北京外交人员服务局存在“Java 反序列化”漏洞，并getshell

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0167126

漏洞标题：北京外交人员服务局存在“Java 反序列化”漏洞，并getshell

漏洞作者：朱元璋

提交时间：2016-01-05 17:54

修复时间：2016-02-22 17:50

公开时间：2016-02-22 17:50

漏洞类型：系统/服务补丁不及时

危害等级：高

自评Rank：15

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2016-01-05：细节已通知厂商并且等待厂商处理中
2016-01-08：厂商已经确认，细节仅向厂商公开
2016-01-18：细节向核心白帽子及相关领域专家公开
2016-01-28：细节向普通白帽子公开
2016-02-07：细节向实习白帽子公开
2016-02-22：细节向公众公开
简要描述：

中国交远国际经济技术合作公司是外交部北京外交人员服务局直属国有企业，经外交部、外经贸部（现商务部）、国家工商行政管理总局批准，于1991年由外交部北京外交人员服务局投资成立，是外交部系统持有国家特许经营资质最为完备的综合性公司。
详细说明：

站点http://**.**.**.**/存在“Java 反序列化”漏洞
直接上传木马到服务器中
漏洞证明：

[/home/agriculture/software/jboss/server/node1/tmp/3j001-8szw8f-iifua67b-1-iifuah1e-13/guizhou-ear.ear/guizhou.war/guizhou/]$ whoami
agriculture
/bin/sh: line 0: cd: /home/agriculture/software/jboss/server/node1/tmp/3j001-8szw8f-iifua67b-1-iifuah1e-13/guizhou-ear.ear/guizhou.war/guizhou/: No such file or directory
[/home/agriculture/software/jboss/bin/]$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
saslauth:x:499:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
agriculture:x:500:500::/home/agriculture:/bin/bash
mysql:x:501:501::/home/mysql:/sbin/nologin
cabinet:x:502:502::/home/cabinet:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
[/home/agriculture/software/jboss/bin/]$ ifconfig
eth0      Link encap:Ethernet  HWaddr 78:E7:D1:F5:64:36  
          inet addr:**.**.**.**  Bcast:**.**.**.**  Mask:**.**.**.**
          inet6 addr: fe80::7ae7:d1ff:fef5:6436/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5302051499 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5128746865 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4961057943676 (4.5 TiB)  TX bytes:4207645218447 (3.8 TiB)
          Interrupt:16 
lo        Link encap:Local Loopback  
          inet addr:**.**.**.**  Mask:**.**.**.**
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:35634915 errors:0 dropped:0 overruns:0 frame:0
          TX packets:35634915 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:16517964717 (15.3 GiB)  TX bytes:16517964717 (15.3 GiB)
[/home/agriculture/software/jboss/bin/]$ cat /etc/resolv.conf
nameserver **.**.**.**
nameserver **.**.**.**
[/home/agriculture/software/jboss/bin/]$ bash prompt:
bash: prompt:: No such file or directory
[/home/agriculture/software/jboss/bin/]$ lsb_release -a
/bin/sh: lsb_release: command not found
[/home/agriculture/software/jboss/bin/]$ arp -a
localhost (**.**.**.**) at 00:22:a1:07:40:1b [ether] on eth0
localhost (**.**.**.**) at b8:ca:3a:f6:04:74 [ether] on eth0
localhost (**.**.**.**) at 14:18:77:3b:87:fa [ether] on eth0
[/home/agriculture/software/jboss/bin/]$ netstat -ano
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       Timer
tcp        0      0 **.**.**.**:4747                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:4812                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:3628                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:4748                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:8109                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:4813                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:4557                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:4173                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:1198                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:1199                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:1200                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:37168             **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:1201                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:57105             **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:48114             **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:51443               **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:8180                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:5012                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:8309                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:5013                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:1398                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:22                  **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:43735             **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:8183                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:1399                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:1400                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:51320             **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:41241             **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:1401                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:25                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:7900              **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:8380                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:8383                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:4544                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:21056               **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:4545                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:36929             **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:4546                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:59715             **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:4547                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:4548                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:3973                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:1190                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:51432             **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:4744                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:4745                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:4746                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:3306                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:44110         **.**.**.**:3306          ESTABLISHED keepalive (6115.78/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37290         ESTABLISHED keepalive (7015.64/0/0)
tcp        0      0 **.**.**.**:48619         **.**.**.**:3306          ESTABLISHED keepalive (5989.61/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37171         ESTABLISHED keepalive (5215.87/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37299         ESTABLISHED keepalive (7015.66/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37287         ESTABLISHED keepalive (7015.63/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37282         ESTABLISHED keepalive (7015.62/0/0)
tcp        0      0 **.**.**.**:8109              **.**.**.**:53258             ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:37294         **.**.**.**:3306          ESTABLISHED keepalive (7015.65/0/0)
tcp        0      0 **.**.**.**:37288         **.**.**.**:3306          ESTABLISHED keepalive (7015.63/0/0)
tcp        0      0 **.**.**.**:8109          **.**.**.**:41383         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37291         ESTABLISHED keepalive (7015.64/0/0)
tcp        0      0 **.**.**.**:37977             **.**.**.**:8109              ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:44060         **.**.**.**:3306          ESTABLISHED keepalive (5215.91/0/0)
tcp        0      0 **.**.**.**:37278         **.**.**.**:3306          ESTABLISHED keepalive (7015.60/0/0)
tcp        0      0 **.**.**.**:8109          **.**.**.**:43512         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37284         ESTABLISHED keepalive (7015.62/0/0)
tcp        0      0 **.**.**.**:37292         **.**.**.**:3306          ESTABLISHED keepalive (7015.64/0/0)
tcp        0      0 **.**.**.**:8109          **.**.**.**:41326         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:38086             **.**.**.**:8109              ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:44063         **.**.**.**:3306          ESTABLISHED keepalive (5215.92/0/0)
tcp        0      0 **.**.**.**:53132             **.**.**.**:8109              ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:37173         **.**.**.**:3306          ESTABLISHED keepalive (5215.88/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37298         ESTABLISHED keepalive (7015.66/0/0)
tcp        0      0 **.**.**.**:8109          **.**.**.**:41319         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:37181         **.**.**.**:3306          ESTABLISHED keepalive (5215.90/0/0)
tcp        0      0 **.**.**.**:37182         **.**.**.**:3306          ESTABLISHED keepalive (5215.91/0/0)
tcp        0      0 **.**.**.**:8109          **.**.**.**:41431         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:8109              **.**.**.**:38004             ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:37280         **.**.**.**:3306          ESTABLISHED keepalive (7015.61/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37296         ESTABLISHED keepalive (7015.65/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37278         ESTABLISHED keepalive (7015.60/0/0)
tcp        0      0 **.**.**.**:48625         **.**.**.**:3306          ESTABLISHED keepalive (5989.64/0/0)
tcp        0      0 **.**.**.**:8109              **.**.**.**:34751             ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37178         ESTABLISHED keepalive (5215.89/0/0)
tcp        0      0 **.**.**.**:8109          **.**.**.**:35314         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:37293         **.**.**.**:3306          ESTABLISHED keepalive (7015.64/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37293         ESTABLISHED keepalive (7015.64/0/0)
