乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-30: 细节已通知厂商并且等待厂商处理中 2016-01-06: 厂商已经确认,细节仅向厂商公开 2016-01-16: 细节向核心白帽子及相关领域专家公开 2016-01-26: 细节向普通白帽子公开 2016-02-05: 细节向实习白帽子公开 2016-02-20: 细节向公众公开
中信银行某处信息泄漏导致可突破邮箱证书
帐号:citicbankwlpt@**.**.**.** 密码:123456abc
行外系统FTP(SFTP)环境IP **.**.**.**行外系统FTP(SFTP)环境端口 21行外系统FTP(SFTP)环境绝对路径 /fastPay/zhongxin/test行外系统FTP(SFTP)环境账号 debug_kjzf行外系统FTP(SFTP)环境密码 kxl5nBOy7
access.admin=liuxiaoliaccess.bringover=liuxiaoliaccess.create.local=liuxiaoliaccess.create.sub=liuxiaoliaccess.list=liuxiaoliaccess.putback=liuxiaoliaccess.tag=liuxiaoliaccess.update=liuxiaoliacl.index.version=uuid:o79Eh4KdajO6cBuOs04OgQ\=\=**.**.**.**ment.field=ignoreconnect.usessl=falsecreated=1399459405438creator=liuxiaolidelete.count=3dir.count=72file.count=347hansky.firefly.mirrorws.id=uuid:RXFFr8vKQJmR7j0ikc070A\=\=hansky.firefly.parentws.id=uuid:MrtE1M1qBKUWnr4diT95Wg\=\=hansky.firefly.parentws.name=wlpt2.0hansky.firefly.project.id=uuid:1kFLXf1tdSSivMydoZsfLQ\=\=hansky.firefly.project.name=WLPThansky.firefly.server.host=**.**.**.**hansky.firefly.server.port=4759hansky.firefly.ws.lockport=20256modified=1418975556307modifier=liuxiaoliname=liuxiaoli@RDPC**.**.**.**:/D:/project/code/wlpt2.0notify.bringover=notify.putback=parent=uuid:MrtE1M1qBKUWnr4diT95Wg\=\=parent.index.version=uuid:e8VJSGK71Z/Fr5neiVfsAw\=\=password=BLOWFISH:EC049C62E1D2C5435654493Dproject.id=uuid:1kFLXf1tdSSivMydoZsfLQ\=\=putback.bugid.field=require**.**.**.**ment.field=requireputback.reviewer.field=ignoreputback.time.field=ignoreroot=uuid:RXFFr8vKQJmR7j0ikc070A\=\=**.**.**.**work.enabled=trueundo.max=3undo.next=0update.link.nodes=trueupdate.link.target=trueupload.date=1418205760048upload.ws=liuxiaoli@RDPC**.**.**.**:/D:/project/code/wlpt2.0username=liuxiaoliws.host=RDPC**.**.**.**ws.os=Windows XPws.path=D:\\project\\code\\wlpt2.0ws.type=2ws.user=liuxiaoli
BLOWFISH加密密钥
RTQ3MTR*****MDg3NzNGMA==OTBGRTAxOT*****NzY3Ng==8pR*****ch/k=
不深入爆破了.......怕怕怕!!!
危害等级:中
漏洞Rank:8
确认时间:2016-01-06 16:31
CNVD确认并复现所述情况,已经转由CNCERT直接通报给对应银行集团公司,由其后续协调网站管理部门处置.
暂无