The java anti-sequential getshell vulnerability of a Provincial Bureau of Quality supervision involves 1.67 million industrial staff (including personal details such as name, ID card number, mobile phone number, and certificate number)

The java anti-sequential getshell vulnerability of a Provincial Bureau of Quality supervision involves 1.67 million industrial staff (including personal details such as name, ID card number, mobile phone number, and certificate number)

0.0

 

Mask Region

  
   1.http://**.**.**/index.shtml
  

Java deserialization getshell
 

Mask Region

  
   1.http://**.**.**/uddiexplorer/wooyun.jsp
  

Passwd: wooyun! @#

Db Configuration:
 

jdbc.jdbcUrl = jdbc\:oracle\:thin\:@localhost\:1521\:orcljdbc.user=examyoubiaojdbc.password=examyoubiao

 

Data Volume statistics for some tables
 

TB_EXAM_PAPER_MX90993361TB_EXAM_XGCL_MAP6904114TB_EXAM_OPERATE4192434SYS_LOG1711145TB_CERT1675424TB_CERT_DYJL1576203TB_EXAM_BMB1272042TB_EXAM_CZXM_MAP1218700TB_EXAM_PAPER1152639TB_CERT_SQ1100169TB_EXAM_SC869998TB_CERT_SQ_MX864242TB_EXAM_PAPER_DLXX824122TB_CERT_SQ_LOG646919TB_EXAM_SC_MX273653TB_EXAM_BMB_ZYXM219153TB_EXAM_TK116380TB_EXAM_YRDW110821

 

select * from EXAMNEW.TB_CERT where rownum between 1 and 100

 

 

 

Http: // **. **: 7001/index.shtml

Java deserialization getshell

Http: // **. **: 7001/uddiexplorer/wooyun. jsp

Passwd: wooyun! @#

Db Configuration:
 

jdbc.jdbcUrl = jdbc\:oracle\:thin\:@localhost\:1521\:orcljdbc.user=examyoubiaojdbc.password=examyoubiao

 

Data Volume statistics for some tables
 

TB_EXAM_PAPER_MX90993361TB_EXAM_XGCL_MAP6904114TB_EXAM_OPERATE4192434SYS_LOG1711145TB_CERT1675424TB_CERT_DYJL1576203TB_EXAM_BMB1272042TB_EXAM_CZXM_MAP1218700TB_EXAM_PAPER1152639TB_CERT_SQ1100169TB_EXAM_SC869998TB_CERT_SQ_MX864242TB_EXAM_PAPER_DLXX824122TB_CERT_SQ_LOG646919TB_EXAM_SC_MX273653TB_EXAM_BMB_ZYXM219153TB_EXAM_TK116380TB_EXAM_YRDW110821

 

select * from EXAMNEW.TB_CERT where rownum between 1 and 100

 

 

 

Solution:

Update patch