乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-05: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-12-20: 厂商已经主动忽略漏洞,细节向公众公开
一堆的木马啊
地址http://sim.qjxgold.com:28821/webTrader/loginAction!loginInit.action存在命令执行漏洞
直接getshell服务器
netstat -ano
Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1496 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING 1188 TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING 792 TCP 0.0.0.0:1521 0.0.0.0:0 LISTENING 760 TCP 0.0.0.0:1819 0.0.0.0:0 LISTENING 2504 TCP 0.0.0.0:2069 0.0.0.0:0 LISTENING 2212 TCP 0.0.0.0:5560 0.0.0.0:0 LISTENING 768 TCP 0.0.0.0:5580 0.0.0.0:0 LISTENING 768 TCP 0.0.0.0:28810 0.0.0.0:0 LISTENING 2212 TCP 0.0.0.0:28811 0.0.0.0:0 LISTENING 2212 TCP 0.0.0.0:28821 0.0.0.0:0 LISTENING 4816 TCP 0.0.0.0:65001 0.0.0.0:0 LISTENING 840 TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING 760 TCP 127.0.0.1:1032 0.0.0.0:0 LISTENING 2796 TCP 127.0.0.1:1521 127.0.0.1:2012 ESTABLISHED 760 TCP 127.0.0.1:1521 127.0.0.1:2087 ESTABLISHED 760 TCP 127.0.0.1:2009 127.0.0.1:2010 ESTABLISHED 4816 TCP 127.0.0.1:2010 127.0.0.1:2009 ESTABLISHED 4816 TCP 127.0.0.1:2012 127.0.0.1:1521 ESTABLISHED 2212 TCP 127.0.0.1:2014 127.0.0.1:2015 ESTABLISHED 4816 TCP 127.0.0.1:2015 127.0.0.1:2014 ESTABLISHED 4816 TCP 127.0.0.1:2016 127.0.0.1:2017 ESTABLISHED 4816 TCP 127.0.0.1:2017 127.0.0.1:2016 ESTABLISHED 4816 TCP 127.0.0.1:2018 127.0.0.1:2019 ESTABLISHED 4816 TCP 127.0.0.1:2019 127.0.0.1:2018 ESTABLISHED 4816 TCP 127.0.0.1:2020 127.0.0.1:2021 ESTABLISHED 4816 TCP 127.0.0.1:2021 127.0.0.1:2020 ESTABLISHED 4816 TCP 127.0.0.1:2031 127.0.0.1:2032 ESTABLISHED 2212 TCP 127.0.0.1:2032 127.0.0.1:2031 ESTABLISHED 2212 TCP 127.0.0.1:2033 127.0.0.1:2034 ESTABLISHED 2212 TCP 127.0.0.1:2034 127.0.0.1:2033 ESTABLISHED 2212 TCP 127.0.0.1:2035 127.0.0.1:2036 ESTABLISHED 2212 TCP 127.0.0.1:2036 127.0.0.1:2035 ESTABLISHED 2212 TCP 127.0.0.1:2037 127.0.0.1:2038 ESTABLISHED 2212 TCP 127.0.0.1:2038 127.0.0.1:2037 ESTABLISHED 2212 TCP 127.0.0.1:2039 127.0.0.1:2040 ESTABLISHED 2212 TCP 127.0.0.1:2040 127.0.0.1:2039 ESTABLISHED 2212 TCP 127.0.0.1:2041 127.0.0.1:2042 ESTABLISHED 2212 TCP 127.0.0.1:2042 127.0.0.1:2041 ESTABLISHED 2212 TCP 127.0.0.1:2057 127.0.0.1:2058 ESTABLISHED 2212 TCP 127.0.0.1:2058 127.0.0.1:2057 ESTABLISHED 2212 TCP 127.0.0.1:2059 127.0.0.1:2060 ESTABLISHED 2212 TCP 127.0.0.1:2060 127.0.0.1:2059 ESTABLISHED 2212 TCP 127.0.0.1:2061 127.0.0.1:2062 ESTABLISHED 2212 TCP 127.0.0.1:2062 127.0.0.1:2061 ESTABLISHED 2212 TCP 127.0.0.1:2063 127.0.0.1:2064 ESTABLISHED 2212 TCP 127.0.0.1:2064 127.0.0.1:2063 ESTABLISHED 2212 TCP 127.0.0.1:2065 127.0.0.1:2066 ESTABLISHED 2212 TCP 127.0.0.1:2066 127.0.0.1:2065 ESTABLISHED 2212 TCP 127.0.0.1:2067 127.0.0.1:2068 ESTABLISHED 2212 TCP 127.0.0.1:2068 127.0.0.1:2067 ESTABLISHED 2212 T
systeminfo
???: QJXMNOS ??: Microsoft(R) Windows(R) Server 2003, Enterprise EditionOS ??: 5.2.3790 Service Pack 1 Build 3790OS ???: Microsoft CorporationOS ??: ?????OS ????: Multiprocessor Free??????: qjx?????: qjx?? ID: 69813-650-9188916-45573??????: 2012-11-16, 12:36:36??????: 51 ? 10 ?? 54 ? 40 ??????: VMware, Inc.????: VMware Virtual Platform????: X86-based PC???: ??? 4 ????? [01]: x86 Family 6 Model 63 Stepping 2 GenuineIntel ~1600 Mhz [02]: x86 Family 6 Model 63 Stepping 2 GenuineIntel ~1599 Mhz [03]: x86 Family 6 Model 63 Stepping 2 GenuineIntel ~1599 Mhz [04]: x86 Family 6 Model 63 Stepping 2 GenuineIntel ~1599 MhzBIOS ??: INTEL - 6040000Windows ??: C:\WINDOWS????: C:\WINDOWS\system32????: \Device\HarddiskVolume1??????: zh-cn;??(??)???????: zh-cn;??(??)??: (GMT+08:00) ????????????????????????: 4,095 MB???????: 2,319 MB????: ???: 1,876 MB????: ??: 328 MB????: ???: 1,548 MB??????: C:\pagefile.sys?: WORKGROUP?????: \\QJXMN????: ??? 1 ?????? [01]: Q147222??: ??? 1 ? NIC? [01]: Intel(R) PRO/1000 MT Network Connection ???: ???? 2 ?? DHCP: ? IP ?? [01]: 192.168.2.33
加强安全意识
未能联系到厂商或者厂商积极拒绝