乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-18: 细节已通知厂商并且等待厂商处理中 2015-09-18: 厂商已经确认,细节仅向厂商公开 2015-09-28: 细节向核心白帽子及相关领域专家公开 2015-10-08: 细节向普通白帽子公开 2015-10-18: 细节向实习白帽子公开 2015-11-02: 细节向公众公开
RT 厂商来点礼物吧
首先是一个未授权访问
http://baom.jinri.cn/Product/productdetail.aspx?ProductId=41
有一个上传图片的地方(任意文件上传)得到webshell
其实当我看到这一切的时候内心是崩溃的web.config
<?xml version="1.0" encoding="UTF-8"?><configuration> <configSections> <section name="JinRi.Jason.EtermCommon" type="System.Configuration.NameValueSectionHandler" /> </configSections> <JinRi.Jason.EtermCommon> <add key="LoggerSwitch" value="True" /> <add key="LogFolder" value="" /> </JinRi.Jason.EtermCommon> <appSettings> <!--应用程序ID --> <add key="ApplicationId" value="1" /> <!--密钥--> <add key="EncryptKey" value="!@#$%^~*" /> <!--XML接口用户名--> <add key="XMLSender" value="admin" /> <!--XML接口密码--> <add key="XMLPassword" value="admin" /> <!--XML请求地址--> <add key="XMLPostUrl" value="http://dc.jinri.net.cn/RequestListenerService.aspx" /> <!--ETERM配置中心 域名或IP地址,多个请用','号隔开--> <add key="ConfigCenterDomainIP" value="114.80.69.234:8090,120.132.136.89:8090,114.80.79.146:8090" /> <add key="ConfigCenterURL" value="http://{0}/LoadBalancing.ashx?SectionName={1}" /> <!--特殊舱位服务器地址--> <add key="SpecialCabinAddress" value="http://114.80.69.231:15888/SpecialSearch.ashx" /> <!--登机牌支付通知--> <add key="AlipayNotifyDJP" value="http://114.80.69.233/Alipay_DJP_Notify.aspx" /> <!--登机牌退款通知--> <add key="AlipayRefundDJP" value=" http://114.80.69.233/Alipay_DJP_Refund.aspx" /> <!--Cookie主机域--> <add key="Domain" value=".jinri.cn|jinri.cn|.jinri.net.cn|jinri.net.cn|.jinri.org.cn|jinri.org.cn" /> <!--是否使用Cookie主机域--> <add key="IsUseDomain" value="false" /> <!--快钱支付通知--> <add key="KQNotifyUrl" value="http://114.80.69.233:81/KqResult.aspx" /> <!--Cookie过期时间(秒)--> <add key="CookieExpires" value="28800" /> <!--行程单费用--> <add key="JourneyMoney" value="1" /> <!--行程单邮寄费用--> <add key="JourneyPostMoney" value="10" /> <!--报表下载地址--> <add key="ReportServer" value="114.80.69.249" /> <!--支付宝支付/退款通知--> <add key="AlipayNotify" value="http://114.80.69.241:8009/Alipay_Notify.aspx" /> <add key="AlipayRefund" value="http://114.80.69.241:8009/Alipay_Refund.aspx" /> <!--财付通支付/退款通知--> <add key="ReturnUrl" value="http://127.0.0.1:2093/TenpayOrderResult.aspx" /> <add key="RefundReturnUrl" value="http://127.0.0.1:2093/TenpayRefundResult.aspx" /> <!-- 自由转账--> <add key="BatchAlipay_Notify" value="http://114.80.69.241:8009/BatchAlipay_Notify.aspx" /> <!--燃油税 大于等于800公里--> <add key="GreaterThan800Km" value="140" /> <!--燃油税 小于800公里--> <add key="LessThan800Km" value="80" /> <!--建设费 (大飞机)--> <add key="BigPlane" value="50" /> <!--建设费 (小飞机)--> <add key="SmallPlane" value="0" /> <!--北京东航观察员帐户--> <add key="MUBoss" value="luo888" /> <!--限制北京东航政策 true开启/false关闭--> <add key="LimitMU" value="false" /> <!--验证真假票号功能 true开启/false关闭--> <add key="VerifyTicketNo" value="false" /> <!--平台快钱分润账号([email protected])--> <add key="KqJrShareContact" value="[email protected]" /> <add key="KqJrContact" value="[email protected]" /> <!