乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-28: 细节已通知厂商并且等待厂商处理中 2016-04-28: 厂商已经确认,细节仅向厂商公开 2016-05-08: 细节向核心白帽子及相关领域专家公开 2016-05-18: 细节向普通白帽子公开 2016-05-28: 细节向实习白帽子公开 2016-06-12: 细节向公众公开
好久没冒泡了
漏洞站点
http://soa.dongputech.com:7010/
存在weblogic反序列化漏洞
cat /usr/local/nginx/conf/nginx.conf
worker_processes 4;google_perftools_profiles /tmp/tcmalloc; events { worker_connections 8192;}http { # 1 ip geo $limited { default 1; 127.0.0.1/32 0; 10.0.0.0/16 0; 10.3.0.0/16 0; 10.4.0.0/16 0; 10.10.0.0/16 0; 192.168.1.0/24 0; 192.168.105.0/24 0; 58.40.18.71/32 0; 218.83.242.38/32 0; 116.228.72.131 0; 222.72.45.34 0; 211.103.142.2/32 0; } map $limited $limit { 1 $binary_remote_addr; 0 ""; } limit_req_zone $limit zone=one:10m rate=300r/m; limit_req zone=one burst=20; # 2 config include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server_tokens off; # 3 zip gzip on; gzip_min_length 4096; gzip_buffers 4 8k; gzip_types text/* text/css application/javascript application/x-javascript; gzip_comp_level 1; gzip_vary on; gzip_http_version 1.1; # 4 server server { listen 11113; server_name localhost; root /yd; access_log /dev/null; error_log /dev/null; index index.php; error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # 5 filter if ($request_uri ~* "(cost\()|(concat\()") { return 404; } if ($request_uri ~* "[+|(%20)]union[+|(%20)]") { return 404; } if ($request_uri ~* "[+|(%20)]and[+|(%20)]") { return 404; } if ($request_uri ~* "[+|(%20)]select[+|(%20)]") { return 404; } if ( $query_string ~* ".*[\;'\<\>].*" ){ return 404; } # 6 match location ~ \.jsp$ { proxy_set_header Host $host:11113; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:7001; } location ~ \.(js|htm|html|xml|txt|jpg|gif|png|css|ico|xsl|swf|zip|exe|doc|docx|xls|xlsx)$ { expires 1h; } # 7 status location /nginx_status { stub_status on; access_log off; allow 10.0.2.0/24; deny all; } }}
系统自带nmap,可直接进行扫描。架设socks可进一步对内网进行渗透,就不深入了
程序猿懂得
危害等级:低
漏洞Rank:5
确认时间:2016-04-28 19:13
感谢指出,我们将及时修复
暂无