网站地图    收藏   

子栏目

主页 > 后端 > 网站安全 >

优酷某分站命令执行漏洞(已证明可内网渗透) -

来源:自学PHP网    时间:2015-04-16 23:15 作者: 阅读:

[导读] 优酷某分站命令执行漏洞可SHELL,可内网渗透Target: http: channel 3g youku com ykmks login doWhoami: rootWebPath: opt www ykmks webapps ykmksOS Name: LinuxOS Version: 2 6 18-194 el5Java Home:...

优酷某分站命令执行漏洞可SHELL,可内网渗透
  
Target: http://channel.3g.youku.com/ykmks/login.do

Whoami: root

WebPath: /opt/www/ykmks/webapps/ykmks

OS.Name: Linux

OS.Version: 2.6.18-194.el5

Java.Home: /opt/jdk/jre

Java.Version: 1.6.0_13

OS.arch: amd64

User.Name: root

User.Home: /root

User.Dir: /opt/www/ykmks/webapps/ykmks

Java.Class.Path: /opt/tomcat/bin/bootstrap.jar

Java.IO.Tmpdir: /opt/tomcat/temp

 

 
 

eth0      Link encap:Ethernet  HWaddr 00:24:E8:68:5A:0D  

          inet addr:10.103.13.19  Bcast:10.103.13.255  Mask:255.255.255.0

          inet6 addr: fe80::224:e8ff:fe68:5a0d/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:2099277294 errors:0 dropped:0 overruns:0 frame:0

          TX packets:3582311950 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:396065005482 (368.8 GiB)  TX bytes:401171199965 (373.6 GiB)

          Interrupt:169 Memory:f8000000-f8012800 



eth1      Link encap:Ethernet  HWaddr 00:24:E8:68:5A:0F  

          inet addr:211.151.146.78  Bcast:211.151.146.255  Mask:255.255.255.0

          inet6 addr: fe80::224:e8ff:fe68:5a0f/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:10399875776 errors:0 dropped:67 overruns:0 frame:0

          TX packets:1560453631 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:881364135680 (820.8 GiB)  TX bytes:338251510443 (315.0 GiB)

          Interrupt:169 Memory:f4000000-f4012800 



lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:14585539843 errors:0 dropped:0 overruns:0 frame:0

          TX packets:14585539843 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:1918210199086 (1.7 TiB)  TX bytes:1918210199086 (1.7 TiB)



sit0      Link encap:IPv6-in-IPv4  

          NOARP  MTU:1480  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)


a01.memcachced.3g.b28.youku (10.103.13.21) at 00:1D:09:64:77:78 [ether] on eth0

a02.memcachced.3g.b28.youku (10.103.13.22) at 00:1D:09:64:77:E6 [ether] on eth0

? (211.151.146.1) at 00:00:0C:07:AC:01 [ether] on eth1

? (10.103.13.254) at 00:00:5E:00:01:0D [ether] on eth0


nameserver 10.103.10.5

nameserver 10.103.10.6

 
修复方案:
更新第三方组件

最新评论

    加载更多~~

    添加评论

    更多文章推荐

    自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

    京ICP备14009008号-1@版权所有www.zixuephp.com

    网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

    添加评论