--自动出票服务器地址--> <add key="BSPAutoTicketServer" value="114.80.69.233" /> <!--自动出票服务器端口--> <add key="AutoTicketPort" value="18189" /> <!--财付通证书路径--> <add key="CertificatePath" value="D:\TenpayKey\1202158701.pfx" /> <!--航班内部查询地址--> <add key="MainInnerURL" value="http://114.80.69.231:15888/DomesticFlightsSearch.ashx" /> <!--航班内部查询地址_V1--> <add key="MainInnerURL_V1" value="http://114.80.69.231:15888/DomesticFlightsSearch.ashx?Version=20100325" /> <!--航班同行查询地址--> <add key="PostOuterURL" value="http://jinri.dianzijipiao.com/XMLDataResult.asp" /> <!--是否VIP版本true/false--> <add key="IsVipVersion" value="true" /> <!--2009-04-20价格变动的航空公司--> <add key="AirPrice" value="CA/HU/FM/CZ/3U/MU/MF/SC/ZH/HO/KN/EU/8L/G5/PN/NS/CN/GS/JD/VD" /> <!--是否开启 [支付宝余额] 开启:true/关闭:false--> <add key="OpenAlipay" value="true" /> <!--是否开启 [快钱余额] 开启:true/关闭:false--> <add key="OpenKqPay" value="true" /> <!--是否开启 [信用卡] 开启:true/关闭:false--> <add key="OpenCreditCard" value="true" /> <!--是否开启 [银行卡及(大额)] 开启:true/关闭:false--> <add key="OpenBankPay" value="true" /> <!--是否开启 [财付通余额] 开启:true/关闭:false--> <add key="OpenTenPay" value="true" /> <!--设置采购没有[支付宝]帐户,初始默认帐户--> <add key="AlipayBuyerEmail" value="[email protected]" /> <!--是否开通手机绑定--> <add key="IsMobileBind" value="true" /> <!--取消订单的分数限制--> <add key="AddMinutes" value="0" /> <!--PNR导入间隔不能低于以下值:秒--> <add key="PnrImportLimit" value="5" /> <!--已用三级域名登记--> <add key="Subdomain" value="w|ww|www|wwww|new|cnc|tnew|rate|ratec|api|hotel|jinri.net.cn|jinri.cn|jinri.org.cn|www.jinri.org.cn|www.new.jinri.net.cn|www.new.jinri.cn|abcdefg.zuchangfang.com|zuchangfang.com" /> <!--绿色通道网站开关true/false--> <add key="GreenChannel" value="false" /> <!--是否启用独立域名经销商功能true/false--> <add key="IsEnabledSales" value="true" /> <!--废退票正常处理的日期开关--> <add key="SolomonSwitchKey" value="2009-9-3 15:00:00" /> <!--是否需要判断串单--> <add key="CheckFakePNR" value="true" /> <!--开关行程单 财付通手续费功能 true/false--> <add key="JourneyTenpay" value="false" /> <!--支付宝冻结/解冻通知--> <add key="AlipayFreeze" value="http://114.80.69.233/AlipayFreeze_Notify.aspx" /> <add key="AlipayunFreeze" value="http://114.80.69.233/AlipayunFreeze_Notify.aspx" /> <!--禁止非FRAME访问 开启/关闭 true/false--> <add key="VisitFrame" value="true" /> <!--供应商获奖入围名单--> <add key="AdvertisingPath" value="ShortList.config" /> <!--限制东航(MU)X舱导入--> <add key="MU_X" value="true" /> <!--价格查询接口--> <add key="PriceQueryInterface" value="http://114.80.69.231:15888/DomesticFlightsSearch.ashx?Method=price#DepartureCity={0}#ArrivalCity={1}#DepartureDate={2}" /> <!--订座时是否加入RMK备注信息 添加/取消 true/false--> <add key="BookingSeatRmk" value="false" /> <!--订座时加入RMK备注信息内容,只有--> <add key="BookingSeatRmkInfo" value="SHANGHAI2010" /> <!--平台快钱分润账号(分账接口)(分账K-K)--> <add key="KqJrContact_OEM" value="[email protected]" /> <!--平台快钱分润账号(不分账)(不分账K-Z)--> <add key="KqJrShareContact_OEM" value="[email protected]" /> <!--允许IP--> <add key="AllowIP" value="" /> <add key="AllowIP1" value="58.247.35.134|116.236.237.32|116.236.237.33|116.236.237.34|116.236.237.35|116.236.237.36|116.236.237.37" /> <!