乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-30: 细节已通知厂商并且等待厂商处理中 2015-10-10: 厂商已经确认,细节仅向厂商公开 2015-10-20: 细节向核心白帽子及相关领域专家公开 2015-10-30: 细节向普通白帽子公开 2015-11-09: 细节向实习白帽子公开 2015-11-24: 细节向公众公开
中国普天
**.**.**.**:7001/cardservice/payment/index.action
**.**.**.**:7001/console/login/LoginForm.jspweblogic/11111111可以上传war格式的马拿到shell**.**.**.**:7001/ma/ma3.jsp数据库连接信息/domains/payment/config/jdbc/PTPAY_POOL-0359-jdbc.xml
jdbc:oracle:thin:@**.**.**.**:1521:testdbdevaccountdevaccount
连接数据库
T_BAT_CARD_BAL T_LOG_ONLINE_PAYMENT_HIS T_BAT_CLEAR_PAYMENT_DETAIL T_LOG_ONLINE_P20120313_HIS T_LOG_ONLINENT_HIS111222 T_LOG_ONLINE__HIS20120612 T_BAT_CARD_BAL_TEMP T_INFO_ACCOUNT T_INFO_ACCOUNT_CARD T_INFO_CARD T_LOG_ACCOUNT_PAYMENT T_LOG_OFFACCOUNT_PAYMENT T_BAT_LOG_PROCEDURE T_LOG_OFFLINE_PAYMENT_HIS T_BAT_SETTLE_CHECK_CYC WL_OPRCARDSTOCKDETAIL T_POSP_ACCT_CHK_INST_D WULIU_BAT_STATISTICS_STOCK WL_BUSCARDINOUTDETAIL T_POSP_TXN T_BAT_AML_ACCOUNT T_BAT_CLEAR_DTL T_POSP_TERM_INF T_POSP_TERM_INF20131111 T_INFO_ORG_TERMINAL T_POSP_OUT_TERM_ORG_INFO T_LOG_OPERATION T_RGHT_ROLE_FUNCTION T_BAT_RUN_LOG T_BAT_CLEAR_DTL20120612 T_BAT_XY_RECON_DETAIL_HIS T_LOG_ACCOUNT_MANAGEMENT T_LOG_PREAUTH_APPLY T_POSP_TXN_MNG T_POSP_TXN_MNG_PID T_POSP_ALLACCT_STAT T_INFO_ORG T_LOG_PRINT_INVOICE T_POSP_TXN_FILE_REG WL_INNER_DEBUG_LOG T_INFO_BUYCRD_CUSTOMER T_BAT_TXN_AMT_STAT T_POSP_OUT_MCHNT_INFO T_RULE_SETTLE_2 T_POSP_TXN_2CORE_PID T_RULE_SETTLE_CYCLE_2_TEMP T_RULE_SETTLE_CYCLE_2 T_INFO_CUSTOMER T_INFO_CARD_NO_MAP WL_BUSCARDSTOCK_HIS T_LOG_BOND_PAYMENT WL_TXNDTL_SELL T_BAT_SETTLE_DTL_2 T_BAT_FILE_LOG T_LOG_ACCOUNT_ALTER T_BAT_XY_RECON_INOUT WL_BUSCARDINOUT WL_OPRCARDSTOCKDETAIL_HIS T_BAT_SETTLE_DTL_1 T_POSP_SHTY_ACCT_DAYSQEQ T_DICT_CODE WULIU_BAT_STATISTICS T_POSP_TERM_PRM_CFG T_RGHT_FUNCTION T_REPORT_RP_COLUMN WL_BUSCARDSTOCKDETAIL WL_BUSCARDSTOCK T_LOG_ONLINE_PAYMENT T_LOG_ONLINE_PAYMENT20140215 T_INF_CARD_ISSUE_2ND T_DICT_AREA_CITY T_BAT_AML_MERCH T_LOG_ONLINE_PAYMENT20130808 WL_BUSCARDSTOCKDETAIL_HIS T_BAT_DIFF_LOTTERYORG_HIS T_POSP_BMP_INF T_INFO_INVOICE T_INFO_ORDER T_RGHT_USER_ROLE EACODE T_LOG_ONLINE_PAYMENT20130806 T_BAT_XY_RECON_FILE T_POSP_FLD_INF T_INFO_USER T_INFO_ORDER_DTL T_LOG_CHANGECARD_APPLY T_POSP_TXN_AUTH T_DICT_INFO T_POSP_CON_INF T_DICT_TXN_ERRCODE T_LOG_OFFLINE_PAYMENT20130625 TBCARDCSNRELATION WL_BUSCARDINOUTDF T_POSP_BATTR_TXN