乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-12: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-06-26: 厂商已经主动忽略漏洞,细节向公众公开
宏发股份某系统getshell&数据库可连接
http://eip.hongfa.cn:7001/eip/login.action站点存在Struts2命令执行可getshell
#### datasource ####datasource.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver#datasource.driverClassName=org.postgresql.Driver#datasource.url=jdbc:sqlserver://localhost;databaseName=EIPdatasource.url=jdbc:sqlserver://10.0.11.63;databaseName=EIP2008#datasource.url=jdbc:sqlserver://10.0.11.80;databaseName=EIP2008datasource.username=sadatasource.password=HfInfosadatasource.maxActive=10datasource.maxIdle=2datasource.maxWait=120000datasource.whenExhaustedAction=1datasource.validationQuery=select 1 from dualdatasource.testOnBorrow=truedatasource.testOnReturn=false#### datasource_bi ####datasource_bi.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriverdatasource_bi.url=jdbc:sqlserver://10.0.11.63;databaseName=BI_DWdatasource_bi.username=sadatasource_bi.password=HfInfosadatasource_bi.maxActive=10datasource_bi.maxIdle=2datasource_bi.maxWait=120000datasource_bi.whenExhaustedAction=1datasource_bi.validationQuery=select 1 from dualdatasource_bi.testOnBorrow=truedatasource_bi.testOnReturn=falsehibernate.dialect=org.hibernate.dialect.SQLServerDialect#hibernate.dialect=org.hibernate.dialect.PostgreSQLDialecthibernate.show_sql=false#hibernate.show_sql=truehibernate.format_sql=truehibernate.max_fetch_depth=1hibernate.jdbc.fetch_size=50hibernate.jdbc.batch_size=25hibernate.connection.release_mode=after_transactionregisterLicense=DC28902B10B110777AE10291983314FAdebugFlag=NswfToolsPath=C:/Program Files/SWFToolsswfToolsFileFrom=D:/Tomcat7/webapps/eip/userfilesswfToolsFileTo=D:/Tomcat7/webapps/eip/userfiles
dbIP=10.0.11.19dbUser=admindbPwd=xm12345678@apiCode=DBdbName=mas
补丁+配置
未能联系到厂商或者厂商积极拒绝