--5星活动时间--> <add key="ActiveTime" value="2014-07-14|2014-04-27" /> <!-- 供票商最大关注排行记录条数 --> <add key="TblRateAttendNum" value="8" /> <!--今日自动出票系统服务器软件IP地址--> <add key="AutoTicketServer" value=" http://121.52.215.215:8088/" /> <!--今日自动出票系统客户端航空公司开关--> <add key="AutoTicketAircom" value="HU|CA|MU" /> <!--用支付宝账号登陆是否需要审核 审核/不审核 true/false --> <add key="AlipayUserConfirm" value="false" /> <!--支付宝支付/保险支付通知--> <add key="AlipayNotifyInsurance" value="http://114.80.69.233/Alipay_Notify_Insurance.aspx" /> <!--机票接保险项目接口--> <add key="InsOrderInterface" value="http://baoservices.jinri.cn/InterfaceNavigation.aspx" /> <!--添加次数--> <add key="AddCount" value="1" /> <!--默认登录页--> <add key="IndexUrl" value="index.aspx" /> <!--国内支付服务--> <add key="RemotePaymentServiceUrl" value="http://pay.jinri.cn/RemotePaymentService.axd" /> <add key="PaymentJobUrl" value="http://payjob.jinri.cn/" /> </appSettings> <connectionStrings> <!--生产服务器186(107)--> <add name="JinRi" connectionString="GyEItJtJeAiC1OSrT8KJzYRTxMvhG4AtUH6SxFeZ7O62BZEYiA5luRds3UxCPviSzh3U7fhkyPmURF+1qbvSiUPOm74r+Jop8R+L+ELPMNUH29UCSkMmieaXtOsAVbLyOBk4f3ybmfLzQADOBEndpxDw7gdzKi51wmNfohkYxi4g/BbbxogfMg==" providerName="System.Data.SqlClient" /> <!--JINRI扩展库171(0.164)--> <add name="JinRi2" connectionString="GyEItJtJeAiC1OSrT8KJzc1+QLzGUZU4ZsOduuqQJJC2BZEYiA5ludv3TM8J7CpJaPtVW+33iayHw+ZukCVv51ps9o/znaAZU+6WvuOvAgNwsj+VnfrEQTgXeVM0atixB80uT3XF0zEwbRFk4rwSNfNAAM4ESd2nH3YLCGzuTf/N0A876+HkYhDw7gdzKi51wmNfohkYxi4g/BbbxogfMg==" providerName="System.Data.SqlClient" /> <!--修改查询,提升性能专用链接 186(107)--> <add name="JinRiQuery" connectionString="GyEItJtJeAiC1OSrT8KJzYRTxMvhG4AtUH6SxFeZ7O62BZEYiA5luRds3UxCPviSzh3U7fhkyPmURF+1qbvSiUPOm74r+Jop8R+L+ELPMNUH29UCSkMmieaXtOsAVbLyOBk4f3ybmfLB345xwNTeAw==" providerName="System.Data.SqlClient" /> <!--加载副机群187(0.81)--> <add name="JinRiBackup" connectionString="GyEItJtJeAiC1OSrT8KJzYRTxMvhG4AtIWvekpQ10p+2BZEYiA5luRds3UxCPviSzh3U7fhkyPmlvf1i3wjve6t0qYDgrVPwYRFUIahqTBF4DDZYebYq8UIpYD5w47qEaO5lZGTsMazW0ETlUiD3SaW0o0qbSo6D3/5JL+t0fGInHfA90mA2O0YEufgCuU8HsWzz3j2e9y4NaGxAGUQ/T3ujoCuoidUOqWHuMd3dZCGd4E2GFPhKCaP1+D+DaQr83OE2ZNPmaDw=" providerName="System.Data.SqlClient" /> <!--报表服务器187(0.81)--> <add name="JinRiReport" connectionString="GyEItJtJeAiC1OSrT8KJzYRTxMvhG4AtIWvekpQ10p+2BZEYiA5luRds3UxCPviSzh3U7fhkyPmlvf1i3wjve6t0qYDgrVPwYRFUIahqTBF4DDZYebYq8UIpYD5w47qEaO5lZGTsMazW0ETlUiD3SaW0o0qbSo6D3/5JL+t0fGInHfA90mA2O0YEufgCuU8HsWzz3j2e9y4NaGxAGUQ/T3ujoCuoidUOqWHuMd3dZCGd4E2GFPhKCaP1+D+DaQr83OE2ZNPmaDw=" providerName="System.Data.SqlClient" /> <!--权限角色库 针对增删改186(107)--> <add name="JinRiAuthorityRealTime" connectionString="EK8scyW2TiR80vUI62O1XUGY90jLf4I+jIjLkoGwuBj7wXAGjZ2/OWpXAeoutm6yETEzKmZ93UccIWWAsQ6CR6P6AW9YUNh3WqQ83ug7vdbKA3JWO26zITaqbgvWHu3L8r0OSB+qWshn1JiPfnSnmycYDB4JRGErgO1LE+HgRja1RyrZw/8HYxVA4xSXm7PA" providerName="System.Data.SqlClient" /> <!--权限角色库 针对查询186(107)--> <add name="JinRiAuthority" connectionString="EK8scyW2TiR80vUI62O1XUGY90jLf4I+jIjLkoGwuBj7wXAGjZ2/OWpXAeoutm6yETEzKmZ93UccIWWAsQ6CR6P6AW9YUNh3WqQ83ug7vdbKA3JWO26zITaqbgvWHu3L8r0OSB+qWshn1JiPfnSnmycYDB4JRGEr" providerName="System.Data.SqlClient" /> <!