永诚财产保险某站命令执行(java反序列化)

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0160929

漏洞标题：永诚财产保险某站命令执行(java反序列化)

漏洞作者：路人甲

提交时间：2015-12-13 20:40

修复时间：2015-12-18 20:42

公开时间：2015-12-18 20:42

漏洞类型：命令执行

危害等级：高

自评Rank：15

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-12-13：细节已通知厂商并且等待厂商处理中
2015-12-18：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

永诚财产保险某站命令执行(java反序列化)

详细说明：

http://210.22.85.50/
http://116.236.253.178/

Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp        0      0  *.*                    *.*                    CLOSED
tcp4       0      0  *.*                    *.*                    CLOSED
tcp4       0      0  *.13                   *.*                    LISTEN
tcp        0      0  *.21                   *.*                    LISTEN
tcp        0      0  *.23                   *.*                    LISTEN
tcp4       0      0  *.25                   *.*                    LISTEN
tcp4       0      0  *.37                   *.*                    LISTEN
tcp4       0      0  *.111                  *.*                    LISTEN
tcp        0      0  *.199                  *.*                    LISTEN
tcp        0      0  *.427                  *.*                    LISTEN
tcp        0      0  *.512                  *.*                    LISTEN
tcp        0      0  *.513                  *.*                    LISTEN
tcp        0      0  *.514                  *.*                    LISTEN
tcp        0      0  *.657                  *.*                    LISTEN
tcp        0      0  *.1090                 *.*                    LISTEN
tcp        0      0  *.1098                 *.*                    LISTEN
tcp        0      0  *.1099                 *.*                    LISTEN
tcp4       0      0  *.1334                 *.*                    LISTEN
tcp4       0      0  127.0.0.1.3661         127.0.0.1.63503        ESTABLISHED
tcp4       0      0  127.0.0.1.63503        127.0.0.1.3661         ESTABLISHED
tcp4       0      0  127.0.0.1.3661         127.0.0.1.39120        ESTABLISHED
tcp4       0      0  127.0.0.1.39120        127.0.0.1.3661         ESTABLISHED
tcp4       0      0  *.1920                 *.*                    LISTEN
tcp4       0      0  *.3661                 *.*                    LISTEN
tcp        0      0  *.52812                *.*                    LISTEN
tcp        0      0  *.3873                 *.*                    LISTEN
tcp        0      0  *.4444                 *.*                    LISTEN
tcp        0      0  *.4445                 *.*                    LISTEN
tcp        0      0  *.4446                 *.*                    LISTEN
tcp        0      0  *.4457                 *.*                    LISTEN
tcp        0      0  *.4712                 *.*                    LISTEN
tcp        0      0  *.4713                 *.*                    LISTEN
tcp        0      0  *.5335                 *.*                    LISTEN
tcp        0      0  *.5336                 *.*                    LISTEN
tcp        0      0  *.5988                 *.*                    LISTEN
tcp        0      0  *.5989                 *.*                    LISTEN
tcp4       0      0  *.6000                 *.*                    LISTEN
tcp6       0      0  *.6000                 *.*                    LISTEN
tcp4       0      0  *.6014                 *.*                    LISTEN
tcp4       0      0  *.6112                 *.*                    LISTEN
tcp        0      0  *.6181                 *.*                    LISTEN
tcp        0      0  *.6987                 *.*                    LISTEN
tcp        0      0  *.6988                 *.*                    LISTEN
tcp4       0      0  *.56666                *.*                    LISTEN
tcp4       0      0  *.56667                *.*                    LISTEN
tcp        0      0  *.8009                 *.*                    LISTEN
tcp        0      0  *.8083                 *.*                    LISTEN
tcp4       0      0  *.32768                *.*                    LISTEN
tcp        0      0  *.32769                *.*                    LISTEN
tcp4       0      0  *.32770                *.*                    LISTEN
tcp4       0      0  *.32771                *.*                    LISTEN
tcp4       0      0  *.32772                *.*                    LISTEN
tcp        0      0  *.32777                *.*                    LISTEN
tcp        0      0  *.32781                *.*                    LISTEN
tcp        0      0  *.32782                *.*                    LISTEN
tcp4       0      0  *.8787                 *.*                    LISTEN
tcp4       0      0  *.9090                 *.*                    LISTEN
tcp        0      0  *.9510                 *.*                    LISTEN
tcp        0      0  *.10000                *.*                    LISTEN
tcp4       0      0  *.10110                *.*                    LISTEN
tcp        0      0  *.11000                *.*                    LISTEN
tcp        0      0  *.11009                *.*                    LISTEN
tcp        0      0  *.11083                *.*                    LISTEN
tcp        0      0  *.11090                *.*                    LISTEN
tcp        0      0  *.11098                *.*                    LISTEN
tcp        0      0  *.11099                *.*                    LISTEN
tcp        0      0  *.35726                *.*                    LISTEN
tcp        0      0  *.35802                *.*                    LISTEN
tcp        0      0  *.11444                *.*                    LISTEN
tcp        0      0  *.11445                *.*                    LISTEN
tcp        0      0  *.11446                *.*                    LISTEN
tcp        0      0  *.11457                *.*                    LISTEN
