ShopEx某站点zabbix注入导致主节点命令执行

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-093026

漏洞标题：ShopEx某站点zabbix注入导致主节点命令执行

漏洞作者：路人甲

提交时间：2015-01-21 09:37

修复时间：2015-03-07 09:38

公开时间：2015-03-07 09:38

漏洞类型：系统/服务运维配置不当

危害等级：高

自评Rank：15

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-01-21：细节已通知厂商并且等待厂商处理中
2015-01-21：厂商已经确认，细节仅向厂商公开
2015-01-31：细节向核心白帽子及相关领域专家公开
2015-02-10：细节向普通白帽子公开
2015-02-20：细节向实习白帽子公开
2015-03-07：细节向公众公开

简要描述：

从注入到主节点命令执行，以一种你想不到的方式。

详细说明：

#1
问题来了
站点1：http://121.196.43.143/

居然提示没有zabbix.users这个表。
心想，是不是运维人员手贱改了表名吧，咱试试zabbix1.users,不行，那试zabbix2.users这个表名，咦，还真猜中了。

好了，管理名为xuqinyong，md5也有了，去破解，得到密码。
#2
该去登录站点了

我去，肿么回事，没权限？？
难道就这样放弃了？
不行。
偶然机会，得到shopex主节点地址：http://master1.zabbix.shopex.cn
想想，xuqinyong可能也是该节点的管理员~~~~
#3

