漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2016-0168560
漏洞标题:悦读网远程执行漏洞影响(影响内网与用户下载)
相关厂商:悦读网
漏洞作者: 路人甲
提交时间:2016-01-09 21:38
修复时间:2016-01-14 21:40
公开时间:2016-01-14 21:40
漏洞类型:系统/服务补丁不及时
危害等级:高
自评Rank:20
漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2016-01-09: 细节已通知厂商并且等待厂商处理中
2016-01-14: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
RT
详细说明:
漏洞证明:
下载地址:http://www.zubunet.com/site/download_software.jsp#down_pc
物理路径 :/opt/jboss-download/server/default/deploy/mag-delivery.war/
在内网:
[/opt/jboss-download/server/default/./tmp/deploy/tmp1602602391040436775is-exp.war/]$ ifconfig -a
eth0 Link encap:Ethernet HWaddr 78:2B:CB:2F:AE:35
inet addr:192.168.20.14 Bcast:192.168.20.255 Mask:255.255.255.0
inet6 addr: fe80::7a2b:cbff:fe2f:ae35/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:85357530 errors:0 dropped:0 overruns:0 frame:0
TX packets:186283670 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3891377419 (3.6 GiB) TX bytes:3751352284 (3.4 GiB)
Interrupt:106 Memory:d6000000-d6012800
eth1 Link encap:Ethernet HWaddr 78:2B:CB:2F:AE:37
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:114 Memory:d8000000-d8012800
eth2 Link encap:Ethernet HWaddr 78:2B:CB:2F:AE:39
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:122 Memory:da000000-da012800
eth3 Link encap:Ethernet HWaddr 78:2B:CB:2F:AE:3B
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:130 Memory:dc000000-dc012800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:305846 errors:0 dropped:0 overruns:0 frame:0
TX packets:305846 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1604269668 (1.4 GiB) TX bytes:1604269668 (1.4 GiB)
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
确定是悦读网。
现在下载换到了http://42.62.53.83
这个应该是之前的老站了。不过在内网,应该内网安全。之前的漏洞没有修复。
修复方案:
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2016-01-14 21:40
厂商回复:
漏洞Rank:4 (WooYun评价)
最新状态:
暂无