--站内消息数据库186(107)--> <add name="JinRiMessage" connectionString="GyEItJtJeAiC1OSrT8KJzYRTxMvhG4AtUH6SxFeZ7O62BZEYiA5lucdXoHKH185QcfcAgfW/PBi9n/pvUk5zmjbYQffWruHrT8cGHopC9CsPT1dot6zKyyRb9vCmBto9WDLbdIcnfPjBdoAhL1wq3p2TqzFUrTLE" providerName="System.Data.SqlClient" /> <!--政策主库,用于增、删、改、查173(0.104)--> <add name="JinRiRateOperater" connectionString="GyEItJtJeAiC1OSrT8KJzc1+QLzGUZU4x0jNSEFKYl62BZEYiA5luf+Ty2ILl3m2nSfEeI2PpqB2tL9wFK3vlb2k4VVRtGS6f/cXRaPo3hM6bs1OOmz7W65KEnNEyqEeC6K06jrMEbLQCiZ9PhFExKh2t3Vnbnle2/VcNQDy7yyYJJ5RpMSrJw8NRL0PyjETcSefGSYiW8+ZTf9Mkk1nbFcwcvckuiwB" providerName="System.Data.SqlClient" /> <!--修改政策查询,提升性能专用链接188(161)--> <add name="JinRiRate" connectionString="GyEItJtJeAiC1OSrT8KJzYRTxMvhG4AtxCYcXEEO49i2BZEYiA5luf+Ty2ILl3m2nSfEeI2PpqB2tL9wFK3vlb2k4VVRtGS6f/cXRaPo3hM6bs1OOmz7W65KEnNEyqEeC6K06jrMEbLQCiZ9PhFExKh2t3Vnbnle2/VcNQDy7yyYJJ5RpMSrJw8NRL0PyjETcSefGSYiW8+ZTf9Mkk1nbFcwcvckuiwB" providerName="System.Data.SqlClient" /> <!--修改政策查询,提升性能专用链接188(161)--> <add name="JinRiAgencyFees" connectionString="GyEItJtJeAiC1OSrT8KJzYRTxMvhG4AtxCYcXEEO49i2BZEYiA5luf+Ty2ILl3m2nSfEeI2PpqB2tL9wFK3vlb2k4VVRtGS6f/cXRaPo3hM6bs1OOmz7W65KEnNEyqEeC6K06jrMEbLQCiZ9PhFExKh2t3Vnbnle2/VcNQDy7yyYJJ5RpMSrJw8NRL0PyjETcSefGSYiW8+ZTf9Mkk1nbFcwcvckuiwB" providerName="System.Data.SqlClient" /> <!--网站查询记录数据库 186(107)--> <add name="OperateLog" connectionString="GyEItJtJeAiC1OSrT8KJzYRTxMvhG4AtUH6SxFeZ7O62BZEYiA5luQSn1ohvjzwljaFWGNAoYSUzQ87X1yfqtCdN4/cPz3I9iQ1jNdbxBw3cFIkH/NGeatanKqhWyJ3kkjGZBuB0EMkj1uLZYZjngRPcDXjPNfxiUUPpLFa0dQGxDz05b9wR4Q==" providerName="System.Data.SqlClient" /> <!--(申请B2C链接) 69.244--> <add name="JinRiB2C" connectionString="N4PuJaLgVk5hx42TS3FbqQ75eX0ciz/YBTyEcP4cXPkw+NG1UJ5kxm8ncil5EcJ4qTDDGoA+cpWFQ9kR2732+0D0OJZfM1BZeZpxfEMonD2gSVcr9ZD+yrutVHu4Y3c058M/JMRmwUc=" providerName="System.Data.SqlClient" /> <!-- JINRILOG 172(0.20)--> <add name="JinRiLogger" connectionString="GyEItJtJeAiC1OSrT8KJzc1+QLzGUZU4/z7gP891Baa2BZEYiA5lucbiLHfKzRTnlU6WH17ZzPpghlZWFr4Vp+/spFY/yoBkQiXcmB6Bt84VZ0McIy5/bXKo/Lpic8vgkw/Rms/bEZvB345xwNTeAw==" providerName="System.Data.SqlClient" /> <!-- 政策日志 172(0.20)--> <add name="JinRiLoggerOperate" connectionString="GyEItJtJeAiC1OSrT8KJzc1+QLzGUZU4/z7gP891Baa2BZEYiA5lucbiLHfKzRTnlU6WH17ZzPpghlZWFr4Vp+/spFY/yoBkQiXcmB6Bt84VZ0McIy5/bXKo/Lpic8vgkw/Rms/bEZvB345xwNTeAw==" providerName="System.Data.SqlClient" /> <!--修改政策查询,所有服务器必须都用164(0.202)--> <add name="JinRiRate164" connectionString="GyEItJtJeAiC1OSrT8KJzQkyVuVlTapID7qzC1YUwoS2BZEYiA5luaflPhrunqosnSfEeI2PpqB2tL9wFK3vlXENVAvwcT7a7L0913q2n0VQyW0s/JUprpoXDYPVQRBenhBaSLktsCS9fFaoNlS/X7utVHu4Y3c0DLRTaM1jO2XvxNs8vB0icIE4uMKd7Pms" /> <!--联程政策库专用链接188(0.161)--> <add name="JinRiUnionRateSearch" connectionString="GyEItJtJeAiC1OSrT8KJzYRTxMvhG4AtxCYcXEEO49i2BZEYiA5luW4QH62eYQOCIw0brCRdCvlo+1Vb7feJrLg7Au8YmcIjwDmUyEkG871TLVYSIzKX51KeSqHuGPgfVaG7sXPyurwJAU+kkOBgTjY9cpc3SROse6OgK6iJ1Q4403kiQlNXSHujoCuoidUOqWHuMd3dZCFXTx6BplBk4WaiPHVBY/Jx" providerName="System.Data.SqlClient" /> <!