好家伙几百台设备，大概看了下，基本覆盖ShopEx所有线上主机、数据库、mem、网络设备等。

命令执行~~

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 0.0.0.0:3310                0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:10050               0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:10051               0.0.0.0:*                   LISTEN      
tcp        0      0 192.168.0.32:63965          192.168.0.191:3310          ESTABLISHED 
tcp        0      1 192.168.0.32:64371          192.168.0.191:3310          LAST_ACK    
tcp        0      0 192.168.0.32:7835           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:4849           192.168.0.191:3310          ESTABLISHED 
tcp        1      0 192.168.0.32:3223           192.168.0.191:3310          CLOSE_WAIT  
tcp        0      0 192.168.0.32:7849           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:7856           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:7841           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:7843           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:7836           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:10051          192.168.0.46:22262          ESTABLISHED 
tcp        0      0 60.191.141.203:10051        122.144.135.154:58848       ESTABLISHED 
tcp        0      0 192.168.0.32:56905          192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:7838           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:7855           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:7834           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 60.191.141.203:10051        121.196.43.143:6043         CLOSE_WAIT  
tcp        0      0 192.168.0.32:7840           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:4463           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:4723           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:59649          192.168.0.191:3310          ESTABLISHED 
tcp        0    122 192.168.0.32:7837           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:60746          192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:4721           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:7832           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 60.191.141.203:10051        121.196.43.143:7353         ESTABLISHED 
tcp        0      0 :::22                       :::*                        LISTEN      
tcp        0      0 ::1:25                      :::*                        LISTEN      
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     164052985 /tmp/mysqld3310.sock
unix  2      [ ACC ]     STREAM     LISTENING     232550146 @/var/run/hald/dbus-vA45u4luJL
unix  2      [ ACC ]     STREAM     LISTENING     7333   @/com/ubuntu/upstart
unix  2      [ ]         DGRAM                    7502   @/org/kernel/udev/udevd
unix  2      [ ACC ]     STREAM     LISTENING     9759   /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     9822   /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     10395  public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     10402  private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     10408  private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     10412  private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     10416  private/defer
unix  2      [ ]         DGRAM                    232550173 @/org/freedesktop/hal/udev_event
unix  2      [ ACC ]     STREAM     LISTENING     10420  private/trace
unix  2      [ ACC ]     STREAM     LISTENING     10424  private/verify
unix  2      [ ACC ]     STREAM     LISTENING     10428  public/flush
unix  2      [ ACC ]     STREAM     LISTENING     10432  private/proxymap
unix  2      [ ACC ]     STREAM     LISTENING     10436  private/proxywrite
unix  2      [ ACC ]     STREAM     LISTENING     10440  private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     10444  private/relay
unix  2      [ ACC ]     STREAM     LISTENING     10448  public/showq
unix  2      [ ACC ]     STREAM     LISTENING     10452  private/error
unix  2      [ ACC ]     STREAM     LISTENING     10456  private/retry
unix  2      [ ACC ]     STREAM     LISTENING     10460  private/discard
unix  2      [ ACC ]     STREAM     LISTENING     10464  private/local
unix  2      [ ACC ]     STREAM     LISTENING     10468  private/virtual
unix  2      [ ACC ]     STREAM     LISTENING     10473  private/lmtp
unix  2      [ ACC ]     STREAM     LISTENING     10477  private/anvil
unix  2      [ ACC ]     STREAM     LISTENING     10481  private/scache
unix  2      [ ACC ]     STREAM     LISTENING     10540  /var/run/abrt/abrt.socket
unix  4      [ ]         DGRAM                    317189542 /dev/log
unix  2      [ ACC ]     STREAM     LISTENING     232550151 @/var/run/hald/dbus-VvzTfvg7bK
unix  2      [ ]         DGRAM                    319288195 
unix  2      [ ]         DGRAM                    317190315 
unix  2      [ ]         DGRAM                    315803311 
unix  3      [ ]         STREAM     CONNECTED     232550356 /var/run/acpid.socket
unix  3      [ ]         STREAM     CONNECTED     232550355 
unix  3      [ ]         STREAM     CONNECTED     232550350 @/var/run/hald/dbus-vA45u4luJL
unix  3      [ ]         STREAM     CONNECTED     232550349 
