当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0173615

漏洞标题:先声药业某重要系统(涉及大量内部信息/可扫描内网/涉及内网多台主机安全)

相关厂商:先声药业

漏洞作者: 路人甲

提交时间:2016-01-29 16:04

修复时间:2016-03-14 15:10

公开时间:2016-03-14 15:10

漏洞类型:命令执行

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-29: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-03-14: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

先声药业某重要系统(涉及大量内部信息/可扫描内网/涉及内网多台主机安全)

详细说明:

http://crm.isimcere.com:7380/OnDemand/loginAction.action 销售行为管理系统
存在st2命令执行以及jboss命令执行,通过写shell,扫描内网,收集众多数据,涉及多个域
近期时间有限,要不然真想来个内网大漫游!!

漏洞证明:

st2.png


11111.png

192.168.6.2:1521 >>> Open
192.168.6.3:135 >>> Open
192.168.6.3:443 >>> Open
192.168.6.3:1433 >>> Open
192.168.6.4:135 >>> Open
192.168.6.4:8080 >>> Open
192.168.6.5:443 >>> Open
192.168.6.4:443 >>> Open
192.168.6.4:3389 >>> Open
192.168.6.6:135 >>> Open
192.168.6.6:3306 >>> Open
192.168.6.6:3389 >>> Open
192.168.6.8:1433 >>> Open
192.168.6.8:3389 >>> Open
192.168.6.3:3389 >>> Open
192.168.6.9:1521 >>> Open
192.168.6.10:80 >>> Open
192.168.6.10:21 >>> Open
192.168.6.10:135 >>> Open
192.168.6.10:3389 >>> Open
192.168.6.11:80 >>> Open
192.168.6.13:135 >>> Open
192.168.6.13:1433 >>> Open
192.168.6.13:3389 >>> Open
192.168.6.14:1521 >>> Open
192.168.6.15:1433 >>> Open
192.168.6.15:3306 >>> Open
192.168.6.15:3389 >>> Open
192.168.6.17:135 >>> Open
192.168.6.17:3389 >>> Open
192.168.6.18:135 >>> Open
192.168.6.18:3389 >>> Open
192.168.6.18:1521 >>> Open
192.168.6.20:135 >>> Open
192.168.6.20:1521 >>> Open
192.168.6.20:3389 >>> Open
192.168.6.20:3306 >>> Open
192.168.6.21:3389 >>> Open
192.168.6.22:3389 >>> Open
192.168.6.24:135 >>> Open
192.168.6.24:3389 >>> Open
192.168.6.24:8080 >>> Open
192.168.6.25:443 >>> Open
192.168.6.5:80 >>> Open
192.168.6.7:80 >>> Open
192.168.6.8:135 >>> Open
192.168.6.25:3306 >>> Open
192.168.6.25:8080 >>> Open
192.168.6.25:27017 >>> Open
192.168.6.6:21 >>> Open
192.168.6.7:1433 >>> Open
192.168.6.7:135 >>> Open
192.168.6.7:3306 >>> Open
192.168.6.6:80 >>> Open
192.168.6.26:3306 >>> Open
192.168.6.26:8080 >>> Open
192.168.6.26:27017 >>> Open
192.168.6.7:3389 >>> Open
192.168.6.27:3306 >>> Open
192.168.6.27:8080 >>> Open
192.168.6.28:80 >>> Open
192.168.6.28:443 >>> Open
192.168.6.28:8080 >>> Open
192.168.6.29:3306 >>> Open
192.168.6.30:80 >>> Open
192.168.6.30:443 >>> Open
192.168.6.31:135 >>> Open
192.168.6.15:80 >>> Open
192.168.6.17:80 >>> Open
192.168.6.15:135 >>> Open
192.168.6.32:135 >>> Open
192.168.6.21:135 >>> Open
192.168.6.16:80 >>> Open
192.168.6.16:3306 >>> Open
192.168.6.16:8080 >>> Open
192.168.6.33:135 >>> Open
192.168.6.21:21 >>> Open
192.168.6.34:135 >>> Open
192.168.6.35:80 >>> Open
192.168.6.35:135 >>> Open
192.168.6.35:3389 >>> Open
192.168.6.36:80 >>> Open
192.168.6.36:3306 >>> Open
192.168.6.36:443 >>> Open
192.168.6.36:8080 >>> Open
192.168.6.39:443 >>> Open
192.168.6.22:135 >>> Open
192.168.6.39:3389 >>> Open
192.168.6.40:1521 >>> Open
192.168.6.42:21 >>> Open
192.168.6.42:8080 >>> Open
192.168.6.44:135 >>> Open
192.168.6.44:3389 >>> Open
192.168.6.45:21 >>> Open
192.168.6.47:1521 >>> Open
192.168.6.31:80 >>> Open
192.168.6.49:1521 >>> Open
192.168.6.51:21 >>> Open
192.168.6.51:80 >>> Open
192.168.6.51:135 >>> Open
192.168.6.51:3306 >>> Open
192.168.6.51:3389 >>> Open
192.168.6.52:21 >>> Open
192.168.6.52:80 >>> Open
192.168.6.52:135 >>> Open
192.168.6.52:3306 >>> Open
192.168.6.52:3389 >>> Open
192.168.6.53:80 >>> Open
192.168.6.53:135 >>> Open
192.168.6.53:3306 >>> Open
192.168.6.53:3389 >>> Open
192.168.6.54:135 >>> Open
192.168.6.54:1433 >>> Open
192.168.6.54:3389 >>> Open
192.168.6.55:21 >>> Open
192.168.6.55:135 >>> Open
192.168.6.55:1433 >>> Open
192.168.6.55:3306 >>> Open
192.168.6.55:3389 >>> Open
192.168.6.56:21 >>> Open
192.168.6.56:80 >>> Open
192.168.6.56:135 >>> Open
192.168.6.39:135 >>> Open
192.168.6.56:3306 >>> Open
192.168.6.56:3389 >>> Open
192.168.6.40:21 >>> Open
192.168.6.57:1521 >>> Open
192.168.6.58:21 >>> Open
192.168.6.58:80 >>> Open
192.168.6.58:135 >>> Open
192.168.6.58:3306 >>> Open
192.168.6.58:3389 >>> Open
192.168.6.59:21 >>> Open
192.168.6.59:135 >>> Open
192.168.6.59:3389 >>> Open
192.168.6.60:135 >>> Open
192.168.6.60:3389 >>> Open
192.168.6.62:80 >>> Open
192.168.6.62:135 >>> Open
192.168.6.62:1433 >>> Open
192.168.6.62:3389 >>> Open
192.168.6.63:21 >>> Open
192.168.6.63:8080 >>> Open
192.168.6.65:80 >>> Open
192.168.6.65:443 >>> Open
192.168.6.53:21 >>> Open
192.168.6.54:21 >>> Open
192.168.6.54:80 >>> Open
192.168.6.66:80 >>> Open
192.168.6.67:80 >>> Open
192.168.6.68:135 >>> Open
192.168.6.68:3389 >>> Open
192.168.6.69:21 >>> Open
192.168.6.69:80 >>> Open
192.168.6.69:135 >>> Open
192.168.6.69:1521 >>> Open
192.168.6.69:3389 >>> Open
