乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-20: 细节已通知厂商并且等待厂商处理中 2015-11-25: 厂商已经确认,细节仅向厂商公开 2015-12-05: 细节向核心白帽子及相关领域专家公开 2015-12-15: 细节向普通白帽子公开 2015-12-25: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
再来一发。
http://ahnsfw.aisino.com/ahwsbsdt/WEB-INF/web.xml
web.xml
<web-app><context-param><param-name>webAppRootKey</param-name><param-value>app1.root</param-value></context-param><context-param><param-name>contextConfigLocation</param-name><param-value>/WEB-INF/ApplicationContext.xml</param-value></context-param><context-param><param-name>log4jConfigLocation</param-name><param-value>/WEB-INF/classes/log4j.properties</param-value></context-param><servlet><servlet-name>RpcServlet</servlet-name><servlet-class>com.caucho.hessian.server.HessianServlet</servlet-class><init-param><param-name>home-class</param-name><param-value>com.aisino.ahbsdt.rpc.NssbRPCImpl</param-value></init-param><init-param><param-name>home-api</param-name><param-value>com.aisino.ahbsdt.rpc.INssbRPC</param-value></init-param></servlet><servlet><servlet-name>SpringContext</servlet-name><servlet-class>com.aisino.ahbsdt.util.SpringContext</servlet-class><load-on-startup>1</load-on-startup></servlet><listener><listener-class>org.springframework.web.util.Log4jConfigListener</listener-class></listener><servlet><servlet-name>action</servlet-name><servlet-class>org.apache.struts.action.ActionServlet</servlet-class><init-param><param-name>config</param-name><param-value>/WEB-INF/struts-config.xml</param-value></init-param><init-param><param-name>debug</param-name><param-value>3</param-value></init-param><init-param><param-name>detail</param-name><param-value>3</param-value></init-param><load-on-startup>0</load-on-startup></servlet><servlet><servlet-name>GenRandomDigiImg</servlet-name><servlet-class>com.aisino.ahbsdt.web.servlet.GenRandomDigiImg</servlet-class></servlet><servlet><servlet-name>pbdb</servlet-name><servlet-class>com.aisino.ahbsdt.web.servlet.PbBdServlet</servlet-class></servlet><servlet><servlet-name>log4jConfigLocation</servlet-name><servlet-class>org.springframework.web.util.Log4jConfigServlet</servlet-class><load-on-startup>1</load-on-startup></servlet><servlet><servlet-name>RPCLoginServlet</servlet-name><servlet-class>com.aisino.ahbsdt.web.servlet.RPCLoginServlet</servlet-class></servlet><servlet><servlet-name>RPCLoginMd5Servlet</servlet-name><servlet-class>com.aisino.ahbsdt.web.servlet.RPCLoginMd5Servlet</servlet-class></servlet><servlet-mapping><servlet-name>RpcServlet</servlet-name><url-pattern>/servlet/RpcServlet</url-pattern></servlet-mapping><servlet-mapping><servlet-name>pbdb</servlet-name><url-pattern>/servlet/PbBdTemp</url-pattern></servlet-mapping><servlet-mapping><servlet-name>action</servlet-name><url-pattern>*.do</url-pattern></servlet-mapping><servlet-mapping><servlet-name>GenRandomDigiImg</servlet-name><url-pattern>/servlet/GenRandomDigiImg</url-pattern></servlet-mapping><servlet-mapping><servlet-name>RPCLoginServlet</servlet-name><url-pattern>/servlet/RPCLoginServlet</url-pattern></servlet-mapping><servlet-mapping><servlet-name>RPCLoginMd5Servlet</servlet-name><url-pattern>/servlet/RPCLoginMd5Servlet</url-pattern></servlet-mapping><mime-mapping><extension>doc</extension><mime-type>application/msword</mime-type></mime-mapping><welcome-file-list><welcome-file>login.jsp</welcome-file><welcome-file>index.jsp</welcome-file></welcome-file-list><taglib><taglib-uri>http://struts.apache.org/tags-bean</taglib-uri><taglib-location>/WEB-INF/tld/struts-bean.tld</taglib-location></taglib><taglib><taglib-uri>http://struts.apache.org/tags-logic</taglib-uri><taglib-location>/WEB-INF/tld/struts-logic.tld</taglib-location></taglib></web-app>
struts-config.xml
<struts-config><data-sources/><form-beans><form-bean name="Post" type="com.aisino.ahbsdt.web.form.PostForm"/></form-beans><global-exceptions/><global-forwards><forward name="login" path="/login.jsp" redirect="false"/><forward name="login_success" path="/index.jsp" redirect="false"></forward></global-forwards><action-mappings><action parameter="act" path="/login" type="com.aisino.ahbsdt.web.action.LoginAction"><forward name="postslistforadmin" path="/adminpostlist.jsp"/><forward name="viewpostslist" path="/postlist.jsp"/></action><action name="Post" path="/post" parameter="method" type="com.aisino.ahbsdt.web.action.PostAction"><forward name="list" path="/postlist.jsp"/></action><action path="/theme" parameter="method" type="com.aisino.ahbsdt.web.action.ThemeAction"/><action path="/taxReport" parameter="method" type="com.aisino.ahbsdt.web.action.TaxReportAction"/><action path="/download" type="com.aisino.ahbsdt.web.action.DownloadAction"><forward name="unauthorized" path="/403.html"/><forward name="fileNotFound" path="/404.html"/></action><action path="/showMessage" type="com.aisino.ahbsdt.web.action.ShowMessageAction" parameter="method"></action></action-mappings><controller><set-property property="processorClass" value="org.springframework.web.struts.AutowiringRequestProcessor"/></controller><message-resources parameter="com.aisino.struts.ApplicationResources"/><plug-in className="org.springframework.web.struts.ContextLoaderPlugIn"><set-property property="contextConfigLocation" value="/WEB-INF/applicationContext.xml"/></plug-in></struts-config>
