乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-16: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-05-31: 厂商已经主动忽略漏洞,细节向公众公开
合享新创官网Getshell
网址:http://www.incoindex.com/incoindex/usermanager/tologin.action站点存在St2沦陷
数据库包含邮箱:
############incopat.properties.path =/home/soft/tomcat8080/webapps/ROOT/WEB-INF/classes/server.properties#incopat.properties.path =E:/WorkTools/server/tomcat-6.0.36/webapps/incopat2/WEB-INF/classes/server.properties#incopat.cloud.server = 10.1.2.102:2181,10.1.2.103:2181,10.1.2.104:2181incopat.cloud.server = 10.1.2.202:2181,10.1.2.203:2181,10.1.2.204:2181incopat.cloud.collection.default=ncnincopat.cloud.collection.cn=ncnincopat.cloud.collection.foreign=nwg1,nwg2,nus############incopat.cloud.server.myfolder = 10.1.2.205:2181,10.1.2.206:2181,10.1.2.207:2181incopat.cloud.collection.myfolder=nfolder############incopat.cloud.server.optionallib =10.1.2.205:2181,10.1.2.206:2181,10.1.2.207:2181incopat.cloud.collection.optionallib=nadvancedb##incopatus,incopatwo####incopat.cloud.collection.all=incopatcn,incopatus,incopatwo;##ftp\u670d\u52a1\u5668 \uff0c\u5b58\u653exml\u6587\u4ef6incopat.ftp.server=10.1.2.70incopat.ftp.port=21incopat.ftp.username=ftpincopat.ftp.password=user##ftp\u4e0b\u8f7d\u670d\u52a1\u5668\uff0c\u5b58\u653e\u4e0b\u8f7d\u6587\u4ef6incopat.download.ftp.server=10.1.2.90incopat.download.ftp.port=21incopat.download.ftp.username=ftpuserincopat.download.ftp.password=ftpincopat##\u90ae\u4ef6\u670d\u52a1\u5668\uff0c\u7cfb\u7edf\u7528\u8fd9\u4e2a\u90ae\u7bb1\u5411\u5916\u53d1\u9001\u90ae\u4ef6#incopat.email.server=smtp.ym.163.com#incopat.email.serverport=25#[email protected]#[email protected]#incopat.email.password=11111111incopat.email.server=10.1.1.1incopat.email.serverport=25[email protected][email protected]incopat.email.password=incopat#2013[email protected]##\u7528\u6237\u9884\u8b66\u8bbe\u7f6e\uff0c\u67e5\u8fc7\u8fd9\u4e2a\u6570\u503c\u5c31\u5411\u6307\u5b9a\u7684\u90ae\u7bb1\u53d1\u9001\u90ae\u4ef6\u63d0\u793aincopat.usermanager.loadcounttop=2000incopat.usermanager.readcounttop=2000incopat.usermanager.loadpdfcounttop=2000[email