当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2016-0205561
漏洞标题:
新浪某重要主站命令执行漏洞入内网
相关厂商:
新浪
漏洞作者:
Q1NG
提交时间:
2016-05-06 09:22
修复时间:
2016-05-09 10:40
公开时间:
2016-05-09 10:40
漏洞类型:
命令执行
危害等级:
自评Rank:
20
漏洞状态:
漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2016-05-06: 细节已通知厂商并且等待厂商处理中
2016-05-09: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RT

详细说明:

http://bbs.sina.com.cn/ 新浪论坛命令执行
随便点击一个帖子进行回服,同样是命令执行 NC反弹,直接入服务器

sina3.png


sina4.png

漏洞证明:

sina1.png


sina2.png


这在服务器竟然装了nmap 那就索性扫了下, 不知是有人已经来过还是你们自己人装的

Host is up (0.00018s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.195
Host is up (0.00013s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.196
Host is up (0.00020s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.197
Host is up (0.00023s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.198
Host is up (0.00018s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.199
Host is up (0.00021s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.200
Host is up (0.00020s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.201
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.202
Host is up (0.00025s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.203
Host is up (0.00021s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.204
Host is up (0.00013s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.205
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.206
Host is up (0.00020s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.207
Host is up (0.00023s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.208
Host is up (0.00020s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.209
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.210
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.211
Host is up (0.00022s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.212
Host is up (0.00030s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.213
Host is up (0.00018s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.214
Host is up (0.00016s latency).
Not shown: 988 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
873/tcp  open     rsync
3306/tcp open     mysql
6001/tcp open     X11:1
6003/tcp open     X11:3
6004/tcp open     X11:4
6005/tcp open     X11:5
6006/tcp filtered X11:6
6007/tcp open     X11:7
6009/tcp open     X11:9
7443/tcp open     oracleas-https
8000/tcp open     http-alt
Nmap scan report for 172.16.187.215
Host is up (0.00022s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
843/tcp  open  unknown
873/tcp  open  rsync
3306/tcp open  mysql
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.216
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.217
Host is up (0.00018s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.218
Host is up (0.00021s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.219
Host is up (0.00016s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.220
Host is up (0.00021s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.221
Host is up (0.00023s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.222
Host is up (0.00017s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.223
Host is up (0.00017s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.224
Host is up (0.00023s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.225
Host is up (0.00025s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.226
Host is up (0.00023s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.227
Host is up (0.00014s latency).
Not shown: 986 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7103/tcp open  unknown
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.228
Host is up (0.00020s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.229
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.230
Host is up (0.00018s latency).
Not shown: 987 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
873/tcp  open     rsync
3306/tcp open     mysql
6001/tcp filtered X11:1
6002/tcp open     X11:2
6003/tcp open     X11:3
6004/tcp open     X11:4
6005/tcp open     X11:5
6006/tcp open     X11:6
6007/tcp open     X11:7
6009/tcp open     X11:9
7443/tcp open     oracleas-https
8000/tcp open     http-alt
Nmap scan report for 172.16.187.232
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.233
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.234
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.235
Host is up (0.00020s latency).
Not shown: 988 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.236
Host is up (0.00019s latency).
Not shown: 986 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
843/tcp  open  unknown
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.237
Host is up (0.00020s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.238
Host is up (0.00019s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.239
Host is up (0.00021s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.240
Host is up (0.00020s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.241
Host is up (0.00025s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.242
Host is up (0.00022s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.243
Host is up (0.00022s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.244
Host is up (0.00022s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.245
Host is up (0.00022s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.246
Host is up (0.00021s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.247
Host is up (0.00021s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.248
Host is up (0.00021s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.249
Host is up (0.00021s latency).
Not shown: 986 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
8090/tcp open  unknown
Nmap scan report for 172.16.187.250
Host is up (0.00021s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.251
Host is up (0.00024s latency).
Not shown: 987 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
873/tcp  open  rsync
3306/tcp open  mysql
6001/tcp open  X11:1
6002/tcp open  X11:2
6003/tcp open  X11:3
6004/tcp open  X11:4
6005/tcp open  X11:5
6006/tcp open  X11:6
6007/tcp open  X11:7
6009/tcp open  X11:9
7443/tcp open  oracleas-https
8000/tcp open  http-alt
Nmap scan report for 172.16.187.253
Host is up (0.00020s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
873/tcp  open  rsync
5666/tcp open  nrpe
Nmap scan report for 172.16.187.254
Host is up (0.00028s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh


继续玩代码执行 内网就不深入了 这么都开了 22 ssh 3306 怎么也能找到几台弱口令的吧

修复方案:

你们懂的

版权声明:转载请注明来源 Q1NG@乌云

>

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-05-09 10:40

厂商回复:

已有白帽子报过,故忽略,感谢支持~

最新状态:

暂无