1. A station weak password + arbitrary upload caused by shell address is located in: http://fota.suning.com weak password: Admin: Administrator arbitrary upload vulnerability is located in the "Modify version" and "upgrade package query" Page uploaded after Shell 2. suning Enterprise Office Platform any file cross-disk download address is located in: http://ewp.suning.com.cn/app/plugins/download.jsp Path can customize any file drive letter. Download To WEB-INF \ web. xml file Oracle and MSSQL Database Password
This server uses a weaver platform. Considering the system operation and technical strength, no further tests were conducted on the server.
Solution:
I don't need to mention the hazards of the vulnerability .. for 1: · Change Password · Delete the webshell involved in this example for 2: · delete or modify download. jsp · Change Database Password