当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-087872

漏洞标题:房多多某关键系统关键服务关键配置失误导致可控制

相关厂商:fangdd.com

漏洞作者: 杀器王子

提交时间:2014-12-19 19:52

修复时间:2015-02-02 19:54

公开时间:2015-02-02 19:54

漏洞类型:系统/服务运维配置不当

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-12-19: 细节已通知厂商并且等待厂商处理中
2014-12-20: 厂商已经确认,细节仅向厂商公开
2014-12-30: 细节向核心白帽子及相关领域专家公开
2015-01-09: 细节向普通白帽子公开
2015-01-19: 细节向实习白帽子公开
2015-02-02: 细节向公众公开

简要描述:

一天一发神器不停

详细说明:

ssh 218.4.236.171  -ladmin
admin@218.4.236.171's password:
\Permission denied, please try again.
admin@218.4.236.171's password:
BusyBox v1.4.2 (2010-10-29 15:41:19 CST) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
________________________________________________________
| W I R E L E S S F R E E D O M |
| link to the bussiness world |
|_______________________________________________________|


可以内网抓各种数据包哟

漏洞证明:

root@Bizbox:/usr/bin# tcpdump -vv -i eth2.8 port 80
tcpdump: listening on eth2.8, link-type EN10MB (Ethernet), capture size 96 bytes
19:48:09.678568 IP (tos 0x10, ttl 64, id 47843, offset 0, flags [DF], proto TCP (6), length 52) 218.4.236.170.4179 > lhr14s24-in-f19.1e100.net.80: S, cksum 0xac00 (correct), 2941187251:2941187251(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 2>
19:48:09.681456 IP (tos 0x10, ttl 64, id 5536, offset 0, flags [DF], proto TCP (6), length 52) 218.4.236.170.3034 > 74.125.71.132.80: S, cksum 0xe83f (correct), 2942327755:2942327755(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 2>
19:48:09.682418 IP (tos 0x10, ttl 64, id 31079, offset 0, flags [DF], proto TCP (6), length 52) 218.4.236.170.3035 > 74.125.71.132.80: S, cksum 0x0d42 (correct), 2935306035:2935306035(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 2>
19:48:09.682499 IP (tos 0x10, ttl 64, id 22308, offset 0, flags [DF], proto TCP (6), length 52) 218.4.236.170.3036 > 74.125.71.132.80: S, cksum 0x2ab4 (correct), 2940213621:2940213621(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 2>
19:48:09.684414 IP (tos 0x10, ttl 64, id 28272, offset 0, flags [DF], proto TCP (6), length 52) 218.4.236.170.3938 > lhr14s24-in-f20.1e100.net.80: S, cksum 0x81d5 (correct), 2934317111:2934317111(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 2>
19:48:09.685446 IP (tos 0x10, ttl 64, id 20195, offset 0, flags [DF], proto TCP (6), length 52) 218.4.236.170.3039 > 74.125.71.132.80: S, cksum 0x4303 (correct), 2947023035:2947023035(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 2>
19:48:09.686451 IP (tos 0x10, ttl 64, id 33732, offset 0, flags [DF], proto TCP (6), length 52) 218.4.236.170.3040 > 74.125.71.132.80: S, cksum 0x75fe (correct), 2949500313:2949500313(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 2>
19:48:09.687441 IP (tos 0x10, ttl 64, id 58189, offset 0, flags [DF], proto TCP (6), length 52) 218.4.236.170.3041 > 74.125.71.132.80: S, cksum 0x96dd (correct), 2943331607:2943331607(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 2>
19:48:09.688429 IP (tos 0x10, ttl 64, id 19467, offset 0, flags [DF], proto TCP (6), length 52) 218.4.236.170.3042 > 74.125.71.132.80: S, cksum 0x416d (correct), 2946630228:2946630228(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 2>
19:48:09.689467 IP (tos 0x10, ttl 64, id 14790, offset 0, flags [DF], proto TCP (6), length 52) 218.4.236.170.3043 > 74.125.71.132.80: S, cksum 0xcca1 (correct), 2938533786:2938533786(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 2>
19:48:09.691457 IP (tos 0x10, ttl 64, id 46284, offset 0, flags [DF], proto TCP (6), length 52) 218.4.236.170.3045 > 74.125.71.132.80: S, cksum 0x4970 (correct), 2940598954:2940598954(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 2>
19:48:09.692452 IP (tos 0x10, ttl 64, id 33094, offset 0, flags [DF], proto TCP (6), length 52) 218.4.236.170.3046 > 74.125.71.132.80: S, cksum 0x74bb (correct), 2944323365:2944323365(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 2>
19:48:09.923007 IP (tos 0x0, ttl 63, id 13942, offset 0, flags [DF], proto TCP (6), length 40) 218.4.236.170.59507 > 58.221.78.105.80: F, cksum 0x8185 (correct), 3574744803:3574744803(0) ack 1431276189 win 63921
19:48:09.923542 IP (tos 0x0, ttl 63, id 13943, offset 0, flags [DF], proto TCP (6), length 40) 218.4.236.170.59509 > 58.221.78.105.80: F, cksum 0x61e1 (correct), 136702353:136702353(0) ack 3383124320 win 63608
19:48:09.923877 IP (tos 0x0, ttl 63, id 13944, offset 0, flags [DF], proto TCP (6), length 40) 218.4.236.170.59508 > 58.221.78.105.80: F, cksum 0x1af1 (correct), 4103653662:4103653662(0) ack 1253202757 win 63608
19:48:09.924189 IP (tos 0x0, ttl 63, id 13945, offset 0, flags [DF], proto TCP (6), length 40) 218.4.236.170.59506 > 58.221.78.105.80: F, cksum 0x4e8a (correct), 3774842534:3774842534(0) ack 1363179331 win 63590
19:48:09.924656 IP (tos 0x0, ttl 63, id 13946, offset 0, flags [DF], proto TCP (6), length 40) 218.4.236.170.59510 > 58.221.78.105.80: F, cksum 0x83af (correct), 1524335358:1524335358(0) ack 2638249621 win 63927
19:48:09.924977 IP (tos 0x0, ttl 63, id 13947, offset 0, flags [DF], proto TCP (6), length 40) 218.4.236.170.59511 > 58.221.78.105.80: F, cksum 0x1518 (correct), 1220988852:1220988852(0) ack 125519639 win 64240

修复方案:

版权声明:转载请注明来源 杀器王子@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:7

确认时间:2014-12-20 06:21

厂商回复:

谢谢。

最新状态:

2015-01-29:谢谢。

2015-03-19:再次感谢"杀器王子"对我司安全建设的贡献!


漏洞评价:

评论

  1. 2014-12-19 20:19 | 细数你脸上的青春 ( 路人 | Rank:1 漏洞数:3 | 生活好比经过无数次改编的小龙女一样!!始...)

    求 杀器~~~ 求神器啊~~

  2. 2015-01-24 23:51 | 看什麼看 ( 路人 | Rank:16 漏洞数:4 | 知有飄零,畢竟飄零,便是飄零也感卿)

    这是什么漏洞?看不懂了~~

  3. 2015-02-03 02:04 | Ch4r0n ( 普通白帽子 | Rank:391 漏洞数:87 | 苦逼青年一个!~~~)

    难道是freebuf的神器?求神器啊!~~~杀器在哪里!~~~

  4. 2015-02-06 19:35 | 风炫 ( 路人 | Rank:2 漏洞数:5 | 菊花残,满地伤)

    ssh 弱口令