乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-12-12: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-01-26: 厂商已经主动忽略漏洞,细节向公众公开
...
钱宝 - 中国外贸跨境支付第一品牌
1.https://**.**.**/cmkke/test2/blob/7e0b978af56c93c6ac8eb615ed67eae96bbc43fa/PospAdmin/src/.svn/text-base/config.properties.svn-base
### \u81ea\u52a8\u52fe\u5151FTP\u8bbf\u95ee\u5730\u5740\u4fe1\u606f########################################\u5185\u7f51IP\uff1a192.168.1.25\u3001\u5916\u7f51IP\uff1a58.61.156.72#ftp.ip=192.168.1.25#ftp.port=22221#ftp.user=lotery#[email protected]ftp.ip=192.168.7.237ftp.port=21ftp.user=ftpuserftp.password=123789ftp.localpath=/ftp.passiveMode=trueftp.localEncoding=UTF-8ftp.remoteEncoding=UTF-8[email protected]pwdgb=globebillfromnamegb=globebillhost=smtp.gmail.comport=465protocol=smtp# \u90ae\u4ef6\u670d\u52a1\u5668mail.host=smtp.163.com# \u90ae\u4ef6\u670d\u52a1\u5668\u7aef\u53e3mail.port=465# \u53d1\u4ef6\u4eba\u7528\u6237\u540d[email protected]# \u53d1\u4ef6\u4eba \u5bc6\u7801[email protected]# \u53d1\u4ef6\u4eba\u5730\u5740[email protected]# \u53d1\u4ef6\u4eba\u59d3\u540dmail.fromName=globebill# \u6536\u4ef6\u4eba\u5730\[email protected],[email protected],[email protected]# \u4e0b\u8f7d\u5bf9\u8d26\u5355\u5f02\u5e38[email protected]# \u6536\u4ef6\u4eba\u59d3\u540dmail.toName=mayli#\u90ae\u4ef6\u4e3b\u9898mail.subject=\u4e2d\u4fe1\u94f6\u884c\u548c\u4e0a\u6d77\u94f6\u8054{0}\u5bf9\u8d26\u5355#\u90ae\u4ef6\u5185\u5bb9mail.content=<div style="margin: 0px; height: 30px;"><p style="line-height: 100%; margin-top: 0px; margin-bottom: 5px;">\u6653\u6885\uff1a</p><p style="text-indent: 2em; margin-top: 0px;">\u4e2d\u4fe1\u94f6\u884c\u548c\u4e0a\u6d77\u94f6\u8054{0}\u5bf9\u8d26\u5355 \uff0c\u8bf7\u67e5\u6536\uff01</p><div>#\u4e0b\u8f7d\u5bf9\u8d26\u5355\u5f02\u5e38\u90ae\u4ef6\u5185\u5bb9mail.err.content=\u5bf9\u8d26\u5355\u4e0b\u8f7d\u5f02\u5e38\uff01<br/>\u6587\u4ef6\u540d\uff1a<br />{0}<br />\u5f02\u5e38\u4fe1\u606f\uff1a<br />{1}# \u7f16\u7801\u683c\u5f0fmail.charset=utf-8# \u662f\u5426\u6253\u5f00\u8c03\u8bd5mail.isDebug=false#---------------------"\u5404\u884c\u5361\u4ea4\u6613\u91cf\u7edf\u8ba1" \u53d1\u90ae\u4ef6\u4eba----------------------------------#\u53d1\u90ae\u4ef6\u4eba#[email protected]#\u90ae\u4ef6\u6807\u9898brankCardDeal.mail.subject={0}\u65e5\u5404\u884c\u5361\u4ea4\u6613\u91cf\u7edf\u8ba1\u62a5\u8868#\u90ae\u4ef6\u5185\u5bb9brankCardDeal.mail.content=<div style="margin: 0px; height: 300px;"><p style="line-height: 100%; margin-top: 0px; margin-bottom: 20px;">Dear All\uff1a</p><p style="text-indent: 2em; margin-top: 0px;">{0}\u65e5\u5404\u884c\u5361\u4ea4\u6613\u91cf\u7edf\u8ba1\u62a5\u8868 \uff0c\u8be6\u60c5\u8bf7\u67e5\u770b\u9644\u4ef6\uff01</p><div>#-------------------------------------------------------###\u56fa\u5b9a\u503c\u914d\u7f6e#\u5546\u6237\u53f7\u524d\u4e09\u4f4dmid.start=848#\u5546\u6237\u672a\u5ba1\u6838\u9650\u5b9a\u65f6\u95f4\uff1a48\u5c0f\u65f6 = 2\u5929mid.limit.time=2mid.sp.userCode=admin#\u89e6\u53d1\u5b9a\u65f6\u5165\u8d26\u63a5\u53e3\u5730\u5740#\u5f00\u53d1\uff1ahttp://192.168.7.23:8989/POSPPG/services/autoAccountWS?WSDL#\u4eff\u771f\u73af\u5883\uff1ahttp://192.168.7.167:8081/POSPPG/services/autoAccountWS?WSDL#\u6d4b\u8bd5\u73af\u5883http://192.168.7.222:8080/POSPPG/services/autoAccountWS?WSDLwebservice.account.url=http://192.168.7.222:8080/POSPPG/services/autoAccountWS?WSDL
ok
···
未能联系到厂商或者厂商积极拒绝