乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-12-28: 细节已通知厂商并且等待厂商处理中 2014-12-31: 厂商已经确认,细节仅向厂商公开 2015-01-10: 细节向核心白帽子及相关领域专家公开 2015-01-20: 细节向普通白帽子公开 2015-01-30: 细节向实习白帽子公开 2015-02-11: 细节向公众公开
中国联通主站某功能源码泄露包含内网信息
http://info.10010.com/chinaunicomSearchJB.zip
jdbc.driverClassName=oracle.jdbc.driver.OracleDriver#jdbc.url=jdbc:oracle:thin:@127.0.0.1:1521:yhxx#jdbc.username=g******n#jdbc.password=g******n#jdbc.url=jdbc:oracle:thin:@10.2.135.78:1521:yhxx#jdbc.username=g******#jdbc.password=g******#jdbc.url=jdbc:oracle:thin:@192.168.2.12:1521:ecom#jdbc.username=t******h#jdbc.password=t******6#jdbc.url=jdbc:oracle:thin:@10.142.195.58:1521:ecom#jdbc.username=s******h#jdbc.password=s******h#test start#jdbc.url=jdbc:oracle:thin:@10.143.131.63:1521:ecom#jdbc.username=l******t#jdbc.password=l******t#test end#test start#jdbc.b2burl=jdbc:oracle:thin:@10.143.131.63:1521:ecom#jdbc.b2busername=******#jdbc.b2bpassword=******#test end#test start#jdbc.url=jdbc\:oracle\:thin\:@192.168.1.249\:1521\:ecom#jdbc.username=l******t#jdbc.password=lt******t#test end#online startjdbc.url=jdbc\:oracle\:thin\:@10.142.164.142\:1525/ecom jdbc.username=L******T jdbc.password=l******t#test end#online start#jdbc.url=jdbc\:oracle\:thin\:@10.142.164.142\:1525/ecom #jdbc.username=L******YT #jdbc.password=l******0yt#online end#shangdi start#jdbc.url=jdbc\:oracle\:thin\:@192.168.2.16\:1521/ecom #jdbc.username=t******m#jdbc.password=t******6#online end
##solr http request urlsolr.server.web=http\://127.0.0.1\:6060/solrJB/websolr.server.heritrix=http\://127.0.0.1\:6060/solrJB/heritrixsolr.server.iphone=http\://127.0.0.1\:6060/solrJB/iphonesolr.server.android=http\://127.0.0.1\:6060/solrJB/androidsolr.server.knowledge=http\://127.0.0.1\:6060/solrJB/knowledgesolr.server.wap=http\://127.0.0.1\:6060/solrJB/wapsolr.server.help=http\://127.0.0.1\:6060/solrJB/helpsolr.server.mob=http\://127.0.0.1\:6060/solrJB/mob
危害等级:中
漏洞Rank:8
确认时间:2014-12-31 17:18
CNVD确认并复现所述情况,已经转由CNCERT向中国联通通报。
暂无