北京市质量监督局某系统GetShell影响百万电梯安全监控数据(影响内网安全)
漏洞标题 北京市质量监督局某系统GetShell影响百万电梯安全监控数据(影响内网安全) 相关厂商 北京市质量监督局 漏洞作者 路人甲 提交时间 2016-05-08 15:40 公开时间 2016-…
漏洞标题
北京市质监局GetShell系统影响数百万电梯安全监控数据(影响内网安全)
相关制造商
北京市质监局
漏洞作者
过路人
提交时间
2016-05-08 15: 40
公共时间
2016-06-25 16: 00
漏洞类型
系统/服务补丁不及时
危险等级
高
自我评估等级
10
漏洞状态
已提交给第三方合作机构(cncert National Internet Emergency Center)
标签标签
漏洞详细信息
**。**。**。**: 8080/esm/frame/default/esm/login/login_ca.jsp
反向序列getshell
**。**。**。**: 8080/bea_wls_internal/test.jsp
美马:
***** OG *****
JDBC:
Jdbc.url=jdbc: oracle: thin: @(description=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=**。**。**。**)(PORT=1521))(ADDRESS=( PROTOCOL=TCP)(HOST=** ** ** **)(PORT=1521))(LOAD_BALANCE=YES)(故障切换=ON))(CONNECT_DATA=(服务器=专用)(SERVICE_NAME=ORCL)) )
Jdbc.username=ESM
Jdbc.password=esm_2012
ESMESM_ELEVATOR_ERROR_DETAIL74679149
ESMESM_ELEVATOR_ERROR_ORIGINAL15758932
SYSAUD $一二五〇五八三五
ESMESM_ELEVATOR_ERROR_DETAIL_61B12308106
ESMESM_ELEVATOR_ERROR_ORI_050511820609
SYSWRM $ _SNAPSHOT_DETAILS2893875
ESMESM_ELEVATOR_ERROR_06162549527
ESMESM_ELEVATOR_ERROR_422531_BAK2496221
ESMESM_ELEVATOR_ERROR_138122211545
ESMA_TEMP_ERROR_201411251082418
ESMJBPM4_HIST_ACTINST825492
ESMA_TEMP_ERROR_E808826
SYSWRI $ _OPTSTAT_HISTGRM_HISTORY805208
ESMESM_ELEVATOR_ERROR672370
ESMJBPM4_HIST_TASK620218
ESMJBPM4_VARIABLE600552
ESMESM_ELEVATOR_EVERYDAY_STATUS584731
ESMWL_WORKFLOW_TRACKING554698
ESMESM_ELEVATOR_ERROR_ORI_422531B535158
ESMESM_MESAGE_FLAG360000
ESMESM_ELEVATOR_EVERYDAY_STS0731251305
ESMESM_ELEVATOR_ERROR_ORI_13812235414
SYSWRH $ _SYSMETRIC_HISTORY232760
漏洞证明:
ESMESM_ELEVATOR_ERROR_DETAIL74679149
ESMESM_ELEVATOR_ERROR_ORIGINAL15758932
SYSAUD $一二五〇五八三五
ESMESM_ELEVATOR_ERROR_DETAIL_61B12308106
ESMESM_ELEVATOR_ERROR_ORI_050511820609
SYSWRM $ _SNAPSHOT_DETAILS2893875
ESMESM_ELEVATOR_ERROR_06162549527
ESMESM_ELEVATOR_ERROR_422531_BAK2496221
ESMESM_ELEVATOR_ERROR_138122211545
ESMA_TEMP_ERROR_201411251082418
ESMJBPM4_HIST_ACTINST825492
ESMA_TEMP_ERROR_E808826
SYSWRI $ _OPTSTAT_HISTGRM_HISTORY805208
ESMESM_ELEVATOR_ERROR672370
ESMJBPM4_HIST_TASK620218
ESMJBPM4_VARIABLE600552
ESMESM_ELEVATOR_EVERYDAY_STATUS584731
