当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0105501

漏洞标题:中兴某站已被getshell可深入内网

相关厂商:中兴通讯股份有限公司

漏洞作者: fuckadmin

提交时间:2015-04-03 00:34

修复时间:2015-05-18 10:50

公开时间:2015-05-18 10:50

漏洞类型:成功的入侵事件

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-04-03: 细节已通知厂商并且等待厂商处理中
2015-04-03: 厂商已经确认,细节仅向厂商公开
2015-04-13: 细节向核心白帽子及相关领域专家公开
2015-04-23: 细节向普通白帽子公开
2015-05-03: 细节向实习白帽子公开
2015-05-18: 细节向公众公开

简要描述:

中兴貌似被深度兄弟挖得够深入了,但还是有漏网之鱼。

详细说明:

1.站点:
http://enterprise.zteusa.com
中兴美国站~~~

8.jpg


明显是个后门
2.上菜刀

9.jpg


主机名:           ZTE-TEMPLATE161
OS 名称:          Microsoft(R) Windows(R) Server 2003, Enterprise Edition
OS 版本:          5.2.3790 Service Pack 2 Build 3790
OS 制造商:        Microsoft Corporation
OS 配置:          独立服务器
OS 构件类型:      Multiprocessor Free
注册的所有人:     zte
注册的组织:       zte
产品 ID:          69813-641-1471096-45723
初始安装日期:     2010-3-16, 21:21:57
系统启动时间:     165 天 21 小时 58 分 27 秒
系统制造商:       VMware, Inc.
系统型号:         VMware Virtual Platform
系统类型:         X86-based PC
处理器:           安装了 6 个处理器。
                  [01]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
                  [02]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
                  [03]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
                  [04]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
                  [05]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
                  [06]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
BIOS 版本:        INTEL  - 6040000
Windows 目录:     C:\WINDOWS
系统目录:         C:\WINDOWS\system32
启动设备:         \Device\HarddiskVolume1
系统区域设置:     zh-cn;中文(中国)
输入法区域设置:   zh-cn;中文(中国)
时区:             (GMT+08:00) 北京,重庆,香港特别行政区,乌鲁木齐
物理内存总量:     8,191 MB
可用的物理内存:   7,013 MB
页面文件: 最大值: 10,040 MB
页面文件: 可用:   8,877 MB
页面文件: 使用中: 1,163 MB
页面文件位置:     C:\pagefile.sys
域:               WORKGROUP
登录服务器:       \\ZTE-TEMPLATE161
修补程序:         安装了 340 个修补程序。
                  [01]: File 1
                  [02]: File 1
                  [03]: File 1
                  [04]: File 1
                  [05]: File 1
                  [06]: File 1
                  [07]: File 1
                  [08]: File 1
                  [09]: File 1
                  [10]: File 1
                  [11]: File 1
                  [12]: File 1
                  [13]: File 1
                  [14]: File 1
                  [15]: File 1
                  [16]: File 1
                  [17]: File 1
                  [18]: File 1
                  [19]: File 1
                  [20]: File 1
                  [21]: File 1
                  [22]: File 1
                  [23]: File 1
                  [24]: File 1
                  [25]: File 1
                  [26]: File 1
                  [27]: File 1
                  [28]: File 1
                  [29]: File 1
                  [30]: File 1
                  [31]: File 1
                  [32]: File 1
                  [33]: File 1
                  [34]: File 1
                  [35]: File 1
                  [36]: File 1
                  [37]: File 1
                  [38]: File 1
                  [39]: File 1
                  [40]: File 1
                  [41]: File 1
                  [42]: File 1
                  [43]: File 1
                  [44]: File 1
                  [45]: File 1
                  [46]: File 1
                  [47]: File 1
                  [48]: File 1
                  [49]: File 1
                  [50]: File 1
                  [51]: File 1
                  [52]: File 1
                  [53]: File 1
                  [54]: File 1
                  [55]: File 1
                  [56]: File 1
                  [57]: File 1
                  [58]: File 1
                  [59]: File 1
                  [60]: File 1
                  [61]: File 1
                  [62]: File 1
                  [63]: File 1
                  [64]: File 1
                  [65]: File 1
                  [66]: File 1
                  [67]: File 1
                  [68]: File 1
                  [69]: File 1
                  [70]: File 1
                  [71]: File 1
                  [72]: File 1
                  [73]: File 1
                  [74]: File 1
                  [75]: File 1
                  [76]: File 1
                  [77]: File 1
                  [78]: File 1
                  [79]: File 1
                  [80]: File 1
                  [81]: File 1
                  [82]: File 1
                  [83]: File 1
                  [84]: File 1
                  [85]: File 1
                  [86]: File 1
                  [87]: File 1
                  [88]: File 1
                  [89]: File 1
                  [90]: File 1
                  [91]: File 1
                  [92]: File 1
                  [93]: File 1
                  [94]: File 1
                  [95]: File 1
                  [96]: File 1
                  [97]: File 1
                  [98]: File 1
                  [99]: File 1
                  [100]: File 1
                  [101]: File 1
                  [102]: File 1
                  [103]: File 1
                  [104]: File 1
                  [105]: File 1
                  [106]: File 1
                  [107]: File 1
                  [108]: File 1
