当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0113537

漏洞标题:大连华艾科技有限公司提供的企业建站系统存在通用getshell漏洞,可批量

相关厂商:大连华艾科技有限公司

漏洞作者: 路人甲

提交时间:2015-05-14 17:54

修复时间:2015-06-28 17:56

公开时间:2015-06-28 17:56

漏洞类型:文件上传导致任意代码执行

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-14: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-06-28: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

大连华艾科技有限公司提供的企业建站系统存在通用getshell漏洞,影响大量大连市企业网站

详细说明:

这个cms自带了fck编辑器目录。编辑器目录为 :/admin/fckeditor
输入http://xxx.com/admin/fckeditor/editor/dialog/fck_about.html来查看编辑器版本

t01ef304c9117f46b45.png


发现所有使用这个cms的网站的编辑器版本都是fck_php2.3
而2.3版本恰好存在fck_php<=2.4.2任意文件上传漏洞。本地构建表单即可上传php一句话
漏洞关键词:
技术支持:华艾科技

QQ截图20150511221506.png


漏洞证明:

打包一部分漏洞网站:
http://www.richfortunechem.com/admin/fckeditor/editor/dialog/fck_about.html
http://lnwuf.com/admin/fckeditor/editor/dialog/fck_about.html
http://www.hy-ref.com/admin/fckeditor/editor/dialog/fck_about.html
http://dalianhuachi.com/admin/fckeditor/editor/dialog/fck_about.html
http://jw-eco-dl.com/admin/fckeditor/editor/dialog/fck_about.html
http://www.dlspring.cn/admin/fckeditor/editor/dialog/fck_about.html
http://dldingxin.cn/admin/fckeditor/editor/dialog/fck_about.html
http://dltaiyun.com/admin/fckeditor/editor/dialog/fck_about.html
http://www.yiqidiaosu.com/admin/fckeditor/editor/dialog/fck_about.html
http://dlpropeller.com/admin/fckeditor/editor/dialog/fck_about.html
http://hy-ref.com.h52.99600.cn/admin/fckeditor/editor/dialog/fck_about.html
http://oceancf.com//admin/fckeditor/editor/dialog/fck_about.html
http://www.sinowax.com.cn/admin/fckeditor/editor/dialog/fck_about.html
http://dlxile.com/admin/fckeditor/editor/dialog/fck_about.html
http://www.dldxkj.com/admin/fckeditor/editor/dialog/fck_about.html
http://www.dlhesheng.cn/admin/fckeditor/editor/dialog/fck_about.html
http://dltgw.cn/admin/fckeditor/editor/dialog/fck_about.html
http://www.dl-rx.com/admin/fckeditor/editor/dialog/fck_about.html
http://miyahara.cn/admin/fckeditor/editor/dialog/fck_about.html
http://you-r.com.cn/admin/fckeditor/editor/dialog/fck_about.html

t01eb2aba35d964b0a1.png


t01212f05b94feab467.png


这个版本getshell的办法大家都知道,就不演示了。用批量工具测试getshell
既然是批量getshell漏洞。那就得有shell
http://dltaiyun.com////upfiles/20150507152027.php
http://dalianhuachi.com////upfiles/20150507152027.php
http://dldingxin.cn////upfiles/20150507152027.php
http://jw-eco-dl.com////upfiles/20150507152027.php
http://www.hy-ref.com////upfiles/20150507152028.php
http://hy-ref.com.h52.99600.cn////upfiles/20150507152028(1).php
http://www.richfortunechem.com////upfiles/20150507152028.php
http://www.dldxkj.com////upfiles/20150507152030.php
http://www.dl-rx.com////upfiles/20150507152031.php
http://www.dl-czfz.com////upfiles/20150507152033.php
http://www.dlhailian.com////upfiles/20150507152033.php
http://www.sinowax.com.cn////upfiles/20150507152034.php
http://www.jw-eco-dl.com////upfiles/20150507152036.php
http://www.dlhesheng.cn////upfiles/20150507152035.php
http://www.lnjinjia.com////upfiles/20150507152036.php
http://cmbshipping.cn////upfiles/20150507152037.php
http://dlxile.com////upfiles/20150507152037.php
http://dltgw.cn////upfiles/20150507152038.php
密码:autoshell
修补漏洞时麻烦自行删除

修复方案:

升级fck编辑器的版本或者直接删掉

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