乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-10: 细节已通知厂商并且等待厂商处理中 2015-12-14: 厂商已经确认,细节仅向厂商公开 2015-12-24: 细节向核心白帽子及相关领域专家公开 2016-01-03: 细节向普通白帽子公开 2016-01-13: 细节向实习白帽子公开 2016-01-25: 细节向公众公开
RT
地址http://**.**.**.**/hhsi/allusermanager.action?action=inPlatintruduction存在命令执行漏洞
直接getshell服务器
net user
\\LENOVO-CNB6X70U ?????-------------------------------------------------------------------------------Administrator adminx ASPNET Guest IUSR_LENOVO-CNB6X70U IWAM_LENOVO-CNB6X70U SUPPORT_388945a0 ???????
net start?????? Windows ??: 360 ?????????? Application Experience Lookup Service Application Layer Gateway Service COM+ Event System Computer Browser Cryptographic Services DCOM Server Process Launcher DHCP Client DNS Client Event Log Logical Disk Manager Network Connections Network Location Awareness (NLA) NT LM Security Support Provider Plug and Play Protected Storage Remote Access Connection Manager Remote Procedure Call (RPC) Secondary Logon Security Accounts Manager Server Shell Hardware Detection SQL Server (MSSQLSERVER) SQL Server Agent (MSSQLSERVER) SQL Server Browser SQL Server FullText Search (MSSQLSERVER) System Event Notification Task Scheduler TCP/IP NetBIOS Helper Telephony Terminal Services Windows Firewall/Internet Connection Sharing (ICS) Windows Management Instrumentation Wireless Configuration Workstation ???????????
netstat -anoActive Connections Proto Local Address Foreign Address State PID TCP **.**.**.**:80 **.**.**.**:0 LISTENING 8912 TCP **.**.**.**:135 **.**.**.**:0 LISTENING 700 TCP **.**.**.**:445 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1025 **.**.**.**:0 LISTENING 464 TCP **.**.**.**:1433 **.**.**.**:0 LISTENING 1196 TCP **.**.**.**:3389 **.**.**.**:0 LISTENING 1612 TCP **.**.**.**:8009 **.**.**.**:0 LISTENING 8912 TCP **.**.**.**:8090 **.**.**.**:0 LISTENING 5188 TCP **.**.**.**:9112 **.**.**.**:0 LISTENING 5188 TCP **.**.**.**:1026 **.**.**.**:0 LISTENING 1732 TCP **.**.**.**:1433 **.**.**.**:1715 ESTABLISHED 1196 TCP **.**.**.**:1433 **.**.**.**:1918 ESTABLISHED 1196 TCP **.**.**.**:1433 **.**.**.**:2192 ESTABLISHED 1196 TCP **.**.**.**:1434 **.**.**.**:0 LISTENING 1196 TCP **.**.**.**:1715 **.**.**.**:1433 ESTABLISHED 5188 TCP **.**.**.**:1918 **.**.**.**:1433 ESTABLISHED 5188 TCP **.**.**.**:2192 **.**.**.**:1433 ESTABLISHED 5188 TCP **.**.**.**:8005 **.**.**.**:0 LISTENING 8912 TCP **.**.**.**:8112 **.**.**.**:0 LISTENING 5188 TCP **.**.**.**:10101 **.**.**.**:0 LISTENING 836 TCP **.**.**.**:80 **.**.**.**:14514 TIME_WAIT 0 TCP **.**.**.**:80 **.**.**.