Multiple linked payment servers have the Arbitrary File Upload Vulnerability (getshell)
Multiple linked payment servers have the Arbitrary File Upload Vulnerability (getshell)
1. http://weixin.allinpay.com/
Uploaded
The execution is successful, and the system is old. You should be able to easily put it to the root.
Linux tlwx_web02 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
2. http://ocs.allinpay.com: 8082/
This is root.
##memcache paramsinitConnNum=5minConnNum=5maxConnNum=50maintSleepTime=5serverList=188.0.51.172:11211;188.0.51.173:11211##initservlet switchisInit=false##openid verificationopenidVerification=true##winxin numberwechatNo=allinpay-weixin##deskey pathdeskeyPath=/tlwx/conf/deskey.des##business urltlwxAppUrl=http://188.0.50.137:8080/tlwx-app/index.do?id=tlwxMerchantToBindUrl=http://weixin.allinpay.com/tlwx/merchant/toBind.dotlwxBillToQueryUrl=http://weixin.allinpay.com/tlwx/bill/toQuery.dotlwxImagesFwsqUrl=http://weixin.allinpay.com/tlwx/images/fwsq.jpgtlwxServiceToApplyTypeUrl=http://weixin.allinpay.com/tlwx/service/toApplyType.dotlwxImagesYwsqUrl=http://weixin.allinpay.com/tlwx/images/ywsq.jpgtlwxImagesWelcomeUrl=http://weixin.allinpay.com/tlwx/images/welcome.jpgtlwxBusinessToIntroductionUrl=http://weixin.allinpay.com/tlwx/business/toApplyType.dotlwxImagesCjhdUrl=http://weixin.allinpay.com/tlwx/images/banner2.giftlwxDrawIndexUrl=http://weixin.allinpay.com/tlwx/draw/index.do##oauth pagetlwxOauthGetOauthUrl=http://weixin.allinpay.com/tlwx/oauth/getOauth.do?tourl=rootUri=/tlwx##menu pagereHomePage=http://weixin.allinpay.com/tlwx/view/website/home.htmlreContactPage=http://weixin.allinpay.com/tlwx/view/website/contact_us.htmlreBindPage=http://weixin.allinpay.com/tlwx/merchant/toBind.doreAboutTonglianPage=http://weixin.allinpay.com/tlwx/view/website/about_tonglian.htmlreComplaintPage=http://weixin.allinpay.com/tlwx/service/toApply.do?type=6##weixin interfaceaccessTokenUrl=https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=APPID&secret=APPSECRETmenuCreateUrl=https://api.weixin.qq.com/cgi-bin/menu/create?access_token=ACCESS_TOKENgetUsersUrl=https://api.weixin.qq.com/cgi-bin/user/get?access_token=ACCESS_TOKEN&next_openid=NEXT_OPENIDoauth2GetCodeUrl=https://open.weixin.qq.com/connect/oauth2/authorize?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE#wechat_redirectoauth2GetOpenIdUrl=https://api.weixin.qq.com/sns/oauth2/access_token?appid=APPID&secret=SECRET&code=CODE&grant_type=authorization_codegetUserInfoUrl=https://api.weixin.qq.com/cgi-bin/user/info?access_token=ACCESS_TOKEN&openid=OPENID&lang=zh_CNtlwxPrizesActivityUrl=http://mp.weixin.qq.com/s?__biz=MzA3ODA3MTUzNQ==&mid=201721368&idx=1&sn=560e427119f5c90a529994966b5927e7#rd##sign tokensignToken=tlwx_wanghua38675547appId=wx101d21fc68055583appSecret=5ef092a0ba8f90451c9440b945be5e72##cookie parameters#60*60*24*30=2592000;60*60*24*365=31536000maxAge=2592000domain=.allinpay.com##appServiceCheckListappServiceCheckList=188.0.51.172:8080;188.0.51.173:8080checkUrlTlwxApp=http://APPSERVICE/tlwx-app/ServiceCheckServlet##luck drawdrawType=100drawBeginTime=20141201000000drawEndTime=20150131235959
Solution:
Filter