                  [109]: File 1
                  [110]: File 1
                  [111]: File 1
                  [112]: File 1
                  [113]: File 1
                  [114]: File 1
                  [115]: File 1
                  [116]: File 1
                  [117]: File 1
                  [118]: File 1
                  [119]: File 1
                  [120]: File 1
                  [121]: File 1
                  [122]: File 1
                  [123]: File 1
                  [124]: File 1
                  [125]: File 1
                  [126]: File 1
                  [127]: File 1
                  [128]: File 1
                  [129]: File 1
                  [130]: File 1
                  [131]: File 1
                  [132]: File 1
                  [133]: File 1
                  [134]: File 1
                  [135]: File 1
                  [136]: File 1
                  [137]: File 1
                  [138]: File 1
                  [139]: File 1
                  [140]: File 1
                  [141]: File 1
                  [142]: File 1
                  [143]: File 1
                  [144]: File 1
                  [145]: File 1
                  [146]: File 1
                  [147]: File 1
                  [148]: File 1
                  [149]: File 1
                  [150]: File 1
                  [151]: File 1
                  [152]: File 1
                  [153]: File 1
                  [154]: File 1
                  [155]: File 1
                  [156]: File 1
                  [157]: File 1
                  [158]: File 1
                  [159]: File 1
                  [160]: File 1
                  [161]: File 1
                  [162]: File 1
                  [163]: File 1
                  [164]: File 1
                  [165]: File 1
                  [166]: Q147222
                  [167]: KB2604078 - QFE
                  [168]: KB2656358 - QFE
                  [169]: KB2656376-v2 - QFE
                  [170]: KB933854 - QFE
                  [171]: KB953298 - QFE
                  [172]: KB979907 - QFE
                  [173]: KB975558_WM8
                  [174]: KB925398_WMP64
                  [175]: KB2564958 - Update
                  [176]: KB2079403 - Update
                  [177]: KB2115168 - Update
                  [178]: KB2124261 - Update
                  [179]: KB2229593 - Update
                  [180]: KB2296011 - Update
                  [181]: KB2345886 - Update
                  [182]: KB2347290 - Update
                  [183]: KB2360937 - Update
                  [184]: KB2378111 - Update
                  [185]: KB2387149 - Update
                  [186]: KB2393802 - Update
                  [187]: KB2419635 - Update
                  [188]: KB2423089 - Update
                  [189]: KB2440591 - Update
                  [190]: KB2443105 - Update
                  [191]: KB2476490 - Update
                  [192]: KB2478960 - Update
                  [193]: KB2478971 - Update
                  [194]: KB2481109 - Update
                  [195]: KB2483185 - Update
                  [196]: KB2485663 - Update
                  [197]: KB2506212 - Update
                  [198]: KB2507618 - Update
                  [199]: KB2507938 - Update
                  [200]: KB2508429 - Update
                  [201]: KB2509553 - Update
                  [202]: KB2510587 - Update
                  [203]: KB2535512 - Update
                  [204]: KB2536276-v2 - Update
                  [205]: KB2544521 - Update
                  [206]: KB2544893-v2 - Update
                  [207]: KB2566454 - Update
                  [208]: KB2570947 - Update
                  [209]: KB2584146 - Update
                  [210]: KB2585542 - Update
                  [211]: KB2598479 - Update
                  [212]: KB2603381 - Update
                  [213]: KB2604078 - Update
                  [214]: KB2618451 - Update
                  [215]: KB2620712 - Update
                  [216]: KB2621440 - Update
                  [217]: KB2624667 - Update
                  [218]: KB2631813 - Update
                  [219]: KB2638806 - Update
                  [220]: KB2644615 - Update
                  [221]: KB2645640 - Update
                  [222]: KB2646524 - Update
                  [223]: KB2653956 - Update
                  [224]: KB2655992 - Update
                  [225]: KB2656358 - Update
                  [226]: KB2656376-v2 - Update
                  [227]: KB2659262 - Update
                  [228]: KB2675157 - Update
                  [229]: KB2676562 - Update
                  [230]: KB2685939 - Update
                  [231]: KB2686509 - Update
                  [232]: KB2691442 - Update
                  [233]: KB2698365 - Update
                  [234]: KB2699988 - Update
                  [235]: KB2705219 - Update
                  [236]: KB2707511 - Update
                  [237]: KB2709162 - Update
                  [238]: KB2712808 - Update
                  [
网卡:             安装了 1 个 NIC。
                  [01]: Intel(R) PRO/1000 MT Network Connection
                      连接名:      本地连接
                      启用 DHCP:   否
                      IP 地址
                      [01]: 192.168.170.113


