记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

中国人寿某系统命令执行漏洞(可内网)

2014-06-10 18:55

struts2,这么久了还没有补啊。。。

http://cpms.e-chinalife.com/xycms/xycms/ArtiSearch.do



可内网10.24.81.6

★K8cmd-> ifconfig

====================================================================================================================================

eth0 Link encap:Ethernet HWaddr F4:CE:46:81:86:96

inet addr:10.24.81.6 Bcast:10.24.81.255 Mask:255.255.255.0

inet6 addr: fe80::f6ce:46ff:fe81:8696/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:84558792 errors:0 dropped:0 overruns:0 frame:0

TX packets:81148393 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:17894584367 (16.6 GiB) TX bytes:31454947657 (29.2 GiB)

Interrupt:82 Memory:fa000000-fa012800



eth1 Link encap:Ethernet HWaddr F4:CE:46:81:86:9C

inet6 addr: fe80::f6ce:46ff:fe81:869c/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:16395420 errors:0 dropped:0 overruns:0 frame:0

TX packets:34 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:1389974600 (1.2 GiB) TX bytes:7639 (7.4 KiB)

Interrupt:90 Memory:f8000000-f8012800



lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:37275 errors:0 dropped:0 overruns:0 frame:0

TX packets:37275 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:13120349 (12.5 MiB) TX bytes:13120349 (12.5 MiB)

漏洞证明:

我是好人。。。啥都没干

Unnamed QQ Screenshot20140426144544.png

修复方案:

struts2害死人,还是别用了吧


知识来源: www.wooyun.org/bugs/wooyun-2014-058557

阅读:129444 | 评论:1 | 标签:漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“中国人寿某系统命令执行漏洞(可内网)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

ADS

标签云