Command Execution in a system in Guizhou Province (involving details of nearly one million female family planning staff)

Command Execution in a system in Guizhou Province (involving details of nearly one million female family planning staff)

Command Execution in a system in Guizhou Province (involving nearly one million female family planning staff/involving a large amount of surgical information/involving personal details and photo information)

I mean I cannot understand some surgical names ~~

**. **. **. **/Cbms/GuiZhou province family planning operation management system has command execution. shell is obtained through a series of operations, mainly involving the personal information and Operation Details of nearly one million women, it turns out that there are so many names related to the female's detailed photo address and ID information.





The data volume is huge, and the part intercepted is used as proof,

 

 

 

 

 

 

 

 

 

 

 

 

 

 

driverClassName=oracle.jdbc.OracleDriverurl=jdbc\:oracle\:thin\:@**.**.**.**\:1521\:orclusername=jsleopassword=jsla0516    
 
  weblogic
     
 
  {AES}4TqBrPwaawNDb5yvhRVkJ3OBpzy/vghfuN9y2HTnSvg=
 jsleo0516

Database and weblogic Configuration

Query#0 : select t.TABLE_NAME,t.NUM_ROWS from user_tables t order by NUM_ROWS descTABLE_NAMEVARCHAR2NUM_ROWSNUMBERS_LOG1125061SURGERY_CONTENT784917S_CFVILLAGE695580SURGERY_RECORD210534BIZ_CONSUMER198499BIZ_CERTIFICATE155225S_CFTOWN43913S_AUTHORITY_RELATION26251S_FUNCTIONARY12314BIZ_CERTIFICATE_OBSOLETE5534S_APPROVAL3387S_CFPREFECTURE3147S_AGENCY1864S_ORGANIZATION1708S_CONTENT1694IDCARD_SET1376BIZ_INFO_CHECK1195CONSUMER_DELETE731S_CERTIFICATE472BIZ_CONSUMER_DEL431S_CFCITY346S_DDIC59SURGERY_DETAIL42S_CFPROVINCE31S_AUTHORITY28SURGERY_ITEM13S_NOTICE9SURGERY_TYPE4SERVER_SET3DATA_VERIFY0

Database Structure

**.**.**.**/cbms/1.jsp carry

 

Solution: