中银保险某重要系统命令执行可Getshell(反序列化没修补)企业安全分享!

中银保险某重要系统命令执行可Getshell(反序列化没修补)

给个高分可否，小礼物真的会送吗。

中银保险参数管理平台(https://111.205.37.193:7001/BOCIParamManager/)

之前有白帽子提交过webloigc后台弱口令导致getshell，这个漏洞是修补了，可是反序列化没修补。
 

测试结果：
 

内网IP地址
 

开放了3389、21等N多端口
 

 活动连接    协议  本地地址          外部地址        状态   TCP    0.0.0.0:135            0.0.0.0:0              LISTENING   TCP    0.0.0.0:445            0.0.0.0:0              LISTENING   TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING   TCP    0.0.0.0:6100           0.0.0.0:0              LISTENING   TCP    0.0.0.0:6200           0.0.0.0:0              LISTENING   TCP    0.0.0.0:30005          0.0.0.0:0              LISTENING   TCP    0.0.0.0:47001          0.0.0.0:0              LISTENING   TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING   TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING   TCP    0.0.0.0:49174          0.0.0.0:0              LISTENING   TCP    0.0.0.0:49175          0.0.0.0:0              LISTENING   TCP    0.0.0.0:49184          0.0.0.0:0              LISTENING   TCP    0.0.0.0:49198          0.0.0.0:0              LISTENING   TCP    21.8.143.113:139       0.0.0.0:0              LISTENING   TCP    21.8.143.113:445       21.8.143.114:50996     ESTABLISHED   TCP    21.8.143.113:7001      0.0.0.0:0              LISTENING   TCP    21.8.143.113:7001      21.8.143.24:30349      TIME_WAIT   TCP    21.8.143.113:7001      21.8.143.24:33745      TIME_WAIT   TCP    21.8.143.113:7001      21.8.143.24:39151      TIME_WAIT   TCP    21.8.143.113:7001      21.8.143.24:51216      TIME_WAIT   TCP    21.8.143.113:7001      21.8.143.24:52160      TIME_WAIT   TCP    21.8.143.113:7001      21.8.143.24:63610      TIME_WAIT   TCP    21.8.143.113:7001      21.8.143.50:3961       ESTABLISHED   TCP    21.8.143.113:7001      21.8.143.50:24606      ESTABLISHED   TCP    21.8.143.113:7001      21.8.143.50:58333      TIME_WAIT   TCP    21.8.143.113:7001      22.8.142.51:52412      ESTABLISHED   TCP    21.8.143.113:7001      22.8.142.53:47623      ESTABLISHED   TCP    21.8.143.113:7001      22.8.142.53:49399      TIME_WAIT   TCP    21.8.143.113:7001      22.8.142.53:60535      TIME_WAIT   TCP    21.8.143.113:9005      0.0.0.0:0              LISTENING   TCP    21.8.143.113:49963     21.8.143.202:1521      ESTABLISHED   TCP    21.8.143.113:53403     21.8.143.202:1521      ESTABLISHED   TCP    21.8.143.113:53694     21.8.143.202:1521      ESTABLISHED   TCP    21.8.143.113:53790     21.8.143.113:30005     TIME_WAIT   TCP    21.8.143.113:53793     21.8.143.113:30005     TIME_WAIT   TCP    21.8.143.113:53794     21.8.143.113:30005     TIME_WAIT   TCP    21.8.143.113:53796     21.8.143.113:30005     TIME_WAIT   TCP    21.8.143.113:53798     21.8.143.113:30005     TIME_WAIT   TCP    21.8.143.113:53799     21.8.143.113:30005     TIME_WAIT   TCP    21.8.143.113:53802     21.8.143.113:30005     TIME_WAIT   TCP    21.8.143.113:53803     21.8.143.113:30005     TIME_WAIT   TCP    21.8.143.113:53804     21.8.143.113:30005     TIME_WAIT   TCP    21.8.143.113:53807     21.8.143.113:30005     TIME_WAIT   TCP    21.8.143.113:53808     21.8.143.113:30005     TIME_WAIT   TCP    127.0.0.1:6100         127.0.0.1:53791        TIME_WAIT   TCP    127.0.0.1:6100         127.0.0.1:53795        TIME_WAIT   TCP    127.0.0.1:6100         127.0.0.1:53800        TIME_WAIT   TCP    127.0.0.1:6100         127.0.0.1:53805        TIME_WAIT   TCP    127.0.0.1:6200         127.0.0.1:53792        TIME_WAIT   TCP    127.0.0.1:6200         127.0.0.1:53797        TIME_WAIT   TCP    127.0.0.1:6200         127.0.0.1:53801        TIME_WAIT   TCP    127.0.0.1:6200         127.0.0.1:53806        TIME_WAIT   TCP    127.0.0.1:7001         0.0.0.0:0              LISTENING   TCP    127.0.0.1:9005         0.0.0.0:0              LISTENING   TCP    127.0.0.1:49969        127.0.0.1:49970        ESTABLISHED   TCP    127.0.0.1:49970        127.0.0.1:49969        ESTABLISHED   TCP    127.0.0.1:49971        127.0.0.1:49972        ESTABLISHED   TCP    127.0.0.1:49972        127.0.0.1:49971        ESTABLISHED   TCP    127.0.0.1:49973        127.0.0.1:49974        ESTABLISHED   TCP    127.0.0.1:49974        127.0.0.1:49973        ESTABLISHED   TCP    127.0.0.1:49975        127.0.0.1:49976        ESTABLISHED   TCP    127.0.0.1:49976        127.0.0.1:49975        ESTABLISHED   TCP    127.0.0.1:49977        127.0.0.1:49978        ESTABLISHED   TCP    127.0.0.1:49978        127.0.0.1:49977        ESTABLISHED   TCP    127.0.0.1:49979        127.0.0.1:49980        ESTABLISHED   TCP    127.0.0.1:49980        127.0.0.1:49979        ESTABLISHED   TCP    [::]:135               [::]:0                 LISTENING   TCP    [::]:445               [::]:0                 LISTENING   TCP    [::]:3389              [::]:0                 LISTENING   TCP    [::]:47001             [::]:0                 LISTENING   TCP    [::]:49152             [::]:0                 LISTENING   TCP    [::]:49153             [::]:0                 LISTENING   TCP    [::]:49174             [::]:0                 LISTENING   TCP    [::]:49175             [::]:0                 LISTENING   TCP    [::]:49184             [::]:0                 LISTENING   TCP    [::]:49198             [::]:0                 LISTENING   TCP    [::1]:7001             [::]:0                 LISTENING   TCP    [::1]:9005             [::]:0                 LISTENING   TCP    [2002:1508:8f71::1508:8f71]:445  [2002:1508:8f71::1508:8f71]:53449  ESTABLISHED   TCP    [2002:1508:8f71::1508:8f71]:7001  [::]:0                 LISTENING   TCP    [2002:1508:8f71::1508:8f71]:9005  [::]:0                 LISTENING   TCP    [2002:1508:8f71::1508:8f71]:53449  [2002:1508:8f71::1508:8f71]:445  ESTABLISHED   TCP    [fe80::200:5efe:21.8.143.113%12]:7001  [::]:0                 LISTENING   TCP    [fe80::200:5efe:21.8.143.113%12]:9005  [::]:0                 LISTENING   UDP    0.0.0.0:123            *:*                       UDP    0.0.0.0:500            *:*                       UDP    0.0.0.0:4500           *:*                       UDP    0.0.0.0:5355           *:*                       UDP    21.8.143.113:137       *:*                       UDP    21.8.143.113:138       *:*                       UDP    127.0.0.1:53302        *:*                       UDP    127.0.0.1:53870        *:*                       UDP    127.0.0.1:54748        *:*                       UDP    127.0.0.1:60396        *:*                       UDP    127.0.0.1:63134        *:*                       UDP    [::]:123               *:*                       UDP    [::]:500               *:*                       UDP    [::]:4500              *:*

