乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-21: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-07-05: 厂商已经主动忽略漏洞,细节向公众公开
B卷网getshell&数据库可连接
http://www.bjuan.cn/front/login/resetPassword.action站点存在Struts2命令执行漏洞导致getshell
#values are "system-env" or "this";#if value is "this" , using the paoding.dic.home as dicHome if configed!#paoding.dic.home.config-fisrt=system-env#dictionary home (directory)#"classpath:xxx" means dictionary home is in classpath.#e.g "classpath:dic" means dictionaries are in "classes/dic" directory or any other classpath directorypaoding.dic.home=classpath:dicpaoding.dic.detector.interval=60#seconds for dic modification detection#paoding.dic.detector.interval=60
#------------ MySQL ------------jdbc.driver=com.mysql.jdbc.Driver#jdbc.url=jdbc\:mysql\://127.0.0.1\:3306/zxjy?useUnicode\=true&autoReconnect\=true&characterEncoding\=UTF-8&zeroDateTimeBehavior\=convertToNulljdbc.url=jdbc\:mysql\://localhost\:3306/zxjy?useUnicode\=true&autoReconnect\=true&characterEncoding\=UTF-8&zeroDateTimeBehavior\=convertToNulljdbc.username=zxjyjdbc.password=saiya13072014#jdbc.username=root#jdbc.password=root#\u8bbe\u7f6e\u6570\u636e\u5e93\u65b9\u8a00hibernate.dialect=org.hibernate.dialect.MySQLDialect#\u662f\u5426\u663e\u793aSQLhibernate.show_sql=fasle#\u683c\u5f0f\u5316\u8f93\u51fa\u5230\u63a7\u5236\u53f0\u7684SQL\u8bed\u53e5hibernate.format_sql=false#Hibernate\u8fde\u63a5\u6570\u636e\u5e93\u8d85\u65f6\u8bbe\u7f6ehibernate.autoReconnect=true#\u6307\u5b9aHibernate\u5728\u4f55\u65f6\u91ca\u653eJDBC\u8fde\u63a5. \u9ed8\u8ba4\u60c5\u51b5\u4e0b,\u76f4\u5230Session\u88ab\u663e\u5f0f\u5173\u95ed\u6216\u88ab\u65ad\u5f00\u8fde\u63a5\u65f6,\u624d\u4f1a\u91ca\u653eJDBC\u8fde\u63a5hibernate.connection.release_mode=auto#connection.useUnicode\u8fde\u63a5\u6570\u636e\u5e93\u65f6\u662f\u5426\u4f7f\u7528Unicode\u7f16\u7801Connection.useUnicode=true#connection.characterEncoding\u8fde\u63a5\u6570\u636e\u5e93\u65f6\u6570\u636e\u7684\u4f20\u8f93\u5b57\u7b26\u96c6\u7f16\u7801\u65b9\u5f0f\uff0c\u6700\u597d\u8bbe\u7f6e\u4e3aUTF-8connection.characterEncoding=UTF-8#\u8bbe\u7f6e\u81ea\u52a8\u521b\u5efa|\u66f4\u65b0|\u9a8c\u8bc1\u6570\u636e\u5e93\u8868\u7ed3\u6784#hibernate.hbm2ddl.auto=update#\u5f00\u542f\u4e8c\u7ea7\u7f13\u5b58hibernate.cache.use_second_level_cache=false#\u4f7f\u7528\u7f13\u5b58\u4ea7\u54c1 -- \u5907\u9009\u7684\u7f13\u5b58\u4ea7\u54c1org.hibernate.cache.EhCacheProviderhibernate.cache.provider_class=org.hibernate.cache.OSCacheProvider#\u5f00\u542f\u4e8c\u7ea7\u7f13\u5b58\u7684\u67e5\u8be2\u7f13\u5b58hibernate.cache.use_query_cache=false#\u6570\u636e\u5e93\u6279\u91cf\u67e5\u8be2\u6570hibernate.jdbc.fetch_size=50#\u6570\u636e\u5e93\u6279\u91cf\u66f4\u65b0\u6570hibernate.jdbc.batch_size=30
补丁+配置
未能联系到厂商或者厂商积极拒绝