192.168.6.69:8080 >>> Open
192.168.6.70:21 >>> Open
192.168.6.70:80 >>> Open
192.168.6.70:135 >>> Open
192.168.6.70:443 >>> Open
192.168.6.70:3306 >>> Open
192.168.6.70:3389 >>> Open
192.168.6.70:8080 >>> Open
192.168.6.71:80 >>> Open
192.168.6.64:80 >>> Open
192.168.6.72:135 >>> Open
192.168.6.72:1433 >>> Open
192.168.6.72:3389 >>> Open
192.168.6.74:21 >>> Open
192.168.6.74:135 >>> Open
192.168.6.74:3389 >>> Open
192.168.6.75:135 >>> Open
192.168.6.75:1433 >>> Open
192.168.6.75:3389 >>> Open
192.168.6.77:80 >>> Open
192.168.6.77:135 >>> Open
192.168.6.77:443 >>> Open
192.168.6.77:3306 >>> Open
192.168.6.77:3389 >>> Open
192.168.6.77:8080 >>> Open
192.168.6.78:80 >>> Open
192.168.6.78:135 >>> Open
192.168.6.78:443 >>> Open
192.168.6.78:3306 >>> Open
192.168.6.78:3389 >>> Open
192.168.6.78:8080 >>> Open
192.168.6.80:80 >>> Open
192.168.6.80:443 >>> Open
192.168.6.81:1433 >>> Open
192.168.6.81:3389 >>> Open
192.168.6.82:80 >>> Open
192.168.6.83:80 >>> Open
192.168.6.83:443 >>> Open
192.168.6.84:80 >>> Open
192.168.6.81:135 >>> Open
192.168.6.84:443 >>> Open
192.168.6.85:80 >>> Open
192.168.6.85:443 >>> Open
192.168.6.86:443 >>> Open
192.168.6.87:80 >>> Open
192.168.6.87:443 >>> Open
192.168.6.88:80 >>> Open
192.168.6.88:135 >>> Open
192.168.6.86:80 >>> Open
192.168.6.88:3389 >>> Open
192.168.6.89:443 >>> Open
192.168.6.90:80 >>> Open
192.168.6.90:443 >>> Open
192.168.6.91:80 >>> Open
192.168.6.91:443 >>> Open
192.168.6.89:80 >>> Open
192.168.6.92:80 >>> Open
192.168.6.92:443 >>> Open
192.168.6.94:80 >>> Open
192.168.6.94:443 >>> Open
192.168.6.95:443 >>> Open
192.168.6.96:80 >>> Open
192.168.6.96:135 >>> Open
192.168.6.96:1521 >>> Open
192.168.6.96:3389 >>> Open
192.168.6.97:443 >>> Open
192.168.6.97:80 >>> Open
192.168.6.98:80 >>> Open
192.168.6.98:443 >>> Open
192.168.6.95:80 >>> Open
192.168.6.99:80 >>> Open
192.168.6.99:443 >>> Open
192.168.6.100:80 >>> Open
192.168.6.100:443 >>> Open
192.168.6.101:80 >>> Open
192.168.6.102:80 >>> Open
192.168.6.101:21 >>> Open
192.168.6.102:21 >>> Open
192.168.6.109:21 >>> Open
192.168.6.109:80 >>> Open
192.168.6.109:135 >>> Open
192.168.6.109:1433 >>> Open
192.168.6.109:1521 >>> Open
192.168.6.109:3389 >>> Open
192.168.6.112:80 >>> Open
192.168.6.116:80 >>> Open
192.168.6.116:135 >>> Open
192.168.6.116:443 >>> Open
192.168.6.116:1433 >>> Open
192.168.6.116:3389 >>> Open
