当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0162302

漏洞标题:中兴某站命令执行可内网

相关厂商:中兴通讯股份有限公司

漏洞作者: Forever80s

提交时间:2015-12-18 13:51

修复时间:2016-01-28 17:10

公开时间:2016-01-28 17:10

漏洞类型:系统/服务补丁不及时

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-18: 细节已通知厂商并且等待厂商处理中
2015-12-18: 厂商已经确认,细节仅向厂商公开
2015-12-28: 细节向核心白帽子及相关领域专家公开
2016-01-07: 细节向普通白帽子公开
2016-01-17: 细节向实习白帽子公开
2016-01-28: 细节向公众公开

简要描述:

详细说明:

漏洞证明:

http://58.213.14.180/中兴终端线上服务站 400-880-9999 weblogic rce

d:\Oracle\Middleware\user_projects\domains\domain_rma>whoami
whoami
win-7kt81udd6bc\administrator
d:\Oracle\Middleware\user_projects\domains\domain_rma>ipconfig
ipconfig
Windows IP ????
d:\Oracle\Middleware\user_projects\domains\domain_rma>whoami
whoami
win-7kt81udd6bc\administrator
d:\Oracle\Middleware\user_projects\domains\domain_rma>ipconfig
ipconfig
Windows IP ????
??????????? ???????? 5:
????????? DNS ??? . . . . . . . :
???????? IPv6 ???. . . . . . . . : fe80::ec2b:fd91:f0a7:707a%17
IPv4 ??? . . . . . . . . . . . . : 192.168.18.112
???????? . . . . . . . . . . . . : 255.255.255.0
???????. . . . . . . . . . . . . : 192.168.18.1
??????????? ???????? 5:
????????? DNS ??? . . . . . . . :
???????? IPv6 ???. . . . . . . . : fe80::ec2b:fd91:f0a7:707a%17
IPv4 ??? . . . . . . . . . . . . : 192.168.18.112
???????? . . . . . . . . . . . . : 255.255.255.0
???????. . . . . . . . . . . . . : 192.168.18.1



d:\\Oracle\\iddleware\\wlserver_12.1\\common\\templates


Internet ��ַ �����ַ ����
192.168.18.1 00-10-db-ff-20-a0 ��̬
192.168.18.33 00-50-56-9a-56-8b ��̬
192.168.18.111 40-f2-e9-2d-c5-22 ��̬
192.168.18.113 40-f2-e9-2d-40-b2 ��̬
192.168.18.114 40-f2-e9-2d-c3-ba ��̬
192.168.18.255 ff-ff-ff-ff-ff-ff ��̬
224.0.0.22 01-00-5e-00-00-16 ��̬
224.0.0.252 01-00-5e-00-00-fc ��̬
239.255.255.250 01-00-5e-7f-ff-fa ��̬

d:\ ��Ŀ¼
2015/08/19 17:49 <DIR> apache-tomcat-7.0.54
2014/07/09 11:32 10,093,265 apache-tomcat-7.0.54-windows-x86.zip
2015/08/19 17:49 8,465,443 apache-tomcat-7.0.54.rar
2014/07/09 15:04 <DIR> Apache2.2
2014/04/01 17:16 <DIR> apache�ļ�
2014/04/08 16:14 <DIR> database
2015/08/04 14:44 <DIR> Debug
2014/05/06 22:15 <DIR> Everything_1.2.1.371_Fix_XiaZaiBa
2015/06/04 14:11 <DIR> instantclient_11_2
2014/03/06 16:52 <DIR> java+tomcat�ļ�
2014/06/17 10:51 135,944,096 jdk-7u60-windows-x64.exe
2014/12/06 10:14 135,815,584 jdk-7u71-windows-x64.exe
2014/03/27 14:35 3,067 MerPrk.key
2014/04/09 10:47 <DIR> myweb
2014/10/13 15:54 17,777,935 Navicat 8.0 MySQL.zip
2014/10/08 15:10 27,667,826 Navicat Premium.7z
2009/08/14 16:57 9,947,733 navicat8_mysql_cs.zip
2014/04/03 10:33 <DIR> Notepad++
2014/08/19 13:45 <DIR> Oracle
2014/03/19 13:45 <DIR> oracle10G
2015/08/25 11:04 703,940,067 oracle10G.rar
2014/01/16 15:56 1,206 PgPubk.key
2015/10/28 14:01 <DIR> PLSQL Developer
2015/06/03 17:13 15,948,180 PLSQL Developer.7z
2014/09/02 18:11 <DIR> RMA
2014/08/29 20:11 <DIR> ROOT
2015/05/07 11:41 7,777 sf_01.png
2015/04/15 09:10 <DIR> sq_20140415
2014/04/22 17:04 669 testcom.bat
2014/07/14 16:34 <DIR> TomcatServerMonitor1_3
2014/07/15 11:40 1,171,560 TomcatServerMonitor1_3.rar
2014/06/18 13:40 <DIR> VanDyke Software
2015/04/09 15:29 16,310,514 VanDyke Software.rar
2014/09/02 18:12 <DIR> weblogic_test
2015/06/02 16:20 <DIR> WinSCP
2015/07/03 11:45 4,411,934 WinSCP.rar
2015/05/26 13:46 18,013,028 ¼����Ƶ.7z
2014/04/22 17:04 1,039 �ӿ�.txt
2015/06/02 15:34 <DIR> �����ļ�
2015/12/14 16:31 <DIR> ����
18 ���ļ� 1,105,520,923 �ֽ�
22 ��Ŀ¼ 297,882,402,816 �����ֽ�

d:\>net user
net user
\\WIN-7KT81UDD6BC ���û��ʻ�
-------------------------------------------------------------------------------
admin Administrator Guest
public SQldebugger SQLserverupdate
����ɹ���ɡ�

修复方案:

版权声明:转载请注明来源 Forever80s@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-12-18 16:16

厂商回复:

感谢提交~

最新状态:

2015-12-21:洞主能不能私信一个联系方式~为表谢意我们希望送你个小礼物,谢谢~