--联程政策库专用链接188(0.161)--> <add name="JinRiUnionRateOperater" connectionString="GyEItJtJeAiC1OSrT8KJzYRTxMvhG4AtxCYcXEEO49i2BZEYiA5luW4QH62eYQOCIw0brCRdCvlo+1Vb7feJrLg7Au8YmcIjwDmUyEkG871TLVYSIzKX51KeSqHuGPgfVaG7sXPyurwJAU+kkOBgTjY9cpc3SROse6OgK6iJ1Q4403kiQlNXSHujoCuoidUOqWHuMd3dZCFXTx6BplBk4WaiPHVBY/Jx" providerName="System.Data.SqlClient" /> <!--政策备库,必须配置此服务器 188(0.161) --> <add name="JinRiRateNew164" connectionString="GyEItJtJeAiC1OSrT8KJzYRTxMvhG4AtxCYcXEEO49i2BZEYiA5luf+Ty2ILl3m2nSfEeI2PpqB2tL9wFK3vlb2k4VVRtGS6f/cXRaPo3hM6bs1OOmz7W65KEnNEyqEeC6K06jrMEbKVrUU8NFOfiw==" providerName="System.Data.SqlClient" /> <!--JR3日志库171(0.164) --> <add name="JinRi3QT" connectionString="BTyEcP4cXPmLg6PTLhsvq7UMQqNx7xf0EtHdLv8boY6KXXeNoMnLvowBYRfW2MFKbUTrGyjYkg5e4dTWSdXnI740a+G7XbTFQQ0cSoZY4pg=" providerName="System.Data.SqlClient" /> <!--星级评价 数据库189(0.171)--> <add name="JinRiAirV2" connectionString="GyEItJtJeAiC1OSrT8KJzYRTxMvhG4AtodYAlBE+nSnxYK6af5ZSOTv3J4gEUY1o5n1UzrTf4YmRi22X0hXT/VEUwuBSpTAZiQ1jNdbxBw2aabClDTQ9bWD/MrAlZ8ews9VfP8b0gzknHfA90mA2OyD8FtvGiB8y" providerName="System.Data.SqlClient" /> <!--供应商详情查询 数据库248(12.248)--> <add name="JinRiPush" connectionString="GyEItJtJeAiC1OSrT8KJzRIOkwwe5iA+xCYcXEEO49i2BZEYiA5luS06hT/3Ka62DzZfbIJuxAAgyBvCDhL0MH+n+9EXo4GVZUYOS+5secK/z/gBCzRMoGRTeqrmDhpb+XUu7UVkBTCUSepNwpT6dfyKqXrqYaBJ" providerName="System.Data.SqlClient" /> <!--特殊政策 数据库168(0.195)--> <add name="JinRiSpecialRate" connectionString="GyEItJtJeAiC1OSrT8KJzQkyVuVlTapIHnA1nsenBNgzkYv3pUTHYccI+e5jD5urnSfEeI2PpqBndV+4H4eV6Yb2No+GQMq/udJrvheBiKJ1/jq5BMiCUqPUbRj7O1uv7nKmEd+XO3xaLoqJWbwtmA==" providerName="System.Data.SqlClient" /> <!--保险接平台数据库175(0.111)--> <add name="jinriIns" connectionString="GyEItJtJeAiC1OSrT8KJzc1+QLzGUZU4ronNU9ESKHC2BZEYiA5luaphbzLTmZ/xEt8Sp5jHRcqBnANgJMot+naopSBY4AFpwDmUyEkG872ZZtLtV+xfZ2VWRQaGjHUEBHNhIGSwdS+USepNwpT6dfyKqXrqYaBJ" providerName="System.Data.SqlClient" /> <!--获取接口贴点数据177(0.110)--> <add name="JinRiInterface" connectionString="GyEItJtJeAiC1OSrT8KJzc1+QLzGUZU4IWvekpQ10p+2BZEYiA5luTMyCmz/Aw2ymhcNg9VBEF5o+1Vb7feJrOtFKuT4mhmmhUM3WgM8nOrOb+YBKvIszjqIf+vxonOXYA83TSucPhx1BlVHs9neAxVfAfRghM2r8n26r6Du9GTnZUANd6O0K1dPHoGmUGThkjooMq3zce8j1uLZYZjngXCkRbVw+ssoUUPpLFa0dQEhwxPl73X77ah2t3VnbnlegcZOyISoCc+G5yr6vOMgQ5q/0rmEoAG3nY7GWMJ2pXI=" providerName="System.Data.SqlClient" /> <!--南航腾邦项目189(0.171)--> <add name="FltOrderDB" connectionString="GyEItJtJeAiC1OSrT8KJzYRTxMvhG4AtodYAlBE+nSm/o9JeNYTAddJ/jLPvTz9sx0+D2tn/1v3LBa57vyzYGOtiJPYu7i11Kl3WLuDpcyi1HmtI4LY01rRuaC+gbTFzVcP42ebCXF7B345xwNTeAw==" providerName="System.Data.SqlClient" /> <!--FltCommDB 数据库189(0.171)--> <add name="FltCommDB" connectionString="GyEItJtJeAiC1OSrT8KJzYRTxMvhG4AtodYAlBE+nSkwCzwdwfp/wobcdcQWwTF0hfyOdtlaA7jkAHg9Ey864IkNYzXW8QcNyCdeoZn86IrY+0X+0Tpj7Pr4e9cnI32fI9bi2WGY54HvDkdGbmC0+A==" providerName="System.Data.SqlClient" /> <!--国内产品库189(0.171)--> <add name="FltProductDB" connectionString="GyEItJtJeAiC1OSrT8KJzYRTxMvhG4AtmWfjzUf5H2y2BZEYiA5luQngWTK9yifXyBe/DMWfBkO8k3oEeZWupRMAyj2xvTpzz4N/bqehsgTAOZTISQbzvZk4He69NgFxKQyPTxbZfmcXj+ev+CJdk79IDRGHJnGY7nKmEd+XO3ydk6sxVK0yxA==" providerName="System.Data.SqlClient" /> <!