乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-08-23: 细节已通知厂商并且等待厂商处理中 2014-08-28: 厂商已经确认,细节仅向厂商公开 2014-09-07: 细节向核心白帽子及相关领域专家公开 2014-09-17: 细节向普通白帽子公开 2014-09-27: 细节向实习白帽子公开 2014-10-07: 细节向公众公开
LBS 基于位置的服务,它是通过电信移动运营商的无线电通讯网络(如GSM网、CDMA网)或外部定位方式(如GPS)获取移动终端用户的位置信息(地理坐标,或大地坐标),在地理信息系统 北斗的那个什么。也没乱动,遵守白帽子的规则,希望尽快修复。
北斗卫星LBS位置服务平台getshell+信息泄露地址:http://221.194.128.113:8095/BdlbsManager/贵站点存在struts漏洞,直接导致getshell
信息泄露:
<!--LBS用户连接 dbcp连接池 org.apache.commons.dbcp.BasicDataSource"--> <bean id="dataSourceQuanJu" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close" lazy-init="true"> <!-- 42数据库连接地址 --> <!--<property name="driverClass" value="oracle.jdbc.driver.OracleDriver" ></property> <property name="jdbcUrl" value="jdbc:oracle:thin:@10.0.18.42:1521:bddb"></property> <property name="user" value="qjdb"></property> <property name="password" value="qj2013"></property>--> <!-- 113数据库连接地址 --> <!-- <property name="driverClass" value="oracle.jdbc.driver.OracleDriver" ></property> <property name="jdbcUrl" value="jdbc:oracle:thin:@221.194.128.113:1538:bddb"></property> <property name="user" value="qjdb"></property> <property name="password" value="qj07031804qj"></property> --> <!-- 114数据库连接地址 --> <!--<property name="driverClass" value="oracle.jdbc.driver.OracleDriver" ></property> <property name="jdbcUrl" value="jdbc:oracle:thin:@221.194.128.114:1539:ykdb"></property> <property name="user" value="qjdb"></property> <property name="password" value="ykdbqj"></property>--> <property name="driverClass" value="oracle.jdbc.driver.OracleDriver" ></property> <property name="jdbcUrl" value="jdbc:oracle:thin:@123.125.16.139:1540:zxdb"></property> <property name="user" value="qjdb"></property> <property name="password" value="qj07031804qj"></property>
--><!--测试用的demo例子 开始 --> <bean id="qjTbTermincardinfoDAO" class="com.sos.lbs.dao.impl.QjTbTermincardinfoDAO"> <property name="sessionFactory"> <ref bean="sessionFactoryQuanJu"/> </property> </bean> <bean id="qjTbTermincardinfoService" class="com.sos.lbs.service.impl.QjTbTermincardinfoService"> <property name="iqjTbTermincardinfoDAO" ref="qjTbTermincardinfoDAO"></property> <property name="iqjTbTermincardidDAO" ref="qjTbTermincardidDAO"></property> </bean> <bean id="TerminCardAction" class="com.sos.lbs.action.QjTbTermincardinfoAction" > <property name="iqjTbTermincardinfoService" ref="qjTbTermincardinfoService"></property> <property name="ilbsTbUserService" ref="lbsTbUserService"></property> <property name="iqjTbTermincardidService" ref="qjTbTermincardidService"></property> </bean> <!--测试用的demo例子 结束 --> <!-- 判断该终端是否为有屏机 开始 --> <bean id="qjVwTermincardinfoDAO" class="com.sos.lbs.dao.impl.QjVwTermincardinfoDAO"> <property name="sessionFactory"> <ref bean="sessionFactoryQuanJu"/> </property> </bean> <bean id="qjVwTermincardinfoService" class="com.sos.lbs.service.impl.QjVwTermincardinfoService"> <property name="iqjVwTermincardinfoDAO" ref="qjVwTermincardinfoDAO"></property> </bean> <bean id="QjVwTinfoAction" class="com.sos.lbs.action.QjVwTermincardinfoAction"> <property name="iqjVwTermincardinfoService" ref="qjVwTermincardinfoService"></property> </bean> <!-- 判断该终端是否为有屏机 结束 --> <!