乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-30: 细节已通知厂商并且等待厂商处理中 2016-01-06: 厂商已经确认,细节仅向厂商公开 2016-01-16: 细节向核心白帽子及相关领域专家公开 2016-01-26: 细节向普通白帽子公开 2016-02-05: 细节向实习白帽子公开 2016-02-12: 细节向公众公开
我家躺枪~~
http://**.**.**.** 青岛有线电视自助服务系统 存在命令执行通过写shell破解AES数据库密码,配置。拿到大量的信息,有线和宽带还有家庭电视都是绑定在一起的,个人信息泄露十分严重,还有宽带账号的泄露。还可以修改缴费记录以下数据只是按照读取的顺序截图,信息量太大,想截图这几天的,网页shell都卡得动不了,无奈。只截取部分数据证明危害。
Query#0 : select table_name from user_tablesTABLE_NAMEVARCHAR2VERSIONINFOBACK_USERCART_INFOBUSS_LOG_BAKTRANS_RECORD_BAKWIDENETINFOACCOUNT_RELBROADBAND_INSTALLED_ORDERBUSS_LOGDIGTAL_INSTALLED_ORDERFUNCTION_INFOF_GIVEPOINTITEMINFOONLINE_REPAIRONLINE_SUGGESTOPER_LOGPERSONAL_BOXPLAN_TABLEPRODUCT_APPLYPRODUCT_INFOPTLOGICACTRECOMMAND_INFOSHADOW_USERTRANSLAT_DETAILTRANSLAT_DETAIL_SUCCESSTRANS_RECORDUSER_INFOWEB_USERAREAINFO_CYADDRESSSERVICEBANKINFOBUS_PRODUCT_DTVBUS_USER_GIFTBUS_VOUCHER_POLICYDETAILCOREBUSSDETAILCOREITEMDETAILCOREUSERCARDCOREUSERZNKENUDETAILENUMAINEQUWIDENETFEERATEFEERECF_ALLOWDATEF_ALLOWWEEKF_BUILDING_FAVOURF_BUILDING_POLICYF_BUSITYPEF_BUSI_PCTF_CROPSCALEF_DEPTSCALEF_DISCOUNTF_GENSEQF_GIFTF_GIFT_DEPRECIATIONF_GIVEGIFTF_GIVEGIFT_GIFTF_GIVEMONEYF_GIVEPCTF_GIVESERVICEF_GIVE_PCTF_GROUPFEEF_INSPCTDETAILF_LOGF_OVERFLOWF_PCTF_PCTDETAILF_PCTJOINRESF_PCTKINDF_PCTKIND_PROPF_PCTPROPF_PCTPROP_XF_PCT_PROPF_PCT_SCALEF_POLICYF_POLICYPROPF_POLICY_MUTEXF_RESCATF_RESCATPROPF_RESOURCEF_SERVICEF_SERVICE_PROPF_SETF_SETDETAILF_SETFEEONCEF_SETTYPEF_SET_BUSIF_SUB_BUSIF_SUPF_SUP_PCTF_SUP_RESF_SUP_SERVICEF_TIMEFAVOURG_GIFTKINDG_GIFT_DISCARDG_GIFT_INCOMEG_GIFT_OUTG_GIFT_SENDG_GIFT_SUPORDERINFOORDERINFO_DETAILORDERINFO_FAVOURORDERINFO_GIFTPTOPERPTWORDSPELLWEB_BANKCHKRESULTWEB_BANKCHKRESULTHISWEB_CHKFILEUPLOADWEB_CHKFILE_DETAILWEB_CHKFILE_DETAIL_HISWEB_FEERECORDWEB_FEERECORDHISWEB_HALL_SENDLOGWEB_QUESTIONWEB_USERANSWERMODIFYRECORDWEB_USERQUESTIONYW_CPKYW_CPKXMYW_ZNK
数据库结构表
<url>jdbc:oracle:thin:@**.**.**.**:1521:webhdbs</url> <driver-name>oracle.jdbc.xa.client.OracleXADataSource</driver-name> <properties> <property> <name>user</name> <value>qcnportal</value> </property> </properties> <password-encrypted>{AES}VHsykNYTHnSSf64v4BvAiWmEAWSm8paX8q+E+JKf0nw=</password-encrypted> qcnwor10dap
数据库配置
http://**.**.**.**/css/2.jsp
7
危害等级:中
漏洞Rank:7
确认时间:2016-01-06 14:59
漏洞重复,CNVD不在重复处置。
暂无