乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-07: 细节已通知厂商并且等待厂商处理中 2015-11-11: 厂商已经确认,细节仅向厂商公开 2015-11-21: 细节向核心白帽子及相关领域专家公开 2015-12-01: 细节向普通白帽子公开 2015-12-11: 细节向实习白帽子公开 2015-12-26: 细节向公众公开
浦东新区位于上海市东部,雄踞东海之滨、杭州湾畔,内连扬子江、外眺太平洋,年平均气温16.2℃,四季分明、气候宜人。浦东新区占地约1210多平方公里,常住人口约412万。
系统**.**.**.**:8080/jybz/login.action地址**.**.**.**:8080存在jboss命令执行漏洞
直接上传木马到服务器
**.**.**.**:8080/yuhkdgfc/test.jsp密码tom
[*] 磁盘列表 [ C:D:E:G: ]C:\jboss-4.2.1.GA\server\default\.\deploy\yuhkdgfc.war\yuhkdgfc\> net user\\ 的用户帐户-------------------------------------------------------------------------------2013 2014 Administrator ASP.NET ASPNET Guest HelpAssistant IUSR_HP-C822AAXIS182 IWAM_HP-C822AAXIS182 sql SUPPORT_388945a0 tianle window window9956 命令运行完毕,但发生一个或多个错误。系统找不到指定的路径。C:\jboss-4.2.1.GA\bin\> net share共享名 资源 注释-------------------------------------------------------------------------------IPC$ 远程 IPC G$ G:\ 默认共享 E$ E:\ 默认共享 ADMIN$ C:\WINDOWS 远程管理 D$ D:\ 默认共享 C$ C:\ 默认共享 back D:\back zjgl2_bak E:\zjgl2_bak 命令成功完成。C:\jboss-4.2.1.GA\bin\> net view服务器名称 注释-------------------------------------------------------------------------------\\ZJGL1 命令成功完成。C:\jboss-4.2.1.GA\bin\> netstat -anoActive Connections Proto Local Address Foreign Address State PID TCP **.**.**.**:80 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:135 **.**.**.**:0 LISTENING 720 TCP **.**.**.**:445 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1041 **.**.**.**:0 LISTENING 496 TCP **.**.**.**:1059 **.**.**.**:0 LISTENING 2152 TCP **.**.**.**:1072 **.**.**.**:0 LISTENING 1740 TCP **.**.**.**:1073 **.**.**.**:0 LISTENING 1740 TCP **.**.**.**:1074 **.**.**.**:0 LISTENING 1740 TCP **.**.**.**:1098 **.**.**.**:0 LISTENING 1740 TCP **.**.**.**:1099 **.**.**.**:0 LISTENING 1740 TCP **.**.**.**:1521 **.**.**.**:0 LISTENING 2104 TCP **.**.**.**:1990 **.**.**.**:0 LISTENING 1388 TCP **.**.**.**:3306 **.**.**.**:0 LISTENING 1920 TCP **.**.**.**:3389 **.**.**.**:0 LISTENING 4284 TCP **.**.**.**:4444 **.**.**.**:0 LISTENING 1740 TCP **.**.**.**:4445 **.**.**.**:0 LISTENING 1740 TCP **.**.**.**:4446 **.**.**.**:0 LISTENING 1740 TCP **.**.**.**:6368 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:8009 **.**.**.**:0 LISTENING 1740 TCP **.**.**.**:8080 **.**.**.**:0 LISTENING 1740 TCP **.**.**.**:8083 **.**.**.**:0 LISTENING 1740 TCP **.**.**.**:139 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1060 **.**.**.**:1521 ESTABLISHED 2152 TCP **.**.**.**:1521 **.**.**.**:1060 ESTABLISHED 2104 TCP **.**.**.**:2301 **.**.**.**:0 LISTENING 2552 TCP **.**.**.**:2381 **.**.**.**:0 LISTENING 2552 TCP **.**.**.**:8080 **.**.**.**:47292 TIME_WAIT 0 TCP **.**.**.**:8080 **.**.**.**:47376 TIME_WAIT 0 TCP **.**.**.**:8080 **.**.**.**:47754 ESTABLISHED 1740 TCP **.**.**.**:1831 **.**.**.**:3306 ESTABLISHED 1740 TCP **.**.**.**:2301 **.**.**.**:0 LISTENING 2552 TCP **.**.**.**:2381 **.**.**.**:0 LISTENING 2552 TCP **.**.**.**:3306 **.**.**.**:1831 ESTABLISHED 1920 TCP **.**.**.**:3873 **.**.**.**:0 LISTENING 1740 TCP **.**.**.**:5152 **.**.**.**:0 LISTENING 1680 TCP **.**.**.**:8093 **.**.**.