Shop treasure self-help built Station system command execution-vulnerability warning-the black bar safety net

Brief description:

struct command execution, root permissions, the database can be connected, the number of users large

Detailed description:

http://login.ctoshop.com/shopsystemF/checkLogin.action

Vulnerability proof:

The website physical path: /home/webserver/shopsystemF java. home: /usr/local/jdk1. 6. 0_18/jre java. version: 1.6.0_18 os. name: Linux os. arch: i386 os. version: 2.6.18-194.26.1. el5. 028stab070. 1 4 user. name: root user. home: /root

<property name=“driverClassName” value=“com. mysql. jdbc. Driver”/> <property name=“url” value=“jdbc:mysql://74.86.227.90:3 3 0 6/mall”/> <property name=“username” value=“ctoshopUSA”/> <property name=“password” value=“%CtoshoP7*******”/>

!

Repair solutions:

Upgrade