tcp        0      0 **.**.**.**:37225         **.**.**.**:3306          ESTABLISHED keepalive (6115.74/0/0)
tcp        0      0 **.**.**.**:48620         **.**.**.**:3306          ESTABLISHED keepalive (5989.61/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37174         ESTABLISHED keepalive (5215.88/0/0)
tcp        0      0 **.**.**.**:48622         **.**.**.**:3306          ESTABLISHED keepalive (5989.62/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37224         ESTABLISHED keepalive (6115.74/0/0)
tcp        0      0 **.**.**.**:44062         **.**.**.**:3306          ESTABLISHED keepalive (5215.92/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37182         ESTABLISHED keepalive (5215.90/0/0)
tcp        0      0 **.**.**.**:8309          **.**.**.**:37173         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:8109              **.**.**.**:37977             ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:8109          **.**.**.**:41346         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:37180         **.**.**.**:3306          ESTABLISHED keepalive (5215.90/0/0)
tcp        0      0 **.**.**.**:44105         **.**.**.**:3306          ESTABLISHED keepalive (6115.75/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37222         ESTABLISHED keepalive (6115.73/0/0)
tcp        0      0 **.**.**.**:38004             **.**.**.**:8109              ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37172         ESTABLISHED keepalive (5215.88/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37170         ESTABLISHED keepalive (5215.87/0/0)
tcp        0      0 **.**.**.**:48270         **.**.**.**:3306          ESTABLISHED keepalive (6791.68/0/0)
tcp        0      0 **.**.**.**:44109         **.**.**.**:3306          ESTABLISHED keepalive (6115.77/0/0)
tcp        0      0 **.**.**.**:39551             **.**.**.**:51443             TIME_WAIT   timewait (59.44/0/0)
tcp        0      0 **.**.**.**:8109              **.**.**.**:52803             ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37281         ESTABLISHED keepalive (7015.61/0/0)
tcp        0      0 **.**.**.**:37291         **.**.**.**:3306          ESTABLISHED keepalive (7015.64/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37180         ESTABLISHED keepalive (5215.90/0/0)
tcp        0      0 **.**.**.**:37222         **.**.**.**:3306          ESTABLISHED keepalive (6115.73/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37226         ESTABLISHED keepalive (6115.74/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37294         ESTABLISHED keepalive (7015.64/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37285         ESTABLISHED keepalive (7015.62/0/0)
tcp        0      0 **.**.**.**:37287         **.**.**.**:3306          ESTABLISHED keepalive (7015.62/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37286         ESTABLISHED keepalive (7015.62/0/0)
tcp        0      0 **.**.**.**:37282         **.**.**.**:3306          ESTABLISHED keepalive (7015.61/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37176         ESTABLISHED keepalive (5215.89/0/0)
tcp        0      0 **.**.**.**:37177         **.**.**.**:3306          ESTABLISHED keepalive (5215.89/0/0)
tcp        0      0 **.**.**.**:52651             **.**.**.**:8109              ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:8109          **.**.**.**:41330         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:37296         **.**.**.**:3306          ESTABLISHED keepalive (7015.65/0/0)
tcp        0      0 **.**.**.**:37227         **.**.**.**:3306          ESTABLISHED keepalive (6115.75/0/0)
tcp        0      0 **.**.**.**:44064         **.**.**.**:3306          ESTABLISHED keepalive (5215.92/0/0)
tcp        0      0 **.**.**.**:48676         **.**.**.**:3306          ESTABLISHED keepalive (6902.01/0/0)
tcp        0      0 **.**.**.**:48657         **.**.**.**:3306          ESTABLISHED keepalive (6317.68/0/0)
tcp        0      0 **.**.**.**:37171         **.**.**.**:3306          ESTABLISHED keepalive (5215.87/0/0)
tcp        0      0 **.**.**.**:8309          **.**.**.**:42610         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:48675         **.**.**.**:3306          ESTABLISHED keepalive (6889.47/0/0)
tcp        0      0 **.**.**.**:44111         **.**.**.**:3306          ESTABLISHED keepalive (6115.78/0/0)
tcp        0      0 **.**.**.**:8309          **.**.**.**:39832         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:37281         **.**.**.**:3306          ESTABLISHED keepalive (7015.61/0/0)
tcp        0      0 **.**.**.**:37178         **.**.**.**:3306          ESTABLISHED keepalive (5215.89/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37179         ESTABLISHED keepalive (5215.89/0/0)
tcp        0      0 **.**.**.**:48621         **.**.**.**:3306          ESTABLISHED keepalive (5989.61/0/0)
tcp        0      0 **.**.**.**:48196         **.**.**.**:3306          ESTABLISHED keepalive (4673.95/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37283         ESTABLISHED keepalive (7015.61/0/0)