**:0 LISTENING 1740 TCP [::]:80 [::]:0 LISTENING 4 TCP [::]:135 [::]:0 LISTENING 720 TCP [::]:445 [::]:0 LISTENING 4 TCP [::]:1041 [::]:0 LISTENING 496 TCP [::]:1072 [::]:0 LISTENING 1740 TCP [::]:1073 [::]:0 LISTENING 1740 TCP [::]:1074 [::]:0 LISTENING 1740 TCP [::]:1098 [::]:0 LISTENING 1740 TCP [::]:1099 [::]:0 LISTENING 1740 TCP [::]:4444 [::]:0 LISTENING 1740 TCP [::]:4445 [::]:0 LISTENING 1740 TCP [::]:4446 [::]:0 LISTENING 1740 TCP [::]:6368 [::]:0 LISTENING 4 TCP [::]:8009 [::]:0 LISTENING 1740 TCP [::]:8080 [::]:0 LISTENING 1740 TCP [::]:8083 [::]:0 LISTENING 1740 UDP **.**.**.**:161 *:* 2256 UDP **.**.**.**:123 *:* 876 UDP **.**.**.**:137 *:* 4 UDP **.**.**.**:138 *:* 4 UDP **.**.**.**:123 *:* 876 UDP **.**.**.**:1443 *:* 2008C:\jboss-4.2.1.GA\bin\> net start已经启动以下 Windows 服务: Application Experience Lookup Service Automatic Updates Bunkna vajmaydj COM+ Event System Computer Browser Cryptographic Services DbSecuritySpt DCOM Server Process Launcher DHCP Client DNS Client Event Log HID Input Service Hlfxpa stoqrtxn HP Insight Foundation Agents HP Insight NIC Agents HP Insight Server Agents HP Insight Storage Agents HP ProLiant Remote Monitor Service HP ProLiant System Shutdown Service HP Smart Array SAS/SATA Event Notification Service HP System Management Homepage HP Version Control Agent HTTP SSL IIS Admin Service Indexing Service IPv6 Helper Service Java Quick Starter JBoss 4.2.1GA Logical Disk Manager MySQL Network Connections Network Location Awareness (NLA) OracleOraHome92TNSListener OracleServiceORCL Plug and Play Print Spooler Protected Storage Remote Access Connection Manager Remote Procedure Call (RPC) Rising RavTask Manager Rising Upgrade Service Security Accounts Manager Server Shell Hardware Detection SNMP Service Sogou OmniAddr Update Service System Event Notification Task Scheduler TCP/IP NetBIOS Helper Telephony Terminal Services TSMReptSvc Windows Management Instrumentation Windows Time Wireless Configuration Workstation World Wide Web Publishing Service命令成功完成。C:\jboss-4.2.1.GA\bin\> tasklist /svc映像名称 PID 服务 ========================= ======== ============================================System Idle Process 0 暂缺 System 4 暂缺 smss.exe 332 暂缺 csrss.exe 392 暂缺 winlogon.exe 420 暂缺 services.exe 468 Eventlog, PlugPlay lsass.exe 496 HTTPFilter, ProtectedStorage, SamSs svchost.exe 648 DcomLaunch svchost.exe 720 RpcSs CCenter.exe 784 暂缺 RavTask.exe 808 RavTask svchost.exe 836 6to4, Dhcp, Dnscache svchost.exe 876 LmHosts, W32Time svchost.exe 932 AeLookupSvc, Browser, CryptSvc, dmserver, EventSystem, HidServ, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, SENS, ShellHWDetection, winmgmt, wuauserv, WZCSVC rsnetsvr.exe 1108 暂缺 spoolsv.exe 1332 Spooler RavSosSvc.exe 1388 AngelOfDeath cissesrv.exe 1404 Cissesrv cisvc.exe 1420 CiSvc cpqrcmc.exe 1444 CpqRcmc vcagent.exe 1464 cpqvcagent DbSecuritySpt.exe 1508 DbSecuritySpt inetinfo.exe 1636 IISADMIN jqs.exe 1680 JavaQuickStarterService JBossService.exe 1740 JBoss 4.2.1GA mysqld-nt.exe 1920 MySQL OmniAddrService.exe 2008 OmniAddrService TNSLSNR.EXE 2104 OracleOraHome92TNSListener oracle.exe 2152 OracleServiceORCL snmp.exe 2256 SNMP sysdown.exe 2332 sysdown smhstart.exe 2356 SysMgmtHp hpsmhd.exe 2552 暂缺 rotatelogs.exe 2624 暂缺 rotatelogs.exe 2644 暂缺 tsmreptsvc.exe 2632 TSMReptSvc hpsmhd.exe 2660 暂缺 rotatelogs.exe 2692 暂缺 rotatelogs.exe 2700 暂缺 Soqeeuq.exe 3776 Wsgqso vmnfdrjw cpqnimgt.exe 3856 CpqNicMgmt cqmgserv.exe 3920 CqMgServ cqmgstor.exe 3932 CqMgStor svchost.exe 4012 W3SVC cqmghost.exe 688 CqMgHost wmiprvse.exe 