unix  3      [ ]         STREAM     CONNECTED     232550337 @/var/run/hald/dbus-vA45u4luJL
unix  3      [ ]         STREAM     CONNECTED     232550256 
unix  3      [ ]         STREAM     CONNECTED     232550168 @/var/run/hald/dbus-VvzTfvg7bK
unix  3      [ ]         STREAM     CONNECTED     232550167 
unix  3      [ ]         STREAM     CONNECTED     232550148 /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     232550147 
unix  2      [ ]         DGRAM                    231859187 
unix  2      [ ]         DGRAM                    10675  
unix  2      [ ]         DGRAM                    10546  
unix  3      [ ]         STREAM     CONNECTED     10543  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     10542  
unix  3      [ ]         STREAM     CONNECTED     10484  
unix  3      [ ]         STREAM     CONNECTED     10483  
unix  3      [ ]         STREAM     CONNECTED     10480  
unix  3      [ ]         STREAM     CONNECTED     10479  
unix  3      [ ]         STREAM     CONNECTED     10476  
unix  3      [ ]         STREAM     CONNECTED     10475  
unix  3      [ ]         STREAM     CONNECTED     10472  
unix  3      [ ]         STREAM     CONNECTED     10471  
unix  3      [ ]         STREAM     CONNECTED     10467  
unix  3      [ ]         STREAM     CONNECTED     10466  
unix  3      [ ]         STREAM     CONNECTED     10463  
unix  3      [ ]         STREAM     CONNECTED     10462  
unix  3      [ ]         STREAM     CONNECTED     10459  
unix  3      [ ]         STREAM     CONNECTED     10458  
unix  3      [ ]         STREAM     CONNECTED     10455  
unix  3      [ ]         STREAM     CONNECTED     10454  
unix  3      [ ]         STREAM     CONNECTED     10451  
unix  3      [ ]         STREAM     CONNECTED     10450  
unix  3      [ ]         STREAM     CONNECTED     10447  
unix  3      [ ]         STREAM     CONNECTED     10446  
unix  3      [ ]         STREAM     CONNECTED     10443  
unix  3      [ ]         STREAM     CONNECTED     10442  
unix  3      [ ]         STREAM     CONNECTED     10439  
unix  3      [ ]         STREAM     CONNECTED     10438  
unix  3      [ ]         STREAM     CONNECTED     10435  
unix  3      [ ]         STREAM     CONNECTED     10434  
unix  3      [ ]         STREAM     CONNECTED     10431  
unix  3      [ ]         STREAM     CONNECTED     10430  
unix  3      [ ]         STREAM     CONNECTED     10427  
unix  3      [ ]         STREAM     CONNECTED     10426  
unix  3      [ ]         STREAM     CONNECTED     10423  
unix  3      [ ]         STREAM     CONNECTED     10422  
unix  3      [ ]         STREAM     CONNECTED     10419  
unix  3      [ ]         STREAM     CONNECTED     10418  
unix  3      [ ]         STREAM     CONNECTED     10415  
unix  3      [ ]         STREAM     CONNECTED     10414  
unix  3      [ ]         STREAM     CONNECTED     10411  
unix  3      [ ]         STREAM     CONNECTED     10410  
unix  3      [ ]         STREAM     CONNECTED     10407  
unix  3      [ ]         STREAM     CONNECTED     10406  
unix  3      [ ]         STREAM     CONNECTED     10401  
unix  3      [ ]         STREAM     CONNECTED     10400  
unix  3      [ ]         STREAM     CONNECTED     10398  
unix  3      [ ]         STREAM     CONNECTED     10397  
unix  3      [ ]         STREAM     CONNECTED     10394  
unix  3      [ ]         STREAM     CONNECTED     10393  
unix  3      [ ]         STREAM     CONNECTED     10391  
unix  3      [ ]         STREAM     CONNECTED     10390  
unix  2      [ ]         DGRAM                    10337  
unix  3      [ ]         STREAM     CONNECTED     9771   /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     9770   
unix  3      [ ]         STREAM     CONNECTED     9764   
unix  3      [ ]         STREAM     CONNECTED     9763   
unix  3      [ ]         DGRAM                    7519   
unix  3      [ ]         DGRAM                    7518   
Linux Master-Zabbix-Server.shopex.cn 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6 19:48:22 GMT 2011 x86_64 x86_64 x86_64 GNU/Linux
em1       Link encap:Ethernet  HWaddr 00:26:B9:4A:EC:EB  
          inet addr:192.168.0.32  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::226:b9ff:fe4a:eceb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:73683143570 errors:0 dropped:30154 overruns:0 frame:0
          TX packets:42343432114 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:39009066907375 (35.4 TiB)  TX bytes:16408077369508 (14.9 TiB)
          Interrupt:36 Memory:da000000-da012800 
em2       Link encap:Ethernet  HWaddr 00:26:B9:4A:EC:EC  
          inet addr:60.191.141.203  Bcast:60.191.141.255  Mask:255.255.255.0
          inet6 addr: fe80::226:b9ff:fe4a:ecec/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1145373190 errors:0 dropped:0 overruns:0 frame:0
          TX packets:503615162 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1248257721492 (1.1 TiB)  TX bytes:36549974818 (34.0 GiB)
          Interrupt:48 Memory:dc000000-dc012800 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:264968913 errors:0 dropped:0 overruns:0 frame:0
          TX packets:264968913 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:15383764730 (14.3 GiB)  TX bytes:15383764730 (14.3 GiB)

