Getshell can leak employee information and user data due to a high-risk vulnerability in a provincial branch of Taikang Life Insurance.
Getshell is a website vulnerability in a provincial branch of Taikang Life Insurance. Tens of millions of tables and millions of tables are displayed, which exposes the staff information of the Branch and the name, phone number, ID card and other information of hundreds of thousands of policyholders.
Bytes.
Check the primary database and there are tens of millions of tables:
Most of the tables are data. The following is a million-level insurance table, which should be life insurance and vehicle insurance:
Because the website's main site is in use on a platform, check the data on the platform. The website has hundreds of thousands of users and insurance records:
Check the employee information:
Enter the background of An aspx Website:
The website is found to have been uploaded with multiple aspx and asp statements, but the trojan will automatically kill the website. Ask the Administrator to check whether the website exists:
Solution:
Disable access from Port SOAP8880 and disable ports not used by websphere