T_REPORT_RP_QUERY T_INFO_ORDER_PAY T_POSP_MSG_INF T_REPORT_OUTKEYTB T_LOG_CARD_ISSUANCE T_RGHT_ROLEDEF T_INFO_INVOICE_TEMP T_INFO_BUYCRD_CUSTOMER_TEMP T_POSP_NO_HANDLINGCHARGE T_DICT_TXN_CODE WL_ORDER T_LOG_COUPON_PAYMENT_HIS T_INFO_ORDER_CARDDTL T_POSP_TXN_TONGLIAN T_REPORT_RIGHT_ROLE_FUNCTION T_POSP_TXN_IC_PURSE T_LOG_ONLINE_PAYMENT20130807 T_POSP_TXN_REVSAL_PID T_POSP_RSP_CODE_MAP T_INFO_SALESMAN T_LOG_MNG_TXN_REG T_LOG_MNG_TXN_DTL T_BAT_AML_TXN T_GM_OPEN_ACCOUNT T_INFO_ORDER_DTL_TEMP T_BAT_SHARED_DTL_2 T_BAT_SELL_SIGNCARD T_LOG_ONLINE_PAYMENT20130617 T_INFO_ORDER_TEMP T_LOG_ONLINE_PAYMENT20130625 T_POSP_ROUTE_INF T_POSP_TXN_INF T_FILE_ERROR_PAYMENT T_BAT_CRDMANAGE_DTL T_LOG_ONLINE_PAYMENT20130803 WL_OPRCARDSTOCK T_ENCODERULE_CARD T_DETAIL_BANK_RECMENT T_LOG_ONLINE_PAYMENT20140219 T_LOG_ONLINE_PAYMENT20140213 T_REPORT_RP_BASE T_INFO_BLACK T_LOG_OFFLINE_PAYMENT20130803 T_LOG_ONLINE_PAYMENT20130804 T_FILE_BATCH_OPEN_ACCOUNT T_LOG_ONLINE_PAYMENT20140216 T_CLAIM_BANK_RECMENT T_POSP_PRM_INF_SORTED T_RULE_SHARED TDUPPKGREGTB T_LOG_ONLINE_PAYMENT20130623 T_POSP_PRM_INF T_BAT_CLEAR_COUPON_DTL T_RULE_SETTLE_1 T_RULE_FEE T_LOG_ONLINE_PAYMENT20130802 T_POSP_DIFF_RESULT T_LOG_POINT_INACTIVE T_LOG_ONLINE_PAYMENT20130621 T_POSP_MSQ_INF T_REPORT_DICT_CODE T_BAT_SHARED_DTL_1 T_INFO_DEPARTMENT T_INFO_CARDHOLDER_FEE_RATE T_INFO_BLACKBAK T_FILE_CONTROL T_SYS_PRM T_POSP_SHTY_ACCT_DTL T_REPORT_RIGHT_FUNCTION T_POSP_SAF_MSG T_LOG_ONLINE_PAYMENT20130329 T_BAT_TASK_CFG T_RULE_SETTLE_CYCLE_2_HIS T_LOG_ONLINE_PAYMENT20130331 T_POSP_SRV_INF T_INFO_ORDER_REBATE T_ENCODERULE_CARD_ADD T_LOG_POINT_ACTIVE T_LOG_ONLINE_PAYMENT20130805 T_LOG_OFFLINE_PAYMENT20130806 T_POSP_KEY_CFG T_POSP_DICT_INF WL_TXNDTL_TH T_LOG_OFFLINE_PAYMENT20130802 T_LOG_ONLINE_PAYMENT20130330 T_BAT_DIFF_LOTTERYORG_INOUT T_REPORT_DICT_INFO T_POSP_TXN_TRANSFER2CUP T_INFO_CARDHOLDER_FEE T_TRANS_LINK T_POSP_INF_DICT T_LOG_ONLINE_PAYMENT20130325 T_POSP_LINE_CFG T_INFO_ADVICE T_LOG_OFFLINE_PAYMENT T_INFO_ISSORG_SERVICEFEE T_INFO_ACCESS_ORG T_LOG_ONLINE_PAYMENT20130622 T_INFO_POINT_COUPON T_LOG_OFFLINE_PAYMENT20130805 T_POSP_CONV_TYPE T_INFO_COUPON WL_BISUPPLYUNIT T_RULE_SETTLE_CYCLE_1 T_LOG_ONLINE_PAYMENT20121109 T_LOG_ONLINE_PAYMENT20130326 T_POSP_IPC_INF XJ_CUSTOMER T_LOG_ACCT_PAYMENT T_DICT_BUSI_INF T_RULE_SHARED_HIS T_LOG_ONLINE_PAYMENT20121202 T_LOG_ONLINE_PAYMENT20130101 