乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-04: 细节已通知厂商并且等待厂商处理中 2015-07-08: 厂商已经确认,细节仅向厂商公开 2015-07-18: 细节向核心白帽子及相关领域专家公开 2015-07-28: 细节向普通白帽子公开 2015-08-07: 细节向实习白帽子公开 2015-08-22: 细节向公众公开
【HD】多想来个内网漫游啊 然后来个闪电 可惜技术太渣
http://www.wom186.com:10002/猜了几个弱口令没猜对 然后爆破密码得 test 111111 还是弱口令 当时脑残 就没猜这个
啥的 我就不截图了已经shell了 地址在下面
http://www.wom186.com:10002/UserFiles/File/aimei1.jsphttp://www.wom186.com:10002/UserFiles/File/aimei2.jsp
DBCP.DataSource.dbmob.driver=oracle.jdbc.driver.OracleDriverDBCP.DataSource.dbmob.username=dbchnadmDBCP.DataSource.dbmob.password=dbchnadmDBCP.DataSource.dbmob.url=jdbc:oracle:thin:@130.30.15.31:1528:oraaccDBCP.DataSource.dbmob.maxactive=10DBCP.DataSource.dbmob.maxwait=5000DBCP.DataSource.dbmob.maxIdle=10DBCP.DataSource.dbmob.testWhileIdle=trueDBCP.DataSource.dbmob.validationQuery=select count(*) from dChnLoginMsg where 1=2
### datasource provide by DBCP1.1DBCP.DataSource.chnds.driver=oracle.jdbc.driver.OracleDriver#DBCP.DataSource.chnds.username=dbchn02#DBCP.DataSource.chnds.password=dbaccopr200606#DBCP.DataSource.chnds.username=dbrwdadm#DBCP.DataSource.chnds.password=dbrwdadm_123DBCP.DataSource.chnds.username=dbchnadmDBCP.DataSource.chnds.password=dbchnadm#DBCP.DataSource.chnds.url=jdbc:oracle:thin:@10.109.2.150:1721:CEN1#DBCP.DataSource.chnds.url=jdbc:oracle:thin:@172.16.9.116:1522:billingdev2#DBCP.DataSource.chnds.url=jdbc:oracle:thin:@130.54.1.53:1521:szsynDBCP.DataSource.chnds.url=jdbc:oracle:thin:@132.121.26.1:1521:gdsynDBCP.DataSource.chnds.maxactive=5000DBCP.DataSource.chnds.maxwait=5000DBCP.DataSource.chnds.maxIdle=15DBCP.DataSource.chnds.testWhileIdle=trueDBCP.DataSource.chnds.validationQuery=select count(*) from dChngroupMsg where 1=2
cheat_test.drivers=oracle.jdbc.driver.OracleDrivercheat_test.jndi=cheat_test#cheat_test.url=jdbc:oracle:thin:@130.30.15.150:1521:billtest#cheat_test.user=ibillapp#cheat_test.password=ibillapp#DBROAM.url=jdbc:oracle:thin:@130.30.6.26:1521:billing#DBROAM.user=#DBROAM.password=#jdbc2.drivers=com.sybase.jdbc3.jdbc.SybDriver#jdbc2.jndi=#jdbc2.url=jdbc:sybase:Tds:wangjs:5000/wjs?charset=cp936#jdbc2.user=clearapp#jdbc2.password=clearapp#jdbc3.drivers=sun.jdbc.odbc.JdbcOdbcDriver#jdbc3.jndi=#jdbc3.url=jdbc:odbc:myjsp#jdbc3.user=sa#jdbc3.password=
………………………………真的 很想来次内网漫游的 可惜 我是技术有限公司的
危害等级:高
漏洞Rank:10
确认时间:2015-07-08 15:10
CNVD确认并复现所述情况,已经转由CNCERT下发给广东分中心,由其后续协调网站管理单位处置。
暂无