当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-038502

漏洞标题:某GOV站点上传漏洞导致服务器服务器所有站点受影响

相关厂商:cncert国家互联网应急中心

漏洞作者: YY-2012

提交时间:2013-10-25 16:25

修复时间:2013-12-09 16:26

公开时间:2013-12-09 16:26

漏洞类型:文件上传导致任意代码执行

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-10-25: 细节已通知厂商并且等待厂商处理中
2013-10-29: 厂商已经确认,细节仅向厂商公开
2013-11-08: 细节向核心白帽子及相关领域专家公开
2013-11-18: 细节向普通白帽子公开
2013-11-28: 细节向实习白帽子公开
2013-12-09: 细节向公众公开

简要描述:

某GOV站点上传漏洞导致服务器30个GOV站可受影响

详细说明:

桃源县阳光“三农”信息服务网
Netcms oday上传漏洞
http://cwgk.taoyuan.gov.cn/user/login.aspx
点注册
之后点击发表文章
然后在站内信息那块, 给自己发送个站内信,附件里直接传马。
读取IIS信息,发现服务器存在30个GOV站。。

漏洞证明:

1.jpg


2.jpg


3.jpg


ID IIS_USER IIS_PASS Domain Path
1 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 :80: c:\inetpub\wwwroot
2 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:www.tygtzy.gov.cn
218.75.147.12:80:tygtzy.gov.cn
218.75.147.12:80:tygtj.firstcode.org E:\wwwroot\zxlin25\PHP\tygtj
3 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:tycckjxx.518e.cn E:\wwwroot\net\创才科技学校
4 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:lz.qswl.cn
218.75.147.12:80:longzi.qswl.cn
218.75.147.12:80:www.longzi.gov.cn
218.75.147.12:80:longzi.gov.cn E:\wwwroot\net\隆子政府
5 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:php.firstcode.org E:\wwwroot\zxlin25\PHP\DedeCmsV5.7-UTF8-Final\uploads
6 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:ms.cwgk.taoyuan.gov.cn E:\wwwroot\zxlin25\PHP\tyjlms
7 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:cdhs.firstcode.org E:\wwwroot\appserv\cdhsol\wwwroot
8 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:8081: E:\wwwroot\cdjcy
9 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:8082: E:\wwwroot\zxlin25\PHP\wzbsyz
10 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:www.cnhnsw.cn
218.75.147.12:80:cnhnsw.cn
218.75.147.12:80:www.cnswt.cn
218.75.147.12:80:cnswt.cn
218.75.147.12:80:www.cnhnsw.com
218.75.147.12:80:cnhnsw.com
218.75.147.12:80:www.cdswt.cn
218.75.147.12:80:cdswt.cn E:\wwwroot\qswl\cnhnsw
11 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:www.auction-bidders.com
218.75.147.12:80:auction-bidders.com E:\wwwroot\aspwebsite\auction-bidders.com
12 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:cwgk.taoyuan.gov.cn E:\wwwroot\zxlin25\cwgk\村务公开总站01
13 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:edu.biz.taoyuan.gov.cn E:\wwwroot\zxlin25\桃源教育局
14 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:cdqyj.518e.cn
218.75.147.12:80:www.cdqyj.518e.cn E:\wwwroot\net\企业家协会
15 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:tj.firstcode.org
218.75.147.12:80:www.cdstsjy.com
218.75.147.12:80:cdstsjy.com E:\wwwroot\zxlin25\常德特殊教育学校
16 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:www.yuansusj.com
218.75.147.12:80:yuansusj.com E:\wwwroot\aspwebsite\yuansusj.com
17 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:tyslj.taoyuan.gov.cn E:\wwwroot\zxlin25\PHP\slj
18 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:tyyey01.com
218.75.147.12:80:www.tyyey01.com
218.75.147.12:80:12.qswl.cn E:\wwwroot\net\机关幼儿园\Debug
19 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:hsol.firstcode.org
218.75.147.12:80:ty.cd-xw.com
218.75.147.12:80:voc.taoyuan.gov.cn E:\wwwroot\zxlin25\PHP\q
20 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:wsj.firstcode.org E:\wwwroot\zxlin25\卫生局
21 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:czzx.taoyuan.gov.cn E:\wwwroot\czzx\czzx
22 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:dsj.jinshishi.gov.cn E:\wwwroot\zxlin25\PHP\js_地税\wwwroot
23 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:xn--vhQ3Mo05Asy1A.com
218.75.147.12:80:www.xn--vhQ3Mo05Asy1A.com
218.75.147.12:80:www.xn--1cTx30Aj0Es9Kh5M.com
218.75.147.12:80:xn--1cTx30Aj0Es9Kh5M.com E:\wwwroot\zxlin25\桃源富硒
24 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:www.cdzdyey.cn
218.75.147.12:80:cdzdyey.cn E:\wwwroot\net\紫东幼儿园
25 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:cwgk.biz.taoyuan.gov.cn
218.75.147.12:80:c.cwgk.taoyuan.gov.cn E:\wwwroot\zxlin25\cwgk\5
26 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:ys.cwgk.taoyuan.gov.cn E:\wwwroot\zxlin25\预算公开
27 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:asp.qswl.cn
218.75.147.12:80:www.hsrmyy.com
218.75.147.12:80:hsrmyy.com E:\wwwroot\zxlin25\汉寿医院5
28 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:www.fuquanshan.com.cn
218.75.147.12:80:fuquanshan.com.cn E:\wwwroot\shbf\fuquanshan.com.cn
29 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:www.jszlk.com
218.75.147.12:80:jszlk.com E:\wwwroot\qswl\jszlk
30 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:tybz.qswl.cn
218.75.147.12:80:tybz.com.cn
218.75.147.12:80:www.tybz.com.cn E:\wwwroot\net\桃源八中\Debug
31 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:thyejr.com
218.75.147.12:80:www.thyejr.com E:\wwwroot\aspwebsite\ejiaren
32 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:tymfcar.518e.cn E:\wwwroot\net\茗峰车业
33 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:xdf.qswl.cn
218.75.147.12:80:xdfcctv.com
218.75.147.12:80:www.xdfcctv.com E:\wwwroot\net\常德新德防
34 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:hxwh.cwgk.taoyuan.gov.cn
218.75.147.12:80:tyhxwh.com
218.75.147.12:80:www.tyhxwh.com E:\wwwroot\zxlin25\湖湘文化
35 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:tp2.firstcode.org E:\wwwroot\zxlin25\tp1\Vote
36 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:www.jiayuanfc.com
218.75.147.12:80:jiayuanfc.com
218.75.147.12:80:jyfc.firstcode.org E:\wwwroot\zxlin25\佳沅房产0509
37 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:8080: E:\wwwroot\zxlin25\检务公开04
38 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:htxq.qswl.cn E:\wwwroot\zxlin25\htxq
39 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:www.hnxhyc.com
218.75.147.12:80:www.xn--uvwpo8wu42d.com
218.75.147.12:80:xn--uvwpo8wu42d.com
218.75.147.12:80:hnxhyc.com E:\wwwroot\zxlin25\桃源湘浩\桃源湘浩
40 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:www.firstcode.org E:\wwwroot\zxlin25\FirstCode
41 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:tywns.cn
218.75.147.12:80:www.tywns.cn E:\wwwroot\net\tywns.cn\Debug
42 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:tytjj.firstcode.org
218.75.147.12:80:tytjj.qswl.cn E:\wwwroot\zxlin25\PHP\tytjj
43 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:xxbkok.com
218.75.147.12:80:www.xxbkok.com E:\wwwroot\net\湘西钵客
44 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:sl.cwgk.taoyuan.gov.cn E:\wwwroot\zxlin25\中央一号聚焦水利
45 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:www.kdlyz.518e.cn
218.75.147.12:80:kdlyz.518e.cn E:\wwwroot\net\康多利菜籽食用油
46 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:www.hnqxypc.com E:\wwwroot\zxlin25\千湘纯净水
47 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:boai.qswl.cn
218.75.147.12:80:cdbayey.com
218.75.147.12:80:www.cdbayey.com E:\wwwroot\net\博爱幼儿园
48 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:msj.biz.taoyuan.gov.cn E:\wwwroot\net\msjtp
49 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 :80:tyzyy.firstcode.org E:\wwwroot\zxlin25\PHP\tyzyy
50 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:90.cwgk.taoyuan.gov.cn E:\wwwroot\zxlin25\90周年
51 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:cwgk.firstcode.org E:\wwwroot\zxlin25\cwgk\20110330
52 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:cdtytsjy.518e.cn
218.75.147.12:80:www.cdtytsjy.518e.cn E:\wwwroot\net\特殊学校\Debug
53 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:cxb.firstcode.org E:\wwwroot\zxlin25\摄影大赛
54 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:ceping.taoyuan.gov.cn
218.75.147.12:80:zfcp.taoyuan.gov.cn E:\wwwroot\zxlin25\TYLZCP201007300804
55 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:zjyc.firstcode.org
218.75.147.12:80:tyzjyc.com
218.75.147.12:80:www.tyzjyc.com E:\wwwroot\zxlin25\章江影城
56 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:gxh.firstcode.org
218.75.147.12:80:tygxj.taoyuan.gov.cn E:\wwwroot\zxlin25\PHP\gxh
57 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:dw.cwgk.taoyuan.gov.cn E:\wwwroot\zxlin25\党务公开\1
58 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:mvc.biz.taoyuan.gov.cn E:\wwwroot\zxlin25\mvc
59 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:xnh.cwgk.taoyuan.gov.cn E:\wwwroot\zxlin25\PHP\nhb
60 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:8081: E:\wwwroot\zxlin25\cdjcy
61 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:chinaqinhan.com
218.75.147.12:80:www.chinaqinhan.com E:\wwwroot\zxlin25\PHP\qh\qhsy
62 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:pg.biz.taoyuan.gov.cn E:\wwwroot\zxlin25\桃源县子网站评估\TYZZPG
63 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:za.firstcode.org E:\wwwroot\zxlin25\PHP\thyao
64 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:tp.firstcode.org E:\wwwroot\zxlin25\tp1\Vote1
65 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:asp.qswl.cn E:\wwwroot\li-xian
66 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 192.168.0.12:80: E:\wwwroot\aspwebsite\jszmusic.com
67 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:czj.firstcode.org
218.75.147.12:80:www.tycz.gov.cn E:\wwwroot\zxlin25\财政局
68 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:haoxing.biz.taoyuan.gov.cn E:\wwwroot\tuiguang\haoxing
69 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:www.chthy.com
218.75.147.12:80:chthy.com E:\wwwroot\qswl\chthy
70 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:tydw.firstcode.org
218.75.147.12:80:tydwyey.com
218.75.147.12:80:www.tydwyey.com E:\wwwroot\zxlin25\PHP\dw
71 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:8081: E:\wwwroot\zxlin25\常德市人民检察院\20120502
72 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:bbs.firstcode.org
218.75.147.12:80:bbs.hsrmyy.com E:\wwwroot\zxlin25\汉寿医院5\bbs
73 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:gzja.firstcode.org
218.75.147.12:80:www.justanti-for-net.com.cn E:\wwwroot\zxlin25\PHP\jan
74 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:kc.firstcode.org E:\wwwroot\zxlin25\kuaican\wwwroot
75 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:jw2.firstcode.org E:\wwwroot\zxlin25\PHP\ty_jw2\www
76 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:jw.firstcode.org E:\wwwroot\zxlin25\检务公开03
77 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:cdbwfs.com
218.75.147.12:80:www.cdbwfs.com E:\wwwroot\net\常德保温防水协会\2011xin
78 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:demo.firstcode.org E:\wwwroot\zxlin25\人事局
79 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:sf.taoyuan.gov.cn E:\wwwroot\zxlin25\PHP\sfj
80 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:thyfx.518e.cn E:\wwwroot\zxlin25\PHP\tyfx\fx
81 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:tydsb.firstcode.org
218.75.147.12:80:dsb.taoyuan.gov.cn E:\wwwroot\zxlin25\PHP\dsb
82 IUSR_WWW-9C161222D11 OBf:Bh0{u5{925 218.75.147.12:80:tyspk.firstcode.org
218.75.147.12:80:www.50ge.net E:\wwwroot\zxlin25\PHP\shipinku

修复方案:

最简单修复方式关闭注册

版权声明:转载请注明来源 YY-2012@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2013-10-29 20:45

厂商回复:

最新状态:

暂无


漏洞评价:

评论