记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

中国电信天翼189漏洞打包

2014-08-18 21:25

压缩包:

http://3g.tv189.com/portal/480/home/wdfw.tar.gz

http://3g.tv189.com/portal/wap/home/wdfw.tar.gz

http://3g.tv189.com/portal/480/480.tar.gz

http://m.ccg.tv189.com/portal/wap/home/wdfw.tar.gz



未授权访问:

http://jk.tv189.com/admin



ST2开发者模式:(好像没法利用)

http://law.tv189.com//struts/webconsole.html



DNS域传送:

root@bt:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl tv189.com

dnsenum.pl VERSION:1.2



----- tv189.com -----



-----------------

Host's addresses:

-----------------

tv189.com.1800INA180.153.149.206



-------------

Name servers:

-------------

dns2.tv189.com.989INA180.153.149.2

dns1.tv189.com.978INA180.153.149.1

dns.tv189.com.979INA180.153.149.1



-----------

MX record:

-----------

mta-ent.21cn.com.600INA121.14.129.85

mta-ent.21cn.com.600INA121.14.129.73

mta-ent.21cn.com.600INA121.14.129.83

mta-ent.21cn.com.600INA121.14.129.75



---------------------

Trying Zonetransfers:

---------------------



Trying zonetransfer for tv189.com on dns2.tv189.com ...



Trying zonetransfer for tv189.com on dns1.tv189.com ...

tv189.com.1800INSOAdns.tv189.com. root.tv189.com. (

137; Serial

300; Refresh

14400; Retry

3600000; Expire

1800 ); Minimum TTL

tv189.com.1800INA180.153.149.206

tv189.com.1800INNSdns.tv189.com.

tv189.com.1800INNSdns1.tv189.com.

tv189.com.1800INNSdns2.tv189.com.

tv189.com.1800INMX10 mta-ent.21cn.com.

21cn.tv189.com.1800INCNAMEwcp.tv189.com.

*.21cn.tv189.com.1800INA180.153.149.206

3a.tv189.com.1800INA61.145.115.79

3g.tv189.com.1800INA118.85.193.193

allook.tv189.com.1800INCNAMEwcp.tv189.com.

api.tv189.com.1800INA180.153.149.13

beta.tv189.com.1800INA180.153.149.206

bjtyjy.tv189.com.1800INCNAMEwcp.tv189.com.

*.bjtyjy.tv189.com.1800INA180.153.149.206

card.tv189.com.1800INCNAMEwcp.tv189.com.

m.ccg.tv189.com.1800INA118.85.193.193

wap.ccg.tv189.com.1800INA118.85.193.208

cjtest.tv189.com.1800INCNAMEcjtest.tv189.com.ctycdn.com.

daren.tv189.com.1800INCNAMEdaren.tv189.com.lxdns.com.

dns.tv189.com.1800INA180.153.149.1

dns1.tv189.com.1800INA180.153.149.1

dns2.tv189.com.1800INA180.153.149.2

ent.tv189.com.1800INCNAMEwcp.tv189.com.

file.tv189.com.1800INCNAMEfile.tv189.com.lxdns.com.

game.tv189.com.1800INCNAMEwcp.tv189.com.

gp.tv189.com.1800INCNAMEgp.tv189.com.wscdns.com.

gw.tv189.com.1800INA180.153.149.78 XXXXXXXXXXXXXXXXXXXXXXXXXXXX

hd.tv189.com.1800INCNAMEhd.tv189.com.lxdns.com.

help.tv189.com.1800INCNAMEhelp.tv189.com.lxdns.com.

hi.tv189.com.1800INCNAMEhi.tv189.com.lxdns.com.

house.tv189.com.1800INCNAMEhouse.tv189.com.wscdns.com.

m.house.tv189.com.1800INA175.102.15.141

m.house.tv189.com.1800INA140.207.194.141

ifengvip.tv189.com.1800INCNAMEifengvip.tv189.com.wscdns.com.

imap.tv189.com.1800INCNAMEimap-ent.21cn.com.

iptvcdn.tv189.com.1800INCNAMEwcp.tv189.com.

jk.tv189.com.1800INA180.153.149.51

jsyx.tv189.com.1800INCNAMEjsyx.tv189.com.lxdns.com.

