乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-21: 细节已通知厂商并且等待厂商处理中 2015-10-23: 厂商已经确认,细节仅向厂商公开 2015-11-02: 细节向核心白帽子及相关领域专家公开 2015-11-12: 细节向普通白帽子公开 2015-11-22: 细节向实习白帽子公开 2015-12-07: 细节向公众公开
智能电网
**.**.**.**:7001/web/
**.**.**.**:7001/console/login/LoginForm.jspweblogic/weblogic上传war 成功getshell**.**.**.**:7001/ma/ma3.jspC:/bea/user_projects/domains/base_domain/config/jdbc/JDBC_Data_Source-0-3407-jdbc.xml
jdbc:oracle:thin:@**.**.**.**:1521:orclamiami
涉及到大量信息
I_RAW_DAY_E I_TASK I_TASK_DATA I_REALTIME_DATA B_PRINT_RECORD B_PURCHASE_RECORD PUB_OPERATION_LOG COS_REALTIME_DATA SYS_PARAM_VALUE_OLD PUB_LOGS B_CARD_RECORD D_CARD D_METER T_METER_RUNNING T_METER_LOCATION C_MP_FILES C_CUST_FILES PUB_PROP_FIELD PUB_DESK_MENU_IMG SYS_PARAM_VALUE SYS_PARAM_VALUE_CN PUB_ROLE_OPERATION PUB_DICTIONARY I_COLLECT_SCH D_DCP D_TERM T_DCP_LOCATION T_TERM_LOCATION PUB_DESK_MENU PUB_DESKTOP PUB_OPERATION_TOTAL PUB_PAGE_OF_ROLE PUB_OPERATION_CN PUB_OPERATION SYS_TERMINAL_OPMAPPING C_TRANSF_FILES PUB_MENU_TOTAL PUB_MENU_TOTAL_CN I_RAW_MONTH_E COS_DEAL_STATE PUB_MENU SYS_GDW2009_OPMAPPING PUB_PAGE_OF_DEPARTMENT PUB_FINAL_DATA COS_PRICE_DETAIL_OF_RULE PUB_ID_STORE PUB_USER_LOG PUB_ROLE_USER COS_DEAL_STEP I_CTRL_MAPPING PUB_USER PUB_EMPLOYEE PUB_FINAL_MONTH PUB_PAGE_TOTAL PUB_PAGE C_AREA_FILES COS_PRICE_DETAIL PUB_DESKTOP_DEFAULT PUB_ROLE COS_PRICE_MODEL_OF_DETAIL COS_PRICE_MODEL COS_PRICE_RULE PUB_BULLETIN COS_DEAL_LOG COS_SERVER_LOG I_EVENT I_COLLECT_SCH_MOD B_PRICE_SCHEME PUB_DEPARTMENT PUB_DBINFO PUB_MODLE_MENU COS_FEE_MANAGE B_ACCOUNT_RECORD IMP_DCP IMP_METER IMP_TERM I_MIS_TASK PUB_MENU_TOTAL_EN PUB_OPERATION_EN PUB_WORKING_DAY SYS_PARAM_VALUE_EN T_DEVICE_UPKEEP_RECORD PUB_USER_OPERATION PUB_OBJECT_AUTHORITY PUB_MENU_LOG PUB_FAVORIT PUB_DESK_MENU_USER PUB_DEPUTY I_METER_EVENT D_IT C_STATION_FILES C_LINE_FILES C_CUST_EXT_FILES C_CARD_RECORD COS_TMP_MP_METER COS_TMP_MONTH COS_TMP_FEE COS_TMP_DAY COS_TMP_CUST_MP COS_TMP_CUST_ALL COS_TMP_CUST COS_PURCHASE_LIST COS_PURCHASE_DETAIL COS_MEND_RECORD COS_LADDER_NUM COS_DEAL_MESSAGE COS_DATE_PARAM B_PURCHASE_DETAIL_RECORD B_METER_CANCEL_FEE B_CUST_BALANCE COS_FEE_MANAGE_DETAIL
管理员权限
修改密码
危害等级:高
漏洞Rank:10
确认时间:2015-10-23 10:39
CNVD确认并复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。
暂无