--FltUserDB 189(0.171)--><add name="FltUserDB" connectionString="GyEItJtJeAiC1OSrT8KJzYRTxMvhG4AtmWfjzUf5H2y2BZEYiA5luaiOKpwBKLahoahMV+i8usJpFdCtt3ww32ehJDUZA7bF506VerHo1Wj7dLfx/oZb1y0yZweE/MFTP4PXjofvc46iTcdeaKUCBCPW4tlhmOeBtq1/A369YU4=" providerName="System.Data.SqlClient" /> </connectionStrings> <system.web> <httpRuntime executionTimeout="300" requestValidationMode="2.0" /> <httpCookies httpOnlyCookies="true" /> <machineKey validationKey="C96193A50D666A7F2F20EFEBA52E42E34C219FBB14CD82FA49676E61EA3366C16511D8C837AF3EE0278B5EBE03B1BD2E6D2D10A98F648B2179D556D35EBA86A3" validation="SHA1" decryptionKey="ACE7F9A226A2FA33A64F1AD75455A2D28FD734EBCC80ADE149BCB8D450692CB3" decryption="AES" /> <sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" timeout="60" /> <customErrors mode="Off"> <error statusCode="404" redirect="/index.html" /> </customErrors> <!-- Set compilation debug="true" to insert debugging symbols into the compiled page. Because this affects performance, set this value to true only during development. --> <compilation debug="false"> <assemblies> <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> <add assembly="eWorld.UI, Version=2.0.6.2393, Culture=neutral, PublicKeyToken=24D65337282035F2" /> <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> </assemblies> </compilation> <!-- The <authentication> section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user. --> <authentication mode="Forms"> <forms name="JinRiAuth" loginUrl="Login.aspx" domain=".jinri.cn"/> </authentication> <!-- The <customErrors> section enables configuration of what to do if/when an unhandled error occurs during the execution of a request. Specifically, it enables developers to configure html error pages toRemoteOnly displayed in place of a error stack trace. <customErrors mode="On" defaultRedirect="GenericErrorPage.htm"> <error statusCode="403" redirect="NoAccess.htm" /> <error statusCode="404" redirect="FileNotFound.htm" /> </customErrors> --> <pages validateRequest="false" enableEventValidation="false"> <controls> <add tagPrefix="tabs" namespace="ShWebTabControl" assembly="ShWebTabControl" /> <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <add namespace="AjaxControlToolkit" assembly="AjaxControlToolkit" tagPrefix="ajaxToolkit" /> <add tagPrefix="Jason" namespace="eWorld.UI.Compatibility" assembly="eWorld.UI.Compatibility, Version=2.0.6.2393, Culture=neutral, PublicKeyToken=24d65337282035f2" /> <add tagPrefix="page" namespace="QiDian.WebControls.Pager" assembly="Pager" /> </controls> </pages> <httpHandlers> <add verb="*" path="AutoTicket_Notify.aspx" validate="false" type="SqlIn.NoSqlInPost" /> <add verb="*" path="Message.aspx" validate="false" type="SqlIn.NoSqlInPost" /> <add verb="*" path="*.aspx" validate="false" type="SqlIn.SqlInPost" /> <remove verb="*" path="*.asmx" /> <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false" /> </httpHandlers> <httpModules> <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> </httpModules> <globalization