-- 查询终端所有的运营商信息 --> <bean id="qjTbTerminfactoryDAO" class="com.sos.lbs.dao.impl.QjTbTerminfactoryDAO"> <property name="sessionFactory"> <ref bean="sessionFactoryQuanJu"/> </property> </bean> <bean id="qjTbTerminfactoryService" class="com.sos.lbs.service.impl.QjTbTerminfactoryService"> <property name="iqjTbTerminfactoryDAO" ref="qjTbTerminfactoryDAO"></property> </bean> <bean id="qjTbTerminfactoryAction" class="com.sos.lbs.action.QjTbTerminfactoryAction"> <property name="iqjTbTerminfactoryService" ref="qjTbTerminfactoryService"></property> </bean> <!-- 所有的运营商信息列表 开始 --> <bean id="qjTbOperatorDAO" class="com.sos.lbs.dao.impl.QjTbOperatorDAO"> <property name="sessionFactory"> <ref bean="sessionFactoryQuanJu"/> </property> </bean> <bean id="qjTbOperatorService" class="com.sos.lbs.service.impl.QjTbOperatorService"> <property name="iqjTbOperatorDAO" ref="qjTbOperatorDAO"></property> </bean> <bean id="qjTbOperatorAction" class="com.sos.lbs.action.QjTbOperatorAction"> <property name="iqjTbOperatorService" ref="qjTbOperatorService"></property> </bean> <!-- 所有的运营商信息列表 结束 --> <!-- 终端卡信息开始 2014-3-25 --> <bean id="qjTbTermincardidDAO" class="com.sos.lbs.dao.impl.QjTbTermincardidDAO"> <property name="sessionFactory" ref="sessionFactoryQuanJu"></property> </bean> <bean id="qjTbTermincardidService" class="com.sos.lbs.service.impl.QjTbTermincardidService"> <property name="iqjTbTermincardidDAO" ref="qjTbTermincardidDAO"></property> </bean> <bean id="qjTbTermincardidAction" class="com.sos.lbs.action.QjTbTermincardidAction"> <property name="iqjTbTermincardidService" ref="qjTbTermincardidService"></property> </bean> <!-- 终端卡信息结束 2014-3-25 --> <!-- 终端卡详细信息备份表开始 2014-3-25 --> <bean id="qjTbTermincardinfoHistoryDAO" class="com.sos.lbs.dao.impl.QjTbTermincardinfoHistoryDAO"> <property name="sessionFactory" ref="sessionFactoryQuanJu"></property> </bean> <bean id="qjTbTermincardinfoHistoryService" class="com.sos.lbs.service.impl.QjTbTermincardinfoHistoryService"> <property name="iqjTbTermincardinfoHistoryDAO" ref="qjTbTermincardinfoHistoryDAO"></property> </bean> <!-- 终端卡详细信息备份表结束 2014-3-25 --> </beans>
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"> <!--LBS用户连接 dbcp连接池 <bean id="dataSource"org.apache.commons.dbcp.BasicDataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource"> --> <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close" lazy-init="true"> <!-- 42连接地址 --> <!--<property name="driverClass" value="oracle.jdbc.driver.OracleDriver" ></property> <property name="jdbcUrl" value="jdbc:oracle:thin:@10.0.18.42:1521:bddb"></property> <property name="user" value="lbsdb001"></property> <property name="password" value="lbs2013"></property> --><!-- 113连接地址 --> <!-- <property name="driverClass" value="oracle.jdbc.driver.OracleDriver" ></property> <property name="jdbcUrl" value="jdbc:oracle:thin:@221.194.128.113:1538:bddb"></property> <property name="user" value="lbsdb001"></property> <property name="password" value="lbs07031804lbs"></property> --> <!-- 114连接地址 --> <!--<property name="driverClass" value="oracle.jdbc.driver.OracleDriver" ></property> <property name="jdbcUrl" value="jdbc:oracle:thin:@221.194.128.114:1539:ykdb"></property> <property name="user" value="lbsdb001"></property> <property name="password" value="ykdblbs"></property>--> <property name="driverClass" value="oracle.jdbc.driver.OracleDriver" ></property> <property name="jdbcUrl" value="jdbc:oracle:thin:@123.125.16.139:1540:zxdb"></property> <property name="user" value="lbsdb001"></property> <property name="password" value="lbs07031804lbs"></property> <!