192.168.6.117:135 >>> Open
192.168.6.117:1433 >>> Open
192.168.6.117:3389 >>> Open
192.168.6.112:21 >>> Open
192.168.6.118:135 >>> Open
192.168.6.118:3389 >>> Open
192.168.6.119:80 >>> Open
192.168.6.119:443 >>> Open
192.168.6.117:80 >>> Open
192.168.6.121:1521 >>> Open
192.168.6.123:80 >>> Open
192.168.6.123:135 >>> Open
192.168.6.123:1433 >>> Open
192.168.6.123:3389 >>> Open
192.168.6.124:21 >>> Open
192.168.6.124:135 >>> Open
192.168.6.124:3389 >>> Open
192.168.6.124:8080 >>> Open
192.168.6.126:21 >>> Open
192.168.6.126:135 >>> Open
192.168.6.126:3389 >>> Open
192.168.6.126:8080 >>> Open
192.168.6.127:135 >>> Open
192.168.6.127:1433 >>> Open
192.168.6.127:3389 >>> Open
192.168.6.127:8080 >>> Open
192.168.6.138:135 >>> Open
192.168.6.138:80 >>> Open
192.168.6.138:443 >>> Open
192.168.6.138:3306 >>> Open
192.168.6.138:3389 >>> Open
192.168.6.140:80 >>> Open
192.168.6.140:135 >>> Open
192.168.6.140:1433 >>> Open
192.168.6.140:3389 >>> Open
192.168.6.143:135 >>> Open
192.168.6.143:3389 >>> Open
192.168.6.145:8080 >>> Open
192.168.6.150:135 >>> Open
192.168.6.150:3389 >>> Open
192.168.6.151:135 >>> Open
192.168.6.151:1521 >>> Open
192.168.6.151:3389 >>> Open
192.168.6.152:80 >>> Open
192.168.6.152:135 >>> Open
192.168.6.152:3389 >>> Open
192.168.6.153:3389 >>> Open
192.168.6.154:135 >>> Open
192.168.6.154:3389 >>> Open
192.168.6.155:21 >>> Open
192.168.6.156:1521 >>> Open
192.168.6.153:80 >>> Open
192.168.6.153:135 >>> Open
192.168.6.160:21 >>> Open
192.168.6.160:135 >>> Open
192.168.6.160:3389 >>> Open
192.168.6.161:135 >>> Open
192.168.6.161:3389 >>> Open
192.168.6.162:443 >>> Open
192.168.6.162:80 >>> Open
192.168.6.170:80 >>> Open
192.168.6.170:135 >>> Open
192.168.6.170:3389 >>> Open
192.168.6.172:135 >>> Open
192.168.6.172:1521 >>> Open
192.168.6.172:3389 >>> Open
192.168.6.173:80 >>> Open
192.168.6.173:135 >>> Open
192.168.6.173:3389 >>> Open
192.168.6.175:135 >>> Open
192.168.6.175:3389 >>> Open
192.168.6.180:80 >>> Open
192.168.6.180:135 >>> Open
192.168.6.180:3389 >>> Open
192.168.6.182:80 >>> Open
192.168.6.182:135 >>> Open
192.168.6.182:3389 >>> Open
192.168.6.183:1521 >>> Open
192.168.6.185:1521 >>> Open
192.168.6.187:1521 >>> Open
192.168.6.192:80 >>> Open
192.168.6.192:443 >>> Open
192.168.6.193:80 >>> Open
192.168.6.193:443 >>> Open
192.168.6.194:135 >>> Open
192.168.6.194:3389 >>> Open