3.再深入
深入摸索后发现该服务器不是域服务器,当时有点小失望,但~~
发现有价值的东西:
内网FTP配置信息,IP、账号、密码、路径~`

<?xml version="1.0" encoding="utf-8" ?>
<!--娉ㄩ?-->
<ApplicationConfig>
	<url>
	<!--娴?????
	    <link>http://10.5.6.129/prmsys</link>
		-->
		<!--??骇??? -->
		<link>http://prm.zte.com.cn/prmsys</link>
	</url>
    <!-- ?婚??稿???疆 -->
    <portal>
		<!--娴?????  prm FTTP涓???????疆
		<tsm_ftpservice>10.3.64.159</tsm_ftpservice>
		<tsm_ftpusername>prm</tsm_ftpusername>
		<tsm_ftppassword>zte@123456</tsm_ftppassword>
		<tsm_ftppath>/tsm_down1</tsm_ftppath>
		<ftpservice>10.5.6.129</ftpservice>
		<ftpusername>prm</ftpusername>
		<ftppassword>prm</ftppassword>
		<ftppath>/home/eccsrvc/prm</ftppath>
        -->
		<!--??骇???  prm FTTP涓???????疆-->
		<tsm_ftpservice>10.30.1.125</tsm_ftpservice>
		<tsm_ftpusername>tsmdown</tsm_ftpusername>
		<tsm_ftppassword>frkHp!54_sC</tsm_ftppassword>
		<tsm_ftppath>/tsm_down1</tsm_ftppath>
		<ftpservice>10.30.8.3</ftpservice>
		<ftpusername>prmview</ftpusername>
		<ftppassword>AdmUY972</ftppassword>
		<ftppath>/newattach/PRM</ftppath>
		
		<!-- ??。????¢??ュ? 娴??????板? 
		<tsm_stbservice>http://10.3.64.159/tsm/stbservice.asmx</tsm_stbservice>
		<tsm_stbservice_ns>http://tsm.zte.com.cn/</tsm_stbservice_ns>
		-->
		<!-- ??。????¢??ュ? 姝e?????板? -->
		<tsm_stbservice>http://tsm.zte.com.cn/tsm/stbservice.asmx</tsm_stbservice>
		<tsm_stbservice_ns>http://tsm.zte.com.cn/</tsm_stbservice_ns>
		
		
		<!-- Support ????炬???疆 娴??????板? 
		<support_link>http://10.3.64.73/support/index.aspx</support_link>
		-->
		
