当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0106701

漏洞标题:中兴某站已被getshell再次深入内网

相关厂商:中兴通讯股份有限公司

漏洞作者: fuckadmin

提交时间:2015-04-09 11:25

修复时间:2015-05-24 17:02

公开时间:2015-05-24 17:02

漏洞类型:成功的入侵事件

危害等级:高

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-04-09: 细节已通知厂商并且等待厂商处理中
2015-04-09: 厂商已经确认,细节仅向厂商公开
2015-04-19: 细节向核心白帽子及相关领域专家公开
2015-04-29: 细节向普通白帽子公开
2015-05-09: 细节向实习白帽子公开
2015-05-24: 细节向公众公开

简要描述:

还是getshell,真可怕。

详细说明:

上次提交了中兴政务美国站,深入后发现,还有个中国站的。
1.站点
http://enterprise.zte.com.cn/jbossws13/

12.jpg


2.
再连菜刀
连上后发现时断时续,可能有负载。看下图对比

13.jpg


15.jpg


确实是中兴政务中国站

14.jpg


主机名:           ZTE-TEMPLATE161
OS 名称: Microsoft(R) Windows(R) Server 2003, Enterprise Edition
OS 版本: 5.2.3790 Service Pack 2 Build 3790
OS 制造商: Microsoft Corporation
OS 配置: 独立服务器
OS 构件类型: Multiprocessor Free
注册的所有人: zte
注册的组织: zte
产品 ID: 69813-641-1471096-45723
初始安装日期: 2010-3-16, 21:21:57
系统启动时间: 171 天 20 小时 44 分 6 秒
系统制造商: VMware, Inc.
系统型号: VMware Virtual Platform
系统类型: X86-based PC
处理器: 安装了 6 个处理器。
[01]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
[02]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
[03]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
[04]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
[05]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
[06]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
BIOS 版本: INTEL - 6040000
Windows 目录: C:\WINDOWS
系统目录: C:\WINDOWS\system32
启动设备: \Device\HarddiskVolume1
系统区域设置: zh-cn;中文(中国)
输入法区域设置: zh-cn;中文(中国)
时区: (GMT+08:00) 北京,重庆,香港特别行政区,乌鲁木齐
物理内存总量: 8,191 MB
可用的物理内存: 6,896 MB
页面文件: 最大值: 10,040 MB
页面文件: 可用: 8,803 MB
页面文件: 使用中: 1,237 MB
页面文件位置: C:\pagefile.sys
域: WORKGROUP
登录服务器: \\ZTE-TEMPLATE161
修补程序: 安装了 340 个修补程序。
[01]: File 1
[02]: File 1
[03]: File 1
[04]: File 1
[05]: File 1
[06]: File 1
[07]: File 1
[08]: File 1
[09]: File 1
[10]: File 1
[11]: File 1
[12]: File 1
[13]: File 1
[14]: File 1
[15]: File 1
[16]: File 1
[17]: File 1
[18]: File 1
[19]: File 1
[20]: File 1
[21]: File 1
[22]: File 1
[23]: File 1
[24]: File 1
[25]: File 1
[26]: File 1
[27]: File 1
[28]: File 1
[29]: File 1
[30]: File 1
[31]: File 1
[32]: File 1
[33]: File 1
[34]: File 1
[35]: File 1
[36]: File 1
[37]: File 1
[38]: File 1
[39]: File 1
[40]: File 1
[41]: File 1
[42]: File 1
[43]: File 1
[44]: File 1
[45]: File 1
[46]: File 1
[47]: File 1
[48]: File 1
[49]: File 1
[50]: File 1
[51]: File 1
[52]: File 1
[53]: File 1
[54]: File 1
[55]: File 1
[56]: File 1
[57]: File 1
[58]: File 1
[59]: File 1
[60]: File 1
[61]: File 1
[62]: File 1
[63]: File 1
[64]: File 1
[65]: File 1
[66]: File 1
[67]: File 1
[68]: File 1
[69]: File 1
[70]: File 1
[71]: File 1
[72]: File 1
[73]: File 1
[74]: File 1
[75]: File 1
[76]: File 1
[77]: File 1
[78]: File 1
[79]: File 1
[80]: File 1
[81]: File 1
[82]: File 1
[83]: File 1
[84]: File 1
[85]: File 1
[86]: File 1
[87]: File 1
[88]: File 1
[89]: File 1
[90]: File 1
[91]: File 1
[92]: File 1
[93]: File 1
[94]: File 1
[95]: File 1
