乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-08: 细节已通知厂商并且等待厂商处理中 2016-01-11: 厂商已经确认,细节仅向厂商公开 2016-01-21: 细节向核心白帽子及相关领域专家公开 2016-01-31: 细节向普通白帽子公开 2016-02-10: 细节向实习白帽子公开 2016-02-22: 细节向公众公开
http://27.17.7.236 存在命令执行,通过读取配置文件发现是华润燃气郑州市,存在多个APP下载界面,通过对数据库配置,发现三个库,大量数据外泄,可入综合内网具体情况看截图,数据过多,只截取部分作为证明,
<url>jdbc:oracle:thin:@172.22.3.10:1521:cisalpha</url> <driver-name>oracle.jdbc.OracleDriver</driver-name> <properties> <property> <name>user</name> <value>gas_ia</value> </property> </properties> <password-encrypted>{AES}EPm+fsxb8xLBgm4wLhIRlgHt0s5RVhdVafcizyuMnnA=</password-encrypted> <url>jdbc:oracle:thin:@172.22.3.10:1521:cisalpha</url> <driver-name>oracle.jdbc.OracleDriver</driver-name> <properties> <property> <name>user</name> <value>lspf_bpm</value> </property> </properties> <password-encrypted>{AES}hjOiF7aUu3IhfGyVoSfkuu9+kg+lBeMQZSBoCADmGmM=</password-encrypted> nkuB_VJ9P-KG2D <url>jdbc:oracle:thin:@172.22.3.10:1521:cisalpha</url> <driver-name>oracle.jdbc.OracleDriver</driver-name> <properties> <property> <name>user</name> <value>lspf_support</value> </property> </properties> <password-encrypted>{AES}rTG4WHhLu2aUHQ/bedLAy3Q/qqhzr++gafiJ1C9CpmI=</password-encrypted> rkJX_8TYW-8AIJ <jdbc-driver-params> <url>jdbc:oracle:thin:@172.22.3.10:1521:cisalpha</url> <driver-name>oracle.jdbc.OracleDriver</driver-name> <properties> <property> <name>user</name> <value>bsp</value> </property> </properties> <password-encrypted>{AES}OnCaoqHGtt9ReKP2HQGKf8PPYGyxde8N42dX6g1JeX0=</password-encrypted> ZUkI_T59N-RW0K
数据库配置以及解密的密码
Query#0 : select t.TABLE_NAME,t.NUM_ROWS from user_tables t order by NUM_ROWS descTABLE_NAMEVARCHAR2 NUM_ROWSNUMBERT_CS_AREA_SEARCH PF_LANG PF_LANG_TYPE TAB_PF_DUTY_OBJECT_RELA 682000PF_DUTY_OBJECT_RELA 318950PF_TD_EXT_LOG 89968PF_DUTY_OBJECT_RELA_0518 83270PF_TD_FIRED_TRIGGERS_HIS 81765PF_ONLINE_USER 52860PF_OBJECT_EXTEND 52615PF_DUTY_FUNCTION_GROUP_RELA 35630PF_DUTY_OBJECT_RELA_ZS0325 26120PF_FUNCTION_GROUP_OBJECT_RELA 26058TMP_FUNCTION_GROUP_OBJECT_0516 24548TMP_PF_DUTY_OBJECT_R 8714PF_STAFF_ZS0505 6533PF_ACCOUNT_0330 6195PF_ACCOUNT_DUTY_RELA_0413 5859PF_FUNCTION_GROUP_OBJ_RELA_ZS 5354PF_OBJECT 4447PF_CODE 3987PF_DUTY_ORG_RELA 3531PF_ACCOUNT_DUTY_RELA 3433PF_DUTY 3425TAB_PF_ACCOUNT_DUTY_RELA 3264PF_ACCOUNT_DUTY_RELA_ZS0505 3258PF_ACCOUNT_DUTY_RELA_GHF 2926SP_LOG 2214PF_ACCOUNT_ZS0325 2201TAB_PF_DUTY_ORG_RELA 2188PF_DUTY_ORG_RELA_ZS0505 2181PF_STAFF_ORG_ORGRELATYPE_RELA 1483PF_ORG_RELA_ZS0505 1445PF_DUTY_0505 1344TAB_GHF0521 1295DUTY_GROUP_TMP 1295TMP_DUTY_IMP 