漏洞标题 渤海国际信托的商业平台GetShell影响30万银行账户信息和各种信托合同审批信息 相关制造商 Bohaitrust.com 漏洞作者 过路人 提交时间 2016-05-04 02: 00 公共时间 2016-06-20 15: 20 漏洞类型 系统/服务补丁不及时 危险等级 高 自我评估等级 10 漏洞状态 已提交给第三方合作机构(cncert National Internet Emergency Center) 标签标签 漏洞详细信息 **。**。**。** 反向序列getshell **。**。**。**/bea_wls_internal/test.jsp的 密码: ***** OG ***** Jdbc: < url> jdbc: oracle: thin: @ **。**。**。**: 1521: tcmpdb</url> <驾驶员名称>&oracle.jdbc.OracleDriver LT; /驾驶员名称> <性状> <性> <名称>用户LT; /名称> <值GT; TCMP< /值GT; < /性> < /性状> <密码加密> {3DES} BFNCZn8jqjc=LT; /密码加密> 解密:TCMP TCMPTINF_FUNDDAY1640272 SYSWRI $ _OPTSTAT_HISTGRM_HISTORY1307020 TCMPJBPM4_HIST_VAR1011829 TCMPTINF_ARLIMIT980560 SYSWRI $ _ADV_MESSAGE_GROUPS872669 TCMPTINF_FUNDINFO490269 TCMPVZJZG479299 SYSWRH $ _SQL_PLAN468621 TCMPTINF_TRUSTPROJECTS438620 SYSAUD $ 418474 TCMPTINF_PROFITSCHEMA397712 TCMPJBPM4_HIST_ACTINST371326 TCMPTINF_SALELIMIT353841 TCMPTINF_TRUSTBANKACCOINFO306562 TCMPTINF_TRUSTFUNDPROFIT279468 SYSWRI $ _ADV_SQLT_PLANS256235 SYSWRH $ _SYSMETRIC_HISTORY255620 TCMPTINF_DICTIONARY236308 TCMPT_ORGLICENSE211012 TCMPTINF_CITYNO203816 TCMPTFLOWAPPROVES185324 TCMPJBPM4_EXT_HIST_TASK185205 TCMPJBPM4_HIST_TASK185189 TCMPJBPM4_EXT_TEMPLATE_DATA182307 TCMPT_FA_SHARES174688 SYSWRH $ _EVENT_HISTOGRAM162960
漏洞证明: TCMPTINF_FUNDDAY1640272 SYSWRI $ _OPTSTAT_HISTGRM_HISTORY1307020 TCMPJBPM4_HIST_VAR1011829 TCMPTINF_ARLIMIT980560 SYSWRI $ _ADV_MESSAGE_GROUPS872669 TCMPTINF_FUNDINFO490269 TCMPVZJZG479299 SYSWRH $ _SQL_PLAN468621 TCMPTINF_TRUSTPROJECTS438620 SYSAUD $ 418474 TCMPTINF_PROFITSCHEMA397712 TCMPJBPM4_HIST_ACTINST371326 TCMPTINF_SALELIMIT353841 TCMPTINF_TRUSTBANKACCOINFO306562 TCMPTINF_TRUSTFUNDPROFIT279468 SYSWRI $ _ADV_SQLT_PLANS256235 SYSWRH $ _SYSMETRIC_HISTORY255620 TCMPTINF_DICTIONARY236308 TCMPT_ORGLICENSE211012 TCMPTINF_CITYNO203816 TCMPTFLOWAPPROVES185324 TCMPJBPM4_EXT_HIST_TASK185205 TCMPJBPM4_HIST_TASK185189 TCMPJBPM4_EXT_TEMPLATE_DATA182307 TCMPT_FA_SHARES174688 SYSWRH $ _EVENT_HISTOGRAM162960
修理计划: 更新补丁 版权声明:请注明出处。居民A @乌云