乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-05-14: 细节已通知厂商并且等待厂商处理中 2016-05-18: 厂商已经确认,细节仅向厂商公开 2016-05-28: 细节向核心白帽子及相关领域专家公开 2016-06-07: 细节向普通白帽子公开 2016-06-17: 细节向实习白帽子公开 2016-07-02: 细节向公众公开
....
**.**.**.**:7001/
反序列getshell
**.**.**.**:7001/bea_wls_internal/1.jsp
密码:
*****og*****
jdbc:
<url>jdbc:oracle:thin:@**.**.**.**:1521:bims</url> <driver-name>oracle.jdbc.OracleDriver</driver-name> <properties> <property> <name>user</name> <value>bill</value> </property> </properties> <password-encrypted>{3DES}Cf1CPot/AttvyyiMgE9nGg==</password-encrypted>
TESTBILL MONTHLYTONGJIDETAIL_TABLE 20217083BILL MONTHLYTONGJIDETAIL_TABLE 20217083TESTBILL MONTHLYFLUECNT_TABLE 6832675BILL MONTHLYFLUECNT_TABLE 6832675BILL DAILYTONGJIDETAIL_TABLE 6120534BILL LOG_TABLE 4465949BILL USERMONTHLY_TABLE 4188706TESTBILL DAILYTONGJIDETAIL_TABLE 3775497BILL MONPREPAID_TABLE 2630136TESTBILL MONPREPAID_TABLE 2630136BILL SYS_SPACE_TAB 2128172BILL ORDERFLUEHST_TAB 1941578BILL DB_TABLESPACE_TAB 1880220BILL IDRERRORS_TABLE 1402302TESTBILL ORDERFLUEHST_TAB 1339918TESTBILL IDRERRORS_BAK2 1054011BILL DAILY_BAK 1045174BILL USER_ENDTIME_LOG 1037796BILL MONTHLYDETAIL_TABLE 966718BILL MONTHLYBILL_TABLE 894026BILL INFOMODIFY_TABLE 820969TESTBILL USER_ENDTIME_LOG 773145BILL ACCURALHISYEAR_TABLE 696271BILL ADSLLOG_TABLE 600066BILL CUSTOMERLOG_TABLE 594889BILL BILLCURRSESSION_TABLE 537023BILL RAD_DETAILLOG 485606BILL ORDERADSLHST_TAB 415196BILL MONTHLYQUANZE_TABLE 408531BILL ORDERCUSTOMERHST_TAB 404810BILL ORDERFEEDETAILHST_TAB 397695TESTBILL USER_LASTENDTIME 392530BILL ORDERFEEHST_TAB 390330TESTBILL MON_EXP 389781BILL MON_EXP 389781BILL ORDERINDEXHST_TAB 385844TESTBILL ADSLLOG_TABLE 373962TESTBILL CUSTOMERLOG_TABLE 370315SYS WRI$_OPTSTAT_HISTGRM_HISTORY 358778TESTBILL ACCURALHISYEAR_TABLE 354626TESTBILL SYS_SPACE_TAB 326088TESTBILL RAD_DETAILLOG 301275TESTBILL ORDERFEEDETAILHST_TAB 299140TESTBILL ORDERFEEHST_TAB 293874TESTBILL ORDERINDEXHST_TAB 289442TESTBILL ORDERCUSTOMERHST_TAB 284324TESTBILL ORDERADSLHST_TAB 283210TESTBILL DB_TABLESPACE_TAB 278513BILL USERSWILLBELOCKED_TAB2 277473BILL DAILYSESSION_BY 275539TESTBILL DAILYSESSION_BY 275539BILL USERSWILLBELOCKED_TAB3 271361TESTBILL DEPOSITMONTH_20080222TEMP 268710TESTBILL MONTHLYQUANZE_TABLE 262243TESTBILL BILLCURRSESSION_TABLE 260817BILL USERSWILLBELOCKED_TAB 258785BILL