[96]: File 1
[97]: File 1
[98]: File 1
[99]: File 1
[100]: File 1
[101]: File 1
[102]: File 1
[103]: File 1
[104]: File 1
[105]: File 1
[106]: File 1
[107]: File 1
[108]: File 1
[109]: File 1
[110]: File 1
[111]: File 1
[112]: File 1
[113]: File 1
[114]: File 1
[115]: File 1
[116]: File 1
[117]: File 1
[118]: File 1
[119]: File 1
[120]: File 1
[121]: File 1
[122]: File 1
[123]: File 1
[124]: File 1
[125]: File 1
[126]: File 1
[127]: File 1
[128]: File 1
[129]: File 1
[130]: File 1
[131]: File 1
[132]: File 1
[133]: File 1
[134]: File 1
[135]: File 1
[136]: File 1
[137]: File 1
[138]: File 1
[139]: File 1
[140]: File 1
[141]: File 1
[142]: File 1
[143]: File 1
[144]: File 1
[145]: File 1
[146]: File 1
[147]: File 1
[148]: File 1
[149]: File 1
[150]: File 1
[151]: File 1
[152]: File 1
[153]: File 1
[154]: File 1
[155]: File 1
[156]: File 1
[157]: File 1
[158]: File 1
[159]: File 1
[160]: File 1
[161]: File 1
[162]: File 1
[163]: File 1
[164]: File 1
[165]: File 1
[166]: Q147222
[167]: KB2604078 - QFE
[168]: KB2656358 - QFE
[169]: KB2656376-v2 - QFE
[170]: KB933854 - QFE
[171]: KB953298 - QFE
[172]: KB979907 - QFE
[173]: KB975558_WM8
[174]: KB925398_WMP64
[175]: KB2564958 - Update
[176]: KB2079403 - Update
[177]: KB2115168 - Update
[178]: KB2124261 - Update
[179]: KB2229593 - Update
[180]: KB2296011 - Update
[181]: KB2345886 - Update
[182]: KB2347290 - Update
[183]: KB2360937 - Update
[184]: KB2378111 - Update
[185]: KB2387149 - Update
[186]: KB2393802 - Update
[187]: KB2419635 - Update
[188]: KB2423089 - Update
[189]: KB2440591 - Update
[190]: KB2443105 - Update
[191]: KB2476490 - Update
[192]: KB2478960 - Update
[193]: KB2478971 - Update
[194]: KB2481109 - Update
[195]: KB2483185 - Update
[196]: KB2485663 - Update
[197]: KB2506212 - Update
[198]: KB2507618 - Update
[199]: KB2507938 - Update
[200]: KB2508429 - Update
[201]: KB2509553 - Update
[202]: KB2510587 - Update
[203]: KB2535512 - Update
[204]: KB2536276-v2 - Update
[205]: KB2544521 - Update
[206]: KB2544893-v2 - Update
[207]: KB2566454 - Update
[208]: KB2570947 - Update
[209]: KB2584146 - Update
[210]: KB2585542 - Update
[211]: KB2598479 - Update
[212]: KB2603381 - Update
[213]: KB2604078 - Update
[214]: KB2618451 - Update
[215]: KB2620712 - Update
[216]: KB2621440 - Update
[217]: KB2624667 - Update
[218]: KB2631813 - Update
[219]: KB2638806 - Update
[220]: KB2644615 - Update
[221]: KB2645640 - Update
[222]: KB2646524 - Update
[223]: KB2653956 - Update
[224]: KB2655992 - Update
[225]: KB2656358 - Update
[226]: KB2656376-v2 - Update
[227]: KB2659262 - Update
[228]: KB2675157 - Update
[229]: KB2676562 - Update
[230]: KB2685939 - Update
[231]: KB2686509 - Update
[232]: KB2691442 - Update
[233]: KB2698365 - Update
[234]: KB2699988 - Update
[235]: KB2705219 - Update
[236]: KB2707511 - Update
[237]: KB2709162 - Update
[238]: KB2712808 - Update
[
网卡: 安装了 1 个 NIC。
[01]: Intel(R) PRO/1000 MT Network Connection
连接名: 本地连接
启用 DHCP: 否
IP 地址
[01]: 192.168.170.113


漏洞证明:

上次提交了中兴政务美国站,深入后发现,还有个中国站的。
1.站点
http://enterprise.zte.com.cn/jbossws13/

12.jpg


2.
再连菜刀
连上后发现时断时续,可能有负载。看下图对比

13.jpg


15.jpg


确实是中兴政务中国站

14.jpg


主机名:           ZTE-TEMPLATE161
OS 名称: Microsoft(R) Windows(R) Server 2003, Enterprise Edition
OS 版本: 5.2.3790 Service Pack 2 Build 3790
OS 制造商: Microsoft Corporation
OS 配置: 独立服务器
OS 构件类型: Multiprocessor Free
注册的所有人: zte
注册的组织: zte
产品 ID: 69813-641-1471096-45723
初始安装日期: 2010-3-16, 21:21:57
系统启动时间: 171 天 20 小时 44 分 6 秒
系统制造商: VMware, Inc.
系统型号: VMware Virtual Platform
系统类型: X86-based PC
处理器: 安装了 6 个处理器。
[01]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
[02]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
[03]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
[04]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
[05]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
[06]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
BIOS 版本: INTEL - 6040000
Windows 目录: C:\WINDOWS
系统目录: C:\WINDOWS\system32
启动设备: \Device\HarddiskVolume1
系统区域设置: zh-cn;中文(中国)
输入法区域设置: zh-cn;中文(中国)
时区: (GMT+08:00) 北京,重庆,香港特别行政区,乌鲁木齐
物理内存总量: 8,191 MB
可用的物理内存: 6,896 MB
页面文件: 最大值: 10,040 MB
页面文件: 可用: 8,803 MB
页面文件: 使用中: 1,237 MB
页面文件位置: C:\pagefile.sys
域: WORKGROUP
登录服务器: \\ZTE-TEMPLATE161
修补程序: 安装了 340 个修补程序。
[01]: File 1
[02]: File 1
[03]: File 1
[04]: File 1
[05]: File 1
[06]: File 1
[07]: File 1
[08]: File 1
[09]: File 1
[10]: File 1
[11]: File 1
[12]: File 1
[13]: File 1
[14]: File 1
[15]: File 1
[16]: File 1
[17]: File 1
[18]: File 1
[19]: File 1
[20]: File 1
[21]: File 1
[22]: File 1
[23]: File 1
[24]: File 1
[25]: File 1
[26]: File 1
[27]: File 1
[28]: File 1
[29]: File 1
[30]: File 1
[31]: File 1
[32]: File 1
[33]: File 1
[34]: File 1
[35]: File 1
[36]: File 1
[37]: File 1
[38]: File 1
[39]: File 1
[40]: File 1
[41]: File 1
[42]: File 1
[43]: File 1
[44]: File 1
[45]: File 1
[46]: File 1
[47]: File 1
[48]: File 1
[49]: File 1
[50]: File 1
[51]: File 1
[52]: File 1
[53]: File 1
[54]: File 1
[55]: File 1
[56]: File 1
[57]: File 1
[58]: File 1
[59]: File 1
[60]: File 1
[61]: File 1
[62]: File 1
[63]: File 1
[64]: File 1
[65]: File 1
[66]: File 1
[67]: File 1
[68]: File 1
[69]: File 1
[70]: File 1
[71]: File 1
[72]: File 1
[73]: File 1
[74]: File 1
[75]: File 1
[76]: File 1
[77]: File 1
[78]: File 1
[79]: File 1
[80]: File 1
[81]: File 1
[82]: File 1
[83]: File 1
[84]: File 1
[85]: File 1
[86]: File 1
[87]: File 1
[88]: File 1
[89]: File 1
[90]: File 1
[91]: File 1
[92]: File 1
[93]: File 1
[94]: File 1
[95]: File 1
[96]: File 1
[97]: File 1
[98]: File 1
[99]: File 1
[100]: File 1
[101]: File 1
[102]: File 1
[103]: File 1
[104]: File 1
[105]: File 1
[106]: File 1
[107]: File 1
[108]: File 1
[109]: File 1
[110]: File 1
[111]: File 1
[112]: File 1
[113]: File 1
[114]: File 1
[115]: File 1
[116]: File 1
[117]: File 1
[118]: File 1
[119]: File 1
[120]: File 1
[121]: File 1
[122]: File 1
[123]: File 1
[124]: File 1
[125]: File 1
[126]: File 1
[127]: File 1
[128]: File 1
[129]: File 1
[130]: File 1
[131]: File 1
[132]: File 1
[133]: File 1
[134]: File 1
[135]: File 1
[136]: File 1
[137]: File 1
[138]: File 1
[139]: File 1
[140]: File 1
[141]: File 1
[142]: File 1
[143]: File 1
[144]: File 1
[145]: File 1
[146]: File 1
[147]: File 1
[148]: File 1
[149]: File 1
[150]: File 1
[151]: File 1
[152]: File 1
[153]: File 1
[154]: File 1
[155]: File 1
[156]: File 1
[157]: File 1
[158]: File 1
[159]: File 1
[160]: File 1
[161]: File 1
[162]: File 1
[163]: File 1
[164]: File 1
[165]: File 1
[166]: Q147222
[167]: KB2604078 - QFE
[168]: KB2656358 - QFE
[169]: KB2656376-v2 - QFE
[170]: KB933854 - QFE
[171]: KB953298 - QFE
[172]: KB979907 - QFE
[173]: KB975558_WM8
[174]: KB925398_WMP64
[175]: KB2564958 - Update
[176]: KB2079403 - Update
[177]: KB2115168 - Update
[178]: KB2124261 - Update
[179]: KB2229593 - Update
[180]: KB2296011 - Update
[181]: KB2345886 - Update
[182]: KB2347290 - Update
[183]: KB2360937 - Update
[184]: KB2378111 - Update
[185]: KB2387149 - Update
[186]: KB2393802 - Update
[187]: KB2419635 - Update
[188]: KB2423089 - Update
[189]: KB2440591 - Update
[190]: KB2443105 - Update
[191]: KB2476490 - Update
[192]: KB2478960 - Update
[193]: KB2478971 - Update
[194]: KB2481109 - Update
[195]: KB2483185 - Update
[196]: KB2485663 - Update
[197]: KB2506212 - Update
[198]: KB2507618 - Update
[199]: KB2507938 - Update
[200]: KB2508429 - Update
[201]: KB2509553 - Update
[202]: KB2510587 - Update
[203]: KB2535512 - Update
[204]: KB2536276-v2 - Update
[205]: KB2544521 - Update
[206]: KB2544893-v2 - Update
[207]: KB2566454 - Update
[208]: KB2570947 - Update
[209]: KB2584146 - Update
[210]: KB2585542 - Update
[211]: KB2598479 - Update
[212]: KB2603381 - Update
[213]: KB2604078 - Update
[214]: KB2618451 - Update
[215]: KB2620712 - Update
[216]: KB2621440 - Update
[217]: KB2624667 - Update
[218]: KB2631813 - Update
[219]: KB2638806 - Update
[220]: KB2644615 - Update
[221]: KB2645640 - Update
[222]: KB2646524 - Update
[223]: KB2653956 - Update
[224]: KB2655992 - Update
[225]: KB2656358 - Update
[226]: KB2656376-v2 - Update
[227]: KB2659262 - Update
[228]: KB2675157 - Update
[229]: KB2676562 - Update
[230]: KB2685939 - Update
[231]: KB2686509 - Update
[232]: KB2691442 - Update
[233]: KB2698365 - Update
[234]: KB2699988 - Update
[235]: KB2705219 - Update
[236]: KB2707511 - Update
[237]: KB2709162 - Update
[238]: KB2712808 - Update
[
网卡: 安装了 1 个 NIC。
[01]: Intel(R) PRO/1000 MT Network Connection
连接名: 本地连接
启用 DHCP: 否
IP 地址
[01]: 192.168.170.113


修复方案:

你们更专业。

版权声明:转载请注明来源 fuckadmin@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-04-09 17:01

厂商回复:

感谢~

最新状态:

暂无


漏洞评价:

评论