乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-11-11: 细节已通知厂商并且等待厂商处理中 2014-11-14: 厂商已经确认,细节仅向厂商公开 2014-11-24: 细节向核心白帽子及相关领域专家公开 2014-12-04: 细节向普通白帽子公开 2014-12-14: 细节向实习白帽子公开 2014-12-26: 细节向公众公开
湖北省交通厅命令执行泄露大量信息
http://59.173.7.146:7001/ebizweb/loginAction!onloadLogin.action
菜刀及webshell地址:http://59.173.7.146:7001/ebizweb/test1.jsphttp://59.173.7.146:7001/ebizweb/jspspy2010.jspstruts2:
网站物理路径: D:\workspace\hb_ebiz\apache-tomcat-6.0.36\webapps\ebizwebjava.home: D:\Java\jdk1.6.0_10\jrejava.version: 1.6.0_10-rc2os.name: Windows Server 2008os.arch: x86os.version: 6.1user.name: Administratoruser.home: C:\Users\Administratoruser.dir: D:\workspace\hb_ebiz\apache-tomcat-6.0.36\binjava.class.version: 50.0java.class.path: D:\workspace\hb_ebiz\apache-tomcat-6.0.36\bin\bootstrap.jarjava.library.path: D:\Java\jdk1.6.0_10\bin;.;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;D:\oracle\11g\bin;D:\Java\jdk1.6.0_10\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\WinSCP\file.separator: \path.separator: ;java.vendor: Sun Microsystems Inc.java.vendor.url: http://java.sun.com/java.vm.specification.version: 1.0java.vm.specification.vendor: Sun Microsystems Inc.java.vm.specification.name: Java Virtual Machine Specificationjava.vm.version: 11.0-b15java.vm.vendor: Sun Microsystems Inc.java.vm.name: Java HotSpot(TM) Server VMjava.specification.version: 1.6java.specification.vender: java.specification.name: Java Platform API Specificationjava.io.tmpdir: D:\workspace\hb_ebiz\apache-tomcat-6.0.36\temphibernate信息
数据库连接信息:
jdbcPojo.class=com.cgb.tspsystem.pojo.JdbcPojojdbc.driver=oracle.jdbc.driver.OracleDriver# Database URLjdbc.url=jdbc\:oracle\:thin\:@192.168.20.92\:1688\:HBTSP#jdbc.url=jdbc\:oracle\:thin\:@localhost\:1521\:HBBIZ#jdbc.url=jdbc\:oracle\:thin\:@192.168.2.115\:1521\:CGBDEV1# Database login information#jdbc.username=hbbcp#jdbc.password=hbbcp\#\#admin_v4#jdbc.password=hbbcp\#\#admin_v4jdbc.username=hbebizjdbc.password=hbebiz
tomcat口令文件:
<role rolename="tomcat"/> <role rolename="manager-gui"/> <role rolename="admin"/> <role rolename= "manager "/> <role rolename= "probeuser "/> <role rolename= "poweruser "/> <user username="tomcat" password="s3cret" roles="tomcat,manager-gui"/> <user username="both" password="cgb123" roles="tomcat,manager-gui"/> <user username="probe" password="probe" roles="admin"/><user username= "admin " password= "admin " roles= "admin,user,manager,poweruser,probeuser "/>
时间关系,就不深入了。。。
打补丁,改密码,全面加固。。。
危害等级:高
漏洞Rank:15
确认时间:2014-11-14 17:44
暂无