乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-12-11: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-01-25: 厂商已经主动忽略漏洞,细节向公众公开
...
钱宝中国外贸跨境支付第一品牌https://github.com/cmkke/test2/blob/c1d9fc9c9210f3cc56fc801359eff60ba659690f/VAUM-WEB/WebRoot/WEB-INF/classes/constants.properties
#\u5a75\u70b2\ue1ed\u6fee\u4f43\u646b\u599e\u3086\u57b6\u941f\u2545\u5f3b\u935b\ue167\u7044\u95ba\u5825\u6f67\u9865\ufe42\u68ba\u935b\u5a44\u61c3\u95b8\u5a42\u7d8a\u5bee\u62bd\u6553\u951f\ufffdcha_code_icbc=301cha_code_hxb=302cha_code_citic=304cha_code_cmbc=305cha_code_comm=306max_amount=50000[email protected]pwd=globebill888fromname=globebillhost=smtp.gmail.comport=465protocol=smtpurl=https://wallet.globebill.commerno=10191gatewayno=10191002gatewaynoicbc=10191003key=12345678currency=CNYrecharge_code=10000recharge_code_icbc=ICBCsms_userid=992165sms_username=adminsms_pwd=4LHC5Xsms_transfer_in_msg=\u5728{0}\u94b1\u5b9d\u8d85\u7ea7\u8d26\u6237({1})\u5411\u60a8\u7684\u8d26\u6237({2})\u8f6c\u5165{3}{4}\u3002sms_transfer_out_msg=\u60a8\u7684\u94b1\u5b9d\u8d85\u7ea7\u8d26\u6237({0})\u5728{1}\u5411\u8d26\u6237({2})\u8f6c\u51fa{3}{4}\u3002#\u94f6\u8054\u62c6\u5206split_code=10008merno_en=10000gatewayno_en=10000010key_en=12345678recharge_code_en=10001ipaddress=218.213.93.19,127.0.0.1paymentMethod=UnionPayphone=18925240198vaumhess=http\://192.168.7.83\:8088/VAUM-HESSexchangehess=http\://192.168.7.83\:8088/EXCHANGE-HESSfinancehess=http\://192.168.7.83\:8088/FINANCE-HESS#vaumhess=http\://192.168.7.110\:7001/VAUM-HESS#exchangehess=http\://192.168.7.110\:7002/EXCHANGE-HESS#financehess=http\://192.168.7.83\:8088/FINANCE-HESS
ok
···
未能联系到厂商或者厂商积极拒绝