kork.tv189.com.1800INA180.153.149.66

law.tv189.com.1800INA118.85.192.224

live.tv189.com.1800INCNAMElive.tv189.com.lxdns.com.

lteams.tv189.com.1800INA180.153.149.15

lteop.tv189.com.1800INA180.153.149.72

ltepush.tv189.com.1800INA180.153.149.16

ltetp.tv189.com.1800INA118.85.193.210

ltetp2.tv189.com.1800INA180.153.149.13

ltetp3.tv189.com.1800INA118.85.192.228

ltewap.tv189.com.1800INA118.85.193.193

ltewap2.tv189.com.1800INA118.85.193.208

m.tv189.com.1800INA118.85.193.193

m1905.tv189.com.1800INCNAMEwcp.tv189.com.

mail.tv189.com.1800INCNAME21cnentmail.com.

movie.tv189.com.1800INCNAMEwcp.tv189.com.

mpadmusic.tv189.com.1800INCNAMEhmdn.tv189.cn.hmdn.tv380.com.

my.tv189.com.1800INCNAMEmy.tv189.com.lxdns.com.

myjs.tv189.com.1800INCNAMEmyjs.tv189.com.lxdns.com.

myoung.tv189.com.1800INCNAMEwcp.tv189.com.

onlinemovie.tv189.com.1800INCNAMEwcp.tv189.com.

*.onlinemovie.tv189.com.1800INA180.153.149.206

*.onlinevideo.tv189.com.1800INA180.153.149.207

ott.tv189.com.1800INA180.153.149.202

paymentgw.tv189.com.1800INA118.85.193.204

pop.tv189.com.1800INCNAMEpop-ent.21cn.com.

qnk.tv189.com.1800INCNAMEqnk.tv189.com.lxdns.com.

real.tv189.com.1800INCNAMEwcp.tv189.com.

sconline.tv189.com.1800INCNAMEjsyx.tv189.com.lxdns.com.

*.sconline.tv189.com.1800INA180.153.149.206

seo.tv189.com.1800INCNAMEseo.tv189.com.lxdns.com.

show.tv189.com.1800INCNAMEwcp.tv189.com.

smtp.tv189.com.1800INCNAMEsmtp-ent.21cn.com.

so.tv189.com.1800INCNAMEso.tv189.com.wscdns.com.

taste.tv189.com.1800INCNAMEtaste.tv189.com.lxdns.com.

tv.tv189.com.1800INCNAMEwcp.tv189.com.

tykk.tv189.com.1800INA180.153.149.24

vpn.tv189.com.1800INA180.168.69.117

wcp.tv189.com.1800INA180.153.149.206

web.tv189.com.1800INA180.153.149.207

corp.webmail.tv189.com.1800INCNAMEcorp.webmail.21cn.com.

corpw1.webmail.tv189.com.1800INCNAMEcorpw1.webmail.21cn.com.

corpw2.webmail.tv189.com.1800INCNAMEcorpw2.webmail.21cn.com.

corpw3.webmail.tv189.com.1800INCNAMEcorpw3.webmail.21cn.com.

corpw4.webmail.tv189.com.1800INCNAMEcorpw4.webmail.21cn.com.

corpw5.webmail.tv189.com.1800INCNAMEcorpw5.webmail.21cn.com.

corpw6.webmail.tv189.com.1800INCNAMEcorpw6.webmail.21cn.com.

www.tv189.com.1800INCNAMEwww.tv189.com.lxdns.com.

yingchao.tv189.com.1800INCNAMEwcp.tv189.com.

young.tv189.com.1800INCNAMEyoung.tv189.com.wscdns.com.

yx.tv189.com.1800INCNAMEyx.tv189.com.lxdns.com.

yxb.tv189.com.1800INA180.153.149.5

yxbwbsc.tv189.com.1800INA180.153.149.5

yxm.tv189.com.1800INCNAMEm.tv189.com.

zgws.tv189.com.1800INCNAMEwcp.tv189.com.

zj.tv189.com.1800INA220.191.131.219

zy.tv189.com.1800INCNAMEwcp.tv189.com.

漏洞证明:

未授权的:

1.png



压缩包的:(3G的那个站点还有个SVN)

3.png

修复方案:

看着修呗

知识来源: www.wooyun.org/bugs/wooyun-2014-067165

阅读:200570 | 评论:0 | 标签:漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“中国电信天翼189漏洞打包”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云