神刀安全网

漏洞标题: 某市广电局命令执行影响近250万客户信息

漏洞详情

披露状态:

2016-04-17: 细节已通知厂商并且等待厂商处理中
2016-04-21: 厂商已经确认,细节仅向厂商公开
2016-05-01: 细节向核心白帽子及相关领域专家公开
2016-05-11: 细节向普通白帽子公开
2016-05-21: 细节向实习白帽子公开
2016-06-05: 细节向公众公开

简要描述:

rt

详细说明:

武汉市广电

code 区域

mask 区域
******.*******

7001 port反序列直接传shell

code 区域

mask 区域
1.://**.**.**/bea_wls_internal/wooyun.jsp

pwd:

mask 区域
*****og*****

code 区域
<url>jdbc:oracle:thin:@**.**.**.**:1521:portal1</url>
<driver-name>oracle.jdbc.xa.client.OracleXADataSource</driver-name>
<properties>
<property>
<name>user</name>
<value>payplat</value>
</property>
</properties>
<password-encrypted>{AES}HaR2tv9Hr7wK/9nN1ukRFRpl3n2NOEASGe+ytAP94bI=</password-encrypted>

code 区域
RMP CRYPT_TICKETSTR 3176762
RMP SC_FULLCARD_TAB 2869404
PAYPLAT SYS_CUSTOMER 2509755
PAYPLAT BIZ_UAPINFO 2509754
PAYPLAT SYS_CUSTOMER_BOSS 2506112
RMP CRYPT_TICKET 2047261
RMP INF_LOG 1944712
RMP EQUIPSTR 1778962
RMP EQUIPMENT 1606760
RMP OUTSTOCK 1131494
RMP CRYPT_TICKET_20141001 788762
RMP CHARGELOG 769406
RMP GJ_FULLCARD 427262
RMP STORAGETJ 376268
RMP STORAGESTAT 376268
PAYPLAT REQ_CATV_LOG 365546
RMP OUTSTOCK_20140729 311509
RMP CARDSTATUS 214160
RMP TMP_NO_CARD 140000
PALMPLAT RES_DISTRICT 98650
PALMPLAT PRV_DISTRICT_CONF 96205
PAYPLAT LOG_PAY_ORDER_DETAIL 80463
PAYPLAT BIZ_PAY_ORDER_DETAIL 74309
PORTAL SYS_LOGIN_INFO 62654

漏洞标题:  某市广电局命令执行影响近250万客户信息

漏洞证明:

code 区域
RMP CRYPT_TICKETSTR 3176762
RMP SC_FULLCARD_TAB 2869404
PAYPLAT SYS_CUSTOMER 2509755
PAYPLAT BIZ_UAPINFO 2509754
PAYPLAT SYS_CUSTOMER_BOSS 2506112
RMP CRYPT_TICKET 2047261
RMP INF_LOG 1944712
RMP EQUIPSTR 1778962
RMP EQUIPMENT 1606760
RMP OUTSTOCK 1131494
RMP CRYPT_TICKET_20141001 788762
RMP CHARGELOG 769406
RMP GJ_FULLCARD 427262
RMP STORAGETJ 376268
RMP STORAGESTAT 376268
PAYPLAT REQ_CATV_LOG 365546
RMP OUTSTOCK_20140729 311509
RMP CARDSTATUS 214160
RMP TMP_NO_CARD 140000
PALMPLAT RES_DISTRICT 98650
PALMPLAT PRV_DISTRICT_CONF 96205
PAYPLAT LOG_PAY_ORDER_DETAIL 80463
PAYPLAT BIZ_PAY_ORDER_DETAIL 74309
PORTAL SYS_LOGIN_INFO 62654

漏洞标题:  某市广电局命令执行影响近250万客户信息

修复方案:

更新补丁

版权声明:转载请注明来源 路人甲@乌云

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » 漏洞标题: 某市广电局命令执行影响近250万客户信息

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址