**:14524 FIN_WAIT_2 8912 TCP **.**.**.**:80 **.**.**.**:14566 ESTABLISHED 8912 TCP **.**.**.**:139 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1084 **.**.**.**:80 CLOSE_WAIT 836 TCP **.**.**.**:1433 **.**.**.**:2755 ESTABLISHED 1196 TCP **.**.**.**:1433 **.**.**.**:2758 ESTABLISHED 1196 TCP **.**.**.**:1433 **.**.**.**:4141 ESTABLISHED 1196 TCP **.**.**.**:1433 **.**.**.**:4314 ESTABLISHED 1196 TCP **.**.**.**:1438 **.**.**.**:80 CLOSE_WAIT 836 TCP **.**.**.**:1465 **.**.**.**:80 CLOSE_WAIT 836 TCP **.**.**.**:1708 **.**.**.**:0 LISTENING 5188 TCP **.**.**.**:1881 **.**.**.**:80 CLOSE_WAIT 836 TCP **.**.**.**:1885 **.**.**.**:80 CLOSE_WAIT 836 TCP **.**.**.**:2172 **.**.**.**:80 CLOSE_WAIT 6268 TCP **.**.**.**:2480 **.**.**.**:80 CLOSE_WAIT 4476 TCP **.**.**.**:2755 **.**.**.**:1433 ESTABLISHED 8912 TCP **.**.**.**:2758 **.**.**.**:1433 ESTABLISHED 8912 TCP **.**.**.**:3138 **.**.**.**:80 CLOSE_WAIT 836 TCP **.**.**.**:3139 **.**.**.**:80 CLOSE_WAIT 836 TCP **.**.**.**:4141 **.**.**.**:1433 ESTABLISHED 8912 TCP **.**.**.**:4314 **.**.**.**:1433 ESTABLISHED 8912 TCP **.**.**.**:4790 **.**.**.**:80 ESTABLISHED 592 UDP **.**.**.**:445 *:* 4 UDP **.**.**.**:1031 *:* 592 UDP **.**.**.**:1048 *:* 2204 UDP **.**.**.**:1049 *:* 2204 UDP **.**.**.**:1051 *:* 2204 UDP **.**.**.**:1110 *:* 2204 UDP **.**.**.**:1125 *:* 4084 UDP **.**.**.**:1128 *:* 2204 UDP **.**.**.**:1129 *:* 2204 UDP **.**.**.**:1158 *:* 836 UDP **.**.**.**:1159 *:* 836 UDP **.**.**.**:1160 *:* 836 UDP **.**.**.**:1161 *:* 836 UDP **.**.**.**:1162 *:* 836 UDP **.**.**.**:1173 *:* 836 UDP **.**.**.**:1434 *:* 1272 UDP **.**.**.**:1877 *:* 836 UDP **.**.**.**:3600 *:* 592 UDP **.**.**.**:3626 *:* 2204 UDP **.**.**.**:3890 *:* 2204 UDP **.**.**.**:3930 *:* 4084 UDP **.**.**.**:4000 *:* 836 UDP **.**.**.**:4398 *:* 2204 UDP **.**.**.**:4399 *:* 2204 UDP **.**.**.**:7500 *:* 5188 UDP **.**.**.**:45566 *:* 5188 UDP **.**.**.**:1414 *:* 836 UDP **.**.**.**:1465 *:* 592 UDP **.**.**.**:137 *:* 4 UDP **.**.**.**:138 *:* 4 UDP **.**.**.**:1707 *:* 5188
net view????? ??-------------------------------------------------------------------------------\\BMWEB \\DB \\FFF-B12D30F08FC \\HHTJ \\HP \\HP-48D3C5720D43 \\HPA3-07 \\JIABINFANGTAN \\LENOVO-CNB6X70U \\LENOVO-E17A58F7 \\MICROSOF-9E7086 \\PC-20141106XVNS \\SVCTAG-94MG72X \\WEB2 \\WENGUANGXINJU \\WIN-6DD7LF36HS3 \\WIN-73HF7DLU0UJ \\XP-201009241646 \\XP-201009241718 \\XPT ???????
net share??? ?? ??-------------------------------------------------------------------------------IPC$ ?? IPC upload E:\upload ???????