--连接池中保留的最小连接数。--> <property name="minPoolSize" value="3"></property> <!--连接池中保留的最大连接数。Default: 15 --> <property name="maxPoolSize" value="100" /> <!--初始化时获取的连接数,取值应在minPoolSize与maxPoolSize之间。Default: 3 --> <property name="initialPoolSize" value="5" /> <!--最大空闲时间,60秒内未使用则连接被丢弃。若为0则永不丢弃。Default: 0 --> <property name="maxIdleTime" value="180" /> <!--当连接池中的连接耗尽的时候c3p0一次同时获取的连接数。Default: 3 --> <property name="acquireIncrement" value="5" /> <!--每60秒检查所有连接池中的空闲连接。Default: 0 --> <property name="idleConnectionTestPeriod" value="180" /> <!--定义在从数据库获取新连接失败后重复尝试的次数。Default: 30 --> <property name="acquireRetryAttempts" value="30" /> <!--连接关闭时默认将所有未提交的操作回滚。Default: false --> <property name="autoCommitOnClose" value="true"></property> <!-- <property name="preferredTestQuery" value="select count(*) from dual"></property> --> <!-- 新加 2014-03-17--> <property name="checkoutTimeout" value="5000"></property> <property name="maxStatements" value="0"></property> </bean> <!-- dataSource: 要连接的 datasource (通常我们不会定义在 server.xml) defaultAutoCommit: 对于事务是否 autoCommit, 默认值为 true defaultReadOnly: 对于数据库是否只能读取, 默认值为 false driverClassName:连接数据库所用的 JDBC Driver Class, maxActive: 可以从对象池中取出的对象最大个数,为0则表示没有限制,默认为8 maxIdle: 最大等待连接中的数量,设 0 为没有限制 (对象池中对象最大个数) minIdle:对象池中对象最小个数 maxWait: 最大等待秒数, 单位为 ms, 超过时间会?出错误信息 password: 登陆数据库所用的密码 url: 连接数据库的 URL username: 登陆数据库所用的帐号 validationQuery: 验证连接是否成功, SQL SELECT 指令至少要返回一行 removeAbandoned: 是否自我中断, 默认是 false removeAbandonedTimeout: 几秒后会自我中断, removeAbandoned 必须为 true logAbandoned: 是否记录中断事件, 默认为 false minEvictableIdleTimeMillis:大于0 ,进行连接空闲时间判断,或为0,对空闲的连接不进行验证;默认30分钟 timeBetweenEvictionRunsMillis:失效检查线程运行时间间隔,如果小于等于0,不会启动检查线程,默认-1 testOnBorrow:取得对象时是否进行验证,检查对象是否有效,默认为false testOnReturn:返回对象时是否进行验证,检查对象是否有效,默认为false testWhileIdle:空闲时是否进行验证,检查对象是否有效,默认为false ? 在使用DBCP的时候,如果使用默认值,则数据库连接因为某种原因断掉后,再从连接池中取得连接又不进行验证,这时取得的连接实际上就会是无效的数据库连接。因此为了防止获得的数据库连接失效,在使用的时候最好保证: username: 登陆数据库所用的帐号 validationQuery:SELECT COUNT(*) FROM DUAL testOnBorrow、testOnReturn、testWhileIdle:最好都设为true minEvictableIdleTimeMillis:大于0 ,进行连接空闲时间判断,或为0,对空闲的连接不进行验证 timeBetweenEvictionRunsMillis:失效检查线程运行时间间隔,如果小于等于0,不会启动检查线程 <property name=""></property> --> <bean id="sessionFactory" class="org.springframework.orm.hibernate3.LocalSessionFactoryBean"> <property name="dataSource"> <ref local="dataSource" /> </property> <property name="hibernateProperties"> <props> <prop key="hibernate.dialect"> org.hibernate.dialect.Oracle9Dialect </prop> <prop key="hibernate.show_sql">true</prop> <!-- 20140319 新添加内容 <prop key="hibernate.format_sql">true</prop> --><prop key="hibernate.generate_statistics">true</prop> <prop key="hibernate.autoReconnect">true</prop> <prop key="hibernate.max_fech_depth">5</prop> <prop key="hibernate.jdbc.batch_size">50</prop> <prop key="hibernate.jdbc.fetch_size">100</prop> <!