VULHUB ™

### 简要描述： 可以直接进入WEBSPHERE管理后台getshell ### 详细说明： http://211.144.131.98/ 漏洞地址 ``` https://211.144.131.98:9043/ibm/console/ ``` 未设置admin密码可以进入后台直接getshell 输入admin进入后台 [<img src="https://images.seebug.org/upload/201509/06093409af34d0aca1d3a17a89436ffe6a8956b8.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/06093409af34d0aca1d3a17a89436ffe6a8956b8.png) 根据园长这篇文章 ``` http://drops.wooyun.org/tips/604 ``` [<img src="https://images.seebug.org/upload/201509/060936132616e4e839564dce71dac8574b4e5d54.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/060936132616e4e839564dce71dac8574b4e5d54.png) 后台getshell 木马地址 ``` http://211.144.131.98:9080/safe_test/index.jsp ``` 上传菜刀马 地址 ``` http://211.144.131.98:9080/safe_test/cdm.jsp ``` 密码 sec007 [<img src="https://images.seebug.org/upload/201509/061011381cdc822600a9641cf1edfd41faf2b50c.png" alt="3.png" width="600"...

### 简要描述： 可以直接进入WEBSPHERE管理后台getshell ### 详细说明： http://211.144.131.98/ 漏洞地址 ``` https://211.144.131.98:9043/ibm/console/ ``` 未设置admin密码可以进入后台直接getshell 输入admin进入后台 [<img src="https://images.seebug.org/upload/201509/06093409af34d0aca1d3a17a89436ffe6a8956b8.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/06093409af34d0aca1d3a17a89436ffe6a8956b8.png) 根据园长这篇文章 ``` http://drops.wooyun.org/tips/604 ``` [<img src="https://images.seebug.org/upload/201509/060936132616e4e839564dce71dac8574b4e5d54.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/060936132616e4e839564dce71dac8574b4e5d54.png) 后台getshell 木马地址 ``` http://211.144.131.98:9080/safe_test/index.jsp ``` 上传菜刀马 地址 ``` http://211.144.131.98:9080/safe_test/cdm.jsp ``` 密码 sec007 [<img src="https://images.seebug.org/upload/201509/061011381cdc822600a9641cf1edfd41faf2b50c.png" alt="3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/061011381cdc822600a9641cf1edfd41faf2b50c.png) 系统开启3389远程连接 [<img src="https://images.seebug.org/upload/201509/06102800ae42744e4ecc333b00431dcb7d1ec9e2.jpg" alt="5.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/06102800ae42744e4ecc333b00431dcb7d1ec9e2.jpg) 系统管理员 !nc [<img src="https://images.seebug.org/upload/201509/06101555099bd875b6e30772a3f6d364628947b9.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/06101555099bd875b6e30772a3f6d364628947b9.jpg) 直接更改!nc密码 ``` net user !nc S!afe_233nmb ``` 远程连接 ### 漏洞证明： [<img src="https://images.seebug.org/upload/201509/06105756b4bd0136141e6f16377021f8aa72585c.jpg" alt="6.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/06105756b4bd0136141e6f16377021f8aa72585c.jpg) 可内网渗透，网络卡，没进一步深究 大量敏感信息和地址泄露 [<img src="https://images.seebug.org/upload/201509/06113143dd03143f82c1f76118cd6c0da234971a.png" alt="9.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/06113143dd03143f82c1f76118cd6c0da234971a.png) [<img src="https://images.seebug.org/upload/201509/06112939dc5c9dcf1bc2623b816f21b74bc6b07c.jpg" alt="7.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/06112939dc5c9dcf1bc2623b816f21b74bc6b07c.jpg) [<img src="https://images.seebug.org/upload/201509/06113040ae4567dee8e7334f0357699d4b30b1cd.jpg" alt="8.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201509/06113040ae4567dee8e7334f0357699d4b30b1cd.jpg)