tcp        0      0 **.**.**.**:44061         **.**.**.**:3306          ESTABLISHED keepalive (5215.91/0/0)
tcp        0      0 **.**.**.**:37279         **.**.**.**:3306          ESTABLISHED keepalive (7015.60/0/0)
tcp        0      0 **.**.**.**:37176         **.**.**.**:3306          ESTABLISHED keepalive (5215.88/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37279         ESTABLISHED keepalive (7015.60/0/0)
tcp        0      0 **.**.**.**:37289         **.**.**.**:3306          ESTABLISHED keepalive (7015.63/0/0)
tcp        0      0 **.**.**.**:37298         **.**.**.**:3306          ESTABLISHED keepalive (7015.65/0/0)
tcp        0      0 **.**.**.**:44108         **.**.**.**:3306          ESTABLISHED keepalive (6115.76/0/0)
tcp        0      0 **.**.**.**:48568         **.**.**.**:3306          ESTABLISHED keepalive (5089.74/0/0)
tcp        0      0 **.**.**.**:44112         **.**.**.**:3306          ESTABLISHED keepalive (6115.78/0/0)
tcp        0      0 **.**.**.**:44180         **.**.**.**:3306          ESTABLISHED keepalive (7015.68/0/0)
tcp        0      0 **.**.**.**:8109              **.**.**.**:52651             ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:48567         **.**.**.**:3306          ESTABLISHED keepalive (5089.73/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37295         ESTABLISHED keepalive (7015.64/0/0)
tcp        0      0 **.**.**.**:8109              **.**.**.**:38087             ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:37174         **.**.**.**:3306          ESTABLISHED keepalive (5215.87/0/0)
tcp        0      0 **.**.**.**:8309          **.**.**.**:42607         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:48540         **.**.**.**:3306          ESTABLISHED keepalive (4319.74/0/0)
tcp        0      0 **.**.**.**:37179         **.**.**.**:3306          ESTABLISHED keepalive (5215.89/0/0)
tcp        0      0 **.**.**.**:8309          **.**.**.**:42611         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37227         ESTABLISHED keepalive (6115.74/0/0)
tcp        0      0 **.**.**.**:37223         **.**.**.**:3306          ESTABLISHED keepalive (6115.73/0/0)
tcp        0      0 **.**.**.**:8109          **.**.**.**:47605         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:8309          **.**.**.**:42608         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:8309          **.**.**.**:35959         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:44178         **.**.**.**:3306          ESTABLISHED keepalive (7015.66/0/0)
tcp        0      0 **.**.**.**:48624         **.**.**.**:3306          ESTABLISHED keepalive (5989.62/0/0)
tcp        0      0 **.**.**.**:8109          **.**.**.**:44356         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:37226         **.**.**.**:3306          ESTABLISHED keepalive (6115.74/0/0)
tcp        0      0 **.**.**.**:8109              **.**.**.**:53132             ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:8309          **.**.**.**:35092         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37288         ESTABLISHED keepalive (7015.62/0/0)
tcp        0      0 **.**.**.**:8109          **.**.**.**:43235         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:37172         **.**.**.**:3306          ESTABLISHED keepalive (5215.87/0/0)
tcp        0      0 **.**.**.**:44177         **.**.**.**:3306          ESTABLISHED keepalive (7015.66/0/0)
tcp        0      0 **.**.**.**:44273         **.**.**.**:3306          ESTABLISHED keepalive (3802.90/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37177         ESTABLISHED keepalive (5215.88/0/0)
tcp        0      0 **.**.**.**:8109              **.**.**.**:38086             ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:37290         **.**.**.**:3306          ESTABLISHED keepalive (7015.62/0/0)
tcp        0      0 **.**.**.**:37295         **.**.**.**:3306          ESTABLISHED keepalive (7015.64/0/0)
tcp        0      0 **.**.**.**:53258             **.**.**.**:8109              ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:48674         **.**.**.**:3306          ESTABLISHED keepalive (6889.46/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37289         ESTABLISHED keepalive (7015.62/0/0)
tcp        0      0 **.**.**.**:8109          **.**.**.**:41347         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:44106         **.**.**.**:3306          ESTABLISHED keepalive (6115.74/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37173         ESTABLISHED keepalive (5215.87/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37297         ESTABLISHED keepalive (7015.64/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37292         ESTABLISHED keepalive (7015.63/0/0)
tcp        0      0 **.**.**.**:8109              **.**.**.**:38055             ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:48623         **.**.**.**:3306          ESTABLISHED keepalive (5989.61/0/0)
