当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0195955

漏洞标题:百度旗下在线教育产品作业帮一处补丁不及时导致命令执行/root权限/涉及99个项目源码/可探测内网大量主机

相关厂商:百度

漏洞作者: j14n

提交时间:2016-04-13 21:28

修复时间:2016-05-29 14:10

公开时间:2016-05-29 14:10

漏洞类型:命令执行

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-04-13: 细节已通知厂商并且等待厂商处理中
2016-04-14: 厂商已经确认,细节仅向厂商公开
2016-04-24: 细节向核心白帽子及相关领域专家公开
2016-05-04: 细节向普通白帽子公开
2016-05-14: 细节向实习白帽子公开
2016-05-29: 细节向公众公开

简要描述:

rt

详细说明:

111.png


不知道这样还算不算百度的。。。

mask 区域
1.http://**.**.**/_
*****f140a7959c08c2adfad7.png&qu*****
*****^^^*****
*****8e88ad9fabb1c28e0550.png&qu*****
*****c/ho*****
*****b6d7229fc31b9f54cdac.png&qu*****
*****ocaldomain localhost4 l*****
*****main localhost6 loca*****
*****tos6u5.*****
*****.1 o*****
*****.0.5*****
*****4.64 *****
*****ed.noah.b*****
*****de&g*****
**********
*****@zybang.com&lt*****
**********
*****b3b2335ac84b95bd5dcf.png&qu*****
**********
*****ory部^*****
**********
*****;su je*****
*****k@192.*****
*****sh/id_ds*****
*****> /home/homework/*****
***** >> /home/homewo*****
***** >> /home/homewo*****
***** >> /home/homewo*****
***** >> /home/homewo*****
***** >> /home/homewo*****
*****t
*****
*****d*****
*****l*****
*****homew*****
*****l*****
*****do*****
*****l*****
*****^^^*****
*****L*****
*****l*****
*****stra*****
*****de&g*****
*****381a3031280926193409.png&qu*****
**********
*****^^感^*****
**********
**********
*****^^目*****
**********
*****1588153d2a2bd958b064.png&qu*****
**********
*****6758f36e5786e1530b96.png&qu*****
*****fig*****
*****Ethernet HWaddr *****
*****Bcast:192.168.255*****
*****816:3eff:fefb:f*****
*****G MULTICAST MT*****
*****errors:0 dropped*****
*****rors:0 dropped:0 *****
*****s:0 txqueu*****
*****0 GiB) TX bytes:7*****
**********
*****cap:Local*****
*****27.0.0.1 M*****
*****r: ::1/128*****
*****UNNING MTU:*****
*****rors:0 dropped:0*****
*****rors:0 dropped:0*****
*****ons:0 txq*****
*****6 GiB) TX bytes:*****
*****de&g*****
**********
*****^^网主^*****
**********
*****.5.114) at fa:16:3e:*****
*****) at fa:16:3e:87:*****
*****at fa:16:3e:79:22*****
*****) at fa:16:3e:bc:*****
*****) at fa:16:3e:9a:*****
*****) at fa:16:3e:a7:*****
*****) at fa:16:3e:00:*****
*****) at fa:16:3e:52:*****
*****) at fa:16:3e:36:*****
*****) at fa:16:3e:b3:*****
*****) at fa:16:3e:04:*****
*****at fa:16:3e:79:ee*****
*****) at fa:16:3e:99:*****
*****) at fa:16:3e:3f:*****
*****at fa:16:3e:dd:f4*****
*****) at fa:16:3e:41:*****
*****) at fa:16:3e:74:*****
*****at fa:16:3e:7e:d*****
*****) at fa:16:3e:2c:*****
*****) at fa:16:3e:8e:*****
*****) at fa:16:3e:ce:*****
*****) at fa:16:3e:bd:*****
*****) at fa:16:3e:23:*****
*****) at fa:16:3e:c5:*****
*****) at fa:16:3e:de:*****
*****) at fa:16:3e:d9:*****
*****) at fa:16:3e:98:*****
*****at fa:16:3e:df:c8*****
*****) at fa:16:3e:37:*****
*****) at fa:16:3e:6e:*****
*****at fa:16:3e:e5:7e*****
*****) at fa:16:3e:77:*****
*****) at fa:16:3e:49:*****
*****at fa:16:3e:34:3*****
*****) at fa:16:3e:7a:*****
*****) at fa:16:3e:ab:*****
*****at fa:16:3e:0a:41*****
*****at fa:16:3e:0b:26*****
*****) at fa:16:3e:73:*****
*****at fa:16:3e:3a:8e*****
*****) at fa:16:3e:56:*****
*****at fa:16:3e:47:13*****
*****) at fa:16:3e:27:*****
*****at fa:16:3e:cc:13*****
*****) at fa:16:3e:4d:*****
*****at fa:16:3e:4b:a*****
*****) at fa:16:3e:b4:*****
*****) at fa:16:3e:42:*****
*****) at fa:16:3e:75:*****
*****at fa:16:3e:71:a7*****
*****) at fa:16:3e:bb:*****
*****at fa:16:3e:d2:d5*****
*****de&g*****
**********
*****7623bb554fc35ede5fc669.png*****

漏洞证明:

host-192-168-5-114 (192.168.5.114) at fa:16:3e:cd:13:ee [ether] on eth0
host-192-168-2-157 (192.168.2.157) at fa:16:3e:87:78:4f [ether] on eth0
host-192-168-4-63 (192.168.4.63) at fa:16:3e:79:22:de [ether] on eth0
host-192-168-5-119 (192.168.5.119) at fa:16:3e:bc:59:30 [ether] on eth0
host-192-168-2-120 (192.168.2.120) at fa:16:3e:9a:37:b4 [ether] on eth0
host-192-168-2-151 (192.168.2.151) at fa:16:3e:a7:21:b8 [ether] on eth0
host-192-168-2-158 (192.168.2.158) at fa:16:3e:00:85:66 [ether] on eth0
host-192-168-3-144 (192.168.3.144) at fa:16:3e:52:a5:f5 [ether] on eth0
host-192-168-3-139 (192.168.3.139) at fa:16:3e:36:06:16 [ether] on eth0
host-192-168-3-142 (192.168.3.142) at fa:16:3e:b3:c0:9a [ether] on eth0
host-192-168-2-153 (192.168.2.153) at fa:16:3e:04:e8:ff [ether] on eth0
host-192-168-4-62 (192.168.4.62) at fa:16:3e:79:ee:ab [ether] on eth0
host-192-168-2-139 (192.168.2.139) at fa:16:3e:99:f7:61 [ether] on eth0
host-192-168-1-223 (192.168.1.223) at fa:16:3e:3f:cc:33 [ether] on eth0
host-192-168-3-83 (192.168.3.83) at fa:16:3e:dd:f4:33 [ether] on eth0
host-192-168-2-128 (192.168.2.128) at fa:16:3e:41:fd:ab [ether] on eth0
host-192-168-2-164 (192.168.2.164) at fa:16:3e:74:a0:f8 [ether] on eth0
host-192-168-0-2 (192.168.0.2) at fa:16:3e:7e:d2:d6 [ether] on eth0
host-192-168-2-125 (192.168.2.125) at fa:16:3e:2c:99:c7 [ether] on eth0
host-192-168-3-136 (192.168.3.136) at fa:16:3e:8e:5f:fe [ether] on eth0
host-192-168-2-149 (192.168.2.149) at fa:16:3e:ce:ae:41 [ether] on eth0
host-192-168-5-121 (192.168.5.121) at fa:16:3e:bd:bc:dd [ether] on eth0
host-192-168-2-160 (192.168.2.160) at fa:16:3e:23:b3:7b [ether] on eth0
host-192-168-3-135 (192.168.3.135) at fa:16:3e:c5:30:f1 [ether] on eth0
host-192-168-3-140 (192.168.3.140) at fa:16:3e:de:52:c6 [ether] on eth0
host-192-168-5-118 (192.168.5.118) at fa:16:3e:d9:54:a9 [ether] on eth0
host-192-168-2-152 (192.168.2.152) at fa:16:3e:98:d1:81 [ether] on eth0
host-192-168-2-81 (192.168.2.81) at fa:16:3e:df:c8:43 [ether] on eth0
host-192-168-2-123 (192.168.2.123) at fa:16:3e:37:b2:ce [ether] on eth0
host-192-168-2-138 (192.168.2.138) at fa:16:3e:6e:cc:6e [ether] on eth0
host-192-168-2-86 (192.168.2.86) at fa:16:3e:e5:7e:61 [ether] on eth0
host-192-168-0-122 (192.168.0.122) at fa:16:3e:77:18:1d [ether] on eth0
host-192-168-1-200 (192.168.1.200) at fa:16:3e:49:c6:48 [ether] on eth0
host-192-168-0-1 (192.168.0.1) at fa:16:3e:34:3b:c4 [ether] on eth0
host-192-168-2-163 (192.168.2.163) at fa:16:3e:7a:e4:b9 [ether] on eth0
host-192-168-2-122 (192.168.2.122) at fa:16:3e:ab:64:e5 [ether] on eth0
host-192-168-0-45 (192.168.0.45) at fa:16:3e:0a:41:43 [ether] on eth0
host-192-168-5-44 (192.168.5.44) at fa:16:3e:0b:26:bc [ether] on eth0
host-192-168-2-147 (192.168.2.147) at fa:16:3e:73:2c:82 [ether] on eth0
host-192-168-0-44 (192.168.0.44) at fa:16:3e:3a:8e:fa [ether] on eth0
host-192-168-2-134 (192.168.2.134) at fa:16:3e:56:cd:f7 [ether] on eth0
host-192-168-2-79 (192.168.2.79) at fa:16:3e:47:13:f9 [ether] on eth0
host-192-168-2-141 (192.168.2.141) at fa:16:3e:27:cc:a5 [ether] on eth0
host-192-168-5-45 (192.168.5.45) at fa:16:3e:cc:13:db [ether] on eth0
host-192-168-5-116 (192.168.5.116) at fa:16:3e:4d:4a:09 [ether] on eth0
host-192-168-0-3 (192.168.0.3) at fa:16:3e:4b:a3:de [ether] on eth0
host-192-168-2-121 (192.168.2.121) at fa:16:3e:b4:a3:01 [ether] on eth0
host-192-168-5-120 (192.168.5.120) at fa:16:3e:42:88:c1 [ether] on eth0
host-192-168-2-145 (192.168.2.145) at fa:16:3e:75:88:7a [ether] on eth0
host-192-168-5-47 (192.168.5.47) at fa:16:3e:71:a7:71 [ether] on eth0
host-192-168-2-129 (192.168.2.129) at fa:16:3e:bb:58:b1 [ether] on eth0
host-192-168-5-50 (192.168.5.50) at fa:16:3e:d2:d5:24 [ether] on eth0

