乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-08: 细节已通知厂商并且等待厂商处理中 2015-03-10: 厂商已经确认,细节仅向厂商公开 2015-03-20: 细节向核心白帽子及相关领域专家公开 2015-03-30: 细节向普通白帽子公开 2015-04-09: 细节向实习白帽子公开 2015-04-22: 细节向公众公开
struct2 命令执行http://entuser.pipi.cn:8080/loadvote.action以下是网站根目录
以下是网站根目录
web service 集中存储log,方便着所有网站的管理地址
其中之一resion配置
<!-- configures the default host, matching any host name --> <host id="" root-directory="."> <!-- - configures an explicit root web-app matching the - webapp's ROOT --> <web-app id="/" document-directory="webapps/ROOT"/> </host> <host id='act.pipi.cn' root-directory='/data2/webservice/webdoc/pipi.cn/act'> <web-app id="/" document-directory="."/> <host-alias>act.ppfilm.cn</host-alias> <host-alias>act.pipi.com</host-alias> <stderr-log path='/webservice/syslog/resin/logs/pipi.cn/act_stderr.log' rollover-period='1W'/> </host> <host id='www.88488.com' root-directory='/data2/webservice/webdoc/88488.com/www'> <web-app id="/" document-directory="."/> <stderr-log path='/webservice/syslog/resin/logs/88488.com/www_stderr.log' rollover-period='1W'/> </host> <host id='admin.88488.com' root-directory='/data2/webservice/webdoc/88488.com/admin'> <web-app id="/" document-directory="."/> <stderr-log path='/webservice/syslog/resin/logs/88488.com/admin_stderr.log' rollover-period='1W'/> </host> <host id='tuanadmin.88488.com' root-directory='/data2/webservice/webdoc/88488.com/tuanadmin'> <web-app id="/" document-directory="."/> <stderr-log path='/webservice/syslog/resin/logs/88488.com/tuanadmin_stderr.log' rollover-period='1W'/> </host> <host id='tuan.88488.com' root-directory='/data2/webservice/webdoc/88488.com/tuan'> <web-app id="/" document-directory="."/> <stderr-log path='/webservice/syslog/resin/logs/88488.com/tuanadmin_stderr.log' rollover-period='1W'/> </host> <host id='tianqi.88488.com' root-directory='/data2/webservice/webdoc/88488.com/tianqi'> <web-app id="/" document-directory="."/> <stderr-log path='/webservice/syslog/resin/logs/88488.com/tianqi_stderr.log' rollover-period='1W'/> </host> <host id="entadmin.pipi.cn" root-directory="/data2/webservice/webdoc/pipi.cn/ent/admin"> <web-app id="/" document-directory="webapps/ROOT"/> <host-alias>entadmin.ppfilm.cn</host-alias> <host-alias>entadmin.pipi.com</host-alias> <stderr-log path='/webservice/syslog/resin/logs/pipi.cn/entadmin_tstderr.log' rollover-period='1W'/> </host> <host id="entuser.pipi.cn" root-directory="/data2/webservice/webdoc/pipi.cn/ent/user"> <web-app id="/" document-directory="webapps/ROOT"/> <host-alias>entuser.ppfilm.cn</host-alias> <host-alias>entuser.pipi.com</host-alias> <stderr-log path='/webservice/syslog/resin/logs/pipi.cn/entuser_tstderr.log' rollover-period='1W'/> </host> <host id="staradmin.pipi.cn" root-directory="/data2/webservice/webdoc/pipi.cn/ent/admin2"> <web-app id="/" document-directory="webapps/ROOT"/> <host-alias>staradmin.ppfilm.cn</host-alias> <host-alias>staradmin.pipi.com</host-alias> <stderr-log path='/webservice/syslog/resin/logs/pipi.cn/staradmin_tstderr.log' rollover-period='1W'/> </host> <host id="cp.pipi.cn" root-directory="/data2/webservice/webdoc/pipi.cn/cp"> <web-app id="/" document-directory="."/> <stderr-log path='/webservice/syslog/resin/logs/pipi.cn/cp_tstderr.log' rollover-period='1W'/> </host> <host id="popadmin.pipi.cn" root-directory="/data2/webservice/webdoc/pipi.cn/popadmin"> <web-app id="/" document-directory="."/> <stderr-log path='/webservice/syslog/resin/logs/pipi.cn/popadmin_tstderr.log' rollover-period='1W'/> </host> <host id="shopadmin2.pipi.cn" root-directory="/webservice/webdoc/pipi.cn/shop_admin2"> <web-app id="/" document-directory="."/> </host> <host id="shopadmin.pipi.cn" root-directory="/webservice/webdoc/pipi.cn/shopadmin1"> <web-app id="/" document-directory="."/> </host> <!-- <host id='act2.pipi.cn' root-directory='/data2/webservice/webdoc/pipi.cn/act2'>
举例数据库配置:
ip=10.0.1.25port=1521dataBaseName=ora10guserName=pipipassword=pipipwd#ip=192.168.0.206#port=1521#dataBaseName=ppfilm#userName=film#password=film#only for InformixdbServer=maxConnNum=15expire=3000otherConfigFile=dbConfigB,dbConfigC|<-->|
shell在entuser.pipi.cn:8080/根目录,请自己删除。
危害等级:中
漏洞Rank:6
确认时间:2015-03-10 10:34
感谢感谢!
暂无