		<!-- Support ????炬???疆 姝e?????板? -->
		<support_link>http://support.zte.com.cn/support/index.aspx</support_link>
		
		<!-- prm-portal娴?????涓???????D 
     	<siteId_cn>57</siteId_cn>
     	<siteId_en>61</siteId_en>
     	-->
		<!-- prm-portal??骇???涓???????D  -->
    	<siteId_cn>63</siteId_cn>
    	<siteId_en>64</siteId_en>
		
	</portal> 
</ApplicationConfig>


还有
某配置文件

#Created by JInto - www.guh-software.de
#Thu Dec 02 20:17:56 CST 2010
CONNECTOR_COREPOOLSIZE=20
CONNECTOR_KEEPALIVETIME=20
CONNECTOR_MAXPOOLSIZE=20
IS_START_TIMER=1
SENDAUDITFAIL_FILENAME=SendAuditFail.xml
SYNSTATUS_FILENAME=SynStatus.xml
#SYNSTATUS_FILTDIR=/opt/IBM/WebSphere/AppServer/logs/ConnectorLog
SYNSTATUS_FILTDIR=D\:/ConnectorLog/
SYN_WISSERVER_REMOTEMETHOD=synAuditStatus
TIMINGPOLL_DELAY=600000
TIMINGPOLL_PERIOD=600000
#WIS_SERVICE_ENDPOINTURL=http\://10.16.33.57\:8580/wisserver/services/ReceiveAppCallService?wsdl
WIS_SERVICE_ENDPOINTURL=http\://itpwis.zte.com.cn\:8080/wisserver/services/ReceiveAppCallService?wsdl
WIS_SERVICE_REMOTEMETHOD=sendAuditReq
WORKFLOW_SEND_SERVICE_METHOD=rtnDetailStartProcessWithApp
WORKFLOW_SEND_SERVICE_URL=http\://10.3.64.65\:8090/bpsConsole/services/processFacade?wsdl
WORKFLOW_SYN_SEND_SERVICE_METHOD=rtnDetailupVarAndCompTaskWithApp
WORKFLOW_SYN_SEND_SERVICE_URL=http\://10.3.64.65\:8090/bpsConsole/services/workItemFacade?wsdl


来张内网果照

10.jpg

漏洞证明:

1.站点:
http://enterprise.zteusa.com
中兴美国站~~~

8.jpg


明显是个后门
2.上菜刀

9.jpg


主机名:           ZTE-TEMPLATE161
OS 名称:          Microsoft(R) Windows(R) Server 2003, Enterprise Edition
OS 版本:          5.2.3790 Service Pack 2 Build 3790
OS 制造商:        Microsoft Corporation
OS 配置:          独立服务器
OS 构件类型:      Multiprocessor Free
注册的所有人:     zte
注册的组织:       zte
产品 ID:          69813-641-1471096-45723
初始安装日期:     2010-3-16, 21:21:57
系统启动时间:     165 天 21 小时 58 分 27 秒
系统制造商:       VMware, Inc.
系统型号:         VMware Virtual Platform
系统类型:         X86-based PC
处理器:           安装了 6 个处理器。
                  [01]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
                  [02]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
                  [03]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
                  [04]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
                  [05]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
                  [06]: x86 Family 6 Model 15 Stepping 11 GenuineIntel ~1596 Mhz
BIOS 版本:        INTEL  - 6040000
Windows 目录:     C:\WINDOWS
系统目录:         C:\WINDOWS\system32
启动设备:         \Device\HarddiskVolume1
系统区域设置:     zh-cn;中文(中国)
输入法区域设置:   zh-cn;中文(中国)
时区:             (GMT+08:00) 北京,重庆,香港特别行政区,乌鲁木齐
物理内存总量:     8,191 MB
可用的物理内存:   7,013 MB
页面文件: 最大值: 10,040 MB
页面文件: 可用:   8,877 MB
页面文件: 使用中: 1,163 MB
页面文件位置:     C:\pagefile.sys
域:               WORKGROUP
登录服务器:       \\ZTE-TEMPLATE161
修补程序:         安装了 340 个修补程序。
                  [01]: File 1
                  [02]: File 1
                  [03]: File 1
                  [04]: File 1
                  [05]: File 1
                  [06]: File 1
                  [07]: File 1
                  [08]: File 1
                  [09]: File 1
                  [10]: File 1
                  [11]: File 1
                  [12]: File 1
                  [13]: File 1
                  [14]: File 1
                  [15]: File 1
                  [16]: File 1
                  [17]: File 1
                  [18]: File 1
                  [19]: File 1
                  [20]: File 1
                  [21]: File 1
                  [22]: File 1
                  [23]: File 1
                  [24]: File 1
                  [25]: File 1
                  [26]: File 1
                  [27]: File 1
                  [28]: File 1
                  [29]: File 1
                  [30]: File 1
                  [31]: File 1
                  [32]: File 1
                  [33]: File 1
                  [34]: File 1
                  [35]: File 1
                  [36]: File 1
                  [37]: File 1
                  [38]: File 1
                  [39]: File 1
                  [40]: File 1
                  [41]: File 1
                  [42]: File 1
                  [43]: File 1
                  [44]: File 1
                  [45]: File 1
                  [46]: File 1
                  [47]: File 1
                  [48]: File 1
                  [49]: File 1
                  [50]: File 1
                  [51]: File 1
                  [52]: File 1
                  [53]: File 1
                  [54]: File 1
                  [55]: File 1
                  [56]: File 1
                  [57]: File 1
                  [58]: File 1
                  [59]: File 1
                  [60]: File 1
                  [61]: File 1
                  [62]: File 1
                  [63]: File 1
                  [64]: File 1
                  [65]: File 1
                  [66]: File 1
                  [67]: File 1
                  [68]: File 1
                  [69]: File 1
                  [70]: File 1
                  [71]: File 1
                  [72]: File 1
                  [73]: File 1
                  [74]: File 1
                  [75]: File 1
                  [76]: File 1
                  [77]: File 1
                  [78]: File 1
                  [79]: File 1
                  [80]: File 1
                  [81]: File 1
                  [82]: File 1
                  [83]: File 1
                  [84]: File 1
                  [85]: File 1
                  [86]: File 1
                  [87]: File 1
                  [88]: File 1
                  [89]: File 1
                  [90]: File 1
                  [91]: File 1
                  [92]: File 1
                  [93]: File 1
                  [94]: File 1
                  [95]: File 1
                  [96]: File 1
                  [97]: File 1
                  [98]: File 1
                  [99]: File 1
                  [100]: File 1
                  [101]: File 1
                  [102]: File 1
                  [103]: File 1
                  [104]: File 1
                  [105]: File 1
                  [106]: File 1
                  [107]: File 1
                  [108]: File 1
                  [109]: File 1
                  [110]: File 1
                  [111]: File 1
                  [112]: File 1
                  [113]: File 1
                  [114]: File 1
                  [115]: File 1
                  [116]: File 1
                  [117]: File 1
                  [118]: File 1
                  [119]: File 1
                  [120]: File 1
                  [121]: File 1
                  [122]: File 1
                  [123]: File 1
                  [124]: File 1
                  [125]: File 1
                  [126]: File 1
                  [127]: File 1
                  [128]: File 1
                  [129]: File 1
                  [130]: File 1
                  [131]: File 1
                  [132]: File 1
                  [133]: File 1
                  [134]: File 1
                  [135]: File 1
                  [136]: File 1
                  [137]: File 1
                  [138]: File 1
                  [139]: File 1
                  [140]: File 1
                  [141]: File 1
                  [142]: File 1
                  [143]: File 1
                  [144]: File 1
                  [145]: File 1
                  [146]: File 1
                  [147]: File 1
                  [148]: File 1
                  [149]: File 1
                  [150]: File 1
                  [151]: File 1
                  [152]: File 1
                  [153]: File 1
                  [154]: File 1
                  [155]: File 1
                  [156]: File 1
                  [157]: File 1
                  [158]: File 1
                  [159]: File 1
                  [160]: File 1
                  [161]: File 1
                  [162]: File 1
                  [163]: File 1
                  [164]: File 1
                  [165]: File 1
                  [166]: Q147222
                  [167]: KB2604078 - QFE
                  [168]: KB2656358 - QFE
                  [169]: KB2656376-v2 - QFE
                  [170]: KB933854 - QFE
                  [171]: KB953298 - QFE
                  [172]: KB979907 - QFE
                  [173]: KB975558_WM8
                  [174]: KB925398_WMP64
                  [175]: KB2564958 - Update
                  [176]: KB2079403 - Update
                  [177]: KB2115168 - Update
                  [178]: KB2124261 - Update
                  [179]: KB2229593 - Update
                  [180]: KB2296011 - Update
                  [181]: KB2345886 - Update
                  [182]: KB2347290 - Update
                  [183]: KB2360937 - Update
                  [184]: KB2378111 - Update
                  [185]: KB2387149 - Update
                  [186]: KB2393802 - Update
                  [187]: KB2419635 - Update
                  [188]: KB2423089 - Update
                  [189]: KB2440591 - Update
                  [190]: KB2443105 - Update
                  [191]: KB2476490 - Update
                  [192]: KB2478960 - Update
                  [193]: KB2478971 - Update
                  [194]: KB2481109 - Update
                  [195]: KB2483185 - Update
                  [196]: KB2485663 - Update
                  [197]: KB2506212 - Update
                  [198]: KB2507618 - Update
                  [199]: KB2507938 - Update
                  [200]: KB2508429 - Update
                  [201]: KB2509553 - Update
                  [202]: KB2510587 - Update
                  [203]: KB2535512 - Update
                  [204]: KB2536276-v2 - Update
                  [205]: KB2544521 - Update
                  [206]: KB2544893-v2 - Update
                  [207]: KB2566454 - Update
                  [208]: KB2570947 - Update
                  [209]: KB2584146 - Update
                  [210]: KB2585542 - Update
                  [211]: KB2598479 - Update
                  [212]: KB2603381 - Update
                  [213]: KB2604078 - Update
                  [214]: KB2618451 - Update
                  [215]: KB2620712 - Update
                  [216]: KB2621440 - Update
                  [217]: KB2624667 - Update
                  [218]: KB2631813 - Update
                  [219]: KB2638806 - Update
                  [220]: KB2644615 - Update
                  [221]: KB2645640 - Update
                  [222]: KB2646524 - Update
                  [223]: KB2653956 - Update
                  [224]: KB2655992 - Update
                  [225]: KB2656358 - Update
                  [226]: KB2656376-v2 - Update
                  [227]: KB2659262 - Update
                  [228]: KB2675157 - Update
                  [229]: KB2676562 - Update
                  [230]: KB2685939 - Update
                  [231]: KB2686509 - Update
                  [232]: KB2691442 - Update
                  [233]: KB2698365 - Update
                  [234]: KB2699988 - Update
                  [235]: KB2705219 - Update
                  [236]: KB2707511 - Update
                  [237]: KB2709162 - Update
                  [238]: KB2712808 - Update
                  [
网卡:             安装了 1 个 NIC。
                  [01]: Intel(R) PRO/1000 MT Network Connection
                      连接名:      本地连接
                      启用 DHCP:   否
                      IP 地址
                      [01]: 192.168.170.113


