乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-31: 细节已通知厂商并且等待厂商处理中 2016-01-04: 厂商已经确认,细节仅向厂商公开 2016-01-14: 细节向核心白帽子及相关领域专家公开 2016-01-24: 细节向普通白帽子公开 2016-02-03: 细节向实习白帽子公开 2016-02-12: 细节向公众公开
20rank还是值得!
http://113.106.76.91/
jboss配置不当,存在JAVA反序列化命令执行漏洞!ipconfig显示内网!可进行内网探测
net view四十几台主机!
服务器名称 注释-------------------------------------------------------------------------------\\AUTOFTP \\BID \\BYD-ASN \\BYD-BSP \\BYD-FC \\BYD-PO \\BYD-SCMASN \\BYD-SCMFC \\BYD-SCMPO \\BYDPOWER \\DLY-FUTIAN-001 \\DLY-FUTIAN-002 \\EDGE \\EDI1 EDI1 \\EDI5 \\LED-EIP \\NWCP \\PS-CC-SMS1 \\PS-CC4-ELECINTE \\PS-CC4-SFTP2 \\PS-DIV1-FORKLIF \\PS-DIV5-FTP02 \\PS-DLKX-BMAS01 \\PS-DMSCS-WEB1 \\PS-DMSPRD-EXCH \\PS-DMSPRD-WEB \\PS-DMSPRD-WEB01 \\PS-EDI-PROD2 \\PS-EDI-TEST02 \\PS-EDI-TEST03 \\PS-EDI-TEST04 \\PS-ERP-MDMFTP \\PS-ERP-MDMWEB2 \\PS-ERP-MDMWEB3 \\PS-IPRL-PATENT \\PS-MDM-APACHE \\PS-SALES-MAS \\PS-SAP-SAPROUTE \\PS-SRM-APS01 \\PS-ZCB-YKTDB01 \\SFTP SFTP \\SPECIAL \\SVCTAG-DQ4KQ2X \\WIN-4APDCGTCQRC \\XUNIJIIIS 命令成功完成。
直接写shell拿下服务器http://113.106.76.91/she11.jsp
因为是内网,可以对内网进行探测,多个内网系统安全受影响
http://10.9.33.19 >> >>httpd >>Successhttp://10.9.33.80 >> >>Apache >>Successhttp://10.9.33.73 >> ��ʾ��Ϣ - Powered by PHPWind>>nginx >>Successhttp://10.9.33.32 >> >>Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server >>Successhttp://10.9.33.100 >> >>nginx >>Successhttp://10.9.33.87 >> message>>Apache-Coyote/1.1 >>Successhttp://10.9.33.101 >> >>nginx/1.4.4 >>Successhttp://10.9.33.102 >> >>nginx/1.8.0 >>Successhttp://10.9.33.96 >> Index of />>Apache >>Successhttp://10.9.33.72 >> >>Apache/2.2.25 (Win32) >>Successhttp://10.9.33.99 >> >>nginx >>Successhttp://10.9.33.11 >> Login>>Virata-EmWeb/R6_0_1 >>Successhttp://10.9.33.7 >> >>Microsoft-IIS/6.0 >>Successhttp://10.9.33.63 >> >>Apache/2.2.25 (Win32) PHP/5.3.5 >>Successhttp://10.9.33.64 >> 比亚迪叉车官网>>Apache-Coyote/1.1 >>Successhttp://10.9.33.109 >> >>HP-iLO-Server/1.30 >>Successhttp://10.9.33.55 >> ����ƺɽ�����ϵͳ-WEB��>>Apache-Coyote/1.1 >>Successhttp://10.9.33.114 >> Index of />>Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips PHP/5.3.27 >>Successhttp://10.9.33.67 >> IIS7>>Microsoft-IIS/7.0 >>Successhttp://10.9.33.65 >> IIS7>>Microsoft-IIS/7.0 >>Successhttp://10.9.33.90 >> >>Microsoft-IIS/6.0 >>Successhttp://10.9.33.144 >> >>nginx/1.9.5 >>Successhttp://10.9.33.155 >> >>Apache >>Successhttp://10.9.33.154 >> 比亚迪供应商门户>>nginx/1.9.3 >>Successhttp://10.9.33.178 >> >>Microsoft-IIS/7.5 >>Successhttp://10.9.33.177 >> >>Apache/2.2.25 (Win32) >>Successhttp://10.9.33.193 >> >>Apache/2.2.15 (Win32) mod_jk/1.2.28 >>Successhttp://10.9.33.185 >> >>httpd >>Successhttp://10.9.33.189 >> >>Mbedthis-Appweb/2.4.2 >>Successhttp://10.9.33.195 >> >>Apache-Coyote/1.1 >>Successhttp://10.9.33.194 >> >>Apache/2.2.15 (Win32) mod_jk/1.2.28 >>Successhttp://10.9.33.176 >> >>Apache/2.2.25 (Win32) >>Successhttp://10.9.33.198 >> >>nginx/0.9.5 >>Successhttp://10.9.33.192 >> >>Mbedthis-Appweb/2.4.2 >>Successhttp://10.9.33.180 >> >>Mbedthis-Appweb/2.4.2 >>Successhttp://10.9.33.183 >> >>Mbedthis-Appweb/2.4.2 >>Successhttp://10.9.33.191 >> >>Mbedthis-Appweb/2.4.2 >>Successhttp://10.9.33.218 >> developer.bydauto.com.cn>>Apache >>Successhttp://10.9.33.221 >> >>nginx/1.7.7.1 WhiteRabbit >>Successhttp://10.9.33.201 >> >>nginx >>Successhttp://10.9.33.179 >> >>Serv-U/10.0.0.3 >>Successhttp://10.9.33.199 >> >>Microsoft-IIS/7.5 >>Successhttp://10.9.33.222 >> IIS Windows Server>>Microsoft-IIS/8.5 >>Successhttp://10.9.33.242 >> Web user login>>Switch >>Successhttp://10.9.33.241 >> Web user login>>Switch >>Successhttp://10.9.33.243 >> Web user login>>Switch >>Successhttp://10.9.33.213 >> >>Microsoft-IIS/7.5 >>Successhttp://10.9.33.224 >> IIS7>>Microsoft-IIS/7.5 >>Success
48台内网主机系统可进一步深入漫游!!
求20rank!
危害等级:中
漏洞Rank:10
确认时间:2016-01-04 08:38
正在处理,感谢您的报告。
暂无