ESMWL_WORKFLOW_TRACKING554698
ESMESM_ELEVATOR_ERROR_ORI_422531B535158
ESMESM_MESAGE_FLAG360000
ESMESM_ELEVATOR_EVERYDAY_STS0731251305
ESMESM_ELEVATOR_ERROR_ORI_13812235414
SYSWRH $ _SYSMETRIC_HISTORY232760
修理计划:
更新补丁
版权声明:请注明出处。居民A @乌云
JDBC:
Jdbc.url=jdbc: oracle: thin: @(description=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=**。**。**。**)(PORT=1521))(ADDRESS=( PROTOCOL=TCP)(HOST=** ** ** **)(PORT=1521))(LOAD_BALANCE=YES)(故障切换=ON))(CONNECT_DATA=(服务器=专用)(SERVICE_NAME=ORCL)) )
Jdbc.username=ESM
Jdbc.password=esm_2012
ESMESM_ELEVATOR_ERROR_DETAIL74679149
ESMESM_ELEVATOR_ERROR_ORIGINAL15758932
SYSAUD $一二五〇五八三五
ESMESM_ELEVATOR_ERROR_DETAIL_61B12308106
ESMESM_ELEVATOR_ERROR_ORI_050511820609
SYSWRM $ _SNAPSHOT_DETAILS2893875
ESMESM_ELEVATOR_ERROR_06162549527
ESMESM_ELEVATOR_ERROR_422531_BAK2496221
ESMESM_ELEVATOR_ERROR_138122211545
ESMA_TEMP_ERROR_201411251082418
ESMJBPM4_HIST_ACTINST825492
ESMA_TEMP_ERROR_E808826
SYSWRI $ _OPTSTAT_HISTGRM_HISTORY805208
ESMESM_ELEVATOR_ERROR672370
ESMJBPM4_HIST_TASK620218
ESMJBPM4_VARIABLE600552
ESMESM_ELEVATOR_EVERYDAY_STATUS584731
ESMWL_WORKFLOW_TRACKING554698
ESMESM_ELEVATOR_ERROR_ORI_422531B535158
ESMESM_MESAGE_FLAG360000
ESMESM_ELEVATOR_EVERYDAY_STS0731251305
ESMESM_ELEVATOR_ERROR_ORI_13812235414
SYSWRH $ _SYSMETRIC_HISTORY232760
漏洞证明:
ESMESM_ELEVATOR_ERROR_DETAIL74679149
ESMESM_ELEVATOR_ERROR_ORIGINAL15758932
SYSAUD $一二五〇五八三五
ESMESM_ELEVATOR_ERROR_DETAIL_61B12308106
ESMESM_ELEVATOR_ERROR_ORI_050511820609
SYSWRM $ _SNAPSHOT_DETAILS2893875
ESMESM_ELEVATOR_ERROR_06162549527
ESMESM_ELEVATOR_ERROR_422531_BAK2496221
ESMESM_ELEVATOR_ERROR_138122211545
ESMA_TEMP_ERROR_201411251082418
ESMJBPM4_HIST_ACTINST825492
ESMA_TEMP_ERROR_E808826
SYSWRI $ _OPTSTAT_HISTGRM_HISTORY805208
ESMESM_ELEVATOR_ERROR672370
ESMJBPM4_HIST_TASK620218
ESMJBPM4_VARIABLE600552
ESMESM_ELEVATOR_EVERYDAY_STATUS584731
ESMWL_WORKFLOW_TRACKING554698
ESMESM_ELEVATOR_ERROR_ORI_422531B535158
ESMESM_MESAGE_FLAG360000
ESMESM_ELEVATOR_EVERYDAY_STS0731251305
ESMESM_ELEVATOR_ERROR_ORI_13812235414
SYSWRH $ _SYSMETRIC_HISTORY232760
修理计划:
更新补丁
版权声明:请注明出处。居民A @乌云
- 发表于 2016-07-17 08:00
- 阅读 ( 518 )
- 分类:黑客技术