-- <prop key="hibernate.generate_statistics">true</prop> <prop key="hibernate.connection.release_mode">auto</prop> <prop key="hibernate.autoReconnect">true</prop> --></props> </property> <property name="mappingResources"> <list> <value>com/sos/lbs/pojo/LbsTbAuthority.hbm.xml</value> <value>com/sos/lbs/pojo/LbsTbSendtext.hbm.xml</value> <value>com/sos/lbs/pojo/LbsTbUser.hbm.xml</value> <value>com/sos/lbs/pojo/LbsTbUsertermin.hbm.xml</value> <value>com/sos/lbs/pojo/LbsTbReceivetext.hbm.xml</value> <value>com/sos/lbs/pojo/LbsTbUsergroup.hbm.xml</value> <value>com/sos/lbs/pojo/LbsTbFence.hbm.xml</value> </list> </property> </bean> <!--<bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager"> <property name="sessionFactory" ref="sessionFactoryQuanJu"></property> </bean> --><!-- <bean id="andyWEB" class="com.sos.lbs.util.TestTask" init-method="taskTime"/> --> <!--测试用的demo例子 开始 --> <bean id="LbsAuthDAO" class="com.sos.lbs.dao.impl.LbsTbAuthorityDAO"> <property name="sessionFactory"> <ref bean="sessionFactory"/> </property> </bean> <bean id="LbsService" class="com.sos.lbs.service.impl.LbsTbAuthorityService"> <property name="lbsAutoDAO" ref="LbsAuthDAO"></property> </bean> <bean id="LbsAaction" class="com.sos.lbs.action.LbsTbAuthorityAction" > <property name="lbsService" ref="LbsService"></property> </bean> <!--测试用的demo例子 结束 --> <bean id="lbsTbSendtextDAO" class="com.sos.lbs.dao.impl.LbsTbSendtextDAO"> <property name="sessionFactory"> <ref bean="sessionFactory"/> </property> </bean> <bean id="lbsTbSendtextService" class="com.sos.lbs.service.impl.LbsTbSendtextService"> <property name="tbSendtextDAO" ref="lbsTbSendtextDAO"></property> </bean> <!-- 用户登陆页面初始化 开始--> <bean id="lbsTbUserDAO" class="com.sos.lbs.dao.impl.LbsTbUserDAO"> <property name="sessionFactory"> <ref bean="sessionFactory"/> </property> </bean> <bean id="lbsTbUserService" class="com.sos.lbs.service.impl.LbsTbUserService"> <property name="ilbsTbUserDAO" ref="lbsTbUserDAO"></property> </bean> <bean id="lbsTbUserAction" class="com.sos.lbs.action.LbsTbUserAction"> <property name="ilbsTbUserService" ref="lbsTbUserService"></property> <property name="ilbsTbUserterminService" ref="lbsTbUserterminService"></property> <property name="iqjVwTermincardinfoService" ref="qjVwTermincardinfoService"></property> <property name="ilbsTbReceivetextService" ref="lbsTbReceivetextService"></property> <property name="ilbsTbUsergroupService" ref="lbsTbUsergroupService"></property> </bean> <!-- 用户登陆页面初始化 结束--> <!-- 用户登陆 开始--> <bean id="lbsTbUserterminDAO" class="com.sos.lbs.dao.impl.LbsTbUserterminDAO"> <property name="sessionFactory"> <ref bean="sessionFactory"/> </property> </bean> <bean id="lbsTbUserterminService" class="com.sos.lbs.service.impl.LbsTbUserterminService"> <property name="ilbsTbUserterminDAO" ref="lbsTbUserterminDAO"></property> </bean> <!-- 用户登陆 结束--> <!--查询用户已经接收到的短信信息 开始--> <bean id="lbsTbReceivetextDAO" class="com.sos.lbs.dao.impl.LbsTbReceivetextDAO"> <property name="sessionFactory"> <ref bean="sessionFactory"/> </property> </bean> <bean id="lbsTbReceivetextService" class="com.sos.lbs.service.impl.LbsTbReceivetextService"> <property name="ilbsTbReceivetextDAO" ref="lbsTbReceivetextDAO"></property> </bean> <!--查询用户已经接收到的短信信息 结束--> <!--用户分组 开始 --> <bean id="lbsTbUsergroupDAO" class="com.sos.lbs.dao.impl.LbsTbUsergroupDAO"> <property name="sessionFactory"> <ref bean="sessionFactory"/> </property> </bean> <bean id="lbsTbUsergroupService" class="com.sos.lbs.service.impl.LbsTbUsergroupService"> <property name="ilbsTbUsergroupDAO" ref="lbsTbUsergroupDAO"></property> </bean> <!