漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0165664
漏洞标题:驊訊電子某网站JAVA反序列化命令执行(臺灣地區)
相关厂商:驊訊電子
漏洞作者: 路人甲
提交时间:2015-12-29 16:54
修复时间:2016-02-12 18:49
公开时间:2016-02-12 18:49
漏洞类型:命令执行
危害等级:高
自评Rank:20
漏洞状态:已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-12-29: 细节已通知厂商并且等待厂商处理中
2015-12-31: 厂商已经确认,细节仅向厂商公开
2016-01-10: 细节向核心白帽子及相关领域专家公开
2016-01-20: 细节向普通白帽子公开
2016-01-30: 细节向实习白帽子公开
2016-02-12: 细节向公众公开
简要描述:
详细说明:
驊訊電子某网站JAVA反序列化命令执行,可渗透全域数百台机器!
**.**.**.**:8086/
这个用户就是域管理员。。。。。。
這項要求會在網域 **.**.**.** 下的網域控制站處理。
使用者名稱 ilovecbjms
全名 CM-09-網域管理員
註解 管理電腦/網域的內建帳戶
使用者的註解
國碼 (地區碼) 000 (系統預設值)
帳戶使用中 Yes
帳戶到期 從不
上次設定密碼 2015/4/10 下午 03:13:50
密碼到期 從不
可變更密碼 2015/4/11 下午 03:13:50
請輸入密碼 Yes
使用者可以變更密碼 Yes
容許的工作站 全部
登入指令檔 c_user.bat
使用者設定檔
主目錄
上次登入時間 2015/12/29 上午 10:31:20
可容許的登入時數 全部
本機群組會員 *Administrators *Backup Operators
*Server Operators
全域群組會員 *Enterprise Admins *03-Spam Mail 管理群組
*Organization Manageme*TS_New_ERP
*Group Policy Creator *Domain Admins
*Schema Admins *SMEX Admin Group
*Domain Users
命令已經成功完成。
這項要求會在網域 **.**.**.** 下的網域控制站處理。
群組名稱 Domain Computers
註解 所有已加入網域的工作站及伺服器
成員
-------------------------------------------------------------------------------
A-C1-R664-0-ENG$ A-C1-R864-0-ENG$ A-C1-VU64-2-ENG$
A-C2-SU32-0-ENG$ A-C2-VU64-2-ENG$ A-C3-VU32-2-ENG$
A-C3-XP32-3-MUL$ A-C4-R864-0-ENG$ ARVIN-PC$
CM-AP-01$ CM-APS-01$ CM-APS-02$
CM-APS-03$ CM-APS-04$ CM-BACKUP-01$
CM-BI-00$ CM-BI-01$ CM-BT-01$
CM-BW-02$ CM-CRM-01$ CM-DB-TS-01$
CM-DC-01$ CM-DC-02$ CM-DC-03$
CM-EF-00$ CM-ERP-00$ CM-ERP-01$
CM-FAX-01$ CM-FILE-00$ CM-FILE-02$
CM-FS-01$ CM-HV-01$ CM-IVV-01$
CM-JIRA-01$ CM-MANTIS-01$ CM-MANTIS-02$
CMM-EF00000130$ CMM-EF00000153$ CM-MOM-01$
CM-MON-01$ CM-MONITOR-01$ CM-MOSS-01$
CM-MS-01$ CM-MS-02$ CM-MSS-01$
CM-MSS-02$ CM-NB-00000007$ CM-NB-00000012$
CMNB-00000053$ CM-NB-00000053$ CM-NB-00000075$
CM-NB-00000097$ CM-NB-9509015$ CM-NB-9509016$
CM-NB-9509052$ CMNB-CIK-TMP$ CMNB-EF000000$
CMNB-EF00000000$ CMNB-EF00000018$ CMNB-EF00000024$
CMNB-EF00000031$ CMNB-EF00000038$ CMNB-EF00000054$
CMNB-EF00000059$ CMNB-EF00000061$ CMNB-EF00000064$
CMNB-EF00000067$ CMNB-EF00000071$ CMNB-EF00000078$
CMNB-EF00000083$ CMNB-EF00000084$ CMNB-EF00000089$
CMNB-EF00000092$ CMNB-EF00000093$ CMNB-EF00000094$
CMNB-EF00000096$ CMNB-EF00000097$ CMNB-EF00000098$
CMNB-EF00000104$ CMNB-EF00000106$ CMNB-EF00000108$
CMNB-EF00000110$ CMNB-EF00000119$ CMNB-EF00000120$
CMNB-EF00000121$ CMNB-EF00000130$ CMNB-EF00000131$
CMNB-EF00000132$ CMNB-EF00000133$ CMNB-EF00000134$
CMNB-EF00000135$ CMNB-EF00000136$ CMNB-EF00000137$
