当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-097124

漏洞标题:12306几处命令执行漏洞打包

相关厂商:12306

漏洞作者:

提交时间:2015-02-13 15:31

修复时间:2015-03-30 15:32

公开时间:2015-03-30 15:32

漏洞类型:命令执行

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-02-13: 细节已通知厂商并且等待厂商处理中
2015-02-15: 厂商已经确认,细节仅向厂商公开
2015-02-25: 细节向核心白帽子及相关领域专家公开
2015-03-07: 细节向普通白帽子公开
2015-03-17: 细节向实习白帽子公开
2015-03-30: 细节向公众公开

简要描述:

*遗留问题*

详细说明:

0x1:
http://www.wulmq.12306.cn:7001/Dzsw/Shky/hwky.nei/productdesfwzn.action

root


Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 10.224.15.31:7001 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7001 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.2:7001 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:38888 0.0.0.0:* LISTEN
tcp 0 0 10.224.15.31:7001 120.71.102.19:19197 TIME_WAIT
tcp 0 0 10.224.15.31:7001 120.71.102.19:19190 TIME_WAIT
tcp 0 0 10.224.15.31:56816 10.224.15.32:1521 TIME_WAIT
tcp 0 0 10.224.15.31:7001 59.53.182.49:63126 TIME_WAIT
tcp 0 1 10.224.15.31:7001 120.71.102.19:19201 LAST_ACK
tcp 0 0 10.224.15.31:56811 10.224.15.32:1521 TIME_WAIT
tcp 0 0 10.224.15.31:7001 120.71.102.19:18950 TIME_WAIT
tcp 0 0 10.224.15.31:7001 59.53.182.49:63122 ESTABLISHED
tcp 0 1 10.224.15.31:60066 174.128.255.228:36000 SYN_SENT
tcp 0 0 10.224.15.31:47714 10.224.15.32:1521 ESTABLISHED
tcp 0 0 10.224.15.31:7001 59.53.182.49:63394 FIN_WAIT2
tcp 0 0 10.224.15.31:56818 10.224.15.32:1521 ESTABLISHED
tcp 0 0 10.224.15.31:7001 66.249.69.103:56268 ESTABLISHED
tcp 0 0 10.224.15.31:7001 59.53.182.49:63264 ESTABLISHED
tcp 0 0 10.224.15.31:7001 120.71.102.19:18965 TIME_WAIT
tcp 0 0 10.224.15.31:7001 66.249.69.119:57710 ESTABLISHED
tcp 0 0 10.224.15.31:56810 10.224.15.32:1521 TIME_WAIT
tcp 0 1 10.224.15.31:7001 120.71.102.19:19199 LAST_ACK
tcp 0 1 10.224.15.31:7001 120.71.102.19:19200 LAST_ACK
tcp 0 1 10.224.15.31:7001 120.71.102.19:19198 LAST_ACK
udp 0 0 0.0.0.0:832 0.0.0.0:*
udp 0 0 0.0.0.0:111 0.0.0.0:*
udp 0 0 0.0.0.0:631 0.0.0.0:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 19113727 /tmp/unique/org.gnome.MainMenu.:0.0.17754
unix 2 [ ACC ] STREAM LISTENING 8056 /var/run/nscd/socket
unix 2 [ ACC ] STREAM LISTENING 6330 @/var/run/hald/dbus-E6tyMLL8rx
unix 2 [ ACC ] STREAM LISTENING 21062 /tmp/unique/org.gnome.VolumeControlApplet.:0.0.17677
unix 2 [ ACC ] STREAM LISTENING 19727 /tmp/scim-panel-socket:0-root
unix 2 [ ACC ] STREAM LISTENING 19780 @/tmp/dbus-7Kj8hnUMsM
unix 2 [ ACC ] STREAM LISTENING 6044 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 8805 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 8812 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 8816 private/bounce
unix 2 [ ACC ] STREAM LISTENING 8820 private/defer
unix 2 [ ACC ] STREAM LISTENING 8824 private/trace
unix 2 [ ACC ] STREAM LISTENING 8828 private/verify
unix 2 [ ACC ] STREAM LISTENING 8832 public/flush
unix 2 [ ACC ] STREAM LISTENING 8836 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 8840 private/smtp
unix 2 [ ACC ] STREAM LISTENING 8844 pr


0x2:
http://www.lanzh.12306.cn/Dzsw/Shky/hwky.nei/dbwd.action
存在S2-019漏洞

权限:
root
路径:
/app/Oracle/Middleware/user_projects/domains/hwky_domain/servers/AdminServer/stage/hwky.nei/hwky.nei


0x3:
http://www.nann.12306.cn/Dzsw/Shky/hwky.nei/qiyejianjiegywm.action

root


Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 *.13 *.* LISTEN
tcp 0 0 *.21 *.* LISTEN
tcp 0 0 *.23 *.* LISTEN
tcp4 0 0 *.25 *.* LISTEN
tcp4 0 0 *.37 *.* LISTEN
tcp4 0 0 *.111 *.* LISTEN
tcp 0 0 *.199 *.* LISTEN
tcp 0 0 *.427 *.* LISTEN
tcp 0 0 *.512 *.* LISTEN
tcp 0 0 *.513 *.* LISTEN
tcp 0 0 *.514 *.* LISTEN
tcp 0 0 10.190.7.50.65443 10.190.13.83.9500 ESTABLISHED
tcp 0 0 10.190.7.50.65448 10.190.13.83.9500 ESTABLISHED
tcp 0 0 10.190.7.50.65452 10.190.13.83.9500 ESTABLISHED
tcp 0 0 10.190.7.50.43069 10.190.13.83.9500 ESTABLISHED
tcp 0 0 10.190.7.50.43124 10.190.13.83.9500 ESTABLISHED
tcp 0 0 *.5988 *.* LISTEN
tcp 0 0 *.5989 *.* LISTEN
tcp4 0 0 *.6112 *.* LISTEN
tcp 0 0 *.6181 *.* LISTEN
tcp 0 0 *.6988 *.* LISTEN
tcp4 0 0 *.32768 *.* LISTEN
tcp 0 0 *.32769 *.* LISTEN
tcp4 0 0 *.32770 *.* LISTEN
tcp4 0 0 *.32771 *.* LISTEN
tcp4 0 0 *.32772 *.* LISTEN
tcp 0 0 10.190.7.50.49002 10.190.13.83.9500 ESTABLISHED
tcp 0 0 10.190.7.50.49003 10.190.13.83.9500 ESTABLISHED
tcp 0 0 10.190.7.50.49006 10.190.13.83.9500 ESTABLISHED
tcp 0 0 10.190.7.50.49008 10.190.13.83.9500 ESTABLISHED
tcp6 0 0 ::1.9001 *.* LISTEN
tcp4 0 0 10.190.7.50.7002 10.190.7.36.29122 ESTABLISHED
tcp 0 0 10.190.7.50.34662 10.190.7.41.1521 ESTABLISHED
tcp 0 0 10.190.7.50.34663 10.190.7.41.1521 ESTABLISHED
tcp4 0 0 10.190.7.50.9001 10.190.7.36.29138 FIN_WAIT_2
tcp4 0 0 10.190.7.50.9001 10.190.7.37.29164 ESTABLISHED
tcp 0 0 127.0.0.1.9001 *.* LISTEN
tcp4 0 0 *.38888 *.* LISTEN
tcp4 0 0 10.190.7.50.38888 10.190.7.51.2380 ESTABLISHED
tcp 0 0 10.190.7.50.60113 10.190.7.49.7001 ESTABLISHED
tcp 0 0 10.190.7.50.60144 10.190.7.49.7002 ESTABLISHED
tcp 0 0 *.16191 *.* LISTEN
tcp 0 0 10.190.7.50.33107 10.190.13.83.9500 ESTABLISHED
tcp 0 0 10.190.7.50.7002 *.* LISTEN
tcp 0 0 10.190.7.50.34298 10.190.13.83.9500 ESTABLISHED
tcp 0 0 10.190.7.50.9001 *.* LISTEN
tcp 0 0 10.190.7.50.36709 10.190.13.83.9500 ESTABLISHED
tcp 0 0 10.190.7.50.38380 10.190.13.83.9500 ESTABLISHED
tcp 0 0 10.190.7.50.38643 10.190.13.83.9500 ESTABLISHED
tcp 0 0 10.190.7.50.38644 10.190.13.83.9500 ESTABLISHED
tcp 0 0 10.190.7.50.38680 10.190.13.83.9500 ESTABLISHED
tcp 0 0 10.190.7.50.38681 10.190.13.83.

漏洞证明:

修复方案:

*遗留问题*

版权声明:转载请注明来源 @乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:9

确认时间:2015-02-15 08:29

厂商回复:

正在修复,谢谢。

最新状态:

暂无


漏洞评价:

评论

  1. 2015-02-13 15:37 | 疯子 ( 普通白帽子 | Rank:242 漏洞数:42 | 世人笑我太疯癫,我笑世人看不穿~)

    ID不错

  2. 2015-02-13 16:17 | 动后河 ( 实习白帽子 | Rank:51 漏洞数:13 | ☭)

    猜测1:struts2猜测2:不是主站猜测3:已经多人光顾

  3. 2015-04-01 14:31 | tSt ( 路人 | Rank:27 漏洞数:7 | 在开发里运维最强,运维里网络最强,网络里...)

    ID不错啊