乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-12: 细节已通知厂商并且等待厂商处理中 2016-01-12: 厂商已经确认,细节仅向厂商公开 2016-01-22: 细节向核心白帽子及相关领域专家公开 2016-02-01: 细节向普通白帽子公开 2016-02-11: 细节向实习白帽子公开 2016-02-22: 细节向公众公开
http://122.96.58.36/merchant 存在命令执行,写shell,看了下配置,大量的内部配置以及民生银行接口,顺手探测了下内网。
cspay.jdbc.driver=oracle.jdbc.driver.OracleDrivercspay.jdbc.url = jdbc:oracle:thin:@172.31.184.15:1521:pay1cspay.jdbc.username = cspaycspay.jdbc.password = cspay#jdbc settings#system.jdbc.driver = oracle.jdbc.driver.OracleDriver#system.jdbc.url = jdbc:oracle:thin:@10.95.136.243:1521:pay5#system.jdbc.username = manager#system.jdbc.password = ma123#dbcp settings#system.dbcp.initialSize=1#system.dbcp.maxIdle=5#system.dbcp.maxActive=40#jdbc settings#report.jdbc.driver = oracle.jdbc.driver.OracleDriver#report.jdbc.url = jdbc:oracle:thin:@10.95.136.243:1521:pay5#report.jdbc.username = combine#report.jdbc.password = zaq12wsx#dbcp settings#report.dbcp.initialSize=1#report.dbcp.maxIdle=2#report.dbcp.maxActive=2#jdbc settingssystem.jdbc.driver = oracle.jdbc.driver.OracleDriversystem.jdbc.url = jdbc:oracle:thin:@172.31.184.15:1521:pay1system.jdbc.username = managersystem.jdbc.password = ma123#dbcp settingssystem.dbcp.initialSize=1system.dbcp.maxIdle=5system.dbcp.maxActive=40#jdbc settingsreport.jdbc.driver = oracle.jdbc.driver.OracleDriverreport.jdbc.url = jdbc:oracle:thin:@172.31.184.15:1521:pay1report.jdbc.username = combinereport.jdbc.password = zaq12wsx<?xml version="1.0" encoding="UTF-8"?><ftp> <ftpurl>172.31.184.75</ftpurl> <ftppath>logs</ftppath> <user>ftptest</user> <pwd>ftptest</pwd> <filename>test1</filename> <localpath>/weblogic/user_projects/domains/tvpay/logs</localpath> <onoff>off</onoff></ftp>#民生银行[email protected] cmbc.web.MerchantCode=1002201401142561cmbc.web.payUrl=https://epay.cmbc.com.cn/ipad/service.htmlcmbc.web.certFile=epay.sm2cmbc.web.certPwd=cmbc_epay1234
http://122.96.58.36/hdcspay/1.jspx 9635789
172.31.184.1:80 >>> Open172.31.184.1:443 >>> Open172.31.184.11:3306 >>> Open172.31.184.11:8080 >>> Open172.31.184.14:3306 >>> Open172.31.184.15:80 >>> Open172.31.184.15:1521 >>> Open172.31.184.15:3306 >>> Open172.31.184.16:135 >>> Open172.31.184.16:3389 >>> Open172.31.184.65:80 >>> Open172.31.184.65:443 >>> Open172.31.184.72:21 >>> Open172.31.184.72:80 >>> Open172.31.184.74:80 >>> Open172.31.184.75:21 >>> Open172.31.184.75:80 >>> Open172.31.184.75:8080 >>> Open172.31.184.76:80 >>> Open172.31.184.77:80 >>> Open172.31.184.78:80 >>> Open172.31.184.71:80 >>> Open172.31.184.73:80 >>> Open172.31.184.141:80 >>> Open172.31.184.141:3306 >>> Open172.31.184.142:80 >>> Open172.31.184.144:80 >>> Open172.31.184.148:80 >>> Open172.31.184.148:443 >>> Open172.31.184.149:443 >>> Open172.31.184.149:80 >>> Open172.31.184.150:80 >>> Open172.31.184.150:443 >>> Open172.31.184.151:80 >>> Open172.31.184.151:443 >>> Open172.31.184.152:80 >>> Open172.31.184.152:443 >>> Open172.31.184.153:80 >>> Open172.31.184.153:443 >>> Open172.31.184.155:80 >>> Open172.31.184.155:443 >>> Open172.31.184.156:80 >>> Open172.31.184.156:443 >>> Open172.31.184.157:80 >>> Open172.31.184.157:443 >>> Open172.31.184.158:135 >>> Open172.31.184.158:80 >>> Open172.31.184.158:443 >>> Open172.31.184.158:21 >>> Open172.31.184.158:3389 >>> Open172.31.184.193:80 >>> Open172.31.184.193:443 >>> Open172.31.184.194:80 >>> Open172.31.184.254:80 >>> Open172.31.184.254:443 >>> Open
危害等级:中
漏洞Rank:10
确认时间:2016-01-12 17:29
非常感谢,我们尽快修复该漏洞!
暂无