新浪某重要主站命令执行漏洞入内网

admin

140559
文章

117
评论

2017年5月1日15:19:32评论484 views字数 210阅读0分42秒阅读模式

摘要

2016-05-06：细节已通知厂商并且等待厂商处理中
2016-05-06：厂商已查看当前漏洞内容,细节仅向厂商公开
2016-05-09：厂商已经主动忽略漏洞，细节向公众公开

漏洞概要关注数(23) 关注此漏洞

缺陷编号： WooYun-2016-205561

漏洞标题：新浪某重要主站命令执行漏洞入内网

漏洞作者： Q1NG

提交时间： 2016-05-06 09:22

公开时间： 2016-05-09 10:40

漏洞类型：命令执行

危害等级：高

自评Rank： 20

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签：远程命令执行

2人收藏

漏洞详情

披露状态：

简要描述：

详细说明：

http://bbs.sina.com.cn/ 新浪论坛命令执行

随便点击一个帖子进行回服,同样是命令执行 NC反弹,直接入服务器

漏洞证明：

这在服务器竟然装了nmap 那就索性扫了下, 不知是有人已经来过还是你们自己人装的

code 区域

Host is up (0.00018s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.195
 Host is up (0.00013s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.196
 Host is up (0.00020s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.197
 Host is up (0.00023s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.198
 Host is up (0.00018s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.199
 Host is up (0.00021s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.200
 Host is up (0.00020s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.201
 Host is up (0.00019s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.202
 Host is up (0.00025s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.203
 Host is up (0.00021s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.204
 Host is up (0.00013s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.205
 Host is up (0.00019s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.206
 Host is up (0.00020s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.207
 Host is up (0.00023s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.208
 Host is up (0.00020s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.209
 Host is up (0.00019s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.210
 Host is up (0.00019s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.211
 Host is up (0.00022s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.212
 Host is up (0.00030s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.213
 Host is up (0.00018s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.214
 Host is up (0.00016s latency).
 Not shown: 988 closed ports
 PORT     STATE    SERVICE
 22/tcp   open     ssh
 873/tcp  open     rsync
 3306/tcp open     mysql
 6001/tcp open     X11:1
 6003/tcp open     X11:3
 6004/tcp open     X11:4
 6005/tcp open     X11:5
 6006/tcp filtered X11:6
 6007/tcp open     X11:7
 6009/tcp open     X11:9
 7443/tcp open     oracleas-https
 8000/tcp open     http-alt
 
 Nmap scan report for 172.16.187.215
 Host is up (0.00022s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 843/tcp  open  unknown
 873/tcp  open  rsync
 3306/tcp open  mysql
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.216
 Host is up (0.00019s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.217
 Host is up (0.00018s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.218
 Host is up (0.00021s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.219
 Host is up (0.00016s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.220
 Host is up (0.00021s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.221
 Host is up (0.00023s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.222
 Host is up (0.00017s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.223
 Host is up (0.00017s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.224
 Host is up (0.00023s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.225
 Host is up (0.00025s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.226
 Host is up (0.00023s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.227
 Host is up (0.00014s latency).
 Not shown: 986 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7103/tcp open  unknown
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.228
 Host is up (0.00020s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.229
 Host is up (0.00019s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.230
 Host is up (0.00018s latency).
 Not shown: 987 closed ports
 PORT     STATE    SERVICE
 22/tcp   open     ssh
 873/tcp  open     rsync
 3306/tcp open     mysql
 6001/tcp filtered X11:1
 6002/tcp open     X11:2
 6003/tcp open     X11:3
 6004/tcp open     X11:4
 6005/tcp open     X11:5
 6006/tcp open     X11:6
 6007/tcp open     X11:7
 6009/tcp open     X11:9
 7443/tcp open     oracleas-https
 8000/tcp open     http-alt
 
 Nmap scan report for 172.16.187.232
 Host is up (0.00019s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.233
 Host is up (0.00019s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.234
 Host is up (0.00019s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.235
 Host is up (0.00020s latency).
 Not shown: 988 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.236
 Host is up (0.00019s latency).
 Not shown: 986 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 843/tcp  open  unknown
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.237
 Host is up (0.00020s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.238
 Host is up (0.00019s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.239
 Host is up (0.00021s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.240
 Host is up (0.00020s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.241
 Host is up (0.00025s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.242
 Host is up (0.00022s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.243
 Host is up (0.00022s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.244
 Host is up (0.00022s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.245
 Host is up (0.00022s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.246
 Host is up (0.00021s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.247
 Host is up (0.00021s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.248
 Host is up (0.00021s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.249
 Host is up (0.00021s latency).
 Not shown: 986 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 8090/tcp open  unknown
 
 Nmap scan report for 172.16.187.250
 Host is up (0.00021s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.251
 Host is up (0.00024s latency).
 Not shown: 987 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 873/tcp  open  rsync
 3306/tcp open  mysql
 6001/tcp open  X11:1
 6002/tcp open  X11:2
 6003/tcp open  X11:3
 6004/tcp open  X11:4
 6005/tcp open  X11:5
 6006/tcp open  X11:6
 6007/tcp open  X11:7
 6009/tcp open  X11:9
 7443/tcp open  oracleas-https
 8000/tcp open  http-alt
 
 Nmap scan report for 172.16.187.253
 Host is up (0.00020s latency).
 Not shown: 996 closed ports
 PORT     STATE SERVICE
 22/tcp   open  ssh
 80/tcp   open  http
 873/tcp  open  rsync
 5666/tcp open  nrpe
 
 Nmap scan report for 172.16.187.254
 Host is up (0.00028s latency).
 Not shown: 999 closed ports
 PORT   STATE SERVICE
 22/tcp open  ssh

继续玩代码执行内网就不深入了这么都开了 22 ssh 3306 怎么也能找到几台弱口令的吧

修复方案：

你们懂的

版权声明：转载请注明来源 Q1NG@乌云

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2016-05-09 10:40

厂商回复：

已有白帽子报过，故忽略，感谢支持~

漏洞评价：

对本漏洞信息进行评价，以更好的反馈信息的价值，包括信息客观性，内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价

2016-05-09 20:29 | 欧尼酱 ( 路人 | Rank:15 漏洞数:7 | 技术马马虎虎)

0

已有白帽子报过，故忽略，感谢支持~

1# 回复此人

漏洞概要 关注数(23) 关注此漏洞

缺陷编号： WooYun-2016-205561

漏洞标题： 新浪某重要主站命令执行漏洞入内网

相关厂商： 新浪