漏洞标题 渤海国际信托的商业平台GetShell影响30万银行账户信息和各种信托合同审批信息 相关制造商 Bohaitrust.com 漏洞作者 过路人 提交时间 2016-05-04 02: 00 公共时间 2016-06-20 15: 20 漏洞类型 系统/服务补丁不及时 危险等级 高 自我评估等级 10 漏洞状态 已提交给第三方合作机构（cncert National Internet Emergency Center） 标签标签 漏洞详细信息 **。**。**。** 反向序列getshell **。**。**。**/bea_wls_internal/test.jsp的 密码： ***** OG ***** Jdbc: ＆lt; url＆gt; jdbc: oracle: thin: @ **。**。**。**: 1521: tcmpdb＆lt;/url＆gt; ＆LT;驾驶员名称＆gt;＆oracle.jdbc.OracleDriver LT; /驾驶员名称＆gt; ＆LT;性状＆gt; ＆LT;性＆gt; ＆LT;名称＆gt;用户LT; /名称＆gt; ＆LT;值GT; TCMP＆LT; /值GT; ＆LT; /性＆gt; ＆LT; /性状＆gt; ＆LT;密码加密＆GT; {3DES} BFNCZn8jqjc=LT; /密码加密＆GT; 解密：TCMP TCMPTINF_FUNDDAY1640272 SYSWRI $ _OPTSTAT_HISTGRM_HISTORY1307020 TCMPJBPM4_HIST_VAR1011829 TCMPTINF_ARLIMIT980560 SYSWRI $ _ADV_MESSAGE_GROUPS872669 TCMPTINF_FUNDINFO490269 TCMPVZJZG479299 SYSWRH $ _SQL_PLAN468621 TCMPTINF_TRUSTPROJECTS438620 SYSAUD $ 418474 TCMPTINF_PROFITSCHEMA397712 TCMPJBPM4_HIST_ACTINST371326 TCMPTINF_SALELIMIT353841 TCMPTINF_TRUSTBANKACCOINFO306562 TCMPTINF_TRUSTFUNDPROFIT279468 SYSWRI $ _ADV_SQLT_PLANS256235 SYSWRH $ _SYSMETRIC_HISTORY255620 TCMPTINF_DICTIONARY236308 TCMPT_ORGLICENSE211012 TCMPTINF_CITYNO203816 TCMPTFLOWAPPROVES185324 TCMPJBPM4_EXT_HIST_TASK185205 TCMPJBPM4_HIST_TASK185189 TCMPJBPM4_EXT_TEMPLATE_DATA182307 TCMPT_FA_SHARES174688 SYSWRH $ _EVENT_HISTOGRAM162960 漏洞证明： TCMPTINF_FUNDDAY1640272 SYSWRI $ _OPTSTAT_HISTGRM_HISTORY1307020 TCMPJBPM4_HIST_VAR1011829 TCMPTINF_ARLIMIT980560 SYSWRI $ _ADV_MESSAGE_GROUPS872669 TCMPTINF_FUNDINFO490269 TCMPVZJZG479299 SYSWRH $ _SQL_PLAN468621 TCMPTINF_TRUSTPROJECTS438620 SYSAUD $ 418474 TCMPTINF_PROFITSCHEMA397712 TCMPJBPM4_HIST_ACTINST371326 TCMPTINF_SALELIMIT353841 TCMPTINF_TRUSTBANKACCOINFO306562 TCMPTINF_TRUSTFUNDPROFIT279468 SYSWRI $ _ADV_SQLT_PLANS256235 SYSWRH $ _SYSMETRIC_HISTORY255620 TCMPTINF_DICTIONARY236308 TCMPT_ORGLICENSE211012 TCMPTINF_CITYNO203816 TCMPTFLOWAPPROVES185324 TCMPJBPM4_EXT_HIST_TASK185205 TCMPJBPM4_HIST_TASK185189 TCMPJBPM4_EXT_TEMPLATE_DATA182307 TCMPT_FA_SHARES174688 SYSWRH $ _EVENT_HISTOGRAM162960 修理计划： 更新补丁 版权声明：请注明出处。居民A @乌云