protected]#incopat.usermanager.printcounttop=2000#incopat.usermanager.emailcounttop=2000##web\u670d\u52a1\u5668\u5730\u5740\uff0c\u672cweb\u5e94\u7528\u670d\u52a1\u5916\u7684web\u5e94\u7528\u5730\u5740\uff08\u6bd4\u598290\u7684\u519980,80\u7684\u519990\uff09\uff0c\u591a\u4e2a\u5730\u5740\u4ee5\u9017\u53f7\u5206\u5f00\uff0c\u5982\u679c\u53ea\u6709\u4e00\u4e2aweb\u670d\u52a1\u5668\u5c31\u4e0d\u7528\u586b\u5199\u4e86\u3002#incopat.webserver.addr=http://192.168.9.4:8080,http://192.168.9.3:8080#incopat.webserver.addr=http://10.1.2.80:8080incopat.webserver.addr=##\u4e0b\u8f7d\u7684\u6587\u4ef6\u662f\u5426\u4e0a\u4f20\u5230ftp##\u5f53\u503c\u8bbe\u7f6eyes\u65f6\u4e0a\u4f20\uff0c\u5f53\u503c\u8bbe\u7f6eno\u65f6\u4e0d\u4e0a\u4f20\u3002\u5f53\u53ea\u6709\u4e00\u4e2aweb\u5e94\u7528\u670d\u52a1\u5668\u7684\u65f6\u5019\u5c31\u6ca1\u5fc5\u8981\u4e0a\u4f20incopat.download.ftp.flag=yes##\u90ae\u4ef6\u529f\u80fd\u662f\u5426\u5f00\u901a##\u5f53\u503c\u8bbe\u7f6e\u4e3ayes\u65f6\u8bf4\u660e\u5f00\u901a\uff0c\u5f53\u503c\u8bbe\u7f6e\u4e3ano\u7684\u65f6\u5019\u8bf4\u660e\u90ae\u4ef6\u529f\u80fd\u4e0d\u53ef\u7528incopat.email.flag=yes##\u6dfb\u52a0\u7528\u6237\u65f6\u7684\u5bc6\u7801##\u503c\u662f\u4ec0\u4e48 \u5bc6\u7801\u5c31\u662f\u4ec0\u4e48\uff0c\u4e0d\u586b\u7cfb\u7edf\u968f\u673a\u751f\u62106\u4f4d\u6570\u5b57incopat.usermanager.password=##WORD\u516c\u5f00\u53f7\u94fe\u63a5\u524d\u7f00WORDHREF=http://www.incopat.com##\u7f29\u7565\u56fe\u524d\u6bb5\u8def\u5f84#imagespath=d:home/ftpuserincopat.imagespath=/home/ftpuser/Icoclipimg#######################\u6253\u5370\u4e0b\u8f7d\u5b57\u6bb5#\u516c\u5f00\u53f7\u5217\u8868PNKEY=PN,PNLINK#PNVALUE=\u516c\u5f00\u53f7#\u68c0\u7d22\u7ed3\u679c\u5217\u8868RESULTKEY=TIO,AP,PN,PNLINK,PD,IN,AN,AD,ABO,CLAIM#RESULTVALUE=\u6807\u9898,\u7533\u8bf7\u4eba,\u516c\u5f00\u53f7,\u516c\u5f00\u65e5,\u53d1\u660e\u4eba,\u7533\u8bf7\u53f7,\u7533\u8bf7\u65e5,\u6458\u8981#\u6743\u5229\u8981\u6c42CLAIMRIGHTKEY=TIO,AP,PN,PNLINK,PD#CLAIMRIGHTVALUE=\u6807\u9898,\u7533\u8bf7\u4eba,\u516c\u5f00\u53f7,\u516c\u5f00\u65e5#\u6cd5\u5f8b\u72b6\u6001LAWSTATUKEY=TIO,AP,PN,PNLINK,PD,AN#LAWSTATUVALUE=\u6807\u9898,\u7533\u8bf7\u4eba,\u516c\u5f00\u53f7,\u516c\u5f00\u65e5#\u81ea\u5b9a\u4e49CUSTOMKEY=TIO,PN,PNLINK,PD,AP#CUSTOMVALUE=\u6807\u9898,\u7533\u8bf7\u4eba,\u516c\u5f00\u53f7,\u516c\u5f00\u65e5#\u6240\u6709 ALLKEY=TIO,ABO,PN,PNLINK,PD,AN,AD,AP,TI-TS,TIOS,AB-TS,ABOS,APNOR,AP-COUNTRY,AP-PROVINCE,AP-ADD,CLAIM,NUMCLAIM,LAWINFO,STATUS-LITE,STATUS,IN,AT,AGC,IPC-MAIN,IPC,IOC,ECLA,CPC,UC,FI,FT,PR,MFAMILY,CFAMILY,IF,MFID,CFID,IFID,EXAM,CTFW,CT,CITETEXT,CTFW-TIMES,FCTFW-TIMES,PU-DATE,GRANT-DATE,PNK,PIC,IMGALLVALUE=\u6807\u9898,\u6458\u8981,\u516c\u5f00\u53f7,\u94fe\u63a5\u5230incoPat,\u516c\u5f00\u65e5,\u7533\u8bf7\u53f7,\u7533\u8bf7\u65e5,\u7533\