当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0108653

漏洞标题:新华网某系统命令执行

相关厂商:新华网

漏洞作者: 朱元璋

提交时间:2015-04-22 16:55

修复时间:2015-06-08 17:52

公开时间:2015-06-08 17:52

漏洞类型:成功的入侵事件

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-04-22: 细节已通知厂商并且等待厂商处理中
2015-04-24: 厂商已经确认,细节仅向厂商公开
2015-05-04: 细节向核心白帽子及相关领域专家公开
2015-05-14: 细节向普通白帽子公开
2015-05-24: 细节向实习白帽子公开
2015-06-08: 细节向公众公开

简要描述:

感觉网站安全不是做的很好

详细说明:

http://219.153.9.73:8080/submitted/login.action

0.jpg


netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1031 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1158 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1521 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1830 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3938 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5001 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5500 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5520 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5521 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5560 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5580 0.0.0.0:0 LISTENING
TCP 0.0.0.0:6009 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
TCP 0.0.0.0:9073 0.0.0.0:0 LISTENING
TCP 0.0.0.0:9090 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1071 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1115 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1175 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1176 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1233 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1235 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1240 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1244 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1245 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1246 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1247 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1248 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1308 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1309 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1310 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1311 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1312 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1115 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1175 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1176 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1233 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1235 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1240 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1244 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1245 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1246 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1247 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1248 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1308 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1309 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1310 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1311 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1312 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1592 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2787 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2788 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2789 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2790 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2791 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.
ipconfig
Windows IP Configuration
Ethernet adapter 本地连接 3:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter 本地连接:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter 本地连接 4:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter 本地连接 2:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 219.153.9.73
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Default Gateway . . . . . . . . . : 219.153.9.1
whoami
svctag-h3n513x\haododo
ls F:\founder_tomcat\webapps\submitted\
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

漏洞证明:

http://219.153.9.73:8080/submitted/login.action

0.jpg


netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1031 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1158 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1521 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1830 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3938 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5001 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5500 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5520 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5521 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5560 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5580 0.0.0.0:0 LISTENING
TCP 0.0.0.0:6009 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
TCP 0.0.0.0:9073 0.0.0.0:0 LISTENING
TCP 0.0.0.0:9090 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1071 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1115 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1175 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1176 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1233 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1235 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1240 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1244 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1245 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1246 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1247 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1248 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1308 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1309 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1310 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1311 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1312 127.0.0.1:1521 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1115 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1175 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1176 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1233 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1235 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1240 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1244 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1245 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1246 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1247 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1248 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1308 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1309 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1310 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1311 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1312 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:1592 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2787 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2788 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2789 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2790 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.1:2791 ESTABLISHED
TCP 127.0.0.1:1521 127.0.0.
ipconfig
Windows IP Configuration
Ethernet adapter 本地连接 3:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter 本地连接:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter 本地连接 4:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter 本地连接 2:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 219.153.9.73
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Default Gateway . . . . . . . . . : 219.153.9.1
whoami
svctag-h3n513x\haododo
ls F:\founder_tomcat\webapps\submitted\
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

修复方案:

自己看着办

版权声明:转载请注明来源 朱元璋@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-04-24 17:51

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向新华网上级管理单位通报,由其后续协调网站管理单位处置.

最新状态:

暂无