T_REPORT_RIGHT_USER T_PAYMENT_MSG_SEND T_REPORT_RP_INFO T_RULE_FEE_HIS T_LOG_APPLY_RECONCILIATION T_POSP_SHTY_ACCT_STAT T_LOG_ONLINE_PAYMENT20121203 T_LOG_ONLINE_PAYMENT20130327 T_POSP_RED_TERM_SIGNIN_RESULT T_FILE_BANK_RECMENT T_BAT_SETTLE_DTL_INVOICE T_BAT_FILE_TASK_DEF EAPARAM T_BAT_XY_RECON_DETAIL_SUPPLE T_RULE_SETTLE_0 T_POSP_OUT_ORG_INFO T_REPORT_RIGHT_USER_ROLE T_RULE_SETTLE_CYCLE_0_HIS T_RULE_SETTLE_2_HIS T_RULE_SETTLE_0_HIS T_BAT_POINT_RECONCIL XJ_CCCC XI T_PAYMENT_MSG_TEMP_SEND T_POSP_OUT_SYS_INF T_POSP_LINE_INF CNTXDTB CNDATADIRINFOTB T_LOG_DUBIOUS_TXN T_LOG_OFFLINE_PAYMENT20130617 T_POSP_TERM_INF20131001 T_POSP_TIMEOUT_INFO T_POSP_OUT_SHOP_INFO T_BAT_BOC_CONSIGN T_LOG_OFFLINE_PAYMENT20130621 T_LOG_ONLINE_PAYMENT20130626 T_LOG_ONLINE_PAYMENT20130627 T_BAT_CUT_CTL T_BAT_FILE_TASK_CFG WL_BUSMAKECARDDETAIL WL_RCCIMPORT T_REPORT_BACKUP T_REPORT_RIGHT_ROLE T_RISK_PASSWD_ERR_CTL T_POSP_BAT_CUT_CTL T_POSP_SSN T_BAT_XJ_LOG T_INFO_MSG_RECEIVE_ADDR T_RULE_SETTLE_1_HIS T_INVOICE_MISS_BACK T_LOG_ONLINE_PAYMENT20121110 T_LOG_ONLINE_PAYMENT20130131 T_LOG_OFFLINE_PAYMENT20130808 T_POSP_TONGLIAN_MERCHANT_INFO T_LOG_OFFLINE_PAYMENT20130804 T_SUPPLY_TXN_LOGS T_POSP_SINOPEC_TERM SMSSVR_IN SMSVR_OUT T_INFO_ORDER_REFUNDDTL T_LOG_OFFLINE_PAYMENT20130623 T_LOG_OFFLINE_PAYMENT20130622 T_LOG_OFFLINE_PAYMENT20130627 T_LOG_OFFLINE_PAYMENT20130626 T_BAT_DIFF_LOTTERYORG T_POSP_TXN_TRANSFER_ACCT T_BAT_XY_RECON_DETAIL T_LOG_OFFLINE_PAYMENT20121110 T_LOG_ONLINE_PAYMENT20121113 T_LOG_OFFLINE_PAYMENT20121113 T_LOG_OFFLINE_PAYMENT20121114 T_LOG_ONLINE_PAYMENT20121114 T_LOG_ONLINE_PAYMENT20121115 T_LOG_OFFLINE_PAYMENT20121115 T_LOG_OFFLINE_PAYMENT20121130 T_LOG_OFFLINE_PAYMENT20121129 T_LOG_ONLINE_PAYMENT20121129 T_LOG_ONLINE_PAYMENT20121130 T_LOG_OFFLINE_PAYMENT20121202 T_LOG_OFFLINE_PAYMENT20121201 T_LOG_ONLINE_PAYMENT20121201 T_LOG_OFFLINE_PAYMENT20121203 T_LOG_OFFLINE_PAYMENT20121205 T_LOG_OFFLINE_PAYMENT20121204 T_LOG_ONLINE_PAYMENT20121204 T_LOG_OFFLINE_PAYMENT20121230 T_LOG_ONLINE_PAYMENT20121205 T_LOG_OFFLINE_PAYMENT20121231 T_LOG_ONLINE_PAYMENT20121230 T_LOG_ONLINE_PAYMENT20121231 T_LOG_OFFLINE_PAYMENT20130103 T_LOG_OFFLINE_PAYMENT20130101 T_LOG_OFFLINE_PAYMENT20130102 T_LOG_ONLINE_PAYMENT20130102 T_LOG_OFFLINE_PAYMENT20130128 T_LOG_ONLINE_PAYMENT20130103 T_LOG_ONLINE_PAYMENT20130128 T_LOG_OFFLINE_PAYMENT20130131 T_LOG_ONLINE_PAYMENT20130129 T_LOG_OFFLINE_PAYMENT20130129 T_LOG_OFFLINE_PAYMENT20130130 T_LOG_ONLINE_PAYMENT20130130 T_LOG_OFFLINE_PAYMENT20130201 T_LOG_ONLINE_PAYMENT20130201 T_LOG_ONLINE_PAYMENT20130202 T_LOG_OFFLINE_PAYMENT20130202 T_BAT_SETTLE_BANK T_LOG_OFFLINE_PAYMENT20130325 T_LOG_OFFLINE_PAYMENT20130327 T_LOG_OFFLINE_PAYMENT20130326 T_LOG_OFFLINE_PAYMENT20130329 T_LOG_ONLINE_PAYMENT20130328 T_LOG_OFFLINE_PAYMENT20130328 T_LOG_OFFLINE_PAYMENT20130330 T_LOG_OFFLINE_PAYMENT20130331 T_LOG_OFFLINE_PAYMENT20130807 T_LOG_OFFLINE_PAYMENT20140213 T_BAT_ORDER_CARDNO T_BAT_ORDER_BALANCE T_LOG_OFFLINE_PAYMENT20140217 T_POSP_MON_DISKSPACE T_LOG_OFFLINE_PAYMENT20140215 T_LOG_OFFLINE_PAYMENT20140216 T_LOG_OFFLINE_PAYMENT20140218 T_LOG_ONLINE_PAYMENT20140217 T_LOG_ONLINE_PAYMENT20140218 T_LOG_OFFLINE_PAYMENT20140219 T_ORDER_SCOPE T_ORDER_SCOPE_CURR T_TEST_DICT T_INFO_NOTICE_TEST T_INFO_ENTERPRISE T_INFO_OTAPWD_TRANSFER T_INFO_SERVICEFEE T_LOG_ACCOUNT_ALTER_HIS T_LOG_ACCOUNT_MANAGEMENT_HIS T_LOG_ACCOUNT_PAYMENT_HIS T_LOG_ASK_COMPLAITS CNUNITDATAMAP TDDOWNPKGREGTB TPPARAMTB WL_BUSCARDINOUTTHCONDITION WL_BUSMAKECARDDETAIL_HIS WL_OPRCARDSTOCKDETAILCK WL_OPRCDKREGISTE WL_OPRCDKREGISTEDETAIL T_FILE_BATCH_CHARGE_ACCOUNT T_FILE_BATCH_SALE_ACCOUNT T_FILE_BAT_DEAL T_INFO_ACCOUNT_BOND WL_TXNDTL_RECORD WL_TXNDTL_TH_BACK WULIU_BAT_LOG T_TEMP_LOG_PAYMENT_BAT_LOTTERY T_POSP_TXN_HIS T_POSP_TXN_IC_PURSE_HIS T_POSP_TXN_TRANSFER_ACCT_HIS T_RISK_BLACK_CUSTOMER T_RISK_BLACK_MERCHANT T_RISK_CUSTOMER_COMMON_RULE T_RISK_MERCHANT_COMMON_RULE T_LOG_RECONCILIATION T_LOG_REFUND_APPLY T_LOG_UPACCCOUNT_TXN T_MSG_CONFIRM T_MSG_UNCONFIRM T_PARA_ACCOUNT_BAL T_PARA_MERCHANT_REFUND_RULE T_POSP_SAF_MSG_HIS T_LOG_DUBIOUS_TXN_HIS T_LOG_MERCHANT_DAY_TXN T_LOG_MESSAGE T_LOG_MESSAGE_RANGE T_LOG_MESSAGE_VIEWER T_POSP_TXN_4046_REG T_RULE_SETTLE_CYCLE_1_HIS XIAJIE T_LOG_DISC_JNL T_INFO_JOIN_ARCH T_INFO_DISC_RATE T_INFO_DISC_ARCH XJ_TEST T_BAT_CLEAR_DTL_FINAL T_INFO_POINT T_LOG_COUPON_PAYMENT T_BAT_POINT_CONFIRM T_BAT_POINT_CONFIRM_HIS T_BAT_POINT_RECONCIL_HIS T_RULE_SETTLE_CYCLE_0 T_BAT_AML_MERCH_CONFIG T_LOG_ONLINE_PAYMENT20121111 T_LOG_OFFLINE_PAYMENT20121111 T_LOG_OFFLINE_PAYMENT20121112 T_LOG_ONLINE_PAYMENT20121112 T_LOG_OFFLINE_PAYMENT20121109 。。。。。。。。。。。。。。
大量信息泄漏
修改密码
危害等级:高
漏洞Rank:12
确认时间:2015-10-10 16:52
CNVD确认所述情况,已经转由CNCERT下发给上海分中心,由其后续协调网站管理单位处置(需要新建立联系渠道).
暂无