乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-04: 细节已通知厂商并且等待厂商处理中 2015-02-09: 厂商已经确认,细节仅向厂商公开 2015-02-19: 细节向核心白帽子及相关领域专家公开 2015-03-01: 细节向普通白帽子公开 2015-03-11: 细节向实习白帽子公开 2015-03-21: 细节向公众公开
中国民航图书馆Getshell(包含七八处数据库信息)
http://118.122.168.194:8081/ghfxxy/login.action
存在Struts2命令执行漏洞。直接Getshell
### oracle ### #driverClassName=com.mysql.jdbc.Driver#url=jdbc:mysql://localhost:3306/test#username=root#password=password### oracle ### driverClassName=oracle.jdbc.driver.OracleDriverusername=gdlisnet password=gdlisnet_2014 url=jdbc:oracle:thin:@172.16.255.52:1521:gdlisnet initialSize=2#??ぇ杩???伴?maxActive=20#??ぇ绌洪?杩????maxIdle=5#???绌洪?杩????minIdle=2#瓒??绛???堕?浠ユ?绉?负???maxWait=30000### ?????????瓒??杩?? ### removeAbandoned=true # c3p0???姝ユ?浣??锛???㈢?JDBC??????甯??杩??瀹???? #?╁?杩???????互???????????.???澶?嚎绋???板?涓??浣???惰??ц??? #Default: 3 numHelperThreads=10 # 褰???ユ??ㄥ??跺??风?璋??getConnection()???寰?????杩??????达? # 瓒????????SQLException,濡??涓???????绛?????浣??绉??Default: 0 checkoutTimeout=1000
0x02:
#Consolelog4j.logger.com.cpt=INFOlog4j.appender.Console=org.apache.log4j.ConsoleAppenderlog4j.appender.Console.layout=org.apache.log4j.PatternLayoutlog4j.appender.Console.layout.ConversionPattern=%d{MM-dd HH:mm:ss} %-5p %c - %20m%n#姣?ぉ杈????欢log4j.appender.RollingFile=org.apache.log4j.DailyRollingFileAppenderlog4j.appender.RollingFile.Threshold=INFO##?ㄩ」??EB-INF???涓?????蹇??浠跺す???蹇??浠?#log4j.appender.RollingFile.File=${project}WEB-INF/logs/sys.##?ㄧ郴缁?????璺?????瀵瑰????蹇??浠跺す???蹇??浠?log4j.appender.RollingFile.File=/xcdmslog/sys.##?规?server?????????瀵瑰????蹇??浠跺す???蹇??浠?#log4j.appender.RollingFile.File=${catalina.base}/logs/logslog4j.appender.RollingFile.DatePattern =yyyy-MM-dd'.log'log4j.appender.RollingFile.layout=org.apache.log4j.PatternLayoutlog4j.appender.RollingFile.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c -%l - %.30m%n#妗??淇℃?#log4j.logger.org.apache=INFOlog4j.category.org.springframework=INFOlog4j.category.org.hibernate=INFO#log4j.logger.hibernate.cache=debug#####################TestDATABASE################################### Log4j寤鸿???娇?ㄥ?涓?骇???浼??绾т?楂??浣?????ERROR??ARN??NFO??EBUG??# ?ㄤ??版?搴?#log4j.appender.DATABASE=org.apache.log4j.jdbc.JDBCAppender#log4j.appender.DATABASE.URL=jdbc:sqlserver://localhost:1433;DatabaseName=SCOTT#log4j.appender.DATABASE.driver=com.microsoft.sqlserver.jdbc.SQLServerDriver#log4j.appender.DATABASE.user=scott#log4j.appender.DATABASE.password=ppmsdba# ???璁剧疆涓?WARN"浠ヤ?绾у??ㄦ????瀛??(榛?????浣跨?rootLogger涓??璁剧疆)#log4j.appender.DATABASE.Threshold=DEBUG#log4j.appender.DATABASE.sql=INSERT INTO EVN_LOG(optime,thread,infolevel,class,message) VALUES ('%d{yyyy-MM-dd HH:mm:ss}', '%t', '%p', '%l', '%m')# ????版?搴?腑??〃LOG4J??essage瀛??涓??# ???锛?锛?????%c: ?ュ?淇℃?????帮?绫诲?锛?p: ?ュ?淇℃?绾у?%m: 浜х????蹇??浣?俊??%n: 杈???ュ?淇℃??㈣?#log4j.appender.DATABASE.layout=org.apache.log4j.PatternLayout#log4j.appender.DATABASE.layout.ConversionPattern=[framework] %d - %c -%-4r [%t] %-5p %c %x - %m%n
0x03:
#jdbc.url=jdbc:mysql://127.0.0.1:3306/xcdms#jdbc.driver=com.mysql.jdbc.Driver#jdbc.username=root#jdbc.password=123654#hibernate.dialect=org.hibernate.dialect.MySQLDialect#############SQL Server##############jdbc.url=jdbc:sqlserver://192.168.1.209:1433;DatabaseName=SCOTT#jdbc.url=jdbc:sqlserver://192.168.0.101:1433;DatabaseName=SCOTT#jdbc.driver=com.microsoft.sqlserver.jdbc.SQLServerDriver#jdbc.username=cpt_agr#jdbc.password=passwordjdbc.url=jdbc:sqlserver://localhost:1433;DatabaseName=GHFCjdbc.driver=com.microsoft.sqlserver.jdbc.SQLServerDriverjdbc.username=sajdbc.password=passwordhibernate.dialect=org.hibernate.dialect.SQLServerDialect#?版?杩???????疆???,??父涓??浠ヤ?淇??#hibernate settingshibernate.show_sql=falsehibernate.format_sql=falsehibernate.generate_statistics=truehibernate.ehcache_config_file=/cache/ehcache.xmlhibernate.cache.use_query_cache=true;#?ㄦ?浼??????堕?璁剧疆sessionMaxNum=3600sessionMaxTime=3600
补丁+配置!
危害等级:中
漏洞Rank:7
确认时间:2015-02-09 14:29
CNVD确认并复现所述情况,转由CNCERT向民航局测评中心通报,由其后续协调网站管理单位处置。
暂无