乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-21: 细节已通知厂商并且等待厂商处理中 2016-01-22: 厂商已经确认,细节仅向厂商公开 2016-02-01: 细节向核心白帽子及相关领域专家公开 2016-02-11: 细节向普通白帽子公开 2016-02-21: 细节向实习白帽子公开 2016-03-05: 细节向公众公开
http://219.143.162.216:7002/ht_server 存在命令执行,通过配置数据库,看到,一个AGENT表,看了下4500W商户信息,包括个人姓名,身份证以及其他一些敏感信息,看到4500W直接震惊,其余稍微截图示意下吧。其余危害信息只截取部分作为证明。
#jdbc.driverClassName=oracle.jdbc.driver.OracleDriver#jdbc.url=jdbc:oracle:thin:@10.100.1.183:1521:zhanyedb#jdbc.username=ebTVeOriToU=#jdbc.password=ebTVeOriToU\=jdbc.driverClassName=oracle.jdbc.driver.OracleDriverjdbc.url=jdbc:oracle:thin:@10.100.8.19:1521:mobilejdbc.username=ebTVeOriToU=jdbc.password=ebTVeOriToU\= <url>jdbc:oracle:thin:@10.100.1.215:1521/bonus</url> <driver-name>oracle.jdbc.OracleDriver</driver-name> <properties> <property> <name>user</name> <value>bonus</value> </property> </properties> <password-encrypted>{AES}kKar8ef947/VS0pHnoeFJf1+dOQR0lMqcxPVSbZ0YiI=</password-encrypted> bonus <url>jdbc:oracle:thin:@10.100.1.74:1521:htl1</url> <driver-name>oracle.jdbc.xa.client.OracleXADataSource</driver-name> <properties> <property> <name>user</name> <value>htprod</value> </property> </properties> <password-encrypted>{AES}VgnE4LriOKxQeI+UhcPO0vWEveXM7CrzwPwiy1Ljw+s=</password-encrypted> htprod <url>jdbc:oracle:thin:@10.100.2.29:1521/bidbprod</url> <driver-name>oracle.jdbc.OracleDriver</driver-name> <properties> <property> <name>user</name> <value>ydzy</value> </property> </properties> <password-encrypted>{AES}QobJCD1thIeubIwa7oSycTHILopLAFoykUWVXaPRbuk=</password-encrypted> ydzy
数据库配置
Query#0 : select t.TABLE_NAME,t.NUM_ROWS from user_tables t order by NUM_ROWS descTABLE_NAMEVARCHAR2 NUM_ROWSNUMBERMLOG$_RCCOMMMONTHRULE MLOG$_RCAGENTCOMMISSION MLOG$_LCCONTBANKFEE RUPD$_RCCOMMMONTHRULE RUPD$_RCPOLICYFEEBASICINDE RUPD$_LCCONTBANKFEE RUPD$_RCAGENTCOMMISSION MLOG$_RCPOLICYFEEBASICINDE T_CONTRACT_MASTER_BACKUP 87393955RCAGENTCOMMISSION 46530337LCAGENT 46330336PRERCAGENTCOMMISSION 44585070MVBUSINESSLOG 37822895RCAGENTINDEXMONTH 27395302RC_BUSINESS_LOG 23028548RCAGENTASSESSRESULT 16861891LCDEPT 16231761RCAGENTASSESSDETAIL 15673544RC_PRODUCT_FEE 8294204T_AGENT_BACKUP 7922015RCTEAMINDEXMONTH 6890715RC_PRODUCT_COMMISION 5965020LATEAMINDEXDAILY 5396642LAAGENTINDEXDAILY 4631134DM_RENEWLDUEPAY 4559465RC_POLICY_FEE 4521316RCPOLICYLOG 4239611RC_CONTRACT_PRODUCT 3933387RCPOLICYFEEBASICINDEX 3902894RCPOLICYFEEBASICINDEXND 3899788RCFEELOG 3729981T_DEPT_BACKUP 2816683RCPOLICYFEEPRECOMMSNAP 2788210DMA_PERSON_RENEWAL_2 2702289RCSTAFFADDEDRELATION 2583595RC_CONTRACT_MASTER 2215498LCCONTINTERMEDIARYFEE 2201055LCCONTBANKFEE 2163755LSTASKPROPERTIES 2042708RCAGENTASSESS 2040835RC_POLICY_ACKNOWLEDGEMENT 1231204COMMMONTHAGENT 1181407RCTEAMRELATION 1017398RCPOLICYBASICINDEXND 987757RCPOLICYBASICINDEX 985628RCPOLICYPRECOMMSNAP 823884LCCONTWAGE 565391RCFOSTRELATION 302655TEST 300070LAAGENTCOMMISSION 251504MONTHATTRATE 238825LSTASK 189650LAAGENTINDEXMONTH 175156LATEAMINDEXMONTH 153287D_AGENTGROUP 149772RCAGENTASSESSDATE 145732T_AGENT 138526LCCONTSINGLEFEE 125287V_SELFINSU1 118568HT_AGENT_MONITOR_RELATION 94725LABANKINDEX 84840AGENTBONUSFLAG 77304HT_AGENT_CHANGE_TRACE 61827LCCONTNCALC 55944RCCOMMMONTHRULE 48213T_DEPT 47658LAAGENTCOMCHARGE 41427LAINTERMEDIARYINDEX 24633RCFOSTRELATIONCANCEL 23432AGENTIDCONVERT 22863T_BANK 17464LCDMCONTBANKWCALC 15750
数据库结构
http://219.143.162.216:7002/ht_server/1.jspx 9635789
危害等级:高
漏洞Rank:20
确认时间:2016-01-22 09:06
非常感谢,我们马上处理
暂无