当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0120743

漏洞标题:某省经济和信息化委员会的融资性担保行业监管信息系统存在漏洞

相关厂商:某省经济和信息化委员会

漏洞作者: 朱元璋

提交时间:2015-06-16 12:50

修复时间:2015-08-05 07:56

公开时间:2015-08-05 07:56

漏洞类型:命令执行

危害等级:高

自评Rank:17

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-16: 细节已通知厂商并且等待厂商处理中
2015-06-21: 厂商已经确认,细节仅向厂商公开
2015-07-01: 细节向核心白帽子及相关领域专家公开
2015-07-11: 细节向普通白帽子公开
2015-07-21: 细节向实习白帽子公开
2015-08-05: 细节向公众公开

简要描述:

详细说明:

地址http://202.102.72.109:8080/gimis/login.action存在命令执行漏洞

00.png


netstat -an

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 0.0.0.0:875                 0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:38091               0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:39439               0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:34352               0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:46932               0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:36285               0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:58845               0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:2049                0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:32458               0.0.0.0:*                   LISTEN      
tcp        0      0 :::46860                    :::*                        LISTEN      
tcp        0      0 :::111                      :::*                        LISTEN      
tcp        0      0 :::8080                     :::*                        LISTEN      
tcp        0      0 :::37844                    :::*                        LISTEN      
tcp        0      0 :::43701                    :::*                        LISTEN      
tcp        0      0 ::1:631                     :::*                        LISTEN      
tcp        0      0 ::1:25                      :::*                        LISTEN      
tcp        0      0 :::57659                    :::*                        LISTEN      
tcp        0      0 :::39388                    :::*                        LISTEN      
tcp        0      0 :::36446                    :::*                        LISTEN      
tcp        0      0 :::2049                     :::*                        LISTEN      
tcp        0      0 ::ffff:127.0.0.1:8005       :::*                        LISTEN      
tcp        0      0 :::8009                     :::*                        LISTEN      
tcp        0      0 :::32458                    :::*                        LISTEN      
tcp        0      0 ::ffff:192.168.1.121:8080   ::ffff:192.168.1.118:56992  ESTABLISHED 
tcp        0      0 ::ffff:192.168.1.121:47139  ::ffff:192.168.1.125:3306   ESTABLISHED 
tcp        0      0 ::ffff:192.168.1.121:8080   ::ffff:192.168.1.118:56991  TIME_WAIT   
tcp        0      0 ::ffff:192.168.1.121:47153  ::ffff:192.168.1.125:3306   ESTABLISHED 
tcp        0      0 ::ffff:192.168.1.121:47138  ::ffff:192.168.1.125:3306   ESTABLISHED 
tcp        0      0 ::ffff:192.168.1.121:47161  ::ffff:192.168.1.125:3306   ESTABLISHED 
tcp        0      0 ::ffff:192.168.1.121:47162  ::ffff:192.168.1.125:3306   ESTABLISHED 
udp        0      0 0.0.0.0:46649               0.0.0.0:*                               
udp        0      0 0.0.0.0:34124               0.0.0.0:*                               
udp        0      0 0.0.0.0:33000               0.0.0.0:*                               
udp        0      0 0.0.0.0:5353                0.0.0.0:*                               
udp        0      0 0.0.0.0:875                 0.0.0.0:*                               
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               
udp        0      0 0.0.0.0:631                 0.0.0.0:*                               
udp        0      0 0.0.0.0:1018                0.0.0.0:*                               
udp        0      0 0.0.0.0:45946               0.0.0.0:*                               
udp        0      0 0.0.0.0:890                 0.0.0.0:*                               
udp        0      0 0.0.0.0:2049


ls

bin
boot
dev
etc
home
lib
lib64
lost+found
media
misc
mnt
net
opt
proc
root
sbin
selinux
srv
sys
sys.log
tmp
usr
var


/usr/local/tomcat/webapps/gimis/

/usr/local/tomcat/webapps/gimis/:
Charts
META-INF
WEB-INF
addrSel
build.jsp
css
doc
flex
image
include
index.jsp
js
jsp
menu.jsp
month
sample
statistics

漏洞证明:

whoami

tomcat

修复方案:

加强安全意识

版权声明:转载请注明来源 朱元璋@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:7

确认时间:2015-06-21 07:55

厂商回复:

cnvd确认并复现所述情况,已经转由cncert下发给江苏分中心,由其后续协调网站管理单位处置。按通用软件漏洞评分,rank 7

最新状态:

暂无

漏洞评价:

评论