修复方案:

jenkins java反序列化命令执行

版权声明:转载请注明来源 j14n@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2016-04-14 14:04

厂商回复:

感谢对百度安全的关注

最新状态:

暂无


漏洞评价:

评价

  1. 2016-04-13 21:36 | 带头大哥 ( 普通白帽子 | Rank:831 漏洞数:247 | |任意邮件伪造| |目录遍历| |任意文件读取|...)

    Jin4

  2. 2016-04-13 21:40 | j14n ( 普通白帽子 | Rank:1824 漏洞数:322 | ... . -.-. - . .- --)

    @带头大哥 这都让你发现了。

  3. 2016-04-13 21:50 | 大师兄 ( 实习白帽子 | Rank:31 漏洞数:8 | 每日必关注乌云)

    甩个赞给你!

  4. 2016-04-13 21:50 | 带头大哥 ( 普通白帽子 | Rank:831 漏洞数:247 | |任意邮件伪造| |目录遍历| |任意文件读取|...)

    @j14n 抓到你的特点了,哈哈 。加油刷~~~

  5. 2016-04-14 07:53 | onpu ( 普通白帽子 | Rank:369 漏洞数:65 | 不轻诺 故我不负人 、不信诺 故人不负我。)

    已知悉,此漏洞正在修复,感谢对百安全的关注。