漏洞详情

披露状态:

2014-10-23: 细节已通知厂商并且等待厂商处理中
2014-10-28: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

国家邮政局某信息系统存在命令执行漏洞导致GetShell (涉及4W+用户、明文密码存储)

详细说明:

快递业务经营许可管理信息系统
地址:http://kdjyxk.post.gov.cn/register_logout.do

1.gif

网站物理路径: /opt/app/postecms/apache-tomcat-6.0.32/webapps/ROOT
java.home: /opt/app/jdk1.6.0_45/jre
java.version: 1.6.0_45
os.name: Linux
os.arch: amd64
os.version: 2.6.32-431.el6.x86_64
user.name: root
user.home: /root
user.dir: /opt/app/postecms/apache-tomcat-6.0.32/bin
java.class.version: 50.0
java.class.path: /opt/app/postecms/apache-tomcat-6.0.32/bin/bootstrap.jar
java.library.path: /opt/app/jdk1.6.0_45/jre/lib/amd64/server:/opt/app/jdk1.6.0_45/jre/lib/amd64:/opt/app/jdk1.6.0_45/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
file.separator: /
path.separator: :
java.vendor: Sun Microsystems Inc.
java.vendor.url: http://java.sun.com/
java.vm.specification.version: 1.0
java.vm.specification.vendor: Sun Microsystems Inc.
java.vm.specification.name: Java Virtual Machine Specification
java.vm.version: 20.45-b01
java.vm.vendor: Sun Microsystems Inc.
java.vm.name: Java HotSpot(TM) 64-Bit Server VM
java.specification.version: 1.6
java.specification.vender:
java.specification.name: Java Platform API Specification
java.io.tmpdir: /opt/app/postecms/apache-tomcat-6.0.32/temp
hibernate信息


找到数据库连接信息,测试连接数据库

3.gif

2.gif


查询comuser表,涉及45000条用户信息,且明文密码存储

明文存储.gif

明文存储数量.gif


另各局管理员数据

QQ截图20141023030038.gif

漏洞证明:

修复方案:

标签: none

评论已关闭