当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0122402

漏洞标题:陕西省通信管理局项目管理综合信息系统存在命令执行漏洞

相关厂商:陕西省通信管理局

漏洞作者: 朱元璋

提交时间:2015-06-24 10:34

修复时间:2015-08-12 07:20

公开时间:2015-08-12 07:20

漏洞类型:命令执行

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-24: 细节已通知厂商并且等待厂商处理中
2015-06-28: 厂商已经确认,细节仅向厂商公开
2015-07-08: 细节向核心白帽子及相关领域专家公开
2015-07-18: 细节向普通白帽子公开
2015-07-28: 细节向实习白帽子公开
2015-08-12: 细节向公众公开

简要描述:

详细说明:

地址

mask 区域 
1.http://**.**.**/evaluation/evaluation/toScoreList.actionidentityNumber=


存在命令执行漏洞

0.png


netstat -ano

活动连接
  协议  本地地址          外部地址        状态           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       664
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:3306           0.0.0.0:0              LISTENING       1240
  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING       1776
  TCP    0.0.0.0:8000           0.0.0.0:0              LISTENING       38712
  TCP    0.0.0.0:8009           0.0.0.0:0              LISTENING       38712
  TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING       1172
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING       404
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING       772
  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING       824
  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING       500
  TCP    0.0.0.0:49156          0.0.0.0:0              LISTENING       448
  TCP    0.0.0.0:49157          0.0.0.0:0              LISTENING       1816
  TCP    127.0.0.1:3306         127.0.0.1:51294        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51295        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51314        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51315        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51344        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51345        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51346        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51347        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51348        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51349        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51350        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51351        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51352        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51353        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51354        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51355        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51356        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51357        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51358        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51359        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51384        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51429        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51475        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51476        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51485        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51506        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51507        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51508        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51509        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51526        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51527        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51540        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51541        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51554        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51567        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51568        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51569        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51570        ESTABLISHED     1240
  TCP    127.0.0.1:3306         127.0.0.1:51571        ESTABLISHED     1240
  TCP    127.0.0.1:3306


net start

已经启动以下 Windows 服务: 
   Apache2.2
   Application Experience
   Background Intelligent Transfer Service
   Base Filtering Engine
   Certificate Propagation
   COM+ Event System
   Cryptographic Services
   DCOM Server Process Launcher
   Desktop Window Manager Session Manager
   DHCP Client
   Diagnostic Policy Service
   DNS Client
   Group Policy Client
   Human Interface Device Access
   IKE and AuthIP IPsec Keying Modules
   IP Helper
   IPsec Policy Agent
   MySQL55
   Network Connections
   Network List Service
   Network Location Awareness
   Network Store Interface Service
   Plug and Play
   Power
   Print Spooler
   Remote Desktop Configuration
   Remote Desktop Services
   Remote Desktop Services UserMode Port Redirector
   Remote Procedure Call (RPC)
   RPC Endpoint Mapper
   Security Accounts Manager
   Server
   Shell Hardware Detection
   System Event Notification Service
   Task Scheduler
   TCP/IP NetBIOS Helper
   User Profile Service
   Windows Event Log
   Windows Firewall
   Windows Management Instrumentation
   Windows Time
   Windows Update
   Workstation
   主动防御
命令成功完成。


1.png


net share

共享名       资源                            注解
-------------------------------------------------------------------------------
C$           C:\

漏洞证明:

开终端远程,不是太好吧?

修复方案:

加强安全意识

版权声明:转载请注明来源 朱元璋@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-06-28 07:19

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发给陕西分中心,由其后续协调网站管理单位处置.

最新状态:

暂无