乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-19: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-03-04: 厂商已经主动忽略漏洞,细节向公众公开
http://scm.chinamacro.cn 万家乐供应链管理系统(正式环境 存在weblogic/12345678 通过部署拿到shell,涉及到多个库,以及内网的11台服务主机,危害巨大。
http://scm.chinamacro.cn/wa/wa/ma3.jsp carry
http://192.168.0.3 >> >>Apache/2.2.15 (Unix) DAV/2 PHP/5.2.13 >>Successhttp://192.168.0.4 >> ERROR: The requested URL could not be retrieved>>squid/3.5.3 >>Successhttp://192.168.0.7 >> 万家乐产品协同商务平台(正式环境)>>null >>Successhttp://192.168.0.29 >> 万家乐产品协同商务平台(正式环境)>>nginx/1.4.1 >>Successhttp://192.168.0.49 >> Error>>Microsoft-IIS/6.0 >>Successhttp://192.168.0.102 >> 用户登录>>nginx/1.4.4 >>Successhttp://192.168.0.22 >> VisualSVN Server>>Apache >>Successhttp://192.168.0.26 >> >>Microsoft-IIS/6.0 >>Successhttp://192.168.0.37 >> package repository>>CherryPy/3.1.2 >>Successhttp://192.168.0.185 >> >>nginx/1.6.2 >>Successhttp://192.168.0.221 >> >>Microsoft-IIS/6.0 >>Success
<db-driver>oracle.jdbc.driver.OracleDriver</db-driver> <db-url>jdbc:oracle:thin:@fxh:1522:erp</db-url> <!--db-pool-type>jndi</db-pool-type--> <db-pool-type></db-pool-type> <set-tran-level>false</set-tran-level>
<db-url>jdbc:oracle:thin:@10.16.16.174:1522:MDRD</db-url> <set-tran-level>false</set-tran-level> <loginvaultid>1</loginvaultid> <parvaultid>erp</parvaultid> <dbarea>erp</dbarea> </vaultdata>
<db-url>jdbc:oracle:thin:@10.16.16.168:1528:cecmp</db-url> <set-tran-level>false</set-tran-level> <check-conn>false</check-conn> <loginvaultid>1</loginvaultid> <parvaultid>cmp</parvaultid>
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)