A health system in Liaoning Province has command execution (involving a massive amount of personal details/obtaining data in a difficult environment)
**. **. **. **/Nhis/index. the jsp has command execution. Let's talk about the data. The million Instruction Information and nearly million personal details are shown in the previous tables. This is not important,
Next, let's talk about the environment and get the command to execute. The Internet ing has been done and the login can be successful. However, the problem is that the system session verification, JSP, JSPX, and replacement all become invalid, which gets stuck here, can't I really get the data? I thought of it. weblogic was deployed, but the default console was deleted and several suspicious ports were not found. At this time, I suddenly thought of it, why not add a domain by yourself? Use the local war package configured in this domain to read the intranet database.
Successful!
nhis2015
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=**.**.**.**)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=**.**.**.**)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=rac)))
oracle.jdbc.OracleDriver
user
nhis2015
{AES}vciR+kCUrJPR7w2eH1kStYFUwUlOFWxOZHO4CYoXNeI=
LNyw!2015**.**.**.**jdbc:oracle:thin:@**.**.**.**:1521/rac
Database Configuration
Query#0 : select t.TABLE_NAME,t.NUM_ROWS from user_tables t order by NUM_ROWS descTABLE_NAMEVARCHAR2NUM_ROWSNUMBERT_FLOW_AUDITING42963285T_IC_PERSON4191191T_IC_PUBLICPLACES_HISTORY2885828T_IC_PUBLICPLACES2289376T_DETECTION1171552T_DISCIPLINE_PUNISHED1101357T_DISCIPLINE_ILLEGAL630905T_DISCIPLINE428550T_IC_PUBLIC_COMPTYPE265647T_IC_WATER_PROCESS199035T_CPHC188229T_IC_UNVOUCHER169422T_DISCIPLINE_STAFF148370T_DISCIPLINE_HISTORY131777T_IC_RADIATION_TYPE101721T_IC_WATER_SOURCE97343T_SUPERVISE_PERSON84301T_IC_WATER_CHECKCONTENT73855T_IC_MEDICAL_HISTORY57356T_IC_MEDICAL56884T_IC_DISINFECTANT36562T_IC_DISINFECTANT_HISTORY27442T_IC_WATER_PROD21726T_SUPERVISION_CONT20394T_IC_DISINFECTANT_TESTCONTENT17400T_FLOW_RECENTLYREPORTED16894T_SUPERVISE_ORGAN14693T_IC_PERSON_HISTORY12901T_IC_DETAILED10946T_IC_WATER_HISTORY10942T_IC_SCHOOL_HISTORY9860T_FLOW_CASEINFORMATION8814T_FLOW_PENDINGMATTER8014T_IC_RADIATION_HISTORY6395T_IC_OCC_SERVICES6036T_IC_TABLEWARE5462T_IC_WATER5333T_IC_SCHOOL4827T_DETECTION_SUB3378T_IC_RADIATION3243T_ORGTW_REL2975T_IC_BLOOD_HISTORY2657T_IC_OCC_SERVICES_TYPE2343T_IC_TABLEWARE_HISTORY2312T_QUALITYCONTROL1493T_IC_SCHOOL_WATER_TYPE1304T_IC_BLOOD876T_IC_OCC_SERVICES_HISTORY365T_SUPERVISE_ORGAN_HISTORY254T_IC_DISINFECTANT_PROD139T_IC_INFECTIOUS121T_IC_UNVOUCHER_HISTORY27T_IC_BIRTH_SERVICE_TYPE25T_IC_BIRTH14T_IC_BIRTH_LICENSE14T_IC_INFECTIOUS_HISTORY7T_IC_BIRTH_HISTORY2T_DISCIPLINE_PROD0T_SUPER_ORG_NO_TWCODE0
Database Structure
Solution: