乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-16: 细节已通知厂商并且等待厂商处理中 2015-06-21: 厂商已经确认,细节仅向厂商公开 2015-07-01: 细节向核心白帽子及相关领域专家公开 2015-07-11: 细节向普通白帽子公开 2015-07-21: 细节向实习白帽子公开 2015-08-05: 细节向公众公开
地址http://202.102.72.109:8080/gimis/login.action存在命令执行漏洞
netstat -an
Active Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:875 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:38091 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:39439 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:34352 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:46932 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:36285 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:58845 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5672 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:32458 0.0.0.0:* LISTEN tcp 0 0 :::46860 :::* LISTEN tcp 0 0 :::111 :::* LISTEN tcp 0 0 :::8080 :::* LISTEN tcp 0 0 :::37844 :::* LISTEN tcp 0 0 :::43701 :::* LISTEN tcp 0 0 ::1:631 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN tcp 0 0 :::57659 :::* LISTEN tcp 0 0 :::39388 :::* LISTEN tcp 0 0 :::36446 :::* LISTEN tcp 0 0 :::2049 :::* LISTEN tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN tcp 0 0 :::8009 :::* LISTEN tcp 0 0 :::32458 :::* LISTEN tcp 0 0 ::ffff:192.168.1.121:8080 ::ffff:192.168.1.118:56992 ESTABLISHED tcp 0 0 ::ffff:192.168.1.121:47139 ::ffff:192.168.1.125:3306 ESTABLISHED tcp 0 0 ::ffff:192.168.1.121:8080 ::ffff:192.168.1.118:56991 TIME_WAIT tcp 0 0 ::ffff:192.168.1.121:47153 ::ffff:192.168.1.125:3306 ESTABLISHED tcp 0 0 ::ffff:192.168.1.121:47138 ::ffff:192.168.1.125:3306 ESTABLISHED tcp 0 0 ::ffff:192.168.1.121:47161 ::ffff:192.168.1.125:3306 ESTABLISHED tcp 0 0 ::ffff:192.168.1.121:47162 ::ffff:192.168.1.125:3306 ESTABLISHED udp 0 0 0.0.0.0:46649 0.0.0.0:* udp 0 0 0.0.0.0:34124 0.0.0.0:* udp 0 0 0.0.0.0:33000 0.0.0.0:* udp 0 0 0.0.0.0:5353 0.0.0.0:* udp 0 0 0.0.0.0:875 0.0.0.0:* udp 0 0 0.0.0.0:111 0.0.0.0:* udp 0 0 0.0.0.0:631 0.0.0.0:* udp 0 0 0.0.0.0:1018 0.0.0.0:* udp 0 0 0.0.0.0:45946 0.0.0.0:* udp 0 0 0.0.0.0:890 0.0.0.0:* udp 0 0 0.0.0.0:2049
ls
binbootdevetchomeliblib64lost+foundmediamiscmntnetoptprocrootsbinselinuxsrvsyssys.logtmpusrvar
/usr/local/tomcat/webapps/gimis/
/usr/local/tomcat/webapps/gimis/:ChartsMETA-INFWEB-INFaddrSelbuild.jspcssdocfleximageincludeindex.jspjsjspmenu.jspmonthsamplestatistics
whoami
tomcat
加强安全意识
危害等级:中
漏洞Rank:7
确认时间:2015-06-21 07:55
cnvd确认并复现所述情况,已经转由cncert下发给江苏分中心,由其后续协调网站管理单位处置。按通用软件漏洞评分,rank 7
暂无