1172TMP_PF_DUTY_FUNCTION_GROUP_R 1132PF_ACCOUNT_INNER_ROLE_RELA 1076PF_STAFF_ORG_ORGRELATYPE_ZS 981PF_DUTY_ORG_RELA_GHF 960PF_DUTY_ORG_RELA_TMP 960TAB_DD 960PF_ORG_ZS0505 920PF_ORG_RELA 899SP_QUERY_CONT_DEF_REQ_LOG 892SP_GRID_MODEL_LOG 730PF_FUNCTION_GROUP 716PF_STAFF 702TAB_PF_DUTY 674PF_DUTY_GHF 664PF_MENU 654PF_ACCOUNT 634DATAPUSH_DATA_USERS 629PF_CODE_SORT 572PF_MENU_BAK_20150122 525PF_PARAM_ACCESS_LEVEL_CONTROL 522PF_USER_PROFILE 491PF_ORG_GHF 459TAB_ORGTMP 457PF_ORG_RELA_GHF 457PF_ORG 436SP_GRID_COL_CFG 350SP_QUERY_PARA_DEF_REQ_LOG 325SP_QUERY_CONT_DEF 319PF_MSG_SEND_HISTROY 300PF_REPORT_TYPE 249TMP_FUNCTION_GROUP_0516 215PF_PARAM 164TAB_DUTY_TMP 161TMP_PF_DUTY_ORG_R 144TMP_PF_DUTY 144SP_QUERY_PARA_DEF 132PF_HOLIDAY_CODE 132SP_QUERY_USELOG 130PF_REPORT_SORT 129PF_MSG_RCV 104PF_MSG_RCV_HISTORY 90REPORT_TEST1 89SP_QUERY_DEF_REQ_LOG 88PF_TD_EXT_JOB_EXHDL 82SP_GRID_TEMPLET 81PF_DUTY_FUNCTION_GROUP_RELA_ZS 73PF_MSG_USERINFO 67SP_GRID_MODEL 58PF_TD_EXT_EXEC_CPNT 46PF_TD_EXT_GROUP 45PF_TD_JOB_DETAILS 44PF_WORKDEST_SHORTCUT 44PF_TD_EXT_JOB_DTL 44PF_PARAM_SORT 42PF_PASSWORD_HISTORY 42PF_DUTY_OBJECT_EXCEPT_ZS0325 41PF_TD_EXT_JOB_EXEC 39PF_TD_EXT_JOB_DTL_HIS 38PF_TD_JOB_DETAILS_HIS 38PF_PARAM_VALUE 35SP_QUERY_DEF 34PF_TD_TRIGGERS 33PF_INNER_ROLE 32SP_QUERY_CONT_CONFIG 32PF_TD_CRON_TRIGGERS 30SP_QUERY_CONT_CONFIG_REQ_LOG 28DATAPUSH_DATA 28PF_TD_EXT_JOB_EXEC_HIS 25PF_TD_EXT_DATA_DICT 23PF_FUNCTION_GROUP_ZS0325 22PF_MSG_SEND 21PF_MSG_RCV_EXTENDGG 20PF_TD_EXT_LISTENER 20PF_OBJECT_EXTENDATTR 19PF_STAFF_ERR150327 18PF_SAFECONFIG 17PF_DROOLS_TYPE 14QUERY_MORE_TEST 12PF_APPLICTION 11PF_MSG_TYPE 11PF_DROOLS_FORMDRL 11PF_TD_EXT_EXEC_CPNT_HIS 10PF_MSG_USERGROUP 10PF_DEMO_LEAVE 10SP_SCHEDULE 9PF_PLATFORM 7TAB_PF_DUTY_OBJECT_EXCEPT 7REPORT_TEST2 6PF_TD_CPNT_AUTH 6PF_MSG_CONSTANT 5PF_MSG_SORT 4WL_SERVLET_SESSIONS 4PF_TD_SIMPLE_TRIGGERS 3PF_WORKDESK 3SP_HOLIDAY 2PF_TD_LOCKS 2PF_MSG_USER_CONFIG 1PF_SAFECONFIGS 1PF_TD_EXT_LISTENER_TYPE 1PF_DROOLS_DRLFUNC 1PF_DROOLS_FORMVALIDATE 1PF_TD_SCHEDULER_STATE 1SP_QUERY_CONT_DEF_REQ 0PF_TD_BLOB_TRIGGERS 0SP_QUERY_DEF_ATTR 0SP_QUERY_DEF_ATTR_REQ 0SP_QUERY_DEF_ATTR_REQ_LOG 0SP_QUERY_DEF_REQ 0SP_QUERY_PARA_DEF_REQ 0SP_QUERY_PRO 0SP_QUERY_PRO_REQ 0SP_QUERY_PRO_REQ_LOG 0PF_SERVICEMANAGER_INFO 0PF_DUTY_OBJECT_EXCEPT 0PF_FILE_RECORD 0PF_MSG_ATTR 0PF_TD_FIRED_TRIGGERS 0PF_TD_PAUSED_TRIGGER_GRPS 0PF_TD_SIMPROP_TRIGGERS 0PF_WORKDESK_ATTR 0PF_OBJECT_BAK050411 0PF_TD_CALENDARS 0SP_QUERY_CONT_CONFIG_REQ 0
数据库表结构
http://27.17.7.236/static/2.jsp carry
危害等级:高
漏洞Rank:18
确认时间:2016-01-11 11:15
感谢提交
暂无