tcp4       0      0  127.0.0.1.56670        *.*                    LISTEN
tcp        0      0  *.11712                *.*                    LISTEN
tcp        0      0  *.11713                *.*                    LISTEN
tcp        0      0  *.11873                *.*                    LISTEN
tcp4       0      0  127.0.0.1.63500        127.0.0.1.63501        ESTABLISHED
tcp4       0      0  127.0.0.1.63501        127.0.0.1.63500        ESTABLISHED
tcp4       0      0  10.1.146.30.33244      10.11.66.102.63358     ESTABLISHED
tcp4       0      0  127.0.0.1.39121        127.0.0.1.39122        ESTABLISHED
tcp4       0      0  127.0.0.1.39122        127.0.0.1.39121        ESTABLISHED
tcp        0      0  *.13233                *.*                    LISTEN
tcp4       0      0  127.0.0.1.9514         *.*                    LISTEN
tcp4       0      0  127.0.0.1.9515         *.*                    LISTEN
tcp4       0      0  10.1.146.30.56676      10.1.3.60.1918         ESTABLISHED
tcp4       0      0  *.14206                *.*                    LISTEN
tcp        0      0  *.14248                *.*                    LISTEN
tcp4       0      0  *.63498                *.*                    LISTEN
tcp4       0      0  *.63499                *.*                    LISTEN
tcp4       0      0  *.39117                *.*                    LISTEN
tcp4       0      0  *.39118                *.*                    LISTEN
tcp        0      0  127.0.0.1.35730        *.*                    LISTEN
tcp        0      0  127.0.0.1.35807        *.*                    LISTEN
tcp        0      0  10.1.146.30.35795      10.1.146.31.61616      ESTABLISHED
tcp        0      0  10.1.146.30.35866      10.1.146.31.61616      ESTABLISHED
tcp        0      0  *.16191                *.*                    LISTEN
tcp6       0      0  ::1.32775                                     ::1.32776                                     CLOSE_WAIT
tcp4       0      0  10.1.146.30.10000      10.1.162.30.35745      ESTABLISHED
tcp4       0      0  127.0.0.1.63500        *.*                    LISTEN
tcp4       0      0  127.0.0.1.39121        *.*                    LISTEN
tcp4       0      0  127.0.0.1.56670        127.0.0.1.56671        ESTABLISHED
tcp4       0      0  127.0.0.1.56671        127.0.0.1.56670        ESTABLISHED
tcp4       0      0  127.0.0.1.56670        127.0.0.1.56677        ESTABLISHED
tcp4       0      0  127.0.0.1.56677        127.0.0.1.56670        ESTABLISHED
tcp4       0      0  127.0.0.1.1920         127.0.0.1.63502        ESTABLISHED
tcp4       0      0  127.0.0.1.63502        127.0.0.1.1920         ESTABLISHED
tcp4       0      0  127.0.0.1.1920         127.0.0.1.39119        ESTABLISHED
tcp4       0      0  127.0.0.1.39119        127.0.0.1.1920         ESTABLISHED
udp4       0      0  *.*                    *.*                   
udp4       0      0  *.*                    *.*                   
udp4       0      0  *.*                    *.*                   
udp4       0      0  *.*                    *.*                   
udp4       0      0  *.*                    *.*                   
udp4       0      0  *.13                   *.*                   
udp4       0      0  *.37                   *.*                   
udp4       0      0  *.111                  *.*                   
udp        0      0  *.161                  *.*                   
udp4       0      0  *.177                  *.*                   
udp        0      0  *.427                  *.*                   
udp        0      0  *.514                  *.*                   
udp4       0      0  *.518                  *.*                   
udp        0      0  *.657                  *.*                   
udp4       0      0  *.2279                 *.*                   
udp4       0      0  *.32770                *.*                   
udp4       0      0  *.32772                *.*                   
udp4       0      0  *.32777                *.*                   
udp4       0      0  *.32782                *.*                   
udp4       0      0  *.32789                *.*                   
udp4       0      0  *.32796                *.*                   
udp4       0      0  *.32803                *.*                   
udp4       0      0  *.32806                *.*                   
udp        0      0  *.32828                *.*                   
udp        0      0  *.32829                *.*                   
udp        0      0  *.14252                *.*                   
udp        0      0  *.14253                *.*                   
udp        0      0  *.64054                *.*                   
Active UNIX domain sockets
SADR/PCB         Type   Recv-Q Send-Q      Inode            Conn             Refs           Nextref      Addr
f1000e0001559008 stream      0      0 f1000a0600be9820                0                0                0 /tmp/dpi_socket
f1000e0001556c00
f1000e000155bc08 dgram       0      0 f1000a0600c2a820                0                0                0 /dev/.SRC-unix/SRCaZamag
f1000e0001556480
f1000e0006076008 dgram       0      0 f1000a0600c2a020                0 f1000e0001556200                0 /dev/log
f1000e0006075900
f1000e0000005008 stream      0      0 f1000a0600a4a820                0                0                0 /tmp/.X11-unix/X0
f1000e0000002200
f1000e0001555008 dgram       0      0 f1000a0600c35c20                0                0                0 /dev/.SRC-unix/SRCUZamaa
f1000e0000002600
f1000e0001551008 dgram       0      0 f1000a0600c16820                0                0                0 /dev/.SRC-unix/SRCVJamab
f1000e0001556000
f1000e000155dc08 dgram       0      0 f1000a0600c0ac20                0                0                0 /dev/.SRC-unix/SRCaZamah
f1000e0001556800