--用户分组 结束 --> <!-- 电子围栏 开始 --> <bean id="ilbsTbFenceDAO" class="com.sos.lbs.dao.impl.LbsTbFenceDAO"> <property name="sessionFactory"> <ref bean="sessionFactory"/> </property> </bean> <bean id="ilbsTbFenceService" class="com.sos.lbs.service.impl.LbsTbFenceService"> <property name="ilbsTbFenceDAO" ref="ilbsTbFenceDAO"></property> </bean> <bean id="lbsTbFenceAction" class="com.sos.lbs.action.LbsTbFenceAction"> <property name="ilbsTbFenceService" ref="ilbsTbFenceService"></property> </bean> <!-- 电子围栏 结束 --> </beans>
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"> <!--终端用户连接 proxool连接池 开发库 开始--> <bean id="dataSourceUser" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close" lazy-init="true" > <!-- 42数据库连接地址 --> <!--<property name="driverClass" value="oracle.jdbc.driver.OracleDriver" ></property> <property name="jdbcUrl" value="jdbc:oracle:thin:@10.0.18.42:1521:bddb"></property> <property name="user" value="bddb001"></property> <property name="password" value="bd2013"></property> --><!-- 113数据库连接地址 --> <!-- <property name="driverClass" value="oracle.jdbc.driver.OracleDriver" ></property> <property name="jdbcUrl" value="jdbc:oracle:thin:@221.194.128.113:1538:bddb"></property> <property name="user" value="bddb001"></property> <property name="password" value="bd07031804bd"></property> --> <!-- 114数据库连接地址 --> <!--<property name="driverClass" value="oracle.jdbc.driver.OracleDriver" ></property> <property name="jdbcUrl" value="jdbc:oracle:thin:@221.194.128.114:1539:ykdb"></property> <property name="user" value="bddb001"></property> <property name="password" value="ykdbbd"></property>--> <property name="driverClass" value="oracle.jdbc.driver.OracleDriver" ></property> <property name="jdbcUrl" value="jdbc:oracle:thin:@123.125.16.139:1540:zxdb"></property> <property name="user" value="bddb001"></property> <property name="password" value="bd07031804bd"></property> <!--连接池中保留的最小连接数。--> <property name="minPoolSize" value="3"></property> <!--连接池中保留的最大连接数。Default: 15 --> <property name="maxPoolSize" value="300" /> <!--初始化时获取的连接数,取值应在minPoolSize与maxPoolSize之间。Default: 3 --> <property name="initialPoolSize" value="5" /> <!--最大空闲时间,60秒内未使用则连接被丢弃。若为0则永不丢弃。Default: 0 --> <property name="maxIdleTime" value="180" /> <!--当连接池中的连接耗尽的时候c3p0一次同时获取的连接数。Default: 3 --> <property name="acquireIncrement" value="5" /> <!--每60秒检查所有连接池中的空闲连接。Default: 0 --> <property name="idleConnectionTestPeriod" value="180" /> <!--定义在从数据库获取新连接失败后重复尝试的次数。Default: 30 --> <property name="acquireRetryAttempts" value="30" /> <!--连接关闭时默认将所有未提交的操作回滚。Default: false --> <property name="autoCommitOnClose" value="true"></property> <!-- <property name="preferredTestQuery" value="select count(*) from dual"></property> --> <!-- 新加 2014-03-17--> <property name="checkoutTimeout" value="5000"></property> <property name="maxStatements" value="0"></property> </bean> <!--终端用户连接 dbcp连接池 测试库 结束 --> <bean id="sessionFactoryUser" class="org.springframework.orm.hibernate3.LocalSessionFactoryBean"> <property name="dataSource"> <ref local="dataSourceUser" /> </property> <property name="hibernateProperties"> <props> <prop key="hibernate.dialect"> org.hibernate.dialect.Oracle9Dialect </prop> <prop key="hibernate.show_sql">true</prop> <!