当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0149766

漏洞标题:苏州教育局某服务器getshell

相关厂商:苏州教育局

漏洞作者: 朱元璋

提交时间:2015-10-27 12:38

修复时间:2015-12-14 14:46

公开时间:2015-12-14 14:46

漏洞类型:命令执行

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-27: 细节已通知厂商并且等待厂商处理中
2015-10-30: 厂商已经确认,细节仅向厂商公开
2015-11-09: 细节向核心白帽子及相关领域专家公开
2015-11-19: 细节向普通白帽子公开
2015-11-29: 细节向实习白帽子公开
2015-12-14: 细节向公众公开

简要描述:

详细说明:

地址**.**.**.**/diandiango/annualReporters/annual_init.action存在命令执行漏洞

0.png


直接上传木马到服务器

1.png

漏洞证明:


后门地址: **.**.**.**/diandiango/word.jsp
C:\projects\webapps\diandiango\diandiango>whoami
============================================================================================================r
nt authority\system
C:\projects\webapps\diandiango\diandiango>net user
============================================================================================================r
User accounts for \\
-------------------------------------------------------------------------------
Administrator gagadsgda
The command completed with one or more errors.
C:\projects\webapps\diandiango\diandiango>net start
============================================================================================================r
These Windows services are started:
Apache Tomcat 7
Apache Tomcat tomcat_home
Apache2.2
Application Information
Application Management
Base Filtering Engine
Certificate Propagation
COM+ Event System
Cryptographic Services
DCOM Server Process Launcher
Desktop Window Manager Session Manager
DHCP Client
Diagnostic Policy Service
Distributed Link Tracking Client
Distributed Transaction Coordinator
DNS Client
GoodSync Server
Group Policy Client
IKE and AuthIP IPsec Keying Modules
IP Helper
IPsec Policy Agent
Microsoft IME Dictionary Update
MySQL
Network Connections
Network List Service
Network Location Awareness
Network Store Interface Service
Plug and Play
Power
Print Spooler
Remote Desktop Configuration
Remote Desktop Services
Remote Desktop Services UserMode Port Redirector
Remote Procedure Call (RPC)
Remote Registry
RPC Endpoint Mapper
Security Accounts Manager
Server
Shell Hardware Detection
Software Protection
SPP Notification Service
Symantec Endpoint Protection
Symantec Management Client
System Event Notification Service
Task Scheduler
TCP/IP NetBIOS Helper
User Profile Service
VMware Tools
Windows Event Log
Windows Firewall
Windows Font Cache Service
Windows Management Instrumentation
Windows Remote Management (WS-Management)
Windows Update
Workstation
The command completed successfully.
C:\projects\webapps\diandiango\diandiango>

修复方案:

加强安全意识

版权声明:转载请注明来源 朱元璋@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-10-30 14:45

厂商回复:

CNVD确认并复现所述漏洞情况,已经转由CNCERT下发对应分中心,由其后续协调网站管理单位处置。

最新状态:

暂无


漏洞评价:

评价