f1000e0006076808 dgram       0      0 f1000a0600bfa020                0                0                0 /dev/.SRC-unix/SRC-Yamad
f1000e0006075b80
f1000e00002b1808 dgram       0      0 f1000a0600c47420                0                0                0 /dev/.SRC-unix/SRCV-amac
f1000e0006075180
f1000e0006076c08 dgram       0      0 f1000a0600c15820                0                0                0 /dev/SRC
f1000e0006075880
f1000e000607a408 dgram       0      0 f1000a0600bfa820                0                0                0 /dev/.SRC-unix/SRCaJamaf
f1000e0006075080
f1000e0001555408 dgram       0      0 f1000a0600c3a020                0                0                0 /dev/.SRC-unix/SRC-Zamae
f1000e0001556980
f1000e000155d808 dgram       0      0 f1000a0600c4ac20                0                0                0 /dev/.SRC-unix/SRCaIamai
f1000e0000002180
f1000e0001559808 dgram       0      0                0 f1000e0006075900                0                0
f1000e0001556d80
f1000e000156cc08 dgram       0      0 f1000a0600c4dc20                0                0                0 /dev/.SRC-unix/SRCdZamaj
f1000e0001556700
f1000e00002a7408 stream      0      0                0 f1000e0006075800                0                0
f1000e0006075e00
f1000e0006071c08 dgram       0      0                0 f1000e0006075900                0 f1000e0001556d80
f1000e0006075100
f1000e000155d408 dgram       0      0 f1000a060128c820                0                0                0 /dev/.SRC-unix/SRCBLamam
f1000e0001556500
f1000e0001577408 stream      0      0 f1000a060123c420                0                0                0 /var/ct/IW/soc/mc/RMIBM.DRM.0
f1000e0001556180
f1000e000607a008 stream      0      0 f1000a0600fa3c20                0                0                0 /etc/cluster/clcomd_sec
f1000e0006075200
f1000e000156bc08 stream      0      0 f1000a0600fbe420                0                0                0 /var/cim/elasocket_cimv2
f1000e0001556a80
f1000e000607b008 stream      0      0 f1000a06012c3c20                0                0                0 /var/ct/IW/soc/mc/RMIBM.ServiceRM.0
f1000e0006075000
f1000e0001561808 stream      0      0 f1000a06012bd820                0                0                0 /var/ct/IW/soc/mc/RMIBM.CSMAgentRM.0
f1000e0001556a00
f1000e000157c008 dgram       0      0 f1000a0601196420                0                0                0 /dev/.SRC-unix/SRC4Kamak
f1000e0001556e80
f1000e00003e3008 stream      0      0                0                0                0                0
f1000e00003e2b80
f1000e0006853008 stream      0      0 f1000a060157d820                0                0                0 /opt/freeware/cimom/pegasus/etc/cimxml.socket
f1000e0000300780
f1000e000157a808 stream      0      0                0 f1000e0001556080                0                0 /var/ct/IW/soc/mc/RMIBM.ServiceRM.0
f1000e0001556f00
f1000e0006850808 dgram       0      0 f1000a06012ba020                0                0                0 /dev/.SRC-unix/SRC0Lamal
f1000e0006075c00
f1000e0006066408 stream      0      0                0 f1000e0006075e00                0                0 /var/ct/IW/soc/mc/RMIBM.DRM.0
f1000e0006075800
f1000e0000163008 stream      0      0 f1000a0601298420                0                0                0 /var/ct/IW/soc/mc/clsrv
f1000e0000162880
f1000e0000163808 stream      0      0 f1000a0601288c20                0                0                0 /var/ct/IW/soc/mc/rmsrv
f1000e0000162800
f1000e000fbe8408 stream      0      0                0                0                0                0
f1000e0000162500
f1000e0006853c08 stream      0      0                0 f1000e0006075a80                0                0
f1000e0000300580
f1000e000607f808 stream      0      0                0 f1000e0000300580                0                0 /var/ct/IW/soc/mc/RMIBM.CSMAgentRM.0
f1000e0006075a80
f1000e0006852808 dgram       0      0 f1000a0601312c20                0                0                0 /dev/.SRC-unix/SRCEZamao
f1000e00002a6080
f1000e0001576408 stream      0      0                0 f1000e0001556f00                0                0
f1000e0001556080
f1000e000156f408 dgram       0      0                0 f1000e0006075900                0 f1000e0006075100
f1000e0001556200
f1000e00003ea008 stream      0      0                0                0                0                0
f1000e0006138800
f1000e001449f408 stream      0      0                0 f1000e00003e2a80                0                0
f1000e00003e2300
f1000e001ef7b408 stream      0      0                0                0                0                0
f1000e00143adf00
f1000e0014483008 stream      0      0                0 f1000e00003e2d00                0                0
f1000e00003e2a00
f1000e000156c008 stream      0      0 f1000a0660e67c20                0                0                0 /opt/IBM/ITM/aix526/ux/bin/pasipc/.pas_wd_sock
f1000e0002077480
f1000e0006121408 stream      0      0                0 f1000e00003e2300                0                0
f1000e00003e2a80
f1000e00003e9c08 stream      0      0                0 f1000e00003e2a00                0                0
f1000e00003e2d00
f1000e000ff7c808 stream      0      0                0 f1000e0000162900                0                0
f1000e000ff53380
f1000e000fbec408 stream      0      0                0 f1000e000ff53380                0                0
f1000e0000162900
f1000e000718b808 stream      0      0 f1000a0660f17c20                0                0                0 /opt/IBM/ITM/aix526/ux/bin/pasipc/.pas_sock
f1000e00143bc900
f1000e000feea808 stream      0      0                0                0                0                0
f1000e000ffb1380
f1000e001449e808 stream      0      0                0                0                0                0
f1000e001458d980

