乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-01-07: 细节已通知厂商并且等待厂商处理中 2013-01-07: 厂商已经确认,细节仅向厂商公开 2013-01-17: 细节向核心白帽子及相关领域专家公开 2013-01-27: 细节向普通白帽子公开 2013-02-06: 细节向实习白帽子公开 2013-02-21: 细节向公众公开
大半夜还给你们找洞洞,送个新年礼物呗!
1)问题对象:盛大在线-经营分析系统struts命令执行,测试地址:http://114.80.132.148/showIndexArticlesAction.htm?recordType=2
2)貌似有好多敏感的东西呀;
3)随便看了看,不晓得这是啥子东东(你们应该知道吧);
#BOSERVER_10=http://61.172.254.246:8080/businessobjects/enterprise115/desktoplaunch/#CMS_10=asfasfs#Auth_10=secEnterprise#PASS_10=dash2009BOSERVER_10=http://114.80.132.147:8080/businessobjects/enterprise115/desktoplaunch/CMS_10=datacenter-246Auth_10=secEnterprisePASS_10=dash2009#BOSERVER_11=http://192.168.100.84:8080/businessobjects/enterprise115/desktoplaunch/#CMS_11=qc-datacenter2#Auth_11=secEnterprise#PASS_11=bo888888BOSERVER_11=http://data2.sdo.com:8080/businessobjects/enterprise115/desktoplaunch/CMS_11=datacenter-bo84Auth_11=secEnterprisePASS_11=bo888888BOSUBID141_11=141#BOSERVER_12=http://61.172.254.246:8080/businessobjects/enterprise115/desktoplaunch/#CMS_12=asfasfs#Auth_12=secEnterprise#PASS_12=bo888888BOSERVER_12=http://114.80.132.147:8080/businessobjects/enterprise115/desktoplaunch/CMS_12=asfasfsAuth_12=secEnterprisePASS_12=bo888888#BOSERVER_13=http://192.168.100.82:8080/businessobjects/enterprise115/desktoplaunch/#CMS_13=qc-datacenter1#Auth_13=secEnterprise#PASS_13=bo888888BOSERVER_13=http://data1.sdo.com:8080/businessobjects/enterprise115/desktoplaunch/CMS_13=datacenter-bo82Auth_13=secEnterprisePASS_13=bo888888BOSUBID106_13=106RTBOSERVER=http://192.168.100.74:8088/bmsh/RTPASS=adminneedUnifyAuthenticate=1#authentication interface url###internet 61.172.241.94/218.30.75.31(BK):8083#authenHost=61.172.241.94#authenPort=8083#authenHostBK=218.30.75.31###intranet 192.168.100.180/192.168.100.110:8083#authenHost=192.168.100.180#authenPort=8083#authenHostBK=192.168.100.110#only useful for FacadeActionsubSystemID=0907131#query interface url###internet 61.152.122.44:8084###intranet 192.168.100.180:8084queryHost=192.168.100.185queryPort=8080#record num on one pagenumPerPage=20numPerPage_leaveword=20#domainName=.sdch.sdo.comdomainName=data.sdo.com#sendmail#发送邮件服务器mailhost = 61.172.242.25#邮件服务器登录用户名mailusername = dataportal #邮件服务器登录密码mailpassword = dataportal #发送人邮件地址mailfrom = [email protected]
4)还有好多东西,你们懂的~
见详细说明!~
补丁呀
危害等级:低
漏洞Rank:5
确认时间:2013-01-07 17:57
感谢se55i0n提交漏洞,我们已处理。线下再联系你,另行感谢!
暂无