来自ERPScan公司的安全专家们发现了这个编号为CVE-2018-2636的漏洞。这个漏洞来自Oracle MICROS系统内的销售点(Point-of-Sale)终端,可能被利用来从硬件内无需验证地读取敏感资料。
ERPScan发布的漏洞分析内这样写道:“CVE2018-2636标记了一个Oracle MICROS系统内的文件夹遍历时暴露出的漏洞。如果公司内部有人得到了某个关键文件夹的路径,他就能从一台终端中偷取许多关键的资料,包括服务日志以及一些包含着用户名和密码的信息,甚至可以使用这些密码去连接数据库,获得更多关于服务器端之类的信息。”
“攻击者们能够获得数据库用户名以及哈希过后的密码,将密码暴力破解然后获得数据库内部商业资料的所有权限。而且还有许多不同的利用这个漏洞的攻击方式,导致整个MICROS系统处在危险之中。”
Oracle的MICROS系统在世界范围内拥有超过330000的现金注册用户,涵盖了许多食物卖场(200000+)以及酒店(30000)。
研究者还解释道,对一个本地攻击者来说要获取到MICROS销售点终端的URL路径是很简单的。
例如,他可以找到一个商场的电子秤或者其他使用RJ45点硬件,将其连接到Raspberry PI(树莓派),然后扫描整个内部网络。另一个选项是可以通过这些暴露在因特网上的设备来定位。截止本稿完成之时,共有139个MICROS销售点系统暴露在因特网上,其中大多数位于美国及加拿大。
这并不是MICROS首次遭到质疑,2016年时就曾经有黑客通过客户售后支持中心入侵MICROS系统。
分析报告最后总结道:“如果你想保护你的系统免受网络攻击的危害,你必须持续地保持更新,安装所有安全补丁。在这个案例中,特指Oracle在2018年1月的更新。”
VintaSoftImaging.NET SDK是一个为.NET开发人员开发的,强大而易于使用的图像工具包。它可以让你加载、查看、处理、打印和保存数字图像,可将它们转换为不同的图像格式,可用多种TIFF和动态GIF文件提高您的工作效率。
【VintaSoftImaging.NET SDK最新版点击下载>>>】
C#: MailBee.SmtpMail.Smtp.QuickSend("from@me.com", "to@you.com", "Subject", "Message Body"); |
VB.NET: MailBee.SmtpMail.Smtp.QuickSend("from@me.com", "to@you.com", "Subject", "Message Body") |
C#: MailBee.SmtpMail.Smtp.QuickSend("From Me (Company Info)", "To you ", "Subject", "Plain text body", "HTML-formatted body", null, @"C:\My Documents\report.doc"); |
VB.NET: MailBee.SmtpMail.Smtp.QuickSend("From Me (Company Info)", _ "To you ", _ "Subject", "Plain text body", _ "«html»HTML-formatted body«/html»", _ Nothing, "C:\My Documents\report.doc") |
C#: Smtp oMailer = new Smtp(); |
VB.NET: Dim oMailer As New Smtp() |
C#: oMailer.SmtpServers.Add("smtp.domain.com"); |
VB.NET: oMailer.SmtpServers.Add("smtp.domain.com") |
C#: oMailer.SmtpServers.Add("127.0.0.1"); |
VB.NET: oMailer.SmtpServers.Add("127.0.0.1") |
C#: oMailer.SmtpServers.Add("smtp.domain.com","login","password"); |
VB.NET: oMailer.SmtpServers.Add("smtp.domain.com","login","password") |
C#: oMailer.SmtpServers.Add("127.0.0.1","login","password"); |
VB.NET: oMailer.SmtpServers.Add("127.0.0.1","login","password") |
C#: oMailer.From.AsString = "Dan Brown (Company Info)"; |
VB.NET: oMailer.From.AsString = "Dan Brown (Company Info)" |
C#: oMailer.From.AsString = "Dan Brown "; |
VB.NET: oMailer.From.AsString = "Dan Brown " |
C#: oMailer.From.AsString = "dan@domain.com"; |
VB.NET: oMailer.From.AsString = "dan@domain.com" |
C#: oMailer.To.AsString = "Bill Smith (Remarks), Kathy@mail.com "; oMailer.Cc.AsString = "Joe Black , Joseph "; oMailer.Bcc.AsString = "t.jay@domain.com, s.connor@domain.com"; oMailer.ReplyTo.AsString = "john@domain.com, Barbara Jones "; |
VB.NET: oMailer.To.AsString = "Bill Smith (Remarks), Kathy@mail.com " oMailer.Cc.AsString = "Joe Black , Joseph " oMailer.Bcc.AsString = "t.jay@domain.com, s.connor@domain.com" oMailer.ReplyTo.AsString = "john@domain.com, Barbara Jones " |
C#: oMailer.Subject = "Test message"; |
VB.NET: oMailer.Subject = "Test message" |
C#: oMailer.BodyPlainText = "This is a test e-mail message."; |
VB.NET: oMailer.BodyPlainText = "This is a test e-mail message." |
C#: oMailer.BodyHtmlText = @" Test HTML message.