tcp        0      0 **.**.**.**:48569         **.**.**.**:3306          ESTABLISHED keepalive (5089.73/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37223         ESTABLISHED keepalive (6115.72/0/0)
tcp        0      0 **.**.**.**:37285         **.**.**.**:3306          ESTABLISHED keepalive (7015.61/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37225         ESTABLISHED keepalive (6115.73/0/0)
tcp        0      0 **.**.**.**:37299         **.**.**.**:3306          ESTABLISHED keepalive (7015.65/0/0)
tcp        0      0 **.**.**.**:37284         **.**.**.**:3306          ESTABLISHED keepalive (7015.60/0/0)
tcp        0      0 **.**.**.**:37297         **.**.**.**:3306          ESTABLISHED keepalive (7015.64/0/0)
tcp        0      0 **.**.**.**:44115         **.**.**.**:3306          ESTABLISHED keepalive (6115.79/0/0)
tcp        0      0 **.**.**.**:37224         **.**.**.**:3306          ESTABLISHED keepalive (6115.72/0/0)
tcp        0      0 **.**.**.**:37170         **.**.**.**:3306          ESTABLISHED keepalive (5215.85/0/0)
tcp        0      0 **.**.**.**:38055             **.**.**.**:8109              ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:44179         **.**.**.**:3306          ESTABLISHED keepalive (7015.66/0/0)
tcp        0      0 **.**.**.**:44114         **.**.**.**:3306          ESTABLISHED keepalive (6115.78/0/0)
tcp        0      0 **.**.**.**:52803             **.**.**.**:8109              ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:44107         **.**.**.**:3306          ESTABLISHED keepalive (6115.74/0/0)
tcp        0      0 **.**.**.**:8309          **.**.**.**:42609         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:48494         **.**.**.**:3306          ESTABLISHED keepalive (3948.19/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37280         ESTABLISHED keepalive (7015.59/0/0)
tcp        0      0 **.**.**.**:37283         **.**.**.**:3306          ESTABLISHED keepalive (7015.60/0/0)
tcp        0      0 **.**.**.**:37286         **.**.**.**:3306          ESTABLISHED keepalive (7015.60/0/0)
tcp        0      0 **.**.**.**:37175         **.**.**.**:3306          ESTABLISHED keepalive (5215.86/0/0)
tcp        0      0 **.**.**.**:8309          **.**.**.**:35500         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:38087             **.**.**.**:8109              ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37175         ESTABLISHED keepalive (5215.86/0/0)
tcp        0      0 **.**.**.**:3306          **.**.**.**:37181         ESTABLISHED keepalive (5215.88/0/0)
tcp        0      0 **.**.**.**:34751             **.**.**.**:8109              ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:44113         **.**.**.**:3306          ESTABLISHED keepalive (6115.77/0/0)
tcp        0      0 :::80                       :::*                        LISTEN      off (0.00/0/0)
tcp        0      0 :::22                       :::*                        LISTEN      off (0.00/0/0)
tcp        0      0 ::1:25                      :::*                        LISTEN      off (0.00/0/0)
tcp        0      0 ::ffff:**.**.**.**:80     ::ffff:**.**.**.**:2406   TIME_WAIT   timewait (37.82/0/0)
tcp        0      1 ::ffff:**.**.**.**:80     ::ffff:**.**.**.**:40500  LAST_ACK    on (0.98/0/0)
tcp        0      0 ::ffff:**.**.**.**:80     ::ffff:**.**.**.**:2405   TIME_WAIT   timewait (25.42/0/0)
tcp        0      0 ::ffff:**.**.**.**:80     ::ffff:**.**.**.**:2407   TIME_WAIT   timewait (59.89/0/0)
tcp        0      0 ::ffff:**.**.**.**:80     ::ffff:**.**.**.**:2400   TIME_WAIT   timewait (13.36/0/0)
tcp        0      0 ::ffff:**.**.**.**:80     ::ffff:**.**.**.**:2410   ESTABLISHED keepalive (7198.85/0/0)
udp        0      0 **.**.**.**:1261                **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:1262                **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:45688          **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:45688          **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:34301             **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:45710             **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:55701             **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:1461                **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:1462                **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:7500                **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:7500                **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:7500                **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:1102              **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:1102              **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:41048             **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:58977             **.**.**.**:*                               off (0.00/0/0)
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     8535   @/com/ubuntu/upstart