4192 暂缺 wmiprvse.exe 4224 暂缺 svchost.exe 4284 TermService cidaemon.exe 4812 暂缺 cidaemon.exe 5616 暂缺 cidaemon.exe 5684 暂缺 logon.scr 4692 暂缺 svchost.exe 5780 TapiSrv Eugseey.exe 4608 Wsyixe qisuqtqj cmd.exe 2384 暂缺 tasklist.exe 5104 暂缺 C:\jboss-4.2.1.GA\bin\> ipconfig /allWindows IP Configuration Host Name . . . . . . . . . . . . : zjgl1 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter 本地连接: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Adapter Physical Address. . . . . . . . . : 00-21-5A-C9-86-E8 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** IP Address. . . . . . . . . . . . : fe80::221:5aff:fec9:86e8%4 Default Gateway . . . . . . . . . : **.**.**.** DNS Servers . . . . . . . . . . . : **.**.**.** fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5 Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : DisabledTunnel adapter Automatic Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 0A-F2-09-65 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : fe80::5efe:**.**.**.**%2 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : DisabledC:\jboss-4.2.1.GA\bin\> systeminfo主机名: ZJGL1OS 名称: Microsoft(R) Windows(R) Server 2003, Enterprise EditionOS 版本: 5.2.3790 Service Pack 2 Build 3790OS 制造商: Microsoft CorporationOS 配置: 独立服务器OS 构件类型: Multiprocessor Free注册的所有人: hp注册的组织: 产品 ID: 69813-640-9510105-45282初始安装日期: 2008-2-2, 11:51:39系统启动时间: 3 天 0 小时 26 分 25 秒系统制造商: HP系统型号: ProLiant DL380 G5系统类型: X86-based PC处理器: 安装了 8 个处理器。 [01]: x86 Family 6 Model 23 Stepping 6 GenuineIntel ~2000 Mhz [02]: x86 Family 6 Model 23 Stepping 6 GenuineIntel ~2000 Mhz [03]: x86 Family 6 Model 23 Stepping 6 GenuineIntel ~2000 Mhz [04]: x86 Family 6 Model 23 Stepping 6 GenuineIntel ~2000 Mhz [05]: x86 Family 6 Model 23 Stepping 6 GenuineIntel ~2000 Mhz [06]: x86 Family 6 Model 23 Stepping 6 GenuineIntel ~2000 Mhz [07]: x86 Family 6 Model 23 Stepping 6 GenuineIntel ~2000 Mhz [08]: x86 Family 6 Model 23 Stepping 6 GenuineIntel ~2000 MhzBIOS 版本: HP - 2Windows 目录: C:\WINDOWS系统目录: C:\WINDOWS\system32启动设备: \Device\HarddiskVolume1系统区域设置: zh-cn;中文(中国)输入法区域设置: zh-cn;中文(中国)时区: (GMT+08:00) 北京,重庆,香港特别行政区,乌鲁木齐物理内存总量: 3,326 MB可用的物理内存: 2,272 MB页面文件: 最大值: 5,222 MB页面文件: 可用: 3,373 MB页面文件: 使用中: 1,849 MB页面文件位置: C:\pagefile.sys域: PDCZ登录服务器: 暂缺修补程序: 安装了 312 个修补程序。 [01]: File 1 [02]: File 1 [03]: File 1 [04]: File 1 [05]: File 1 [06]: File 1 [07]: File 1 [08]: File 1 [09]: File 1 [10]: File 1 [11]: File 1 [12]: File 1 [13]: File 1 [14]: File 1 [15]: File 1 [16]: File 1 [17]: File 1 [18]: File 1 [19]: File 1 [20]: File 1 [21]: File 1 [22]: File 1 [23]: File 1 [24]: File 1 [25]: File 1 [26]: File 1 [27]: File 1 [28]: File 1 [29]: File 1 [30]: File 1 [31]: File 1 [32]: File 1 [33]: File 1 [34]: File 1 [35]: File 1 [36]: File 1 [37]: File 1 [38]: File 1 [39]: File 1 [40]: File 1 [41]: File 1 [42]: File 1 [43]: File 1 [44]: File 1 [45]: File 1 [46]: File 1 [47]: File 1 [48]: File 1 [49]: File 1 [50]: File 1 [51]: File 1 [52]: File 1 [53]: File 1 [54]: File 1 [55]: File 1 [56]: File 1 [57]: File 1 [58]: File 1 [59]: File 1 [60]: File 1 [61]: File 1 [62]: File 1 [63]: File 1 [64]: File 1 [65]: File 1 [66]: File 1 [67]: File 1 [68]: File 1 [69]: File 1 [70]: File 1 [71]: File 1 [72]: File 1 [73]: File 1 [74]: File 1 [75]: File 1 [76]: File 1 [77]: File 1 [78]: File 1 [79]: File 1 [80]: File 1 [81]: File 1 [82]: File 1 [83]: File 1 [84]: File 1 [85]: File 1 [86]: File 1 [87]: File 1 [88]: File 1 [89]: File 1 [90]: File 1 [91]: File 1 [92]: File 1 [93]: File 1 [94]: File 1 [95]: File 1 [96]: File 1 [97]: File 1 [98]: File 1 [99]: File 1 [100]: File 1 [101]: File 1 [102]: File 1 [103]: File 1 [104]: File 1 [105]: File 1 [106]: File 1 [107]: File 1 [108]: File 1 [109]: File 1 [110]: File 1 [111]: File 1 [112]: File 1 [113]: File 1 [114]: File 1 [115]: File 1 [116]: File 1 [117]: File 1 [118]: File 1 [119]: File 1 [120]: File 1 [121]: File 1 [122]: File 1 [123]: File 1 [124]: File 1 [125]: File 1 [126]: File 1 [127]: File 1 [128]: File 1 [129]: File 1 [130]: File 1 [131]: File 1 [132]: File 1 [133]: File 1 [134]: File 1 [135]: File 1 [136]: File 1 [137]: File 1 [138]: File 1 [139]: File 1 [140]: File 1 [141]: File 1 [142]: File 1 [143]: File 1 [144]: File 1 [145]: File 1 [146]: File 1 [147]: File 1 [148]: File 1 [149]: File 1 [150]: File 1 [151]: Q147222 [152]: KB2604078 - QFE [153]: KB2656358 - QFE [154]: KB2656376 - QFE [155]: KB2656376-v2 - QFE [156]: KB2698032 - QFE [157]: KB2742604 - QFE [158]: KB933854 - QFE [159]: KB979907 - QFE [160]: SP1 - SP [161]: KB975558_WM8 [162]: KB925398_WMP64 [163]: KB2564958 - Update [164]: KB914961 - Service Pack [165]: KB2079403 - Update [166]: KB2115168 - Update [167]: KB2229593 - Update [168]: KB2296011 - Update [169]: KB2347290 - Update [170]: KB2360937 - Update [171]: KB2378111 - Update [172]: KB2387149 - Update [173]: KB2419635 - Update [174]: KB2423089 - Update [175]: KB2440591 - Update [176]: KB2443105 - Update [177]: KB2476490 - Update [178]: KB2478960 - Update [179]: KB2478971 - Update [180]: KB2483185 - Update [181]: KB2485663 - Update [182]: KB2506212 - Update [183]: KB2507618 - Update [184]: KB2507938 - Update [185]: KB2508429 - Update [186]: KB2509553 - Update [187]: KB2510587 - Update [188]: KB2524375 - Update [189]: KB2535512 - Update [190]: KB2536276-v2 - Update [191]: KB2544521 - Update [192]: KB2544893-v2 - Update [193]: KB2562937 - Update [194]: KB2566454 - Update [195]: KB2570947 - Update [196]: KB2584146 - Update [197]: KB2585542 - Update [198]: KB2598479 - Update [199]: KB2603381 - Update [200]: KB2604078 - Update [201]: KB2618451 - Update [202]: KB2620712 - Update [203]: KB2621440 - Update [204]: KB2624667 - Update [205]: KB2631813 - Update [206]: KB2633171 - Update [207]: KB2638806 - Update [208]: KB2641690-v2 - Update [209]: KB2644615 - Update [210]: KB2646524 - Update [211]: KB2647518 - Update [212]: KB2653956 - Update [213]: KB2656358 - Update [214]: KB2656376 - Update [215]: KB2656376-v2 - Update [216]: KB2659262 - Update [217]: KB2675157 - Update [218]: KB2676562 - Update [219]: KB2685939 - Update [220]: KB2691442 - Update [221]: KB2695962 - Update [222]: KB2698032 - Update [223]: KB2698365 - Update [224]: KB2699988 - Update [225]: KB2705219 - Update [226]: KB2705219-v2 - Update [227]: KB2707511 - Update [228]: KB2709162 - Update [229]: KB2712808 - Update [230]: KB2718523 - Update [231]: KB2718704 - Update [232]: 网卡: 安装了 1 个 NIC。 [01]: HP NC373i Multifunction Gigabit Server Adapter 连接名: 本地连接 启用 DHCP: 否 IP 地址 [01]: **.**.**.**C:\jboss-4.2.1.GA\bin\>
加强安全意识
危害等级:高
漏洞Rank:10
确认时间:2015-11-11 10:38
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发对应分中心,由其后续协调网站管理单位处置。
暂无