漏洞证明：

#1
问题来了
站点1：http://121.196.43.143/

居然提示没有zabbix.users这个表。
心想，是不是运维人员手贱改了表名吧，咱试试zabbix1.users,不行，那试zabbix2.users这个表名，咦，还真猜中了。

好了，管理名为xuqinyong，md5也有了，去破解，得到密码。
#2
该去登录站点了

好家伙几百台设备，大概看了下，基本覆盖ShopEx所有线上主机、数据库、mem、网络设备等。

命令执行~~

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 0.0.0.0:3310                0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:10050               0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:10051               0.0.0.0:*                   LISTEN      
tcp        0      0 192.168.0.32:63965          192.168.0.191:3310          ESTABLISHED 
tcp        0      1 192.168.0.32:64371          192.168.0.191:3310          LAST_ACK    
tcp        0      0 192.168.0.32:7835           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:4849           192.168.0.191:3310          ESTABLISHED 
tcp        1      0 192.168.0.32:3223           192.168.0.191:3310          CLOSE_WAIT  
tcp        0      0 192.168.0.32:7849           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:7856           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:7841           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:7843           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:7836           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:10051          192.168.0.46:22262          ESTABLISHED 
tcp        0      0 60.191.141.203:10051        122.144.135.154:58848       ESTABLISHED 
tcp        0      0 192.168.0.32:56905          192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:7838           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:7855           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:7834           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 60.191.141.203:10051        121.196.43.143:6043         CLOSE_WAIT  
tcp        0      0 192.168.0.32:7840           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:4463           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:4723           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:59649          192.168.0.191:3310          ESTABLISHED 
tcp        0    122 192.168.0.32:7837           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:60746          192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:4721           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 192.168.0.32:7832           192.168.0.191:3310          ESTABLISHED 
tcp        0      0 60.191.141.203:10051        121.196.43.143:7353         ESTABLISHED 
tcp        0      0 :::22                       :::*                        LISTEN      
tcp        0      0 ::1:25                      :::*                        LISTEN      
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     164052985 /tmp/mysqld3310.sock
unix  2      [ ACC ]     STREAM     LISTENING     232550146 @/var/run/hald/dbus-vA45u4luJL
unix  2      [ ACC ]     STREAM     LISTENING     7333   @/com/ubuntu/upstart
unix  2      [ ]         DGRAM                    7502   @/org/kernel/udev/udevd
unix  2      [ ACC ]     STREAM     LISTENING     9759   /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     9822   /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     10395  public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     10402  private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     10408  private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     10412  private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     10416  private/defer
unix  2      [ ]         DGRAM                    232550173 @/org/freedesktop/hal/udev_event
unix  2      [ ACC ]     STREAM     LISTENING     10420  private/trace
unix  2      [ ACC ]     STREAM     LISTENING     10424  private/verify
unix  2      [ ACC ]     STREAM     LISTENING     10428  public/flush
unix  2      [ ACC ]     STREAM     LISTENING     10432  private/proxymap
unix  2      [ ACC ]     STREAM     LISTENING     10436  private/proxywrite
unix  2      [ ACC ]     STREAM     LISTENING     10440  private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     10444  private/relay
unix  2      [ ACC ]     STREAM     LISTENING     10448  public/showq
unix  2      [ ACC ]     STREAM     LISTENING     10452  private/error
unix  2      [ ACC ]     STREAM     LISTENING     10456  private/retry
unix  2      [ ACC ]     STREAM     LISTENING     10460  private/discard
unix  2      [ ACC ]     STREAM     LISTENING     10464  private/local
unix  2      [ ACC ]     STREAM     LISTENING     10468  private/virtual
unix  2      [ ACC ]     STREAM     LISTENING     10473  private/lmtp
unix  2      [ ACC ]     STREAM     LISTENING     10477  private/anvil
unix  2      [ ACC ]     STREAM     LISTENING     10481  private/scache
unix  2      [ ACC ]     STREAM     LISTENING     10540  /var/run/abrt/abrt.socket
unix  4      [ ]         DGRAM                    317189542 /dev/log
unix  2      [ ACC ]     STREAM     LISTENING     232550151 @/var/run/hald/dbus-VvzTfvg7bK
unix  2      [ ]         DGRAM                    319288195 
unix  2      [ ]         DGRAM                    317190315 
unix  2      [ ]         DGRAM                    315803311 
unix  3      [ ]         STREAM     CONNECTED     232550356 /var/run/acpid.socket
unix  3      [ ]         STREAM     CONNECTED     232550355 
unix  3      [ ]         STREAM     CONNECTED     232550350 @/var/run/hald/dbus-vA45u4luJL
unix  3      [ ]         STREAM     CONNECTED     232550349 
unix  3      [ ]         STREAM     CONNECTED     232550337 @/var/run/hald/dbus-vA45u4luJL
unix  3      [ ]         STREAM     CONNECTED     232550256 
unix  3      [ ]         STREAM     CONNECTED     232550168 @/var/run/hald/dbus-VvzTfvg7bK
