乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-08: 细节已通知厂商并且等待厂商处理中 2016-01-12: 厂商已经确认,细节仅向厂商公开 2016-01-22: 细节向核心白帽子及相关领域专家公开 2016-02-01: 细节向普通白帽子公开 2016-02-11: 细节向实习白帽子公开 2016-02-22: 细节向公众公开
rt
#Struts2命令执行
http://**.**.**.**:8001/css/self/searchCertApply!searchCert.do
不要小看css.hbca。shell后可以跨到其它站点#shell:
整理敏感信息如下:001
#SQLServer2005以上#hibernate.dialect=org.hibernate.dialect.SQLServerDialect#validationQuery.sqlserver=SELECT 1#jdbc.url.jeecg=jdbc:sqlserver**.**.**.**:1697;DatabaseName=jeecg#jdbc.username.jeecg=sa#jdbc.password.jeecg=SA#jdbc.dbType=sqlserver#postgresSQL#hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect#validationQuery.sqlserver=SELECT 1#jdbc.url.jeecg=jdbc:postgresql://localhost:5432/jeecg#jdbc.username.jeecg=postgres#jdbc.password.jeecg=postgres#jdbc.dbType=postgres#MySQLhibernate.dialect=org.hibernate.dialect.MySQLDialectvalidationQuery.sqlserver=SELECT 1#jdbc.url.jeecg=jdbc:mysql://localhost:3306/jeewx?useUnicode=true&characterEncoding=UTF-8jdbc.url.jeecg=jdbc:mysql://WebAppServer1:3306/jeewx?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&failOverReadOnly=false&maxReconnects=10 jdbc.username.jeecg=rootjdbc.password.jeecg=11111111jdbc.dbType=mysql#Oracle#hibernate.dialect=org.hibernate.dialect.OracleDialect#validationQuery.sqlserver=SELECT 1 FROM DUAL#jdbc.url.jeecg=jdbc:oracle:thin:@**.**.**.**:1521:dhtest#jdbc.username.jeecg=jeecg#jdbc.password.jeecg=jeecg#jdbc.dbType=oracle#更新|创建|验证数据库表结构|不作改变 默认update(create,validate,none)hibernate.hbm2ddl.auto=none
002
<!-- 各厂商介质相关属性配置 <property name="ukeyMap"> <map> <entry key="HHUK JDZY CSP V3.0"> <map> <entry key="name" value="华虹V3"></entry> <entry key="p11Lib" value="hhpkcs1114.dll"></entry> <entry key="algorithm" value="RSA"></entry> </map> </entry> <entry key="HaiTai Cryptographic Service Provider 20485"> <map> <entry key="name" value="海泰V3"></entry> <entry key="p11Lib" value="HtPkcs1120485.dll"></entry> <entry key="algorithm" value="RSA"></entry> </map> </entry> <entry key="Tianyu Cryptographic Service Provider"> <map> <entry key="name" value="天喻"></entry> <entry key="p11Lib" value="typkcs11.dll"></entry> <entry key="algorithm" value="RSA"></entry> </map> </entry> <entry key="M&W eKey XCSP V3"> <map> <entry key="name" value="明华V3"></entry> <entry key="p11Lib" value="mwpkcs11_v3.dll"></entry> <entry key="algorithm" value="RSA"></entry> </map> </entry> <entry key="XiangSheng Cryptographic Service Provider"> <map> <entry key="name" value="翔晟"></entry> <entry key="p11Lib" value="NORECOVER"></entry> <entry key="algorithm" value="RSA"></entry> </map> </entry> <entry key="FEITIAN ePassNG RSA Cryptographic Service Provider"> <map> <entry key="name" value="飞天"></entry> <entry key="p11Lib" value="NORECOVER"></entry> <entry key="algorithm" value="RSA"></entry> </map> </entry> </map> </property> --> <!-- 系统相关常量信息 --> <property name="map"> <map> <!-- 短信发送配置(URL) --> <entry key="smsURL" value="http://**.**.**.**:8899/sms/Api/Send.do"></entry> <!-- 短信发送配置(账号) --> <entry key="smsCORPID" value="200487"></entry> <!-- 短信发送配置(用户名) --> <entry key="smsUSERNAME" value="hb_sz"></entry> <!-- 短信发送配置(密码) --> <entry key="smsPASSWORD" value="sz0815"></entry> <!-- 短信发送配置(内容) --> <entry key="smsContent" value="尊敬的客户,您的业务受理号为:"></entry> <entry key="keyLength" value="1024"></entry> <entry key="tomcatUrl" value="F:/apache-tomcat-6.0.32/webapps/css/downloads/"></entry> <!-- 支付宝跳转页面 --> <entry key="notify_url" value="**.**.**.**:8001/css/alipay/notify_url.jsp"></entry> <entry key="return_url" value="**.**.**.**:8001/css/alipay/return_url.jsp"></entry> </map> </property>
003
004
hibernate.connection.driver_class=oracle.jdbc.driver.OracleDriverhibernate.connection.url=jdbc\:oracle\:thin\:@**.**.**.**\:1521\:hbcadbhibernate.connection.username=cssuserhibernate.connection.password=cssuser2013hibernate.c3p0.min_size=10hibernate.c3p0.max_size=100hibernate.c3p0.timeout=180hibernate.c3p0.acquire_increment=5hibernate.c3p0.idle_test_period=300hibernate.c3p0.max_statements=0hibernate.dialect=org.hibernate.dialect.Oracle10gDialecthibernate.show_sql=falsehibernate.format_sql=falseorg.apache.ws.security.crypto.provider=**.**.**.**ponents.crypto.Merlinorg.apache.ws.security.crypto.merlin.file=css.jksorg.apache.ws.security.crypto.merlin.keystore.type=jksorg.apache.ws.security.crypto.merlin.keystore.password=11111111org.apache.ws.security.crypto.merlin.keystore.alias=cssorg.apache.ws.security.crypto.merlin.alias.password=11111111appId=wx9c2f15696ed15cb1appSecret=5072c85598a157e90d29a9ed4611132ebycxkey=bycxllcxkey=llcxzdcxkey=zdcxfwcxkey=fwcxnotbd=yhbdwxfw=**.**.**.**\:80
尽快修复。
危害等级:高
漏洞Rank:10
确认时间:2016-01-12 16:15
CNVD确认并复现所述情况,已经转由CNCERT下发给湖北分中心,由其后续协调网站管理单位处置.
暂无