乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-28: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-04-14: 厂商已经主动忽略漏洞,细节向公众公开
移联网络科技getshell(运维人员邮箱密码掉了一地)经过邮箱密码我们又可以拿到百度账号权限。然后我们还可以拿到,不能再继续往下了~~~
http://www.mobline.cn/toIndex.action站点存在Struts2命令执行
GETSHELL之后我们又发现了运维人员的邮箱密码:
/alidata/www/eeline/WEB-INF/classes/mail.properties#SMTP地址smtpServer=smtp.163.com#是否通过身份验证需打开ifAuth=true#邮件From的地址[email protected]#邮箱帐户emailUsername=qq394105933#邮箱密码emailPassword=5620258
登陆之后、我们会看到apple ID 运维人员在打魔兽世界的绑定账户
再送上几处数据库信息
## MySQLhibernate.dialect org.hibernate.dialect.MySQLDialecthibernate.connection.driver_class com.mysql.jdbc.Driverhibernate.connection.url jdbc\:mysql\://eelinesql.mysql.rds.aliyuncs.com\:3306/eeline?useUnicode\=true&characterEncoding\=UTF-8#hibernate.connection.url jdbc\:mysql\://127.0.0.1\:3306/eeline?useUnicode\=true&characterEncoding\=UTF-8hibernate.connection.username eelinehibernate.connection.password eeline123## set the maximum depth of the outer join fetch tree#jdbc.url jdbc:mysql://rdsqm7rrrbfayif.mysql.rds.aliyuncs.com:3306/datasourcehibernate.connection.pool_size 1hibernate.proxool.pool_alias pool1hibernate.format_sql fasle ## add comments to the generated SQLhibernate.use_sql_comments truejdbc.url jdbc\:mysql\://eelinesql.mysql.rds.aliyuncs.com\:3306/datasource?useUnicode\=true&characterEncoding\=UTF-8 ## set the maximum depth of the outer join fetch treehibernate.max_fetch_depth 1hibernate.jdbc.batch_versioned_data truehibernate.jdbc.use_streams_for_binary truehibernate.cache.region_prefix hibernate.testhibernate.cache.provider_class org.hibernate.cache.HashtableCacheProviderhibernate.connection.release_mode auto c3p0.acquireIncrement=3c3p0.idleConnectionTextPeriod=900c3p0.minPoolSize=20c3p0.maxPoolSize=150c3p0.maxStatements=100c3p0.numHelperThreads=10c3p0.maxIdleTime=600c3p0.initialPoolSize=3redis.url=127.0.0.1redis.port=6399
安全不可忽略。
未能联系到厂商或者厂商积极拒绝