记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

联通某分站wo+推广平台命令执行getshell(2)

2014-08-31 19:51

http://112.65.221.82/

QQ截图20140717124146.jpg



漏洞证明:

eth0 Link encap:Ethernet HWaddr F8:BC:12:34:A0:A4

inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0

inet6 addr: fe80::fabc:12ff:fe34:a0a4/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:4812862 errors:0 dropped:6 overruns:0 frame:280

TX packets:1806814860 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:681426435 (649.8 MiB) TX bytes:1806332762304 (1.6 TiB)

Interrupt:194 Memory:d51a0000-d51b0000



eth1 Link encap:Ethernet HWaddr F8:BC:12:34:A0:A5

inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0

inet6 addr: fe80::fabc:12ff:fe34:a0a5/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:261217 errors:0 dropped:0 overruns:0 frame:0

TX packets:432 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:32803411 (31.2 MiB)



=============================================================================





[/wodata/jboss-4.2.2.GA/server/default/./deploy/intermarket.war/]$ whoami

root



===========================================================================

QQ截图20140717124452.jpg





===========================================================================



修复方案:

孩子 不要哭 站起来 撸倒移动

知识来源: www.wooyun.org/bugs/wooyun-2014-068831

阅读:96765 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“联通某分站wo+推广平台命令执行getshell(2)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

九层之台,起于累土;黑客之术,始于阅读

推广

工具

标签云