unix  2      [ ACC ]     STREAM     LISTENING     7297871 /home/database/mysql.sock
unix  2      [ ACC ]     STREAM     LISTENING     11035  public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     11042  private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     11046  private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     11050  private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     11054  private/defer
unix  2      [ ACC ]     STREAM     LISTENING     11058  private/trace
unix  2      [ ACC ]     STREAM     LISTENING     11062  private/verify
unix  2      [ ACC ]     STREAM     LISTENING     11066  public/flush
unix  2      [ ACC ]     STREAM     LISTENING     11070  private/proxymap
unix  2      [ ]         DGRAM                    9062   @/org/kernel/udev/udevd
unix  2      [ ACC ]     STREAM     LISTENING     11074  private/proxywrite
unix  2      [ ACC ]     STREAM     LISTENING     11078  private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     11082  private/relay
unix  2      [ ACC ]     STREAM     LISTENING     11086  public/showq
unix  2      [ ACC ]     STREAM     LISTENING     11090  private/error
unix  2      [ ACC ]     STREAM     LISTENING     11094  private/retry
unix  2      [ ACC ]     STREAM     LISTENING     11098  private/discard
unix  2      [ ACC ]     STREAM     LISTENING     11102  private/local
unix  2      [ ACC ]     STREAM     LISTENING     11106  private/virtual
unix  2      [ ACC ]     STREAM     LISTENING     11110  private/lmtp
unix  2      [ ACC ]     STREAM     LISTENING     11114  private/anvil
unix  2      [ ACC ]     STREAM     LISTENING     11118  private/scache
unix  7      [ ]         DGRAM                    10724  /dev/log
unix  2      [ ]         DGRAM                    11427845 
unix  2      [ ]         STREAM     CONNECTED     11210578 
unix  2      [ ]         STREAM     CONNECTED     10154543 
unix  2      [ ]         DGRAM                    1816285 
unix  2      [ ]         DGRAM                    11161  
unix  2      [ ]         DGRAM                    11145  
unix  3      [ ]         STREAM     CONNECTED     11121  
unix  3      [ ]         STREAM     CONNECTED     11120  
unix  3      [ ]         STREAM     CONNECTED     11117  
unix  3      [ ]         STREAM     CONNECTED     11116  
unix  3      [ ]         STREAM     CONNECTED     11113  
unix  3      [ ]         STREAM     CONNECTED     11112  
unix  3      [ ]         STREAM     CONNECTED     11109  
unix  3      [ ]         STREAM     CONNECTED     11108  
unix  3      [ ]         STREAM     CONNECTED     11105  
unix  3      [ ]         STREAM     CONNECTED     11104  
unix  3      [ ]         STREAM     CONNECTED     11101  
unix  3      [ ]         STREAM     CONNECTED     11100  
unix  3      [ ]         STREAM     CONNECTED     11097  
unix  3      [ ]         STREAM     CONNECTED     11096  
unix  3      [ ]         STREAM     CONNECTED     11093  
unix  3      [ ]         STREAM     CONNECTED     11092  
unix  3      [ ]         STREAM     CONNECTED     11089  
unix  3      [ ]         STREAM     CONNECTED     11088  
unix  3      [ ]         STREAM     CONNECTED     11085  
unix  3      [ ]         STREAM     CONNECTED     11084  
unix  3      [ ]         STREAM     CONNECTED     11081  
unix  3      [ ]         STREAM     CONNECTED     11080  
unix  3      [ ]         STREAM     CONNECTED     11077  
unix  3      [ ]         STREAM     CONNECTED     11076  
unix  3      [ ]         STREAM     CONNECTED     11073  
unix  3      [ ]         STREAM     CONNECTED     11072  
unix  3      [ ]         STREAM     CONNECTED     11069  
unix  3      [ ]         STREAM     CONNECTED     11068  
unix  3      [ ]         STREAM     CONNECTED     11065  
unix  3      [ ]         STREAM     CONNECTED     11064  
unix  3      [ ]         STREAM     CONNECTED     11061  
unix  3      [ ]         STREAM     CONNECTED     11060  
unix  3      [ ]         STREAM     CONNECTED     11057  
unix  3      [ ]         STREAM     CONNECTED     11056  
unix  3      [ ]         STREAM     CONNECTED     11053  
unix  3      [ ]         STREAM     CONNECTED     11052  
unix  3      [ ]         STREAM     CONNECTED     11049  
unix  3      [ ]         STREAM     CONNECTED     11048  
unix  3      [ ]         STREAM     CONNECTED     11045  
unix  3      [ ]         STREAM     CONNECTED     11044  
unix  3      [ ]         STREAM     CONNECTED     11041  
unix  3      [ ]         STREAM     CONNECTED     11040  
unix  3      [ ]         STREAM     CONNECTED     11038  
unix  3      [ ]         STREAM     CONNECTED     11037  
unix  3      [ ]         STREAM     CONNECTED     11032  
unix  3      [ ]         STREAM     CONNECTED     11031  
unix  3      [ ]         STREAM     CONNECTED     11029  
unix  3      [ ]         STREAM     CONNECTED     11028  
unix  2      [ ]         DGRAM                    10988  
unix  3      [ ]         DGRAM                    9081   
unix  3      [ ]         DGRAM                    9080   
[/home/agriculture/software/jboss/bin/]$
修复方案：

