乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-27: 细节已通知厂商并且等待厂商处理中 2016-04-29: 厂商已经确认,细节仅向厂商公开 2016-05-09: 细节向核心白帽子及相关领域专家公开 2016-05-19: 细节向普通白帽子公开 2016-05-29: 细节向实习白帽子公开 2016-06-13: 细节向公众公开
网易163某系统getshell
http://ent.ws.netease.com/admin/login.do
存在最新的命令执行漏洞
eth0 Link encap:Ethernet HWaddr 00:16:3e:49:b6:97 inet addr:123.126.62.92 Bcast:123.126.62.255 Mask:255.255.255.0 inet6 addr: fe80::216:3eff:fe49:b697/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1192852250 errors:0 dropped:0 overruns:0 frame:0 TX packets:39774028 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:81360581260 (75.7 GiB) TX bytes:16636425604 (15.4 GiB) Interrupt:22 eth1 Link encap:Ethernet HWaddr 00:16:3e:31:91:8d inet addr:10.100.21.92 Bcast:10.100.21.255 Mask:255.255.254.0 inet6 addr: fe80::216:3eff:fe31:918d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:40345695659 errors:0 dropped:0 overruns:0 frame:0 TX packets:1978460539 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:8566624616610 (7.7 TiB) TX bytes:3454086760863 (3.1 TiB) Interrupt:21 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:47116414 errors:0 dropped:0 overruns:0 frame:0 TX packets:47116414 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3820735178 (3.5 GiB) TX bytes:3820735178 (3.5 GiB)
shell路径
/home/workspace/ent_product/release-current/dist/webapp/1.jsp
conf/password.xml
resin-admin.xml
app-default.xmldevelopment.confminimal.confpassword.xmlresin-3_1.confresin-admin.xmlresin.conf
补丁
危害等级:高
漏洞Rank:10
确认时间:2016-04-29 11:07
您好,该通用类型框架漏洞已修复。感谢您对网易产品的关注。
暂无