requestEncoding="gb2312" responseEncoding="gb2312" culture="zh-CN" uiCulture="en" /> </system.web> <location path="test.aspx"> <system.web> <globalization requestEncoding="GB2312" culture="zh-CN" /> </system.web> </location> <location path="User02.aspx"> <system.web> <globalization requestEncoding="GB2312" responseEncoding="GB2312" culture="zh-CN" fileEncoding="GB2312" /> </system.web> </location><location path="Pay/VAlipayNotify.aspx"> <system.web> <globalization requestEncoding="utf-8" culture="zh-CN" /> </system.web> </location> <location path="Pay/VAlipayReturn.aspx"> <system.web> <globalization requestEncoding="utf-8" culture="zh-CN" /> </system.web> </location> <location path="RiseCabinService/VirtureRiseCabinNotify.aspx"> <system.web> <globalization requestEncoding="utf-8" culture="zh-CN" /> </system.web> </location> <location path="RiseCabinService/VirtureRiseCabinReturn.aspx"> <system.web> <globalization requestEncoding="utf-8" culture="zh-CN" /> </system.web> </location> <location path="VirturePay/VirtureOrderPayNotify.aspx"> <system.web> <globalization requestEncoding="utf-8" culture="zh-CN" /> </system.web> </location> <location path="VirturePay/VirtureOrderPayReturn.aspx"> <system.web> <globalization requestEncoding="utf-8" culture="zh-CN" /> </system.web> </location> <location path="VirtureJourneyTicketMergePayNotify.aspx"> <system.web> <globalization requestEncoding="utf-8" culture="zh-CN" /> </system.web> </location> <location path="VirtureJourneyTicketMergePayReturn.aspx"> <system.web> <globalization requestEncoding="utf-8" culture="zh-CN" /> </system.web> </location> <location path="AutoTicket/CFT_InstoreAndPay_Return.aspx"> <system.web> <globalization requestEncoding="utf-8" culture="zh-CN" /> </system.web> </location> <location path="AutoTicket/YHB_OutTicketReturn.aspx"> <system.web> <globalization requestEncoding="utf-8" culture="zh-CN" /> </system.web> </location> <location path="AutoTicket/AutoOutResult_YSL.aspx"> <system.web> <globalization requestEncoding="utf-8" culture="zh-CN" /> </system.web> </location> <location path="AutoTicket/AutoOutResult_YS.aspx"> <system.web> <globalization requestEncoding="utf-8" culture="zh-CN" /> </system.web> </location> <location path="AutoTicket/AutoOutResult_YBZF.aspx"> <system.web> <globalization requestEncoding="utf-8" culture="zh-CN" /> </system.web> </location> <system.codedom> <compilers> <compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"> <providerOption name="CompilerVersion" value="v3.5" /> <providerOption name="WarnAsError" value="false" /> </compiler> </compilers> </system.codedom> <!