CMNB-EF00000148$ CMNB-EF00000150$ CMNB-EF00000152$
CMNB-EF00000154$ CMNB-EF00000156$ CMNB-EF00000158$
CMNB-EF00000163$ CMNB-EF00000169$ CMNB-EF00000171$
CMNB-EF00000172$ CMNB-EF00000183$ CMNB-EF00000184$
CMNB-EF00000185$ CMNB-EF00000188$ CMNB-EF00000191$
CMNB-EF00000192$ CMNB-EF00000195$ CMNB-EF00000196$
CMNB-EF00000198$ CMNB-EF0000019A$ CMNB-EF00000200$
CMNB-EF00000206$ CMNB-EF00000208$ CMNB-EF00000228$
CMNB-EF00000231$ CMNB-EF00000243$ CMNB-EF00000252$
CMNB-EF00000254$ CMNB-EF00000257$ CMNB-EF00000266$
CMNB-EF00000267$ CMNB-EF00000269$ CMNB-EF00000270$
CMNB-EF00000271$ CMNB-EF00000274$ CMNB-EF00000282$
CMNB-EF00000285$ CMNB-EF00000288$ CMNB-EF00000290$
CMNB-EF00000291$ CMNB-EF00000296$ CMNB-EF00000317$
CMNB-EF00000336$ CMNB-EF00000337$ CMNB-EF00000339$
CMNB-EF00000344$ CMNB-EF00000345$ CMNB-EF00000346$
CMNB-EF00000349$ CMNB-EF00000353$ CMNB-EF00000357$
CMNB-EF00000358$ CMNB-EF00000362$ CMNB-EF00000365$
CMNB-EF00000369$ CMNB-EF00000370$ CMNB-EF00000392$
CMNB-EF00000394$ CMNB-EF00000397$ CMNB-EF00000398$
CMNB-EF00000400$ CMNB-EF00000402$ CMNB-EF00000410$
CMNB-EF00000522$ CMNB-EF00000525$ CMNB-EF00000532$
CMNB-EF00000534$ CMNB-EF00000537$ CMNB-EF00000538$
CMNB-EF00000539$ CMNB-EF00000540$ CMNB-EF00000543$
CMNB-EF00000546$ CMNB-EF00000549$ CMNB-EF00000554$
CMNB-EF00000569$ CMNB-EF00000570$ CMNB-EF00000576$
CMNB-EF00000577$ CMNB-EF00000589$ CMNB-EF00000590$
CMNB-EF0000093$ CMNB-EF0000134$ CMNB-EF0000150$
CMNB-EF000257W7$ CMNB-EF09607001$ CMNB-EF9703001$
CMNB-EF9703028$ CMNB-EF9707001$ CMNB-EZ00000356$
CMNB-EZ9309015$ CMNB-EZ9412130$ CMNB-EZ9502009$
CMNB-EZ9503021$ CMNB-EZ9503024$ CMNB-EZ9504001$
CMNB-EZ9507015$ CMNB-EZ9508011$ CMNB-EZ9509052$
CMNB-EZ9509053$ CMNB-FF00000018$ CMNB-FF00000031$
CMNB-FF00000032$ CMNB-FF00000038$ CMNB-FF00000040$
CMNB-FF00000075$ CMNB-FF00000079$ CMNB-FF00000082$
CMNB-FF00000083$ CMNB-FF00000084$ CMNB-FF00000086$
CMNB-FF00000087$ CMNB-FF00000109$ CMNB-FF00000110$
CMNB-FF00000125$ CMNB-FF00000126$ CMNB-FF00000127$
CMNB-FF00000128$ cmnb-ff00000130$ CMNB-FF00000156$
CMNB-FF00000169$ CMNB-FF00000171$ CMNB-FF00000214$
CMNB-FF00000215$ CMNB-FF00000216$ CMNB-FF00000217$
CMNB-FF00000218$ CMNB-FF00000219$ CMNB-FF0000082$
CMNB-FF9703090$ CMNB-R00721$ CM-PC-09605100$
CM-PC-9509001$ CM-PC-9509003$ CMPC-9510022$
CMPC-EF00000001$ CMPC-EF00000003$ CMPC-EF00000008$
CMPC-EF00000019$ CMPC-EF00000026$ CMPC-EF00000027$
CMPC-EF00000029$ CMPC-EF00000031$ CMPC-EF00000035$
CMPC-EF00000036$ CMPC-EF00000038$ CMPC-EF00000043$
CMPC-EF00000048$ CMPC-EF00000049$ CMPC-EF00000052$
