当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0107926

漏洞标题:某航安机场设备公司getshell

相关厂商:某航安机场设备公司

漏洞作者: 路人甲

提交时间:2015-04-16 16:50

修复时间:2015-06-05 12:12

公开时间:2015-06-05 12:12

漏洞类型:命令执行

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-04-16: 细节已通知厂商并且等待厂商处理中
2015-04-21: 厂商已经确认,细节仅向厂商公开
2015-05-01: 细节向核心白帽子及相关领域专家公开
2015-05-11: 细节向普通白帽子公开
2015-05-21: 细节向实习白帽子公开
2015-06-05: 细节向公众公开

简要描述:

某航安机场设备公司getshell

详细说明:

网址:http://www.airsafe.com.cn/download.action
站点存在Struts2命令执行漏洞,可以getshell

1.png


whoami -- airsafe


漏洞证明:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 127.0.0.1:2208              0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:50120               0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:50122               0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      
tcp        0      0 114.80.156.116:21           178.212.111.39:61062        SYN_RECV    
tcp        0      0 127.0.0.1:12183             127.0.0.1:45444             SYN_RECV    
tcp        0      0 127.0.0.1:12183             127.0.0.1:45473             SYN_RECV    
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:2207              0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:60947             127.0.0.1:12014             ESTABLISHED 
tcp        0      0 127.0.0.1:55616             127.0.0.1:12249             ESTABLISHED 
tcp        0      0 127.0.0.1:41041             127.0.0.1:12192             ESTABLISHED 
tcp        0      0 127.0.0.1:59817             127.0.0.1:12009             ESTABLISHED 
tcp        0      0 127.0.0.1:58508             127.0.0.1:12260             ESTABLISHED 
tcp        0      0 127.0.0.1:58505             127.0.0.1:12260             ESTABLISHED 
tcp        0      0 127.0.0.1:58504             127.0.0.1:12260             ESTABLISHED 
tcp        0      0 127.0.0.1:60682             127.0.0.1:12268             ESTABLISHED 
tcp        0      0 127.0.0.1:60680             127.0.0.1:12268             ESTABLISHED 
tcp        0      0 127.0.0.1:60679             127.0.0.1:12268             ESTABLISHED 
tcp        0      0 127.0.0.1:55720             127.0.0.1:12248             ESTABLISHED 
tcp        0      0 127.0.0.1:39319             127.0.0.1:12187             ESTABLISHED 
tcp        0      0 127.0.0.1:44354             127.0.0.1:12206             ESTABLISHED 
tcp        0      0 127.0.0.1:40760             127.0.0.1:12187             ESTABLISHED 
tcp        0      0 127.0.0.1:46110             127.0.0.1:12208             ESTABLISHED 
tcp        0      0 127.0.0.1:41459             127.0.0.1:12196             ESTABLISHED 
tcp        0      0 127.0.0.1:55813             127.0.0.1:12252             ESTABLISHED 
tcp        0      0 127.0.0.1:50604             127.0.0.1:12227             ESTABLISHED 
tcp        0      0 127.0.0.1:50592             127.0.0.1:12227             ESTABLISHED 
tcp        0      0 127.0.0.1:60172             127.0.0.1:12268             ESTABLISHED 
tcp        0      0 127.0.0.1:50347             127.0.0.1:12227             ESTABLISHED 
tcp        0      0 127.0.0.1:50348             127.0.0.1:12227             ESTABLISHED 
tcp        0      0 127.0.0.1:50381             127.0.0.1:12227             ESTABLISHED 
tcp        0      0 127.0.0.1:59857             127.0.0.1:12014             ESTABLISHED 
tcp        0      0 127.0.0.1:38336             127.0.0.1:12189             ESTABLISHED 
tcp        0      0 127.0.0.1:53004             127.0.0.1:12230             ESTABLISHED 
tcp        0      0 127.0.0.1:41995             127.0.0.1:12205             ESTABLISHED 
tcp        0      0 127.0.0.1:60898             127.0.0.1:12260             ESTABLISHED 
tcp        0      0 127.0.0.1:48236             127.0.0.1:12214             ESTABLISHED 
tcp        0      0 127.0.0.1:48234             127.0.0.1:12214             ESTABLISHED 
tcp        0      0 127.0.0.1:48244             127.0.0.1:12214             ESTABLISHED 
tcp        0      0 127.0.0.1:48243             127.0.0.1:12214             ESTABLISHED 
tcp        0      0 127.0.0.1:48242             127.0.0.1:12214             ESTABLISHED 
tcp        0      0 127.0.0.1:41895             127.0.0.1:12201             ESTABLISHED

修复方案:

补丁+重新划分!安全很重要,贵公司应该值得重视!20Rank~

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-04-21 12:10

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向民航行业测评中心通报,由其后续协调网站管理单位处置.

最新状态:

暂无