当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-035693

漏洞标题:中国移动爱动垂直营销推广联盟系统存在命令执行漏洞及数据库泄露

相关厂商:中国移动

漏洞作者: Restriedarea

提交时间:2013-08-30 17:11

修复时间:2013-10-14 17:11

公开时间:2013-10-14 17:11

漏洞类型:命令执行

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-08-30: 细节已通知厂商并且等待厂商处理中
2013-09-03: 厂商已经确认,细节仅向厂商公开
2013-09-13: 细节向核心白帽子及相关领域专家公开
2013-09-23: 细节向普通白帽子公开
2013-10-03: 细节向实习白帽子公开
2013-10-14: 细节向公众公开

简要描述:

中国移动爱动垂直营销推广联盟系统存在命令执行漏洞及数据库泄露

详细说明:

http://139.mobzj.com
root pts/2 125.118.51.236 Fri Aug 30 11:38 - 11:39 (00:01)
root pts/1 125.118.51.236 Fri Aug 30 09:06 still logged in
root pts/2 122.234.50.205 Thu Aug 29 15:03 - 18:45 (03:41)
root pts/1 122.234.50.205 Thu Aug 29 09:13 - 19:19 (10:06)
root pts/1 122.234.50.205 Thu Aug 29 09:12 - 09:12 (00:00)
root pts/2 122.234.50.205 Wed Aug 28 09:40 - 18:45 (09:05)
root pts/1 122.234.50.205 Wed Aug 28 09:38 - 15:31 (05:53)
root pts/3 122.234.50.205 Tue Aug 27 12:36 - 12:38 (00:02)
root pts/2 122.234.50.205 Tue Aug 27 12:30 - 13:14 (00:44)
root pts/1 122.234.50.205 Tue Aug 27 09:37 - 13:14 (03:37)
root pts/2 122.234.50.205 Mon Aug 26 14:20 - 15:14 (00:54)
root pts/1 122.234.50.205 Mon Aug 26 13:23 - 18:45 (05:21)
root pts/1 122.234.50.205 Mon Aug 26 12:00 - 12:52 (00:51)
root pts/1 122.234.50.205 Mon Aug 26 09:53 - 10:00 (00:07)
root pts/1 125.118.49.247 Sun Aug 25 16:56 - 18:10 (01:14)
root pts/2 125.118.49.247 Sun Aug 25 13:13 - 14:57 (01:43)
root pts/1 125.118.49.247 Sun Aug 25 12:46 - 15:10 (02:24)
root pts/1 125.118.49.247 Sat Aug 24 10:23 - 13:53 (03:30)
root pts/2 125.118.49.247 Fri Aug 23 16:15 - 19:26 (03:10)
root pts/1 125.118.49.247 Fri Aug 23 16:15 - 19:26 (03:11)
root pts/5 125.118.49.247 Fri Aug 23 14:24 - 15:15 (00:51)
root pts/3 125.118.49.247 Fri Aug 23 13:34 - 16:14 (02:40)
root pts/2 125.118.49.247 Fri Aug 23 13:34 - 16:14 (02:40)
root pts/1 125.118.49.247 Fri Aug 23 13:34 - 16:14 (02:40)
root pts/3 125.118.49.247 Fri Aug 23 10:23 - 12:38 (02:14)
root pts/2 125.118.49.247 Fri Aug 23 10:20 - 12:38 (02:17)
root pts/1 125.118.49.247 Fri Aug 23 09:21 - 12:38 (03:16)
root pts/2 125.118.49.247 Thu Aug 22 13:32 - 16:28 (02:55)
root pts/1 125.118.49.247 Thu Aug 22 13:31 - 19:51 (06:20)
root pts/3 125.119.191.121 Wed Aug 21 13:09 - 19:31 (06:22)
root pts/2 125.119.191.121 Wed Aug 21 13:04 - 19:47 (06:43)
root pts/1 125.119.191.121 Wed Aug 21 08:59 - 13:12 (04:13)
root pts/1 125.119.191.121 Tue Aug 20 09:10 - 19:41 (10:31)
root pts/2 125.119.191.121 Mon Aug 19 14:18 - 19:00 (04:42)
root pts/1 125.119.191.121 Mon Aug 19 12:49 - 18:57 (06:07)
root pts/2 125.119.191.121 Mon Aug 19 09:58 - 10:07 (00:09)
root pts/1 125.119.191.121 Mon Aug 19 09:32 - 11:11 (01:38)
root pts/1 125.119.191.121 Sun Aug 18 11:36 - 19:21 (07:44)
root pts/1 125.118.51.171 Sat Aug 17 11:49 - 18:08 (06:18)
root pts/2 125.118.51.171 Fri Aug 16 16:17 - 19:59 (03:41)
root pts/1 125.118.51.171 Fri Aug 16 15:03 - 18:30 (03:27)
root pts/1 125.118.51.171 Fri Aug 16 15:00 - 15:01 (00:01)
root pts/1 125.118.51.171 Fri Aug 16 10:23 - 12:47 (02:23)
root pts/2 125.118.51.171 Thu Aug 15 19:06 - 19:13 (00:07)
root pts/2 125.118.51.171 Thu Aug 15 13:54 - 14:52 (00:58)
root pts/2 125.118.51.171 Thu Aug 15 09:31 - 09:38 (00:06)
root pts/1 125.118.51.171 Thu Aug 15 08:57 - 19:33 (10:35)
root pts/2 125.118.51.171 Wed Aug 14 17:44 - 19:34 (01:50)
root pts/2 125.118.51.171 Wed Aug 14 10:42 - 11:08 (00:26)
root pts/1 125.118.51.171 Wed Aug 14 10:21 - 19:37 (09:15)
root pts/3 122.234.51.64 Tue Aug 13 18:10 - 19:42 (01:32)
root pts/2 122.234.51.64 Tue Aug 13 18:10 - 18:39 (00:29)
root pts/1 122.234.51.64 Tue Aug 13 17:29 - 18:49 (01:19)
root pts/1
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
eth0 Link encap:Ethernet HWaddr 00:22:19:B0:DA:FF
inet addr:202.75.222.132 Bcast:202.75.222.191 Mask:255.255.255.192
inet6 addr: fe80::222:19ff:feb0:daff/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:233508506 errors:0 dropped:0 overruns:0 frame:0
TX packets:218283540 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:29405642840 (27.3 GiB) TX bytes:84477173952 (78.6 GiB)
Interrupt:169 Memory:f8000000-f8012100
eth0:1 Link encap:Ethernet HWaddr 00:22:19:B0:DA:FF
inet addr:211.155.233.147 Bcast:211.155.233.191 Mask:255.255.255.192
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:169 Memory:f8000000-f8012100
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:290481017 errors:0 dropped:0 overruns:0 frame:0
TX packets:290481017 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:178926990793 (166.6 GiB) TX bytes:178926990793 (166.6 GiB)

QQ截图1.png

QQ图片22.jpg

漏洞证明:

QQ截图1.png

QQ图片22.jpg

修复方案:

升级 你东西 求礼物,求Rank啊

版权声明:转载请注明来源 Restriedarea@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:7

确认时间:2013-09-03 22:06

厂商回复:

最新状态:

暂无


漏洞评价:

评论