192.168.6.195:135 >>> Open
192.168.6.195:1433 >>> Open
192.168.6.195:3389 >>> Open
192.168.6.196:80 >>> Open
192.168.6.196:135 >>> Open
192.168.6.196:443 >>> Open
192.168.6.196:3389 >>> Open
192.168.6.197:80 >>> Open
192.168.6.197:135 >>> Open
192.168.6.197:443 >>> Open
192.168.6.197:3389 >>> Open
192.168.6.198:80 >>> Open
192.168.6.198:135 >>> Open
192.168.6.198:443 >>> Open
192.168.6.198:3389 >>> Open
192.168.6.199:80 >>> Open
192.168.6.199:135 >>> Open
192.168.6.199:443 >>> Open
192.168.6.199:3389 >>> Open
192.168.6.202:21 >>> Open
192.168.6.202:1521 >>> Open
192.168.6.206:21 >>> Open
192.168.6.206:135 >>> Open
192.168.6.206:3389 >>> Open
192.168.6.209:135 >>> Open
192.168.6.209:3389 >>> Open
192.168.6.211:80 >>> Open
192.168.6.213:135 >>> Open
192.168.6.213:3389 >>> Open
192.168.6.209:80 >>> Open
192.168.6.217:80 >>> Open
192.168.6.217:135 >>> Open
192.168.6.217:443 >>> Open
192.168.6.217:3389 >>> Open
192.168.6.218:135 >>> Open
192.168.6.218:3389 >>> Open
192.168.6.223:21 >>> Open
192.168.6.223:135 >>> Open
192.168.6.223:3389 >>> Open
192.168.6.225:80 >>> Open
192.168.6.225:135 >>> Open
192.168.6.225:443 >>> Open
192.168.6.225:3389 >>> Open
192.168.6.226:80 >>> Open
192.168.6.226:135 >>> Open
192.168.6.226:443 >>> Open
192.168.6.226:3389 >>> Open
192.168.6.227:80 >>> Open
192.168.6.227:135 >>> Open
192.168.6.227:443 >>> Open
192.168.6.227:3389 >>> Open
192.168.6.228:135 >>> Open
192.168.6.228:443 >>> Open
192.168.6.228:3389 >>> Open
192.168.6.229:80 >>> Open
192.168.6.229:443 >>> Open
192.168.6.231:80 >>> Open
192.168.6.231:443 >>> Open
192.168.6.231:3306 >>> Open
192.168.6.231:8080 >>> Open
192.168.6.232:135 >>> Open
192.168.6.232:3389 >>> Open
192.168.6.233:80 >>> Open
192.168.6.233:135 >>> Open
192.168.6.233:443 >>> Open
192.168.6.233:8080 >>> Open
192.168.6.233:3389 >>> Open
192.168.6.234:80 >>> Open
192.168.6.234:443 >>> Open
192.168.6.228:80 >>> Open
192.168.6.236:80 >>> Open
192.168.6.236:135 >>> Open
192.168.6.236:1433 >>> Open
192.168.6.236:3389 >>> Open
192.168.6.237:80 >>> Open
192.168.6.237:135 >>> Open
192.168.6.237:1433 >>> Open
192.168.6.237:3389 >>> Open
192.168.6.238:135 >>> Open
192.168.6.238:3389 >>> Open
192.168.6.239:80 >>> Open
192.168.6.239:3306 >>> Open
192.168.6.246:135 >>> Open
192.168.6.246:3389 >>> Open
192.168.6.246:21 >>> Open
192.168.6.252:21 >>> Open
192.168.6.253:80 >>> Open

