中国电信某C段一系列问题

中国电信某C段一系列问题，太累了！

1.电信会议助理

 

Target: 



Whoami: root



WebPath: /data/huiyy/huiyizhuli/

2.中国电信云会议管理系统

 

Target: 



Whoami: root



WebPath: /opt/huiyy/newconference/

3.江苏天翼客服系统

 

Target: 



Whoami: root



WebPath: /xiaoi_app/jstelecom_CN_wechat/webapps/robot

4.天翼通信助手后台管理系统

 

Target: 



Whoami: nt authority\system



WebPath: D:\Core\Tomcat\webapps\web\

5.电信客服系统1

 

Target: 



Whoami: root



WebPath: /xiaoi_app/jstelecom_CN_wechat/webapps/robot

6.电信客服系统2

 

arget: 



Whoami: root



WebPath: /xiaoi_app/jstelecom_sms/webapps/robot

7.电信数字化校园短信平台

 

Target: 



Whoami: root



WebPath: /var/tomcat/webapps/ROOT/

8.jboss jmx-console未授权访问，可shell

9.天翼看交通svn泄露，可读源码

还有很多

 

/common 

/config 

/css 

/DownloadFiles 

/images 

/include 

/javascript 

/manage 

/manage/account 

/manage/AdPublish 

/manage/Area 

/manage/BusinessManage 

/manage/Character 

/manage/chart 

/manage/City 

/manage/cms 

/manage/code 

/manage/companySet 

/manage/css 

/manage/Customerauth 

/manage/customerReport 

/manage/Dict 

/manage/gbox 

/manage/gboxsetting 

/manage/images 

/manage/images/images 

/manage/news 

/manage/parking 

/manage/Product 

/manage/pu 

/manage/publicMsg 

/manage/Road 

/manage/serviceStation 

/manage/systemMsg 

/manage/User 

/manage/userlog 

/manage/userRecommend 

/manage/Vau 

/manage/version 

/manage/video 

/manage/Videocategory 

/manage/Videoerror 

/manage/vu 

/manage/win 

/My97DatePicker 

/My97DatePicker/lang 

/My97DatePicker/skin 

/My97DatePicker/skin/default 

/My97DatePicker/skin/whyGreen 

/portal 

/v 

/WebNews/image 

/WebNews/img 

/WebNews/res

以上目录都存在svn泄露，不重复

10.全球眼视频监控系统存在svn泄露。可读源码

 

/download 

/HomePage 

/images 

/include 

/javascript 

/logs

以上目录都存在，不列举了

漏洞修补方法 patch and del svn