root:!:0:0::/:/usr/bin/ksh
daemon:!:1:1::/etc:
bin:!:2:2::/bin:
sys:!:3:3::/usr/sys:
adm:!:4:4::/var/adm:
uucp:!:5:5::/usr/lib/uucp:
guest:!:100:100::/home/guest:
nobody:!:4294967294:4294967294::/:
lpd:!:9:4294967294::/:
lp:*:11:11::/var/spool/lp:/bin/false
invscout:*:6:12::/var/adm/invscout:/usr/bin/ksh
snapp:*:200:13:snapp login user:/usr/sbin/snapp:/usr/sbin/snappd
ipsec:*:201:1::/etc/ipsec:/usr/bin/ksh
nuucp:*:7:5:uucp login user:/var/spool/uucppublic:/usr/sbin/uucp/uucico
pconsole:*:8:0::/var/adm/pconsole:/usr/bin/ksh
esaadmin:*:10:0::/var/esa:/usr/bin/ksh
ebiz:!:202:201::/home/ebiz:/usr/bin/ksh
tivoli:*:203:1::/home/tivoli:/usr/bin/ksh

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2015-12-18 20:42

厂商回复：

漏洞Rank：4 (WooYun评价)

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0160929

漏洞标题：永诚财产保险某站命令执行(java反序列化)

相关厂商：永诚财产保险股份有限公司

漏洞作者：路人甲

提交时间：2015-12-13 20:40

修复时间：2015-12-18 20:42

公开时间：2015-12-18 20:42

漏洞类型：命令执行

危害等级：高

自评Rank：15

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0160929

漏洞标题：永诚财产保险某站命令执行(java反序列化)

相关厂商：永诚财产保险股份有限公司

漏洞作者： 路人甲

提交时间：2015-12-13 20:40

修复时间：2015-12-18 20:42

公开时间：2015-12-18 20:42

漏洞类型：命令执行

危害等级：高

自评Rank：15

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0160929"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云