漏洞详情披露状态： 2016-05-03： 细节已通知厂商并且等待厂商处理中2016-05-03： 厂商已经确认，细节仅向厂商公开2016-05-13： 细节向核心白帽子及相关领域专家公开2016-05-23： 细节向普通白帽子公开2016-06-02： 细节向实习白帽子公开2016-06-17： 细节向公众公开简要描述：土豆网某服务器存在命令执行详细说明：code 区域http://114.80.121.110:8990/login.do土豆网公用模板集中管理平台端口开放8000即jdwp服务，存在JDWP命令执行，但无法执行端口9998可执行漏洞证明： code 区域[+] Targeting '114.80.121.110:9998' [+] Reading settings for 'Java HotSpot(TM) Server VM - 1.6.0_03' [+] Found Runtime title: id=7cf [+] Found Runtime.getRuntime(): id=aab58e8 [+] Created break event id=2 [+] Waiting for an event on 'java.net.ServerSocket.accept' [+] Received matching event from thread 0x15af [+] Found Java Virtual Machine specification vendor 'Sun Microsystems Inc.' [+] Found Java Runtime Environment specification name 'Java Platform API Specifi cation' [+] Found Path of extension directory or directories '/usr/java/jdk1.6.0_03/jre/ lib/ext:/usr/java/packages/lib/ext' [+] Found Java Runtime Environment specification vendor 'Sun Microsystems Inc.' [+] Found Java Virtual Machine specification version '1.0' [+] Found Operating system name 'Linux' [+] Found Default temp file path '/home/istat/apache-tomcat-6.0.18/temp' [+] Found User's current working directory '/home/istat' [+] Found Java installation directory '/usr/java/jdk1.6.0_03/jre' [+] Found User's account name 'istat' [+] Found Java Virtual Machine implementation vendor 'Sun Microsystems Inc.' [+] Found Java Runtime Environment vendor 'Sun Microsystems Inc.' [+] Found Path separator ':' [+] Found Java vendor URL 'http://java.sun.com/' [+] Found Java title path ':/home/istat/apache-tomcat-6.0.18/bin/bootstrap.jar' [+] Found Java Runtime Environment specification version '1.6' [+] Found Operating system version '2.6.18-371.8.1.el5' [+] Found Operating system architecture 'i386' [+] Found Java Runtime Environment version '1.6.0_03' [+] Found Java Virtual Machine implementation version '1.6.0_03-b05' [+] Found Java Virtual Machine specification name 'Java Virtual Machine Specific ation' [+] Found File separator '/' [-] java.compiler: Unexpected returned type: expecting String [+] Found Java title format version number '50.0' [+] Found List of paths to search when loading libraries '/usr/java/jdk1.6.0_03/ jre/lib/i386/server:/usr/java/jdk1.6.0_03/jre/lib/i386:/usr/java/jdk1.6.0_03/jre /../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib' [+] Found Java Virtual Machine implementation name 'Java HotSpot(TM) Server VM' [+] Found User's home directory '/home/istat' [!] Command successfully executed就不弹shell了吧修复方案：补丁版权声明：转载请注明来源 Aasron@乌云漏洞回应厂商回应：危害等级：高漏洞Rank：18确认时间：2016-05-03 15:38厂商回复：感谢 Aasron！ 该问题我们已经确认，并联系相关人员及时进行修复了，多谢对土豆安全的关注！最新状态：暂无

漏洞详情披露状态： 2016-05-03： 细节已通知厂商并且等待厂商处理中2016-05-09： 厂商已经确认，细节仅向厂商公开2016-05-19： 细节向核心白帽子及相关领域专家公开2016-05-29： 细节向普通白帽子公开2016-06-08： 细节向实习白帽子公开2016-06-23： 细节向公众公开简要描述： 详细说明：http://219.133.73.185:81/admin/login.do中海油船舶代理信息管理系统存在st2命令执行漏洞，可getshell只截图证明危害漏洞利用截图如下： 漏洞证明：  修复方案： 版权声明：转载请注明来源 工程院士@乌云漏洞回应厂商回应：危害等级：低漏洞Rank：2确认时间：2016-05-09 08:31厂商回复：感谢工程院士，我们会尽快修复最新状态：暂无

漏洞详情披露状态： 2016-05-09： 细节已通知厂商并且等待厂商处理中2016-05-09： 厂商已经确认，细节仅向厂商公开2016-05-19： 细节向核心白帽子及相关领域专家公开2016-05-29： 细节向普通白帽子公开2016-06-08： 细节向实习白帽子公开2016-06-23： 细节向公众公开简要描述：敏感配置信息请打码！！！详细说明： code 区域泄漏源： http://120.55.144.142/projects（注：之前未授权可访问）但重要系统配置还是泄漏了。 漏洞证明： code 区域mask 区域*****4.157:3306/cp***** *****e=Cp***** [email protected]/* */********************uery=S**********.mysql.j**********==================**********数**********==================**********_wm_wechat?useUnicode=true&characterE**********c.usernam**********word=C85a3d3********************==================**********代**********==================**********ode=true&characterEncoding=UTF-8&zeroDa**********username**********xlgIYjtuciKpd********************务**********.m.cnhza.kvsto**********=127.0**********务**********ort=********************s=wei*****  修复方案：rt版权声明：转载请注明来源 保护伞@乌云漏洞回应厂商回应：危害等级：高漏洞Rank：15确认时间：2016-05-09 12:02厂商回复：感谢你的提醒，我们会尽快修复。最新状态：2016-05-09：漏洞已修复，礼物随后寄出