BOSSDAILYSESSION_TABLE 248225TESTBILL CURRSESSION_ASYNC_TABLE 228919BILL VLAN_TABLE 227173TESTBILL VLAN_TABLE 227173TESTBILL DAILYTONGJIDETAIL_WH 227115BILL DAILYDEL_TABLE 217065BILL TC_BROADBAND_INTERFACE_FAIL 211465SYS SOURCE$ 210340BILL IDF_TABLE 196541BILL USER_ENDTIME 191200BILL USER_ENDTIME_LAST 189416TESTBILL IDR_TABLE 185964TESTBILL USERSWILLBELOCKED_TAB 185842TESTBILL USERSWILLBELOCKED_TAB2 181149TESTBILL ORDERPOSTAMOUNTCHECK 176136BILL ORDERPOSTAMOUNTCHECK 176136TESTBILL USERSWILLBELOCKED_TAB3 174687TESTBILL USER_ENDTIME 156060BILL SYS_PERFORM_TAB 156046TESTBILL USER_ENDTIME_LAST 154796BILL CURRSESSION_TABLE 154329TESTBILL DAILYBDEL_TABLE 153891BILL DAILYBDEL_TABLE 153891TESTBILL IDFCREATE 143038BILL IDFCREATE 143038TESTBILL CURRSESSION_TABLE 141429TESTBILL MONTHLYDETAIL_TABLE 137952BILL IDRTEMP_TABLE 133212TESTBILL BASESTATISTICS_TABLE 130119BILL BASESTATISTICS_TABLE 130119BILL USER_LASTENDTIME 126522BILL T_HTBT 123211TESTBILL T_HTBT 123211TESTBILL HTBT 123211TESTBILL TC_BROADBAND_INTERFACE_FAIL 119352TESTBILL DAILYDEL_TABLE 115035BILL DEPOSITERROR_TABLE 106972BILL BASETAB_0210 100968BILL CUSTOMER_TMP 100809BILL VNET_PASSWDCHANGEBAK_TAB 97209TESTBILL CUSTOMER_STATE20110530 97129BILL CUSTOMER20110426 96449TESTBILL BASETAB_0210 95205BILL DAILYTEMP_TABLE 94446TESTBILL CUSTOMER_TABLE_ENDTIME 94340BILL CUSTOMER_TABLE_ENDTIME 94340BILL CUSTOMER20110228 93727BILL ABS_USER_BALANCE 93423TESTBILL ABS_USER_BALANCE 93423TESTBILL ISBINDING_TABLE 92355BILL ISBINDING_TABLE 92355BILL ABS2BMS_ADSLLANCUSTOMER_TAB 92152TESTBILL ABS2BMS_ADSLLANCUSTOMER_TAB 92152TESTBILL ABS2BMS_ADSLLANCUSTOMER_TABBAK 89681TESTBILL XVNI_TMP 85580BILL C210_RATESELECT 84027SYS HISTGRM$ 83962BILL A 82511BILL MONTHLYPREFER_TABLE 81741TESTBILL C210_RATESELECT 81154SYS WRH$_LATCH 78738BILL DESTROYUSER_ENDTIME 78404SYS WRH$_SYSSTAT 73600TESTBILL DEPOSITERROR_TABLE 72817BILL RAD_DETAIL 70501TESTBILL RAD_DETAIL 69804BILL ADSL_TABLE 69489TESTBILL CUSTOMER_TABLE 69175TESTBILL ADSL_TABLE 69175BILL CUSTOMER_TABLE 69113TESTBILL IDRTEMP_TABLE 67131BILL T_ERROR_USERLIST 61564TESTBILL DESTROYUSER_ENDTIME 59837TESTBILL DAILYTEMP_TABLE 59802TESTBILL MONTHLYPREFER_TABLE 58610
使用账号登陆前台
user: mask 区域 *****dm***** pass:123456
*****dm*****
pass:123456
更新补丁
危害等级:高
漏洞Rank:11
确认时间:2016-05-18 11:25
CNVD未复现所述情况,已经转由CNCERT向中国移动集团公司通报,由其后续协调网站管理部门处置.
暂无