config.xml
 

    base_domain   10.3.6.0        base_domain                            AuthenticatedUser                                                 WebLogicCertPathProvider       myrealm                SystemPasswordValidator         8         1                 myrealm     {AES}35uscvHlIcGYxHP8/cYYvz/HBNTXRuyMdTWJxMviEROzQg71NmNyJnbZWZPSf8vT83QmQ7p4Lw+oi8HFgmNmIC766Qv1IrXtcMFyYgBo5EdD/yq2ltrqUXOL1DWIMH17     aNpdpFYxhR     {AES}jVtYKs0BcCaIcIONh9GnkJjfaLex7Ai8USCfJzQeJIQ=           AdminServer01           true        base_domain     {AES}FcHxi+7xjZj3VICingEIe/0JViC6wu2jI8URmDK5i0O/U0tCzjWYC+2jsoxx9sXQ      true   9005   10.3.6.0        BOCIParamManager     AdminServer01     war     D:鍙傛暟绠＄悊杞欢BOCIParamManager.war     DDOnly           BOCIDispatchService     AdminServer01     war     D:褰卞儚澶勭悊杞欢BOCIDispatchService.war     DDOnly      AdminServer01        PARA_MANG_DS     AdminServer01     jdbc/PARA_MANG_DS-2338-jdbc.xml           DispatchServiceDS     AdminServer01     jdbc/DispatchServiceDS-4602-jdbc.xml    

数据库配置文件在 D:OracleMiddlewareuser_projectsdomainsbase_domainconfigjdbcPARA_MANG_DS-2338-jdbc.xml
 

    PARA_MANG_DS        jdbc:oracle:thin:@(description=(ADDRESS_LIST =(ADDRESS = (PROTOCOL = TCP)(HOST = DBServer1)(PORT = 1521))(ADDRESS = (PROTOCOL = TCP)(HOST = DBServer2)(PORT = 1521))(load_balance=yes)(failover=yes))(connect_data=(service_name=bocicm)(instance_name=bocicm1)(instance_name=bocicm2)))     oracle.jdbc.xa.client.OracleXADataSource                     user         appadmin                 {AES}qEnPROhlP75yK60Zu46b8ekijQCUWsoI5KSLOsoDdK0=           SQL SELECT 1 FROM DUAL           PARA_MANG_DS     TwoPhaseCommit    

就不上传shell深入了，不是不会哦…

解决方案：

小礼物小礼物.

—-想了解更多的企业安全相关处理怎么解决关注<计算机技术网(www.ctvol.com)!!>