http://192.168.6.5 >> Redirecting...>>XDaemon v1.0 >>Success
http://192.168.6.11 >> Redirecting...>>XDaemon v1.0 >>Success
http://192.168.6.36 >> ???????????>>Apache/2.2.6 (Unix) mod_ssl/2.2.6 PHP/5.2.4 >>Success
http://192.168.6.54 >> >>Microsoft-IIS/6.0 >>Success
http://192.168.6.77 >> ????????????>>Apache-Coyote/1.1 >>Success
http://192.168.6.78 >> ????????????>>Apache-Coyote/1.1 >>Success
http://192.168.6.88 >> ??????????>>Apache-Coyote/1.1 >>Success
http://192.168.6.53 >> ????????????????>>Apache/2.2.9 (APMServ) PHP/5.2.6 >>Success
http://192.168.6.56 >> ?????????????????>>Apache/2.2.9 (APMServ) PHP/5.2.6 >>Success
http://192.168.6.52 >> ?????????????????>>Apache/2.2.9 (APMServ) PHP/5.2.6 >>Success
http://192.168.6.16 >> 登录>>Apache-Coyote/1.1 >>Success
http://192.168.6.87 >> >>null >>Success
http://192.168.6.95 >> >>null >>Success
http://192.168.6.98 >> >>null >>Success
http://192.168.6.83 >> >>null >>Success
http://192.168.6.51 >> ?????????????????>>Apache/2.2.9 (APMServ) PHP/5.2.6 >>Success
http://192.168.6.71 >> 先声药业信息门户导航页面>>Apache >>Success
http://192.168.6.80 >> >>null >>Success
http://192.168.6.89 >> >>null >>Success
http://192.168.6.85 >> >>null >>Success
http://192.168.6.90 >> >>null >>Success
http://192.168.6.91 >> >>null >>Success
http://192.168.6.84 >> >>null >>Success
http://192.168.6.66 >> >>Apache >>Success
http://192.168.6.100 >> >>null >>Success
http://192.168.6.99 >> >>null >>Success
http://192.168.6.94 >> >>null >>Success
http://192.168.6.96 >> >>Apache-Coyote/1.1 >>Success
http://192.168.6.86 >> >>null >>Success
http://192.168.6.97 >> >>null >>Success
http://192.168.6.67 >> >>Apache >>Success
http://192.168.6.92 >> >>null >>Success
http://192.168.6.119 >> >>GoAhead-Webs >>Success
http://192.168.6.101 >> >>null >>Success
http://192.168.6.6 >> ?????????????????>>Apache/2.2.9 (APMServ) PHP/5.2.6 >>Success
http://192.168.6.58 >> ?????????????????>>Apache/2.2.9 (APMServ) PHP/5.2.6 >>Success
http://192.168.6.7 >> >>Microsoft-IIS/6.0 >>Success
http://192.168.6.70 >> ????????????>>Apache-Coyote/1.1 >>Success
http://192.168.6.31 >> >>Apache/2.2.9 (Win32) PHP/5.2.6 >>Success
http://192.168.6.109 >> >>Apache-Coyote/1.1 >>Success
http://192.168.6.15 >> >>Microsoft-IIS/6.0 >>Success
http://192.168.6.82 >> >>nginx/1.6.0 >>Success
http://192.168.6.30 >> 身份认证系统>> >>Success
http://192.168.6.138 >> 先声培训主页>>Apache/2.4.10 (Win32) OpenSSL/1.0.1h PHP/5.4.34 >>Success
http://192.168.6.28 >> Test Page for the Nginx HTTP Server on EPEL>>nginx/1.0.15 >>Success
http://192.168.6.152 >> >>Microsoft-IIS/6.0 >>Success
http://192.168.6.153 >> >>Microsoft-IIS/7.5 >>Success
http://192.168.6.162 >> >>Apache-Coyote/1.1 >>Success
http://192.168.6.173 >> Welcome to JBoss?>>Apache-Coyote/1.1 >>Success
http://192.168.6.192 >> >>null >>Success
http://192.168.6.193 >> >>null >>Success
http://192.168.6.180 >> 360企业安全部署>>IocpServer >>Success
http://192.168.6.196 >> VMware Horizon>>null >>Success
http://192.168.6.197 >> VMware Horizon>>null >>Success
http://192.168.6.211 >> >>Resin/2.1.16 >>Success
http://192.168.6.198 >> VMware Horizon>>null >>Success
http://192.168.6.199 >> VMware Horizon>>null >>Success
http://192.168.6.209 >> Welcome to JBoss?>>Apache-Coyote/1.1 >>Success
http://192.168.6.217 >> >>null >>Success
http://192.168.6.225 >> VMware Horizon>>null >>Success
http://192.168.6.226 >> VMware Horizon>>null >>Success
http://192.168.6.227 >> VMware Horizon>>null >>Success
http://192.168.6.228 >> VMware Horizon>>null >>Success
http://192.168.6.229 >> >>null >>Success
http://192.168.6.231 >> ???????????>>Apache/2.2.6 (Unix) mod_ssl/2.2.6 PHP/5.2.4 >>Success
http://192.168.6.233 >> >>null >>Success
http://192.168.6.234 >> >>null >>Success
http://192.168.6.239 >> test>>Apache-Coyote/1.1 >>Success
http://192.168.6.253 >> >>Eudemon Server 1.0 >>Success
http://192.168.6.10 >> >>Microsoft-IIS/6.0 >>Success
http://192.168.6.237 >> >>Microsoft-IIS/7.5 >>Success
http://192.168.6.116 >> >>Microsoft-IIS/6.0 >>Success

http://crm.isimcere.com:7380/ma3/ma3.jsp  carry

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)