--20140319 新添加内容 <prop key="hibernate.format_sql">true</prop> --><prop key="hibernate.generate_statistics">true</prop> <prop key="hibernate.autoReconnect">true</prop> <prop key="hibernate.max_fech_depth">5</prop> <prop key="hibernate.jdbc.batch_size">50</prop> <prop key="hibernate.jdbc.fetch_size">100</prop> <!-- <prop key="hibernate.generate_statistics">true</prop> <prop key="hibernate.connection.release_mode">auto</prop> <prop key="hibernate.autoReconnect">true</prop> --></props> </property> <property name="mappingResources"> <list> <value>com/sos/lbs/pojo/BdTbFootprint.hbm.xml</value> <value>com/sos/lbs/pojo/BdTbHistorystatus.hbm.xml</value> <value>com/sos/lbs/pojo/BdTbTextnumber.hbm.xml</value> <value>com/sos/lbs/pojo/BdTbWaitsendtermin.hbm.xml</value> <value>com/sos/lbs/pojo/BdTbSendtext.hbm.xml</value> <value>com/sos/lbs/pojo/BdTbReceivetext.hbm.xml</value> <value>com/sos/lbs/pojo/BdTbMobilesendtext.hbm.xml</value> <value>com/sos/lbs/pojo/BdTbReceiveraw.hbm.xml</value> </list> </property> </bean> <!--<bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager"> <property name="sessionFactory" ref="sessionFactoryQuanJu"></property> </bean> --><!--历史足迹信息查询 开始 --> <bean id="bdTbFootprintDAO" class="com.sos.lbs.dao.impl.BdTbFootprintDAO"> <property name="sessionFactory"> <ref bean="sessionFactoryUser"/> </property> </bean> <bean id="bdTbFootprintService" class="com.sos.lbs.service.impl.BdTbFootprintService"> <property name="ibdTbFootprintDAO" ref="bdTbFootprintDAO"></property> </bean> <bean id="dbFootAction" class="com.sos.lbs.action.BdTbFootprintAction" > <property name="ibdTbFootprintService" ref="bdTbFootprintService"></property> <property name="iqjVwTermincardinfoService" ref="qjVwTermincardinfoService"></property> <property name="ilbsRecevetTextService" ref="lbsTbReceivetextService"></property> <property name="ilbsUserService" ref="lbsTbUserService"></property> </bean> <!--历史足迹信息查询 结束 --> <!--非正常历史足迹信息查询 开始 --> <bean id="bdTbHistorystatusDAO" class="com.sos.lbs.dao.impl.BdTbHistorystatusDAO"> <property name="sessionFactory"> <ref bean="sessionFactoryUser"/> </property> </bean> <bean id="bdTbHistorystatusService" class="com.sos.lbs.service.impl.BdTbHistorystatusService"> <property name="iddTbHistorystatusDAO" ref="bdTbHistorystatusDAO"></property> </bean> <bean id="HistorystateAction" class="com.sos.lbs.action.BdTbHistorystatusAction" > <property name="ibdTbHistorystatusService" ref="bdTbHistorystatusService"></property> </bean> <!--非正常历史足迹信息查询 结束 --> <!--用户发送信息 开始 --> <bean id="isendMessageSerivces" class="com.sos.lbs.service.impl.SendMessageService"> <property name="ilbsTbSendtextService" ref="lbsTbSendtextService"></property> <property name="textNumberservice" ref="bdTbTextnumberService"></property> <property name="ibdTbWaitsendterminService" ref="bdTbWaitsendterminService"></property> <property name="qjVwTermincardinfoService" ref="qjVwTermincardinfoService"></property> <property name="ilbsTbReceivetextService" ref="lbsTbReceivetextService"></property> <property name="ibdTbReceivetextService" ref="bdTbReceivetextService"></property> <property name="ibdTbSendtextService" ref="bdTbSendtextService"></property> </bean> <bean id="SendMessageAction" class="com.sos.lbs.action.SendMessageAction"> <property name="isMessageService" ref="isendMessageSerivces"></property> </bean> <!