unix  3      [ ]         STREAM     CONNECTED     232550167 
unix  3      [ ]         STREAM     CONNECTED     232550148 /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     232550147 
unix  2      [ ]         DGRAM                    231859187 
unix  2      [ ]         DGRAM                    10675  
unix  2      [ ]         DGRAM                    10546  
unix  3      [ ]         STREAM     CONNECTED     10543  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     10542  
unix  3      [ ]         STREAM     CONNECTED     10484  
unix  3      [ ]         STREAM     CONNECTED     10483  
unix  3      [ ]         STREAM     CONNECTED     10480  
unix  3      [ ]         STREAM     CONNECTED     10479  
unix  3      [ ]         STREAM     CONNECTED     10476  
unix  3      [ ]         STREAM     CONNECTED     10475  
unix  3      [ ]         STREAM     CONNECTED     10472  
unix  3      [ ]         STREAM     CONNECTED     10471  
unix  3      [ ]         STREAM     CONNECTED     10467  
unix  3      [ ]         STREAM     CONNECTED     10466  
unix  3      [ ]         STREAM     CONNECTED     10463  
unix  3      [ ]         STREAM     CONNECTED     10462  
unix  3      [ ]         STREAM     CONNECTED     10459  
unix  3      [ ]         STREAM     CONNECTED     10458  
unix  3      [ ]         STREAM     CONNECTED     10455  
unix  3      [ ]         STREAM     CONNECTED     10454  
unix  3      [ ]         STREAM     CONNECTED     10451  
unix  3      [ ]         STREAM     CONNECTED     10450  
unix  3      [ ]         STREAM     CONNECTED     10447  
unix  3      [ ]         STREAM     CONNECTED     10446  
unix  3      [ ]         STREAM     CONNECTED     10443  
unix  3      [ ]         STREAM     CONNECTED     10442  
unix  3      [ ]         STREAM     CONNECTED     10439  
unix  3      [ ]         STREAM     CONNECTED     10438  
unix  3      [ ]         STREAM     CONNECTED     10435  
unix  3      [ ]         STREAM     CONNECTED     10434  
unix  3      [ ]         STREAM     CONNECTED     10431  
unix  3      [ ]         STREAM     CONNECTED     10430  
unix  3      [ ]         STREAM     CONNECTED     10427  
unix  3      [ ]         STREAM     CONNECTED     10426  
unix  3      [ ]         STREAM     CONNECTED     10423  
unix  3      [ ]         STREAM     CONNECTED     10422  
unix  3      [ ]         STREAM     CONNECTED     10419  
unix  3      [ ]         STREAM     CONNECTED     10418  
unix  3      [ ]         STREAM     CONNECTED     10415  
unix  3      [ ]         STREAM     CONNECTED     10414  
unix  3      [ ]         STREAM     CONNECTED     10411  
unix  3      [ ]         STREAM     CONNECTED     10410  
unix  3      [ ]         STREAM     CONNECTED     10407  
unix  3      [ ]         STREAM     CONNECTED     10406  
unix  3      [ ]         STREAM     CONNECTED     10401  
unix  3      [ ]         STREAM     CONNECTED     10400  
unix  3      [ ]         STREAM     CONNECTED     10398  
unix  3      [ ]         STREAM     CONNECTED     10397  
unix  3      [ ]         STREAM     CONNECTED     10394  
unix  3      [ ]         STREAM     CONNECTED     10393  
unix  3      [ ]         STREAM     CONNECTED     10391  
unix  3      [ ]         STREAM     CONNECTED     10390  
unix  2      [ ]         DGRAM                    10337  
unix  3      [ ]         STREAM     CONNECTED     9771   /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     9770   
unix  3      [ ]         STREAM     CONNECTED     9764   
unix  3      [ ]         STREAM     CONNECTED     9763   
unix  3      [ ]         DGRAM                    7519   
unix  3      [ ]         DGRAM                    7518   
Linux Master-Zabbix-Server.shopex.cn 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6 19:48:22 GMT 2011 x86_64 x86_64 x86_64 GNU/Linux
em1       Link encap:Ethernet  HWaddr 00:26:B9:4A:EC:EB  
          inet addr:192.168.0.32  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::226:b9ff:fe4a:eceb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:73683143570 errors:0 dropped:30154 overruns:0 frame:0
          TX packets:42343432114 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:39009066907375 (35.4 TiB)  TX bytes:16408077369508 (14.9 TiB)
          Interrupt:36 Memory:da000000-da012800 
em2       Link encap:Ethernet  HWaddr 00:26:B9:4A:EC:EC  
          inet addr:60.191.141.203  Bcast:60.191.141.255  Mask:255.255.255.0
          inet6 addr: fe80::226:b9ff:fe4a:ecec/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1145373190 errors:0 dropped:0 overruns:0 frame:0
          TX packets:503615162 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1248257721492 (1.1 TiB)  TX bytes:36549974818 (34.0 GiB)
          Interrupt:48 Memory:dc000000-dc012800 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:264968913 errors:0 dropped:0 overruns:0 frame:0
          TX packets:264968913 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:15383764730 (14.3 GiB)  TX bytes:15383764730 (14.3 GiB)

修复方案：

你们更专业啦！

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：10

确认时间：2015-01-21 09:48

厂商回复：

非常感谢您为shopex信息安全做的贡献
我们将尽快修复
非常感谢

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-093026

漏洞标题：ShopEx某站点zabbix注入导致主节点命令执行

相关厂商：ShopEx

漏洞作者：路人甲

提交时间：2015-01-21 09:37

修复时间：2015-03-07 09:38

公开时间：2015-03-07 09:38

漏洞类型：系统/服务运维配置不当

危害等级：高

自评Rank：15

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-093026

漏洞标题：ShopEx某站点zabbix注入导致主节点命令执行

相关厂商：ShopEx

漏洞作者： 路人甲

提交时间：2015-01-21 09:37

修复时间：2015-03-07 09:38

公开时间：2015-03-07 09:38

漏洞类型：系统/服务运维配置不当

危害等级：高

自评Rank：15

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-093026"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云