CMPC-EF00000056$ CMPC-EF00000063$ CMPC-EF00000065$
CMPC-EF00000066$ CMPC-EF00000068$ CMPC-EF00000072$
CMPC-EF00000077$ CMPC-EF00000081$ CMPC-EF00000082$
CMPC-EF00000086$ CMPC-EF00000087$ CMPC-EF00000090$
CMPC-EF00000099$ CMPC-EF00000100$ CMPC-EF00000104$
CMPC-EF00000105$ CMPC-EF00000109$ CMPC-EF00000110$
CMPC-EF00000113$ CMPC-EF00000114$ CMPC-EF00000128$
CMPC-EF00000129$ CMPC-EF00000138$ CMPC-EF00000139$
CMPC-EF00000140$ CMPC-EF00000141$ CMPC-EF00000142$
CMPC-EF00000143$ CMPC-EF00000144$ CMPC-EF00000145$
CMPC-EF00000146$ CMPC-EF00000149$ CMPC-EF00000150$
CMPC-EF00000155$ CMPC-EF00000159$ CMPC-EF00000160$
CMPC-EF00000163$ CMPC-EF00000164$ CMPC-EF00000165$
CMPC-EF00000166$ CMPC-EF00000168$ CMPC-EF00000173$
CMPC-EF00000174$ CMPC-EF00000175$ CMPC-EF00000179$
CMPC-EF00000181$ CMPC-EF00000189$ CMPC-EF00000193$
CMPC-EF00000197$ CMPC-EF00000201$ CMPC-EF00000202$
CMPC-EF00000207$ CMPC-EF00000215$ CMPC-EF00000216$
CMPC-EF00000219$ CMPC-EF00000220$ CMPC-EF00000222$
CMPC-EF00000223$ CMPC-EF00000227$ CMPC-EF00000232$
CMPC-EF00000234$ CMPC-EF00000239$ CMPC-EF00000240$
CMPC-EF00000241$ CMPC-EF00000244$ CMPC-EF00000246$
CMPC-EF00000247$ CMPC-EF00000251$ CMPC-EF00000259$
CMPC-EF00000260$ CMPC-EF00000272$ CMPC-EF00000273$
CMPC-EF00000275$ CMPC-EF00000280$ CMPC-EF00000281$
CMPC-EF00000283$ CMPC-EF00000284$ CMPC-EF00000333$
CMPC-EF00000335$ CMPC-EF00000347$ CMPC-EF00000372$
CMPC-EF00000391$ CMPC-EF00000395$ CMPC-EF00000399$
CMPC-EF00000405$ CMPC-EF00000408$ CMPC-EF00000533$
CMPC-EF00000535$ CMPC-EF00000541$ CMPC-EF00000552$
CMPC-EF00000572$ CMPC-EF00000573$ CMPC-EF00000574$
CMPC-EF00000575$ CMPC-EF0000068$ CMPC-EF000097$
CMPC-EF0000O134$ CMPC-EF000219$ CMPC-EF09605082$
CMPC-EF09612001$ CMPC-EZ00000038$ CMPC-EZ00000039$
CMPC-EZ00000149$ CMPC-EZ9108130$ CMPC-EZ9206098$
CMPC-EZ9406046$ CMPC-EZ9406047$ CMPC-EZ9407048$
CMPC-EZ9411073$ CMPC-EZ9412118$ CMPC-EZ9412119$
CMPC-EZ9500212$ CMPC-EZ9500246$ CMPC-EZ9502002$
CMPC-EZ9502006$ CMPC-EZ9503001$ CMPC-EZ9503019$
CMPC-EZ9503023$ CMPC-EZ9507010$ CMPC-EZ9508019$
CMPC-EZ9509009$ CMPC-EZ9509018$ CMPC-EZ9509050$
CMPC-EZ9510004$ CMPC-EZ9510006$ CMPC-EZ9510017$
CMPC-EZ9510018$ CMPC-EZ9510020$ CMPC-EZ9510025$
CMPC-EZ9510026$ CMPC-FF00000003$ CMPC-FF00000005$
CMPC-FF00000038$ CMPC-FF0000004$ CMPC-FF0000005$
CMPC-FF00000130$ CMPC-FF00000131$ CMPC-FF00000133$
CMPC-FF00000134$ CMPC-FF00000135$ CMPC-FF00000137$
CMPC-FF00000138$ CMPC-FF00000141$ CMPC-FF00000142$
CMPC-FF00000144$ CMPC-FF00000145$ CMPC-FF00000146$
CMPC-FF00000147$ CMPC-FF00000148$ CMPC-FF00000150$