ipconfig /allWindows IP Configuration Host Name . . . . . . . . . . . . : lenovo-cnb6x70u Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter ????: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection #2 Physical Address. . . . . . . . . : 00-E0-81-DD-00-88Ethernet adapter ???? 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection Physical Address. . . . . . . . . : 00-E0-81-DD-00-87 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** Default Gateway . . . . . . . . . : **.**.**.** DNS Servers . . . . . . . . . . . : **.**.**.** **.**.**.**
systeminfo???: LENOVO-CNB6X70UOS ??: Microsoft(R) Windows(R) Server 2003, Enterprise EditionOS ??: 5.2.3790 Service Pack 2 Build 3790OS ???: Microsoft CorporationOS ??: ?????OS ????: Multiprocessor Free??????: lx?????: ?? ID: 69813-640-7145452-45532??????: 2012-12-8, 15:27:34??????: 112 ? 3 ?? 38 ? 39 ??????: Lenovo????: Lenovo WQ R520 G7????: X86-based PC???: ??? 4 ????? [01]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2133 Mhz [02]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2133 Mhz [03]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2133 Mhz [04]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2133 MhzBIOS ??: LENOVO - 20111129Windows ??: C:\WINDOWS????: C:\WINDOWS\system32????: \Device\HarddiskVolume1??????: zh-cn;??(??)???????: zh-cn;??(??)??: (GMT+08:00) ????????????????????????: 4,087 MB???????: 2,214 MB????: ???: 5,964 MB????: ??: 3,396 MB????: ???: 2,568 MB??????: C:\pagefile.sys?: WORKGROUP?????: \\LENOVO-CNB6X70U????: ??? 496 ?????? [01]: File 1 [02]: File 1 [03]: File 1 [04]: File 1 [05]: File 1 [06]: File 1 [07]: File 1 [08]: File 1 [09]: File 1 [10]: File 1 [11]: File 1 [12]: File 1 [13]: File 1 [14]: File 1 [15]: File 1 [16]: File 1 [17]: File 1 [18]: File 1 [19]: File 1 [20]: File 1 [21]: File 1 [22]: File 1 [23]: File 1 [24]: File 1 [25]: File 1 [26]: File 1 [27]: File 1 [28]: File 1 [29]: File 1 [30]: File 1 [31]: File 1 [32]: File 1 [33]: File 1 [34]: File 1 [35]: File 1 [36]: File 1 [37]: File 1 [38]: File 1 [39]: File 1 [40]: File 1 [41]: File 1 [42]: File 1 [43]: File 1 [44]: File 1 [45]: File 1 [46]: File 1 [47]: File 1 [48]: File 1 [49]: File 1 [50]: File 1 [51]: File 1 [52]: File 1 [53]: File 1 [54]: File 1 [55]: File 1 [56]: File 1 [57]: File 1 [58]: File 1 [59]: File 1 [60]: File 1 [61]: File 1 [62]: File 1 [63]: File 1 [64]: File 1 [65]: File 1 [66]: File 1 [67]: File 1 [68]: File 1 [69]: File 1 [70]: File 1 [71]: File 1 [72]: File 1 [73]: File 1 [74]: File 1 [75]: File 1 [76]: File 1 [77]: File 1 [78]: File 1 [79]: File 1 [80]: File 1 [81]: File 1 [82]: File 1 [83]: File 1 [84]: File 1 [85]: File 1 [86]: File 1 [87]: File 1 [88]: File 1 [89]: File 1 [90]: File 1 [91]: File 1 [92]: File 1 [93]: File 1 [94]: File 1 [95]: File 1 [96]: File 1 [97]: File 1 [98]: File 1 [99]: File 1 [100]: File 1 [101]: File 1 [102]: File 1 [103]: File 1 [104]: File 1 [105]: File 1 [106]: File 1 [107]: File 1 [108]: File 1 [109]: File 1 [110]: File 1 [111]: File 1 [112]: File 1 [113]: File 1 [114]: File 1 [115]: File 1 [116]: File 1 [117]: File 1 [118]: File 1 [119]: File 1 [120]: File 1 [121]: File 1 [122]: File 1 [123]: File 1 [124]: File 1 [125]: File 1 [126]: File 1 [127]: File 1 [128]: File 1 [129]: File 1 [130]: File 1 [131]: File 1 [132]: File 1 [133]: File 1 [134]: File 1 [135]: File 1 [136]: File 1 [137]: File 1 [138]: File 1 [139]: File 1 [140]: File 1 [141]: File 1 [142]: File 1 [143]: File 1 [144]: File 1 [145]: File 1 [146]: File 1 [147]: File 1 [148]: File 1 [149]: File 1 [150]: File 1 [151]: File 1 [152]: File 1 [153]: File 1 [154]: File 1 [155]: File 1 [156]: File 1 [157]: File 1 [158]: File 1 [159]: File 1 [160]: File 1 [161]: File 1 [162]: File 1 [163]: File 1 [164]: File 1 [165]: File 1 [166]: File 1 [167]: File 1 [168]: File 1 [169]: File 1 [170]: File 1 [171]: File 1 [172]: File 1 [173]: File 1 [174]: File 1 [175]: File 1 [176]: File 1 [177]: File 1 [178]: File 1 [179]: File 1 [180]: File 1 [181]: File 1 [182]: File 1 [183]: File 1 [184]: File 1 [185]: File 1 [186]: File 1 [187]: File 1 [188]: File 1 [189]: File 1 [190]: File 1 [191]: File 1 [192]: File 1 [193]: File 1 [194]: File 1 [195]: File 1 [196]: File 1 [197]: File 1 [198]: File 1 [199]: File 1 [200]: File 1 [201]: File 1 [202]: File 1 [203]: File 1 [204]: File 1 [205]: File 1 [206]: File 1 [207]: File 1 [208]: File 1 [209]: File 1 [210]: File 1 [211]: File 1 [212]: File 1 [213]: File 1 [214]: File 1 [215]: File 1 [216]: File 1 [217]: File 1 [218]: File 1 [219]: File 1 [220]: File 1 [221]: File 1 [222]: File 1 [223]: File 1 [224]: File 1 [225]: File 1 [226]: File 1 [227]: File 1 [228]: File 1 [229]: File 1 [230]: File 1 [231]: File 1 [232]: File 1 [233]: File 1 [234]: File 1 [235]: File 1 [236]: File 1 [237]: File 1 [238]: File 1 [239]: File 1 [240]: File 1 [241]: File 1 [242]: File 1 [243]: Q147222 [244]: KB2604078 - QFE [245]: KB2656358 - QFE [246]: KB2656376-v2 - QFE [247]: KB2698032 - QFE [248]: KB2742604 - QFE [249]: KB2901115 - QFE [250]: KB2972207 - QFE [251]: KB933854 - QFE [252]: KB979907 - QFE [253]: KB975558_WM8 [254]: KB925398_WMP64 [255]: KB2510531-IE8 - Update [256]: KB2909210-IE8 - Update [257]: KB2987107-IE8 - Update [258]: KB3003057-IE8 - Update [259]: KB3008923-IE8 - Update [260]: KB3012176-IE8 - Update [261]: KB3021952-IE8 - Update [262]: KB3032359-IE8 - Update [263]: KB3038314-IE8 - Update [264]: KB3049563-IE8 - Update [265]: KB3058515-IE8 - Update [266]: KB3065822-IE8 - Update [267]: KB3074886-IE8 - Update [268]: KB2564958 - Update [269]: KB2115168 - Update [270]: KB2124261 - Update [271]: KB2229593 - Update [272]: KB2296011 - Update [273]:??: ??? 2 ? NIC? [01]: Intel(R) 82574L Gigabit Network Connection ???: ???? 2 ?? DHCP: ? IP ?? [01]: **.**.**.** [02]: Intel(R) 82574L Gigabit Network Connection ???: ???? ??: ???????
加强安全意识
危害等级:高
漏洞Rank:11
确认时间:2015-12-14 16:47
CNVD确认并复现所述情况,已经转由CNCERT下发给湖南分中心,由其后续协调网站管理单位处置.
暂无