-- The system.webServer section is required for running ASP.NET AJAX under Internet Information Services 7.0. It is not necessary for previous version of IIS. --> <system.webServer> <validation validateIntegratedModeConfiguration="false" /> <modules> <remove name="ScriptModule" /> <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> </modules> <handlers> <remove name="WebServiceHandlerFactory-Integrated" /> <remove name="ScriptHandlerFactory" /> <remove name="ScriptHandlerFactoryAppServices" /> <remove name="ScriptResource" /> <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> </handlers> <urlCompression doDynamicCompression="true" /> <caching enableKernelCache="true"> <profiles> <remove extension=".js" /> <add extension=".png" policy="CacheUntilChange" kernelCachePolicy="DontCache" /> </profiles> </caching> <httpErrors> <remove statusCode="404" subStatusCode="-1" /> <error statusCode="404" prefixLanguageFilePath="" path="http://www.jinri.cn" responseMode="Redirect" /> </httpErrors> <httpRedirect enabled="false" /> <security> <requestFiltering> <fileExtensions> <add fileExtension=".txt" allowed="false" /> </fileExtensions> </requestFiltering> </security> <defaultDocument> <files> <add value="index.aspx" /> </files> </defaultDocument> </system.webServer> <runtime> <assemblyBinding appliesTo="v2.0.50727" xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" /> </dependentAssembly> </assemblyBinding> </runtime> <system.runtime.remoting> <application> <channels> <channel ref="http" timeout="2000" /> </channels> </application> </system.runtime.remoting><startup useLegacyV2RuntimeActivationPolicy="true"> <supportedRuntime version="v2.0.50727" /> <supportedRuntime version="v4.0" /> </startup> <system.serviceModel> <bindings> <basicHttpBinding><binding name="BasicHttpBinding_IVisitorService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <security mode="None"> <transport clientCredentialType="None" proxyCredentialType="None" realm="" /> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> </binding> <binding name="BasicHttpBinding_IFlightSearchService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536000" maxBufferPoolSize="65536000" maxReceivedMessageSize="65536000" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <security mode="None"> <transport clientCredentialType="None" proxyCredentialType="None" realm="" /> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="http://user.soa.jinri.cn/VisitorService.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IVisitorService" contract="VisitorServiseSOA.IVisitorService" name="BasicHttpBinding_IVisitorService" /> <endpoint address="http://fe.jinri.cn/FlightSearchService.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IFlightSearchService" contract="FlightSearch.IFlightSearchService" name="BasicHttpBinding_IFlightSearchService" /> <endpoint address="http://autoticketlog.jinri.org.cn/OrderLogService.asmx" binding="basicHttpBinding" contract="OrderLogService.OrderLogServiceSoap" name="OrderLogServiceSoap" /> <endpoint address="http://autoticketlog.jinri.org.cn/LockOrderService.asmx" binding="basicHttpBinding" contract="LockOrderService.LockOrderServiceSoap" name="LockOrderServiceSoap" /> </client></system.serviceModel></configuration>
1.修复未授权访问(设置访问呢session)2.修复任意文件上传(设置403)3.一站一机(可能有点土豪)
危害等级:高
漏洞Rank:20
确认时间:2015-09-18 21:06
正在修复中
暂无