u8bf7\u4eba,\u6807\u9898\uff08\u7ffb\u8bd1\uff09,\u6807\u9898\uff08\u5c0f\u8bed\u79cd\u539f\u6587\uff09,\u6458\u8981\uff08\u7ffb\u8bd1\uff09,\u6458\u8981\uff08\u5c0f\u8bed\u79cd\u539f\u6587\uff09,\u6807\u51c6\u5316\u7533\u8bf7\u4eba,\u7533\u8bf7\u4eba\u56fd\u522b\u4ee3\u7801,\u7533\u8bf7\u4eba\u7701\u5e02\u4ee3\u7801,\u7533\u8bf7\u4eba\u5730\u5740,\u9996\u9879\u6743\u5229\u8981\u6c42,\u6743\u5229\u8981\u6c42\u6570\u91cf,\u6cd5\u5f8b\u72b6\u6001,\u5f53\u524d\u6cd5\u5f8b\u72b6\u6001,\u4e13\u5229\u6709\u6548\u6027,\u53d1\u660e\u4eba,\u4ee3\u7406\u4eba,\u4ee3\u7406\u673a\u6784,\u4e3b\u5206\u7c7b\u53f7,IPC,\u6d1b\u8fe6\u8bfa\u5206\u7c7b\u53f7,EC,CPC,UC,FI,F-term,\u4f18\u5148\u6743,\u7b80\u5355\u540c\u65cf,\u6269\u5c55\u540c\u65cf,inpadoc\u540c\u65cf,\u7b80\u5355\u540c\u65cfID,\u6269\u5c55\u540c\u65cfID,inpadoc\u540c\u65cfID,\u5ba1\u67e5\u5458,\u524d\u5f15\u8bc1\u4e13\u5229,\u540e\u5f15\u8bc1\u4e13\u5229,\u524d\u5f15\u8bc1\u79d1\u6280\u6587\u732e,\u88ab\u5f15\u8bc1\u6b21\u6570,\u5bb6\u65cf\u88ab\u5f15\u8bc1\u6b21\u6570,\u516c\u5f00\u65e5,\u6388\u6743\u516c\u544a\u65e5,\u6587\u732e\u7c7b\u578b\u4ee3\u7801,\u6458\u8981\u9644\u56fe,\u5168\u6587\u9644\u56fe#ALLKEY=TIO,TI-TS,TIOS,ABO,IMG,AB-TS,ABOS,PN,PNLINK,PD,AN,AD,PR,AP,APNOR,AP-ADD,COUNTRY,IN,AT,AGC,EXAM,IPC-MAIN,IPC,ECLA,CPC,UC,FT,FI,IOC,NUMCLAIM,LAWINFO,MFAMILY,CFAMILY,CTFW,CT,CITETEXT,CLAIM,FAN,IPA,IPN,ECD,PIC#ALLVALUE=\u6807\u9898,\u6807\u9898\uff08\u7ffb\u8bd1\uff09,\u6807\u9898\uff08\u5c0f\u8bed\u79cd\u539f\u6587\uff09,\u6458\u8981,\u6458\u8981\u9644\u56fe,\u6458\u8981\uff08\u7ffb\u8bd1\uff09,\u6458\u8981\uff08\u5c0f\u8bed\u79cd\u539f\u6587\uff09,\u516c\u5f00\u53f7,\u94fe\u63a5\u5230incoPat,\u516c\u5f00\u65e5,\u7533\u8bf7\u53f7,\u7533\u8bf7\u65e5,\u4f18\u5148\u6743,\u7533\u8bf7\u4eba,\u6807\u51c6\u5316\u7533\u8bf7\u4eba,\u7533\u8bf7\u4eba\u5730\u5740,\u56fd\u7701\u4ee3\u7801,\u53d1\u660e\u4eba,\u4ee3\u7406\u4eba,\u4ee3\u7406\u673a\u6784,\u5ba1\u67e5\u5458,\u4e3b\u5206\u7c7b\u53f7,IPC,EC,CPC,UC,F-term,FI,\u6d1b\u8fe6\u8bfa\u5206\u7c7b\u53f7,\u6743\u5229\u8981\u6c42\u6570\u91cf,\u6cd5\u5f8b\u72b6\u6001,\u7b80\u5355\u540c\u65cf,\u6269\u5c55\u540c\u65cf,\u524d\u5f15\u8bc1\u4e13\u5229,\u540e\u5f15\u8bc1\u4e13\u5229,\u524d\u5f15\u8bc1\u79d1\u6280\u6587\u732e,\u6743\u5229\u8981\u6c42,\u540c\u65cf\u4e13\u5229\u7533\u8bf7\u53f7,PCT\u7533\u8bf7\u53f7,PCT\u516c\u5f00\u53f7,PCT\u8fdb\u5165\u4e2d\u56fd\u65e5\u671f,\u5168\u6587\u9644\u56fe
补丁+配置
未能联系到厂商或者厂商积极拒绝