--用户发送信息 结束 --> <!-- 短信编号 开始 --> <bean id="bdTbTextnumberDAO" class="com.sos.lbs.dao.impl.BdTbTextnumberDAO"> <property name="sessionFactory"> <ref bean="sessionFactoryUser"/> </property> </bean> <bean id="bdTbTextnumberService" class="com.sos.lbs.service.impl.BdTbTextnumberService"> <property name="iddTbTextnumberDAO" ref="bdTbTextnumberDAO"></property> </bean> <!-- 短信编号 结束 --> <!-- 待发送表 开始 --> <bean id="bdTbWaitsendterminDAO" class="com.sos.lbs.dao.impl.BdTbWaitsendterminDAO"> <property name="sessionFactory"> <ref bean="sessionFactoryUser"/> </property> </bean> <bean id="bdTbWaitsendterminService" class="com.sos.lbs.service.impl.BdTbWaitsendterminService"> <property name="ibdTbWaitsendterminDAO" ref="bdTbWaitsendterminDAO"></property> </bean> <!-- 待发送表 结束 --> <!-- 终端已发送表 开始 --> <bean id="bdTbSendtextDAO" class="com.sos.lbs.dao.impl.BdTbSendtextDAO"> <property name="sessionFactory"> <ref bean="sessionFactoryUser"/> </property> </bean> <bean id="bdTbSendtextService" class="com.sos.lbs.service.impl.BdTbSendtextService"> <property name="ibdTbSendtextDAO" ref="bdTbSendtextDAO"></property> </bean> <!-- 终端已发送表 结束 --> <!-- 终端已接收表 开始 --> <bean id="bdTbReceivetextDAO" class="com.sos.lbs.dao.impl.BdTbReceivetextDAO"> <property name="sessionFactory"> <ref bean="sessionFactoryUser"/> </property> </bean> <bean id="bdTbReceivetextService" class="com.sos.lbs.service.impl.BdTbReceivetextService"> <property name="ibdTbReceivetextDAO" ref="bdTbReceivetextDAO"></property> </bean> <!-- 终端已接收表 结束 --> <!-- 待发送到终端的手机短信箱 开始--> <bean id="bdTbMobilesendtextDAO" class="com.sos.lbs.dao.impl.BdTbMobilesendtextDAO"> <property name="sessionFactory" > <ref bean="sessionFactoryUser"/> </property> </bean> <bean id="bdTbMobilesendtextService" class="com.sos.lbs.service.impl.BdTbMobilesendtextService"> <property name="ibdTbMobilesendtextDAO" ref="bdTbMobilesendtextDAO"></property> </bean> <bean id="bdTbMobilesendtextAction" class="com.sos.lbs.action.BdTbMobilesendtextAction"> <property name="ibdTbMobilesendtextService" ref="bdTbMobilesendtextService"></property> </bean> <!-- 待发送到终端的手机短信箱 结束--> <!-- 转换百度坐标处理 开始 <bean id="bdTbFootprintBaiDAO" class="com.sos.lbs.dao.impl.BdTbFootprintBaiDAO"> <property name="sessionFactory"> <ref bean="sessionFactoryUser"/> </property> </bean> <bean id="bdTbFootprintBaiService" class="com.sos.lbs.service.impl.BdTbFootprintBaiService"> <property name="ibdTbFootprintBaiDAO" ref="bdTbFootprintBaiDAO"></property> </bean> 转换百度坐标处理 结束--> <!-- 查询指挥机原始数据包 开始--> <bean id="bdTbReceiverawDAO" class="com.sos.lbs.dao.impl.BdTbReceiverawDAO"> <property name="sessionFactory"> <ref bean="sessionFactoryUser"/> </property> </bean> <bean id="bdTbReceiverawServer" class="com.sos.lbs.service.impl.BdTbReceiverawServer"> <property name="ibdTbReceiverawDAO" ref="bdTbReceiverawDAO"></property> </bean> <bean id="bdTbReceiverawAction" class="com.sos.lbs.action.BdTbReceiverawAction"> <property name="ibdTbReceiverawServer" ref="bdTbReceiverawServer"></property> </bean> <!-- 查询指挥机原始数据包 结束--> </beans>
1-漏洞涉及较广泛2-涉及多个数据库3-希望尽快修复吧升级+配置等。作为白帽子,这是我应该做的。关注WEB安全,关注互联网风险。
危害等级:中
漏洞Rank:10
确认时间:2014-08-28 09:20
CNVD确认所述情况,但未建立与网站管理单位的直接处置渠道(网站管理方为商业公司),至27日,网站已经无法直接打开。待处置。
暂无
