记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

中国移动旗下校讯通人人通Getshell含二十多处数据库信息

2015-02-24 21:40

http://rrt.m-school.cn

站点存在Struts漏洞,可以获取Getshell

在菜刀里可以执行很大权限,可以获取众多数据库链接信息

code 区域
ROOT/WEB-INF/classes/db.properties

db_url=jdbc:mysql://192.168.20.105:3306/phpcms_v957?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

db_user=root

db_pass=cdqidi



002:批量数据库链接信息

code 区域
#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.101:3306/xxt_survey6?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

MIN_CONNECTION=2

MAX_CONNECTION=100

MAX_CONNECT_TIME=50

IDLETIME=2

DB_LOG_FILE=db.log

#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.100:3306/xxt3?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

#eBKAUjecu!

MIN_CONNECTION=3

MAX_CONNECTION=300

MAX_CONNECT_TIME=50

IDLETIME=2

DB_LOG_FILE=db.log

#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.103:3306/smapp?&useUnicode=true&characterEncoding=gbk&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

MIN_CONNECTION=2

MAX_CONNECTION=20

MAX_CONNECT_TIME=90

IDLETIME=2

DB_LOG_FILE=db.log

#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.101:3306/xxt_statistics?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

MIN_CONNECTION=2

MAX_CONNECTION=50

MAX_CONNECT_TIME=50

IDLETIME=2

DB_LOG_FILE=db.log

#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.101:3306/xxt_survey4?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

MIN_CONNECTION=2

MAX_CONNECTION=100

MAX_CONNECT_TIME=50

IDLETIME=2

DB_LOG_FILE=db.log

#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.100:3306/xxt_center?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

MIN_CONNECTION=5

MAX_CONNECTION=500

MAX_CONNECT_TIME=50

IDLETIME=2

DB_LOG_FILE=db.log

#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.101:3306/xxt_survey5?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

MIN_CONNECTION=2

MAX_CONNECTION=100

MAX_CONNECT_TIME=50

IDLETIME=2

DB_LOG_FILE=db.log

#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.100:3306/xxt5?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

#eBKAUjecu!

MIN_CONNECTION=3

MAX_CONNECTION=300

MAX_CONNECT_TIME=50

IDLETIME=2

DB_LOG_FILE=db.log



#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.101:3306/xxt_survey2?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

MIN_CONNECTION=2

MAX_CONNECTION=100

MAX_CONNECT_TIME=50

IDLETIME=2

DB_LOG_FILE=db.log



#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.103:3306/smapp_backup?&useUnicode=true&characterEncoding=gbk&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

MIN_CONNECTION=2

MAX_CONNECTION=20

MAX_CONNECT_TIME=30

IDLETIME=2

DB_LOG_FILE=db.log

#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.101:3306/xxt_assi6?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

MIN_CONNECTION=2

MAX_CONNECTION=100

MAX_CONNECT_TIME=50

IDLETIME=2

DB_LOG_FILE=db.log

#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.100:3306/xxt6?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

#eBKAUjecu!

MIN_CONNECTION=3

MAX_CONNECTION=300

MAX_CONNECT_TIME=50

IDLETIME=2

DB_LOG_FILE=db.log

#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.101:3306/xxt_assi4?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

MIN_CONNECTION=2

MAX_CONNECTION=100

MAX_CONNECT_TIME=50

IDLETIME=2

DB_LOG_FILE=db.log

#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.100:3306/xxt4?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

#eBKAUjecu!

MIN_CONNECTION=3

MAX_CONNECTION=300

MAX_CONNECT_TIME=50

IDLETIME=2

DB_LOG_FILE=db.log

#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.101:3306/xxt_survey3?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

MIN_CONNECTION=2

MAX_CONNECTION=100

MAX_CONNECT_TIME=50

IDLETIME=2

DB_LOG_FILE=db.log

#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.103:3306/gwapp?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

MIN_CONNECTION=2

MAX_CONNECTION=10

MAX_CONNECT_TIME=90

IDLETIME=2

DB_LOG_FILE=db.log

#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.100:3306/xxt2?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

MIN_CONNECTION=3

MAX_CONNECTION=300

MAX_CONNECT_TIME=50

IDLETIME=2

DB_LOG_FILE=db.log

#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.101:3306/xxt_assi5?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

MIN_CONNECTION=2

MAX_CONNECTION=100

MAX_CONNECT_TIME=50

IDLETIME=2

DB_LOG_FILE=db.log

#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.101:3306/xxt_att?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

MIN_CONNECTION=2

MAX_CONNECTION=20

MAX_CONNECT_TIME=50

IDLETIME=2

DB_LOG_FILE=db.log

#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.101:3306/xxt_assi2?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

MIN_CONNECTION=2

MAX_CONNECTION=100

MAX_CONNECT_TIME=50

IDLETIME=2

DB_LOG_FILE=db.log

#project must have following properties:

LOG=off

TRACE=off

#database properties

DATABASE_TYPE=sqlserver

JDBC_DRIVER=com.mysql.jdbc.Driver

CONNECTION_URL=jdbc:mysql://192.168.20.101:3306/xxt_assi3?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true

LOGIN_ID=root

LOGIN_PASSWORD=cdqidi

MIN_CONNECTION=2

MAX_CONNECTION=100

MAX_CONNECT_TIME=50

IDLETIME=2

DB_LOG_FILE=db.log

漏洞证明:

1.png



code 区域
数据库连接地址不一样!!!莫以为我发的是同一个。仔细对照。

修复方案:

升级+重新划分配置。


知识来源: www.wooyun.org/bugs/wooyun-2015-091052

阅读:132052 | 评论:0 | 标签:移动

想收藏或者和大家分享这篇好文章→复制链接地址

“中国移动旗下校讯通人人通Getshell含二十多处数据库信息”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

ADS

标签云

本页关键词