriped]root 235 2 0 2015 ? 00:00:00 [scsi_eh_0]root 236 2 0 2015 ? 00:00:00 [scsi_eh_1]root 327 2 0 2015 ? 00:00:00 [virtio-blk]root 348 2 0 2015 ? 02:09:09 [kjournald]root 434 1 0 2015 ? 00:00:00 /sbin/udevd -droot 569 2 0 2015 ? 00:00:00 [virtio-net]root 578 2 0 2015 ? 00:00:00 [vballoon]root 701 2 0 2015 ? 00:00:37 [kjournald]root 921 1 0 2015 ? 00:02:54 auditdroot 937 2 0 2015 ? 00:03:32 [flush-252:0]root 938 2 0 2015 ? 00:00:55 [flush-252:16]root 940 1 0 2015 ? 00:01:02 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5dbus 952 1 0 2015 ? 00:00:00 dbus-daemon --systemroot 981 1 0 2015 ? 00:00:00 /usr/sbin/acpidroot 1000 1 0 2015 ? 00:00:39 /usr/sbin/sshdroot 1037 1 0 2015 ? 00:00:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysqlmysql 1139 1037 0 2015 ? 00:56:33 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sockroot 1178 1 0 2015 ? 00:00:00 /usr/sbin/abrtdroot 1190 1 0 2015 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.confnginx 1191 1190 0 2015 ? 00:23:18 nginx: worker process root 1210 1 0 2015 ? 00:00:00 /usr/sbin/atdroot 1228 1 0 2015 ? 00:05:25 /usr/local/agenttools/agent/agent -c /usr/local/agenttools/agent/client.confroot 1233 1 0 2015 ? 00:00:17 /usr/local/agenttools/agent/agentPlugInDroot 1237 1 0 2015 ? 00:58:06 /usr/local/agenttools/agent/base -d5 -c1 -m4 -s /usr/local/agenttools/agent/base.confroot 1241 1 0 2015 ? 00:02:21 /usr/local/agenttools/agent/tcvmstatroot 1253 1 0 2015 ? 00:02:24 /usr/local/agenttools/agent/sysdddroot 1265 1 0 2015 tty1 00:00:00 /sbin/mingetty /dev/tty1root 1267 1 0 2015 tty2 00:00:00 /sbin/mingetty /dev/tty2root 1269 1 0 2015 tty3 00:00:00 /sbin/mingetty /dev/tty3root 1271 1 0 2015 ttyS0 00:00:00 /sbin/agetty /dev/ttyS0 9600 vt100-navroot 1273 1 0 2015 tty4 00:00:00 /sbin/mingetty /dev/tty4root 1275 1 0 2015 tty5 00:00:00 /sbin/mingetty /dev/tty5root 1277 1 0 2015 tty6 00:00:00 /sbin/mingetty /dev/tty6root 1278 434 0 2015 ? 00:00:00 /sbin/udevd -droot 1279 434 0 2015 ? 00:00:00 /sbin/udevd -droot 1345 1 0 2015 ? 00:02:14 /usr/local/qcloud/stargate/sgagent -droot 1551 1 0 Mar23 ? 00:00:13 crondroot 4410 1 2 Mar29 ? 09:41:41 /dev/java/jdk1.7.0_55/bin/java -server -Dinstall4j.jvmDir=/dev/java/jdk1.7.0_55 -Dexe4j.moduleName=/usr/local/lzg/openfire/bin/openfire -DopenfireHome=/usr/local/lzg/openfire/bin/../ -Dopenfire.lib.dir=/usr/local/lzg/openfire/lib -Dinstall4j.launcherId=22 -Dinstall4j.swt=false -Di4j.vmov=true -Di4j.vmov=true -Di4j.vmov=true -Di4j.vmov=true -Di4j.vmov=true -Di4j.vpt=true -classpath /usr/local/lzg/openfire/.install4j/i4jruntime.jar:/usr/local/lzg/openfire/lib/activation.jar:/usr/local/lzg/openfire/lib/bcpg-jdk15on.jar:/usr/local/lzg/openfire/lib/bcpkix-jdk15on.jar:/usr/local/lzg/openfire/lib/bcprov-jdk15on.jar:/usr/local/lzg/openfire/lib/commons-el.jar:/usr/local/lzg/openfire/lib/gson-2.0.jar:/usr/local/lzg/openfire/lib/hsqldb.jar:/usr/local/lzg/openfire/lib/jasper-compiler.jar:/usr/local/lzg/openfire/lib/jasper-runtime.jar:/usr/local/lzg/openfire/lib/jdic.jar:/usr/local/lzg/openfire/lib/jtds.jar:/usr/local/lzg/openfire/lib/mail.jar:/usr/local/lzg/openfire/lib/mysql.jar:/usr/local/lzg/openfire/lib/openfire.jar:/usr/local/lzg/openfire/lib/postgres.jar:/usr/local/lzg/openfire/lib/servlet.jar:/usr/local/lzg/openfire/lib/slf4j-log4j12.jar:/usr/local/lzg/openfire/lib/startup.jar com.install4j.runtime.launcher.Launcher start org.jivesoftware.openfire.starter.ServerStarter false false /usr/local/lzg/openfire/bin/../logs/stderror.log /usr/local/lzg/openfire/bin/../logs/stdoutt.log true true false true true 0 0 20 20 Arial 0,0,0 8 500 version 3.9.3 20 40 Arial 0,0,0 8 500 -1root 5718 6305 0 11:46 ? 00:00:00 [redis-server] root 5719 4410 0 11:46 ? 00:00:00 ps -efroot 6305 1 0 Mar29 ? 04:00:56 redis-server /etc/redis.confroot 14716 1 0 2015 ? 00:02:04 barad_agent root 14723 14716 0 2015 ? 00:21:57 barad_agent root 14724 14716 0 2015 ? 03:53:28 barad_agent root 24903 1000 0 09:30 ? 00:00:00 sshd: root@pts/1 root 24946 24903 0 09:31 pts/1 00:00:00 -bashroot 25133 1 2 09:31 pts/1 00:02:47 /dev/java/jdk1.7.0_55/bin/java -Djava.util.logging.config.file=/usr/local/lzg/tomcat-lzg/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -server -Xms4g -Xmx6g -XX:PermSize=256m -XX:MaxPermSize=512m -XX:MaxNewSize=512m -Djava.endorsed.dirs=/usr/local/lzg/tomcat-lzg/endorsed -classpath /usr/local/lzg/tomcat-lzg/bin/bootstrap.jar:/usr/local/lzg/tomcat-lzg/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/lzg/tomcat-lzg -Dcatalina.home=/usr/local/lzg/tomcat-lzg -Djava.io.tmpdir=/usr/local/lzg/tomcat-lzg/temp org.apache.catalina.startup.Bootstrap startroot 25188 24946 0 09:31 pts/1 00:00:00 tail -f logs/catalina.out/lib/jasper-compiler.jar:/usr/local/lzg/openfire/lib/jasper-runtime.jar:/usr/local/lzg/openfire/lib/jdic.jar:/usr/local/lzg/openfire/lib/jtds.jar:/usr/local/lzg/openfire/lib/mail.jar:/usr/local/lzg/openfire/lib/mysql.jar:/usr/local/lzg/openfire/lib/openfire.jar:/usr/local/lzg/openfire/lib/postgres.jar:/usr/local/lzg/openfire/lib/servlet.jar:/usr/local/lzg/openfire/lib/slf4j-log4j12.jar:/usr/local/lzg/openfire/lib/startup.jar com.install4j.runtime.launcher.Launcher start org.jivesoftware.openfire.starter.ServerStarter false false /usr/local/lzg/openfire/bin/../logs/stderror.log /usr/local/lzg/openfire/bin/../logs/stdoutt.log true true false true true 0 0 20 20 Arial 0,0,0 8 500 version 3.9.3 20 40 Arial 0,0,0 8 500 -1root
修改弱密码
危害等级:中
漏洞Rank:10
确认时间:2016-04-20 15:18
非常感谢!
暂无