当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-050409

漏洞标题:优酷某分站命令执行漏洞(已证明可内网渗透)

相关厂商:优酷

漏洞作者: 猪猪侠

提交时间:2014-02-07 17:08

修复时间:2014-03-24 17:09

公开时间:2014-03-24 17:09

漏洞类型:命令执行

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-02-07: 细节已通知厂商并且等待厂商处理中
2014-02-08: 厂商已经确认,细节仅向厂商公开
2014-02-18: 细节向核心白帽子及相关领域专家公开
2014-02-28: 细节向普通白帽子公开
2014-03-10: 细节向实习白帽子公开
2014-03-24: 细节向公众公开

简要描述:

优酷某分站命令执行漏洞可SHELL,可内网渗透

详细说明:

Target: http://channel.3g.youku.com/ykmks/login.do
Whoami: root
WebPath: /opt/www/ykmks/webapps/ykmks
OS.Name: Linux
OS.Version: 2.6.18-194.el5
Java.Home: /opt/jdk/jre
Java.Version: 1.6.0_13
OS.arch: amd64
User.Name: root
User.Home: /root
User.Dir: /opt/www/ykmks/webapps/ykmks
Java.Class.Path: /opt/tomcat/bin/bootstrap.jar
Java.IO.Tmpdir: /opt/tomcat/temp

漏洞证明:

eth0      Link encap:Ethernet  HWaddr 00:24:E8:68:5A:0D  
          inet addr:10.103.13.19  Bcast:10.103.13.255  Mask:255.255.255.0
          inet6 addr: fe80::224:e8ff:fe68:5a0d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2099277294 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3582311950 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:396065005482 (368.8 GiB)  TX bytes:401171199965 (373.6 GiB)
          Interrupt:169 Memory:f8000000-f8012800 
eth1      Link encap:Ethernet  HWaddr 00:24:E8:68:5A:0F  
          inet addr:211.151.146.78  Bcast:211.151.146.255  Mask:255.255.255.0
          inet6 addr: fe80::224:e8ff:fe68:5a0f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10399875776 errors:0 dropped:67 overruns:0 frame:0
          TX packets:1560453631 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:881364135680 (820.8 GiB)  TX bytes:338251510443 (315.0 GiB)
          Interrupt:169 Memory:f4000000-f4012800 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:14585539843 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14585539843 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1918210199086 (1.7 TiB)  TX bytes:1918210199086 (1.7 TiB)
sit0      Link encap:IPv6-in-IPv4  
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)


a01.memcachced.3g.b28.youku (10.103.13.21) at 00:1D:09:64:77:78 [ether] on eth0
a02.memcachced.3g.b28.youku (10.103.13.22) at 00:1D:09:64:77:E6 [ether] on eth0
? (211.151.146.1) at 00:00:0C:07:AC:01 [ether] on eth1
? (10.103.13.254) at 00:00:5E:00:01:0D [ether] on eth0


nameserver 10.103.10.5
nameserver 10.103.10.6


修复方案:

更新第三方组件

版权声明:转载请注明来源 猪猪侠@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2014-02-08 17:27

厂商回复:

多谢提醒,马上修复。

最新状态:

暂无