CMPC-FF00000165$ CMPC-FF00000181$ CMPC-FF00000187$
CMPC-FF0000I501$ CMPC-FF0000I502$ CMPC-FF0000I52$
CMPC-FF0000I701$ CMPC-FF0000I702$ CMPC-FF0000VMM2$
CMPC-FF9109041$ CMPC-FF9502003$ CMPC-FF9502004$
CMPC-FF9502006$ CMPC-FF9509002$ CMPC-FF9509003$
CMPC-JULIANTEST$ CMPC-R00640$ CMPC-R00962$
CMPC-R01046$ CMPC-R01272$ CMPC-RD9405007$
CMPC-VM-01$ CM-PHOTOSHARE$ CM-PM-01$
CM-RP-01$ CM-SVN-01$ CM-SVS-01$
cm-swap-01$ CM-SWCC-01$ CM-TMS-01$
CM-TS-00$ CM-VPN-01$ CM-WINTON-00$
CWLIN-PC$ DAFU-PC$ DEBUGTEST$
EF00000104$ ERIC-IMAC2014$ EZ-PC-09703016$
GM-FF10305005$ GMNB-FF10305005$ GMPC-FF10307006$
GUNB-EZ10308008$ IP-NB-09608001$ IP-NB-09710001$
IT-FS-01$ JACK-MACWIN8164$ JIMMYLI-WIN7X64$
JIMMYLI-WIN7X86$ JIMMYLI-XPX64$ JIMMYLI-XPX86$
KR-PC-09812016$ KU-PC-09605002$ KU-PC-09605003$
KU-PC-09605006$ KU-PC-09605013$ KU-PC-09605023$
KU-PC-09605027$ KU-PC-09605032$ KU-PC-09605048$
KU-PC-09605060$ KU-PC-09605076$ KU-PC-09605082$
KU-PC-09605094$ KU-PC-09605100$ LEON-M2N-WIN7$
LEON-V32-TEST$ LEON-V64-TEST$ LEON-W732-TEST$
LEON-W764-TEST$ LEON-XP32-TEST$ LEON-XP64-TEST$
LUKE-LENOVOX201$ MAC-EF00000218$ MAC-EF00000524$
MAC-EF00000525$ MAC-EF00000550$ MAC-FF00000121$
MAC-FF00000122$ MAC-FF00000123$ MAC-FF00000124$
MAC-FF00000213$ P5GZMX-WIN7$ SONY-TX17TP$
SONY-Z35TN$ TACHUN-TABLET$ TEST-555798DE65$
TIMBERWANG-VAIO$ TP-AP-00$ TP-AP-01$
TP-AP-02$ TP-DCC-01$ TP-DCC-02$
TP-DR-01$ TP-EF-TEST$ TP-ERP-AP01$
TP-ERP-AP02$ TP-ERP-DB$ TP-ERP-DB01$
TP-ERP-EF$ TP-ERP-EIS$ TP-ERP-GS$
TP-ERP-TEST$ TP-ERP-TS01$ TP-ERP-WTS01$
TP-ERP-WTS02$ TP-ES-01$ TP-ES-02$
TP-FS-00$ TP-FS-01$ TP-GP-TEST$
TP-KMS-01$ TP-MBX-01$ TP-MBX-02$
TP-RP-01$ TP-SCCM-01$ TP-SCCM2007$
TP-TS-00$ TP-TS-01$ TP-TSG-01$
TP-VC-00$ TP-VC-01$ TP-WHQL-01$
TP-WSUS-01$ USER-PC$ VMM3$
W2K-SECURITY$ W7-APC-01$ W7-CWLIN$
WAYNE-IMAC2014$ WEI-PC$ WIN-KE765HI843L$
WINXP-CWLIN$ WWW-TACHUN-PC01$ WWW-TACHUN-PC02$
WXP-APC-01$ WXP-CWLIN$ WXP-CWLIN-PC03$
WXP-DLEE-00$ WXP-JHSIEH-PC01$ WXP-JHUANG-02$
WXP-MR-01$ WXP-MR-02$ WXP-MR-03$
WXP-MR-04$ WXP-MR-05$ WXP-MR-06$
WXP-MR-07$ WXP-MR-08$ WXP-MR-09$
WXP-SCHIU-PC02$ WXP-SECURITY-01$ WXP-SECURITY-02$
WXP-SECURITY-03$ WXP-TS-01$ WXP-TS-02$
YLPC-FF00000129$ YLPC-FF00000130$ YLPC-FF00000132$
YLPC-FF00000134$ YLPC-FF00000136$ YLPC-FF00000137$
YLPC-FF00000138$ YLPC-FF00000139$ YLPC-FF00000140$
YLPC-FF00000141$ YLPC-FF00000143$ YLPC-FF00000145$
YLPC-FF00000149$ YL-VC-01$
命令已經成功完成。
漏洞证明:
同上
修复方案:
更新,打补丁。
还有,我就问问jboss干嘛要给个域管的权限?
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:18
确认时间:2015-12-31 01:49
厂商回复:
感謝通報
最新状态:
暂无