乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-23: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-06-07: 厂商已经主动忽略漏洞,细节向公众公开
天图迅联,我也是西安的,求份工作哇~
站点存在Struts2命令执行网址:http://my.tantuls.com/jsp/init.action
#------------ JDBC ------------jdbc.driver=com.mysql.jdbc.Driverjdbc.url==mysql://127.0.0.1:3306/myland?true&characterEncoding=UTF-8jdbc.username=rootjdbc.password=#o9L73(JKleP#------------ ConnectionPools ------------connection_pools.initial_pool_size=5connection_pools.min_pool_size=5connection_pools.max_pool_size=10connection_pools.max_idle_time=60connection_pools.acquire_increment=5connection_pools.checkout_timeout=60000
#file temp dirfile.temp.dir=d:/uploadfile.local.temp.dir=d:/upload#tantuls request domain urlsystem.domain.url=http://my.tantuls.com/tantulsV1#file server upload urlfile.server.upload.url=http://219.153.20.229:8180/upload/upload.action#file server delete urlfile.server.delete.url=http://219.153.20.229:8180/upload/delete.action#file root pathfile.server.path.root=tantuls/#file max size <=3Mfile.size.limit.max=3M# camera's user for view manager role's idcamera.role.manager.id=10# camera's user for view camera role's idcamera.role.view.id=11#default user role id,user registered ,then he will get this role;user.role.id.default=12#send emailmail.port=smtpmail.host=smtp.exmail.qq.com[email protected][email protected]mail.account.from.login.password=123321qQ#send smssms.ihuyi.account=cf_cgkjsms.ihuyi.password=20D1D5E7043D57BDCBA6DD0598FC80C3sms.ihuyi.url=http://106.ihuyi.cn/webservice/sms.php?method=Submit#find pwdpwd.email.returnurl=/user/emailReturn# system Iduser.system.id=1# apk versionapk.android.version=2 apk.ios.version=1# apk downLoad urlapk.downLoad.url=http://127.0.0.1:80/tantulsV1/interface/apkDownLoad/downLoad#apk file apk.file=d:/tantuls.apk
补丁+配置
未能联系到厂商或者厂商积极拒绝