乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-05: 细节已通知厂商并且等待厂商处理中 2016-01-08: 厂商已经确认,细节仅向厂商公开 2016-01-18: 细节向核心白帽子及相关领域专家公开 2016-01-28: 细节向普通白帽子公开 2016-02-07: 细节向实习白帽子公开 2016-02-22: 细节向公众公开
http://**.**.**.**:8080 沈阳住房公积金存在命令执行,通过写SHELL,配置数据库,成功读取到几千万的信息泄露了全市住房公积金情况以及个人的详细信息和房产证,编号以及年份,还有大量的企业单位缴费情况以及个人缴费情况。、以下数据只是截取部分证明危害,部分数据太过庞大,截取100条作为证明。
<url>jdbc:oracle:thin:@**.**.**.**:1521:cmsdb</url> <driver-name>oracle.jdbc.xa.client.OracleXADataSource</driver-name> <properties> <property> <name>user</name> <value>cms</value> </property> </properties> <password-encrypted>{AES}+5LUNmyHPm12ltQdGxDJXU+gV5VTp4a7NUJi7inhWnU=</password-encrypted> capinfohttp://**.**.**.**:8080/cxxt/2.jsp 7
数据库配置以及shell
Query#0 : select table_name from user_tablesTABLE_NAMEVARCHAR2BACKMANAGERDZ_FEEDOPERATION_LOGPUBINSTPUBSUMMARYCODE1SYGJJHITTESTCSGLD_REGISTMONEY_RATESQLTABLEARTICLE_TO_COLUMNATTACHMENTATTACH_REFERENCECOLUMN_AUTHDEPARTMENTDEPT_TO_PERSONEXT_PROPERTYFUNCTION_NODEFUNCTION_NODE_AUTHLOGMEMBER_CATAGORYPERSONSITEACCESS_LOGADMIN_INFOADVERTISEMENTAPPRAISE_LISTAPPRAISE_LIST_HISTORYARTICLETRANSMITCONTROLARTICLE_CORRECTIONARTICLE_REVIEWARTICLE_ROLEASSESSMENTCHATTINGROOM_INFOCODECODE_GROUPCOLUMNTRANSMITCONTROLCOLUMN_INDEXCOLUMN_RELATIONCOLUMN_TEMPLATECUSTOMER_INFOCUSTOMER_INFO_HISTORYELECTRONMAPEVALUATIONEVALUATION_OPTIONSEXTTABEXTTOOBJGUESTS_INFOGUESTS_INFO_HISTORYINTERVIEW_CONTENTINTERVIEW_CONTENT_HISTORYINTERVIEW_ONLINE_INFOINTERVIEW_TYPELOG_HISTORYMEMBERMEMBER_ARTICLEMESSAGECATALOGMESSAGEPOSTMESSAGESOFFICE_HELPPUBLISH_ASSISTANTQUESTIONREQUESTLOGREQUESTNUMROLE_INFOROLE_TO_PERSONSCRIPT_CODESCRIPT_REFERENCESENSIWORD_INFOSHUJU_CONTENTSHUJU_HISTORYSHUJU_JOBTEMPLATETRANSMITLOGINFOTRANSMITPROJECTINFOWATERMARKUSER_TABDP002_HIDELN003_HIDEARTICLECOLUMNARTICLE_HISTORYINTERVIEW_INFOINTERVIEW_INFO_HISTORYONLINE_CUSTOMER_MESSAGEONLINE_CUSTOMER_MESSAGE_HISPUBLSH_ARTICLE_COLUMNSYS_IMPORT_FULL_01QUESTION_ANSWERQUESTION_LISTQUESTION_LISTITEMQUESTION_RESULTDP009CC001DP001DP002DP004DP005DP006DP007DP008DP021LN001LN002LN003LN005LN007LN030LN040LN041PB007PB016PB040LN046LN006
危害等级:高
漏洞Rank:12
确认时间:2016-01-08 19:50
漏洞重复,CNVD不在重复处置。
暂无