Cacti monitoring system injection vulnerability trigger the bloodshed-vulnerability warning-the black bar safety net

2015-01-23T00:00:00
ID MYHACK58:62201558317
Type myhack58
Reporter 佚名
Modified 2015-01-23T00:00:00

Description

Preface:

Security is a whole, any one of the short Board will cause Safety accident, from the border network to the IDC operation and maintenance of the network to the office network, are the whole of each of the network cannot be ignored.

Enterprise in for security to do a multi-layer protection is not one of the IDS,WAF,antivirussecuritycan handle thing, why the network vulnerable, really attack occurs, these protective strategies can perceive the attack.

The following case:

The entire event causes is derived from the Cacti injection vulnerability caused by Cacti Centreon Enterprise Server Version 2. 2->3.0 the presence of a remoteSQL injectionand remote command injection vulnerabilities.

!

(1)

Provide the right GETSHELL found quite interesting is within the network, a typical network service to do the port routing the mapped public network. Looks safe to do very tall yet.

!

Figure 2. the

The network topology diagram:

!

Figure 3. the

By the above diagram of the network architecture probably figuring out within the target network environment, at this time found the Linux version Centios 6.5 kernel is relatively new, give up the kernel to provide the right,without ROOT privileges, it is necessary to use a low-privileged tools to perform, and bounce, plus Agent manner within the network environment forwarded to the public network proxy to use.

!

Figure 4. the

At this time the station within the network machine data packet has been forwarded to the public Internet, the next operation from the proxy tool to start it, although it is within the network environment, but in fact data is the result of the outer web turn a circle back to the network, the scan time and can not open too large, it is easy to trigger the firewall rule, and the process is set to the minimum, the data package slowly through the firewall.

!

[1] [2] [3] next