当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0151688

漏洞标题:仟家信投资某交易系统getshell

相关厂商:上海仟家信投资管理有限公司

漏洞作者: 朱元璋

提交时间:2015-11-05 11:19

修复时间:2015-12-20 11:20

公开时间:2015-12-20 11:20

漏洞类型:系统/服务补丁不及时

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-05: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-12-20: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

一堆的木马啊

详细说明:

地址http://sim.qjxgold.com:28821/webTrader/loginAction!loginInit.action存在命令执行漏洞

0.png


直接getshell服务器

1.png


漏洞证明:

netstat -ano

Active Connections
  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       1496
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:1027           0.0.0.0:0              LISTENING       1188
  TCP    0.0.0.0:1030           0.0.0.0:0              LISTENING       792
  TCP    0.0.0.0:1521           0.0.0.0:0              LISTENING       760
  TCP    0.0.0.0:1819           0.0.0.0:0              LISTENING       2504
  TCP    0.0.0.0:2069           0.0.0.0:0              LISTENING       2212
  TCP    0.0.0.0:5560           0.0.0.0:0              LISTENING       768
  TCP    0.0.0.0:5580           0.0.0.0:0              LISTENING       768
  TCP    0.0.0.0:28810          0.0.0.0:0              LISTENING       2212
  TCP    0.0.0.0:28811          0.0.0.0:0              LISTENING       2212
  TCP    0.0.0.0:28821          0.0.0.0:0              LISTENING       4816
  TCP    0.0.0.0:65001          0.0.0.0:0              LISTENING       840
  TCP    127.0.0.1:1028         0.0.0.0:0              LISTENING       760
  TCP    127.0.0.1:1032         0.0.0.0:0              LISTENING       2796
  TCP    127.0.0.1:1521         127.0.0.1:2012         ESTABLISHED     760
  TCP    127.0.0.1:1521         127.0.0.1:2087         ESTABLISHED     760
  TCP    127.0.0.1:2009         127.0.0.1:2010         ESTABLISHED     4816
  TCP    127.0.0.1:2010         127.0.0.1:2009         ESTABLISHED     4816
  TCP    127.0.0.1:2012         127.0.0.1:1521         ESTABLISHED     2212
  TCP    127.0.0.1:2014         127.0.0.1:2015         ESTABLISHED     4816
  TCP    127.0.0.1:2015         127.0.0.1:2014         ESTABLISHED     4816
  TCP    127.0.0.1:2016         127.0.0.1:2017         ESTABLISHED     4816
  TCP    127.0.0.1:2017         127.0.0.1:2016         ESTABLISHED     4816
  TCP    127.0.0.1:2018         127.0.0.1:2019         ESTABLISHED     4816
  TCP    127.0.0.1:2019         127.0.0.1:2018         ESTABLISHED     4816
  TCP    127.0.0.1:2020         127.0.0.1:2021         ESTABLISHED     4816
  TCP    127.0.0.1:2021         127.0.0.1:2020         ESTABLISHED     4816
  TCP    127.0.0.1:2031         127.0.0.1:2032         ESTABLISHED     2212
  TCP    127.0.0.1:2032         127.0.0.1:2031         ESTABLISHED     2212
  TCP    127.0.0.1:2033         127.0.0.1:2034         ESTABLISHED     2212
  TCP    127.0.0.1:2034         127.0.0.1:2033         ESTABLISHED     2212
  TCP    127.0.0.1:2035         127.0.0.1:2036         ESTABLISHED     2212
  TCP    127.0.0.1:2036         127.0.0.1:2035         ESTABLISHED     2212
  TCP    127.0.0.1:2037         127.0.0.1:2038         ESTABLISHED     2212
  TCP    127.0.0.1:2038         127.0.0.1:2037         ESTABLISHED     2212
  TCP    127.0.0.1:2039         127.0.0.1:2040         ESTABLISHED     2212
  TCP    127.0.0.1:2040         127.0.0.1:2039         ESTABLISHED     2212
  TCP    127.0.0.1:2041         127.0.0.1:2042         ESTABLISHED     2212
  TCP    127.0.0.1:2042         127.0.0.1:2041         ESTABLISHED     2212
  TCP    127.0.0.1:2057         127.0.0.1:2058         ESTABLISHED     2212
  TCP    127.0.0.1:2058         127.0.0.1:2057         ESTABLISHED     2212
  TCP    127.0.0.1:2059         127.0.0.1:2060         ESTABLISHED     2212
  TCP    127.0.0.1:2060         127.0.0.1:2059         ESTABLISHED     2212
  TCP    127.0.0.1:2061         127.0.0.1:2062         ESTABLISHED     2212
  TCP    127.0.0.1:2062         127.0.0.1:2061         ESTABLISHED     2212
  TCP    127.0.0.1:2063         127.0.0.1:2064         ESTABLISHED     2212
  TCP    127.0.0.1:2064         127.0.0.1:2063         ESTABLISHED     2212
  TCP    127.0.0.1:2065         127.0.0.1:2066         ESTABLISHED     2212
  TCP    127.0.0.1:2066         127.0.0.1:2065         ESTABLISHED     2212
  TCP    127.0.0.1:2067         127.0.0.1:2068         ESTABLISHED     2212
  TCP    127.0.0.1:2068         127.0.0.1:2067         ESTABLISHED     2212
  T


systeminfo

???:           QJXMN
OS ??:          Microsoft(R) Windows(R) Server 2003, Enterprise Edition
OS ??:          5.2.3790 Service Pack 1 Build 3790
OS ???:        Microsoft Corporation
OS ??:          ?????
OS ????:      Multiprocessor Free
??????:     qjx
?????:       qjx
?? ID:          69813-650-9188916-45573
??????:     2012-11-16, 12:36:36
??????:     51 ? 10 ?? 54 ? 40 ?
?????:       VMware, Inc.
????:         VMware Virtual Platform
????:         X86-based PC
???:           ??? 4 ?????
                  [01]: x86 Family 6 Model 63 Stepping 2 GenuineIntel ~1600 Mhz
                  [02]: x86 Family 6 Model 63 Stepping 2 GenuineIntel ~1599 Mhz
                  [03]: x86 Family 6 Model 63 Stepping 2 GenuineIntel ~1599 Mhz
                  [04]: x86 Family 6 Model 63 Stepping 2 GenuineIntel ~1599 Mhz
BIOS ??:        INTEL  - 6040000
Windows ??:     C:\WINDOWS
????:         C:\WINDOWS\system32
????:         \Device\HarddiskVolume1
??????:     zh-cn;??(??)
???????:   zh-cn;??(??)
??:             (GMT+08:00) ??????????????????
??????:     4,095 MB
???????:   2,319 MB
????: ???: 1,876 MB
????: ??:   328 MB
????: ???: 1,548 MB
??????:     C:\pagefile.sys
?:               WORKGROUP
?????:       \\QJXMN
????:         ??? 1 ??????
                  [01]: Q147222
??:             ??? 1 ? NIC?
                  [01]: Intel(R) PRO/1000 MT Network Connection
                      ???:      ???? 2
                      ?? DHCP:   ?
                      IP ??
                      [01]: 192.168.2.33

修复方案:

加强安全意识

版权声明:转载请注明来源 朱元璋@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞评价:

评价