3.再深入
深入摸索后发现该服务器不是域服务器,当时有点小失望,但~~
发现有价值的东西:
内网FTP配置信息,IP、账号、密码、路径~`

<?xml version="1.0" encoding="utf-8" ?>
<!--娉ㄩ?-->
<ApplicationConfig>
	<url>
	<!--娴?????
	    <link>http://10.5.6.129/prmsys</link>
		-->
		<!--??骇??? -->
		<link>http://prm.zte.com.cn/prmsys</link>
	</url>
    <!-- ?婚??稿???疆 -->
    <portal>
		<!--娴?????  prm FTTP涓???????疆
		<tsm_ftpservice>10.3.64.159</tsm_ftpservice>
		<tsm_ftpusername>prm</tsm_ftpusername>
		<tsm_ftppassword>zte@123456</tsm_ftppassword>
		<tsm_ftppath>/tsm_down1</tsm_ftppath>
		<ftpservice>10.5.6.129</ftpservice>
		<ftpusername>prm</ftpusername>
		<ftppassword>prm</ftppassword>
		<ftppath>/home/eccsrvc/prm</ftppath>
        -->
		<!--??骇???  prm FTTP涓???????疆-->
		<tsm_ftpservice>10.30.1.125</tsm_ftpservice>
		<tsm_ftpusername>tsmdown</tsm_ftpusername>
		<tsm_ftppassword>frkHp!54_sC</tsm_ftppassword>
		<tsm_ftppath>/tsm_down1</tsm_ftppath>
		<ftpservice>10.30.8.3</ftpservice>
		<ftpusername>prmview</ftpusername>
		<ftppassword>AdmUY972</ftppassword>
		<ftppath>/newattach/PRM</ftppath>
		
		<!-- ??。????¢??ュ? 娴??????板? 
		<tsm_stbservice>http://10.3.64.159/tsm/stbservice.asmx</tsm_stbservice>
		<tsm_stbservice_ns>http://tsm.zte.com.cn/</tsm_stbservice_ns>
		-->
		<!-- ??。????¢??ュ? 姝e?????板? -->
		<tsm_stbservice>http://tsm.zte.com.cn/tsm/stbservice.asmx</tsm_stbservice>
		<tsm_stbservice_ns>http://tsm.zte.com.cn/</tsm_stbservice_ns>
		
		
		<!-- Support ????炬???疆 娴??????板? 
		<support_link>http://10.3.64.73/support/index.aspx</support_link>
		-->
		
		<!-- Support ????炬???疆 姝e?????板? -->
		<support_link>http://support.zte.com.cn/support/index.aspx</support_link>
		
		<!-- prm-portal娴?????涓???????D 
     	<siteId_cn>57</siteId_cn>
     	<siteId_en>61</siteId_en>
     	-->
		<!-- prm-portal??骇???涓???????D  -->
    	<siteId_cn>63</siteId_cn>
    	<siteId_en>64</siteId_en>
		
	</portal> 
</ApplicationConfig>


还有
某配置文件

#Created by JInto - www.guh-software.de
#Thu Dec 02 20:17:56 CST 2010
CONNECTOR_COREPOOLSIZE=20
CONNECTOR_KEEPALIVETIME=20
CONNECTOR_MAXPOOLSIZE=20
IS_START_TIMER=1
SENDAUDITFAIL_FILENAME=SendAuditFail.xml
SYNSTATUS_FILENAME=SynStatus.xml
#SYNSTATUS_FILTDIR=/opt/IBM/WebSphere/AppServer/logs/ConnectorLog
SYNSTATUS_FILTDIR=D\:/ConnectorLog/
SYN_WISSERVER_REMOTEMETHOD=synAuditStatus
TIMINGPOLL_DELAY=600000
TIMINGPOLL_PERIOD=600000
#WIS_SERVICE_ENDPOINTURL=http\://10.16.33.57\:8580/wisserver/services/ReceiveAppCallService?wsdl
WIS_SERVICE_ENDPOINTURL=http\://itpwis.zte.com.cn\:8080/wisserver/services/ReceiveAppCallService?wsdl
WIS_SERVICE_REMOTEMETHOD=sendAuditReq
WORKFLOW_SEND_SERVICE_METHOD=rtnDetailStartProcessWithApp
WORKFLOW_SEND_SERVICE_URL=http\://10.3.64.65\:8090/bpsConsole/services/processFacade?wsdl
WORKFLOW_SYN_SEND_SERVICE_METHOD=rtnDetailupVarAndCompTaskWithApp
WORKFLOW_SYN_SEND_SERVICE_URL=http\://10.3.64.65\:8090/bpsConsole/services/workItemFacade?wsdl


来张内网果照

10.jpg

修复方案:

你们更专业。

版权声明:转载请注明来源 fuckadmin@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-04-03 10:48

厂商回复:

感谢~

最新状态:

暂无