加强安全意识
版权声明：转载请注明来源朱元璋@乌云

漏洞回应

厂商回应：

危害等级：高
漏洞Rank：10
确认时间：2016-01-08 18:54
厂商回复：

CNVD确认并复现所述情况,已经转由CNCERT向国家上级信息安全协调机构上报,由其后续协调网站管理单位处置.
WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0167126

漏洞标题：北京外交人员服务局存在“Java 反序列化”漏洞，并getshell

相关厂商：北京外交人员服务局

漏洞作者：朱元璋

提交时间：2016-01-05 17:54

修复时间：2016-02-22 17:50

公开时间：2016-02-22 17:50

漏洞类型：系统/服务补丁不及时

危害等级：高

自评Rank：15

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源朱元璋@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0167126

漏洞标题：北京外交人员服务局存在“Java 反序列化”漏洞，并getshell

相关厂商：北京外交人员服务局

漏洞作者： 朱元璋

提交时间：2016-01-05 17:54

修复时间：2016-02-22 17:50

公开时间：2016-02-22 17:50

漏洞类型：系统/服务补丁不及时

危害等级：高

自评Rank：15

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2016-0167126"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 朱元璋@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

漏洞概要关注数(24) 关注此漏洞

漏洞作者：朱元璋

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源朱元璋@乌云
