A station of prudential Trust has command execution (involving millions of users/involving massive amounts of capital data/involving multiple bank agents)

A station of prudential Trust has command execution (involving millions of users/involving massive amounts of capital data/involving multiple bank agents)

RT

**. **: 7002/etrading/command execution exists. a large amount of information is found by writing shell to configure the database.





Personal information of Agent users, trust information, cooperation information of multiple banks, and information of bank owners.





If the data is too large, only part of the evidence is intercepted.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

     
  
   jdbc:oracle:thin:@**.**.**.**:1521:tcmp
      
  
   oracle.jdbc.OracleDriver
      
        
           
    
     user
            
    
     etrust
          
       
      
  
   {AES}l/ZDIOSDHqEcLIKlfDQ3kTWJucuvuD9LSQcUSAdreKs=
   etrust     
  
   jdbc:oracle:thin:@**.**.**.**:1521:tcmp
      
  
   oracle.jdbc.OracleDriver
      
        
           
    
     user
            
    
     cctcrm
          
       
      
  
   {AES}nTXXJv//UNBAEPlfboQ6HRR80vwCDKuSj2Mt/C/ZENo=
   cctcrm
 

 

**.**.**.** >> >>Microsoft-IIS/7.5 >>Success**.**.**.** >> >>Serv-U/**.**.**.** >>Success**.**.**.** >> >>Resin/3.1.8 >>Success**.**.**.** >> Apache Tomcat>>Apache-Coyote/1.1 >>Success**.**.**.** >> IIS7>>Microsoft-IIS/7.5 >>Success**.**.**.** >> >>Microsoft-IIS/7.5 >>Success**.**.**.** >> >>Microsoft-IIS/7.5 >>Success**.**.**.** >> >>Microsoft-IIS/7.5 >>Success**.**.**.** >> >>Microsoft-IIS/7.5 >>Success**.**.**.** >> IIS7>>Microsoft-IIS/7.5 >>Success**.**.**.** >> HP LaserJet 400 M401dn   **.**.**.**>>Virata-EmWeb/R6_2_1 >>Success

Intranet Test

**.**.**.**:7002/etrading/1.jspx 9635789

 

Solution: