乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-06-23: 细节已通知厂商并且等待厂商处理中 2016-06-23: 厂商已经确认,细节仅向厂商公开 2016-07-03: 细节向核心白帽子及相关领域专家公开 2016-07-05: 厂商已经修复漏洞并主动公开,细节向公众公开
weblogic反序列化命令执行
st2命令执行也没修http://yfpt.csc.com.cn:8080/km/login.dhtml
http://yfpt.csc.com.cn:8080存在weblogic发序列化命令执行漏洞
大量内网信息
Interface: 10.101.28.201 --- 0x10004 Internet Address Physical Address Type 10.101.28.4 00-00-0c-07-ac-04 dynamic 10.101.28.5 00-25-b4-db-96-80 dynamic 10.101.28.6 00-25-b4-db-96-40 dynamic 10.101.28.16 a4-ba-db-4d-19-21 dynamic 10.101.28.20 54-9f-35-22-32-40 dynamic 10.101.28.80 00-26-b9-47-fd-b3 dynamic 10.101.28.81 00-26-b9-47-fa-5d dynamic 10.101.28.116 84-2b-2b-76-72-e2 dynamic 10.101.28.132 00-50-56-ba-4d-c0 dynamic 10.101.28.158 00-50-56-ba-05-a7 dynamic 10.101.28.200 84-2b-2b-5c-39-49 dynamic 10.101.28.218 00-21-97-01-23-fc dynamic 10.101.28.223 00-17-08-58-56-3c dynamic 10.101.28.228 00-10-db-ff-20-00 dynamic 10.101.28.230 00-1b-78-ca-dd-02 dynamic 10.101.28.231 00-50-56-ba-3d-80 dynamic 10.101.29.25 00-22-19-6a-89-95 dynamic 10.101.29.144 00-1e-0b-1f-b5-da dynamic
Server Name Remark-------------------------------------------------------------------------------\\CC-OA-ISABY \\CSC-FINANCE6 \\CSC_FINANCE3 \\CSC_FINANCE5 \\CSCBJ_MAIL \\CSCBJ_NOTES \\JF-AD3 \\JF-ALDBY \\JF-ALDZY \\JF-ALGO-CALC1 \\JF-ALGO-CALC2 \\JF-ALGO-ENGINE1 \\JF-ALGO-ENGINE2 jf-algo-engine2 \\JF-AUDIT-WEB4 \\JF-AUTO-OP \\JF-AUTO-YYB \\JF-AUTOCENTRWEB \\JF-CA \\JF-CALL-CCSBJ \\JF-CALL-CCXPBY \\JF-CALL-CCXPZY \\JF-CALL-JIGOU \\JF-CALL-XPMID1 \\JF-CALL-XPMID2 \\JF-CERT-YGS1 \\JF-CERT-YGS2 \\JF-CERT-YGS3 \\JF-CITRIX-BJ1 \\JF-CITRIX-BJ3 \\JF-DUANXIN-144 \\JF-DUANXIN-145 \\JF-DUANXIN-146 \\JF-DUANXIN-248 \\JF-DUANXIN-DB1 \\JF-DUANXIN-ZYDB \\JF-DZJY-SZ \\JF-EPOSERVER \\JF-HESUAN-NET1 \\JF-HQ-108HQ \\JF-HQ-DATA \\JF-HQ-FHSERVER \\JF-HQ-HHHQ \\JF-HQ-SHVLAN4 \\JF-HQ-SZVLAN4 \\JF-HQ-UCTVLAN4 \\JF-INFO-GA \\JF-INFO-GABAK \\JF-JC-MID \\JF-JFJKBY \\JF-JFJKZY \\JF-JZ-MONITOR \\JF-KDS28 \\JF-MFB-YWJ \\JF-OA-NOTES3 jf-oa-notes3 \\JF-OF-SVR1 \\JF-QH-POBOPTBY jf-qh-poboptby \\JF-QH-POBOPTZY jf-qh-poboptzy \\JF-SC-FILETRANS \\JF-SCOM \\JF-SCOM1 \\JF-SJCJ-11 \\JF-SJCJ-50 \\JF-SJZX-BB \\JF-SJZX-SIPF1 \\JF-SOLARWINDS \\JF-TAPEBACK-1 \\JF-TAPEBACK-2 \\JF-TAPEBACK-3 \\JF-TS-APPL \\JF-TS-DB \\JF-TS-GATE \\JF-TS-GATE1 \\JF-TS-GATE2 \\JF-TS-JYGWBY \\JF-TS-JYGWZY \\JF-V-AUTODB \\JF-V-AUTOJOBWEB \\JF-WEB-DB \\JF-WEB-T3 \\JF-WEB-T7 \\JF-WEB-T8 \\JF-WEB-T9 \\JF-WEBJY-006 jf-webjy-006 \\JF-WEBJY-108MS1 \\JF-WEBJY-108MS2 \\JF-WEBJY-140 \\JF-WEBJY-CENTER \\JF-WEBJY-HQSEND \\JF-WEBJY-IP \\JF-WEBJY-LOG \\JF-WEBJY-MID149 \\JF-WEBJY-MID47 \\JF-WX-SQL \\JF-XWGL-DBBY \\JF-XWGL-DBZY \\JF-YF-ZSGL2 \\JF-YF-ZSGL3 \\JF-YXXT-01 \\JF-YXXT-02 \\JF-YXXT-03 \\JF-YXXT-04 \\JF-YXXT-05 \\JF-YXXT-06 \\JF-ZBYXHC \\JF-ZCGL-GZDB0 \\JF-ZCGL-GZDB1 \\JF-ZCGL-TADB0 \\JF-ZCGL-TADB1 \\ZXJT-AY27IMKPBR The command completed successfully.
找到绝对路径后写shellD:/weblogic_domains/base_domain/servers/YfptServer/tmp/_WL_internal/uddiexplorer/hys9u6/warhttp://yfpt.csc.com.cn:8080/uddiexplorer/wooyun.jsp?o=vLogin密码ninty
大量内部信息
补丁,删除shell
危害等级:中
漏洞Rank:10
确认时间:2016-06-23 11:35
正在确认中
2016-07-05:漏洞已修复