www.afterlogic.com"; |
VB.NET: oMailer.BodyHtmlText = " Test HTML message. " & vbCrLf & _ "" & vbCrLf & _ " " & vbCrLf & _ " " & vbCrLf & _ "www.afterlogic.com" |
C#: oMailer.AddAttachment(@"C:\annual_reoprt.xls"); oMailer.AddAttachment(@"C:\deposits.doc"); |
VB.NET: oMailer.AddAttachment("C:\annual_reoprt.xls") oMailer.AddAttachment("C:\deposits.doc") |
C#: try { oMailer.Send(); Console.WriteLine("The message has been successfully sent."); } catch (MailBeeSmtpRefusedRecipientException e) { Console.WriteLine("The following recipient was refused by SMTP server: " + e.RefusedRecipientEmail); } |
VB.NET: Try oMailer.Send() Console.WriteLine("The message has been successfully sent.") Catch e As MailBeeSmtpRefusedRecipientException Console.WriteLine("The following recipient was refused by SMTP server: " + e.RefusedRecipientEmail) End Try |
C#: using System; using MailBee; using MailBee.SmtpMail; namespace EmailApp { class Class1 { [STAThread] static void Main(string[] args) { Smtp oMailer = new Smtp(); oMailer.From.AsString = "John Doe (Company Info)"; oMailer.To.AsString = "Bill Smith , Kathy Ritchie (Company Info)"; oMailer.Subject = "Test e-mail"; oMailer.BodyPlainText = "This is a test e-mail message."; oMailer.BodyHtmlText = @" Test HTML message.
www.afterlogic.com"; oMailer.AddAttachment(@"C:\annual_reoprt.xls"); oMailer.SmtpServers.Add("127.0.0.1", "login", "password"); oMailer.SmtpServers[0].AllowRefusedRecipients = false; try { oMailer.Send(); Console.WriteLine("The message has been successfully sent."); } catch (MailBeeSmtpRefusedRecipientException e) { Console.WriteLine("The following recipient was refused by SMTP server: "+ e.RefusedRecipientEmail); } } } } |
VB.NET: Imports System Imports MailBee Imports MailBee.SmtpMail Namespace EmailApp Class Class1 _ Shared Sub Main(ByVal args() As String) Dim oMailer As New Smtp() oMailer.From.AsString = "John Doe (Company Info)" oMailer.To.AsString = "Bill Smith , Kathy Ritchie (Company Info)" oMailer.Subject = "Test e-mail" oMailer.BodyPlainText = "This is a test e-mail message." oMailer.BodyHtmlText = " Test HTML message. " & vbCrLf & _ "" & vbCrLf & _ " " & vbCrLf & _ " " & vbCrLf & _ "www.afterlogic.com" oMailer.AddAttachment("C:\annual_reoprt.xls") oMailer.SmtpServers.Add("127.0.0.1", "login", "password") oMailer.SmtpServers(0).AllowRefusedRecipients = False Try oMailer.Send() Console.WriteLine("The message has been successfully sent.") Catch e As MailBeeSmtpRefusedRecipientException Console.WriteLine("The following recipient was refused by SMTP server: "+ e.RefusedRecipientEmail) End Try End Sub End Class End Namespace |
 应用于Web应用程序的TWAIN扫描识别工具 支持所有主流浏览器。 | |
 更快速、更安全的远程获取 和跨平台VSS插件 兼容所有的网络技术,平台和设备 |  为桌面应用程序设计的.NET控件 适用于C#和VB.NET 能让你从任何TWAIN设备中获取图像的托管代码SDK |
 一款多功能的条码读取控件 只需要几行代码就可以将条码读取功能 嵌入到Web或桌面应用程序 |  快速、轻松地为您的web应用程序 启用图像和视频捕捉 |
 一个用以替代VSS的独立版本控制软件 |  一款基于SQL Server的本地/网络版本控制软件 |
2017慧都十四周年狂欢搞事情!砸金蛋100%抽现金红包、满额豪送iPhone X、iPhone 8、DevExpress汉化免费送、团队升级培训套包劲省10万元......更多惊喜等您来探索!
试用、下载、了解更多产品信息请点击"咨询在线客服"
沪公网安备31011202009668号 | 沪ICP备13020027号-2
