乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-17: 细节已通知厂商并且等待厂商处理中 2015-04-22: 厂商已经主动忽略漏洞,细节向公众公开
某基金会站点getshell同服均可执行
网站:广东省红绿灯交通基金官网http://hy.hldf.org.cn/common/registerAction!regRedir.action站点存在Struts2命令执行可getshell
旁站权限均可执行
[NetPayClient]PGID=999999999999999pubkeyS=393939393939393939393939393939000000000030303031B4FEFC274BEBC3F0BAB180679B916EA13A04C6637A06177EFB1C68505F01E2813FFA4DD07FBBE1FEF02934704BCBF126D18EAAC135EA74263C59094A2281FECF281904C59E469C57C8D82864A473D6AB9849402E067F96DF92709EA776CC049845C208E90E1500BFD3A52C952C59ABA2CAC62EC16ADF2E3B5A30AABA661CFFC70000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001013A5A77825E50CCpubkeyE=393939393939393939393939393939000000000030303137BA81927A32906438AD3A1F77853BE96C4519A2C75A6AC591644F26584A45D65AF9CE27CA9B62428AF7781A9BBEBC6EB6751A55B03668129E36773AABECBC03906EFDCFA3BC6FF4DC18C130009109E719030088F0FC0AD4D56ACCE4075D9F0CD53A6FD3DBEBBBC259CCACC0E6610FC2D9DED26567478A5C26FD5FC9FF6A6080B10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001B188772943128570
smsServer = svr2.xtsj001.comsmsPort = 9918smsUser = fangkusmsPassword = 443835qxt.url=http://219.238.160.81/interface/interface.aspqxt.username=super8qxt.password=123456555httpproxy.host=fw.super8.com.cnhttpproxy.port=8080httpproxy.username=crs.testhttpproxy.password=abc.123秘钥密码:pJ86Vb商户号:Z0035密钥别名:Z0035
补丁+配置
危害等级:无影响厂商忽略
忽略时间:2015-04-22 12:20
漏洞Rank:8 (WooYun评价)
暂无