HanDs
管理员

[7月漏洞公开] 新浪微博某系统存在远程命令执行漏洞 



新浪微博某系统存在远程命令执行漏洞

详细说明:

# 网站

http://rap.weibo.cn/account/doLogin.do

# 漏洞描述

CVE-2016-3081 | Apache Struts S2-032

漏洞证明:

code 区域
/sbin/ifconfig -a
eth0 Link encap:Ethernet HWaddr 5C:F3:FC:E9:60:18
inet addr:123.125.22.107 Bcast:123.125.22.255 Mask:255.255.255.0
inet6 addr: fe80::5ef3:fcff:fee9:6018/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:322142515 errors:0 dropped:0 overruns:0 frame:0
TX packets:38594293 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:27978652525 (26.0 GiB) TX bytes:4331448588 (4.0 GiB)

eth1 Link encap:Ethernet HWaddr 5C:F3:FC:E9:60:1A
inet addr:10.13.3.107 Bcast:10.13.3.255 Mask:255.255.255.0
inet6 addr: fe80::5ef3:fcff:fee9:601a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3143756252 errors:0 dropped:0 overruns:0 frame:0
TX packets:2469049790 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1745303941236 (1.5 TiB) TX bytes:1698391257991 (1.5 TiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:685579793 errors:0 dropped:0 overruns:0 frame:0
TX packets:685579793 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:178317445321 (166.0 GiB) TX bytes:178317445321 (166.0 GiB)

usb0 Link encap:Ethernet HWaddr 5E:F3:FC:E1:60:17
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)


# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
172.16.35.215 D11114152.lbs.weibo.cn

10.13.1.34 wapcd01.D12070606.tqt.web.mobile.sina.cn wapcd01
10.13.1.35 wapcd02.D12070607.tqt.web.mobile.sina.cn wapcd02
10.13.1.36 wapcd03.D12070649.tqt.web.mobile.sina.cn wapcd03
10.13.1.37 wapcd04.D12070650.tqt.web.mobile.sina.cn wapcd04
10.13.3.106 wapcd05.mobile.weibo.com wapcd05
10.13.3.107 wapcd06.mobile.weibo.com wapcd06
172.16.181.239 wapcd239.mobile.weibo.com wapcd239
172.16.181.240 wapcd240.mobile.weibo.com wapcd240
172.16.181.241 wapcd241.mobile.weibo.com wapcd241
172.16.181.40 wapcd40.mobile.weibo.com wapcd40
172.16.181.49 wapcd49.mobile.weibo.com wapcd49
172.16.181.59 wapcd59.mobile.weibo.com wapcd59
172.16.181.67 wapcd67.mobile.weibo.com wapcd67

修复方案:

补丁啊


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
新浪 系统 存在 远程 命令 执行 漏洞
#1楼
发帖时间:2016-7-14   |   查看数:0   |   回复数:0
游客组
快速回复