ApplicationContext.xml
<beans><!-- <bean id="bsdtDS" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close"> <property name="driverClassName"> <value>oracle.jdbc.OracleDriver</value> </property> <property name="url"> <value>jdbc:oracle:thin:@172.16.1.196:1521:nsfwdb</value> </property> <property name="username"> <value>htxx</value> </property> <property name="password"> <value>oracle</value> </property> </bean> --><bean id="bsdtDS" class="org.springframework.jndi.JndiObjectFactoryBean"><property name="jndiName"><value>NSFW_DB</value></property></bean><bean id="increment" class="org.springframework.jdbc.support.incrementer.OracleSequenceMaxValueIncrementer"><property name="incrementerName" value="SEQ_DT_POSTID"/><property name="dataSource" ref="bsdtDS"/></bean><bean id="oracleLobHandler" class="org.springframework.jdbc.support.lob.OracleLobHandler"><property name="nativeJdbcExtractor"><bean class="org.springframework.jdbc.support.nativejdbc.CommonsDbcpNativeJdbcExtractor"/></property></bean><bean id="postDAO" class="com.aisino.ahbsdt.dao.impl.PostDAOImpl"><property name="dataSource"><ref bean="bsdtDS"/></property><property name="handler"><ref bean="oracleLobHandler"/></property><property name="increment"><ref bean="increment"/></property></bean><!-- 本地业务类 --><!-- <bean id="bsdtBUSImpl" class="test.TestBsdtService">--><!-- <property name="bsdtDAO"> --><!-- <ref bean="bsdtDAOImpl" /> --><!-- </property> --><!-- <property name="rpcbus"> --><!-- <ref bean="rpcbus" /> --><!-- </property> --><!-- </bean> --><bean id="postService" class="com.aisino.ahbsdt.bus.impl.PostBUSImpl"><property name="dao"><ref bean="postDAO"/></property></bean><bean id="bsdtDAOImpl" class="com.aisino.ahbsdt.dao.impl.BsdtDAOImpl"><property name="dataSource"><ref bean="bsdtDS"/></property></bean><bean id="bsdtBUSImpl" class="com.aisino.ahbsdt.bus.impl.BsdtBUSImpl"><property name="bsdtDAO"><ref bean="bsdtDAOImpl"/></property><property name="rpcbus"><ref bean="rpcbus"/></property></bean><bean id="lwzcBUSImpl" class="com.aisino.ahbsdt.bus.impl.LwzcBUSImpl"></bean><bean id="rpcbus" class="com.aisino.ahbsdt.bus.impl.RpcBUSImpl"><property name="nssbrpc"><ref bean="nsrxxServiceRPC"/></property></bean><!-- 远程调用 --><bean id="hessianProxyFatory" class="com.caucho.hessian.client.HessianProxyFactory"><property name="readTimeout" value="90000"/></bean><bean id="nsrxxServiceRPC" class="org.springframework.remoting.caucho.HessianProxyFactoryBean"><property name="proxyFactory"><ref bean="hessianProxyFatory"/></property><property name="serviceUrl" value="http://61.190.68.67/nssbweb_ais/RpcServlet"/><property name="serviceInterface" value="aisino.nssb.ejb.NSSBRpc"/></bean><bean id="declarationAuthenticationService" class="org.springframework.remoting.caucho.HessianProxyFactoryBean"><property name="serviceUrl" value="http://192.168.2.13:8011/ahwsbsdt/servlet/RpcServlet"/><property name="serviceInterface" value="com.aisino.ahbsdt.rpc.INssbRPC"/></bean><!-- 权限 --><bean id="permissionService" class="com.aisino.ahbsdt.bus.impl.PermissionBUSImpl"></bean><!-- 界面模块配置 --><bean id="themeConfig" class="com.aisino.ahbsdt.web.theme.ThemeConfig" init-method="refresh"><property name="themeConfigLoader" ref="themeConfigLoader"/></bean><bean id="themeConfigLoader" class="com.aisino.ahbsdt.web.theme.XMLThemeConfigLoader"/><bean id="showMessageDAOImpl" class="com.aisino.ahbsdt.dao.impl.ShowMessageDAOImpl"><property name="dataSource"><ref bean="bsdtDS"/></property></bean></beans>
log4j.properties
log4j.rootLogger=error,CONlog4j.logger.com=ERROR,stdoutlog4j.appender.CON=org.apache.log4j.ConsoleAppenderlog4j.appender.CON.layout=org.apache.log4j.PatternLayoutlog4j.appender.CON.layout.ConversionPattern=[%d] %-5p %c - %m%n#logfile configurelog4j.appender.logfile=org.apache.log4j.DailyRollingFileAppenderlog4j.appender.logfile.File=nsfw_error.loglog4j.appender.logfile.layout=org.apache.log4j.PatternLayoutlog4j.appender.logfile.layout.ConversionPattern= %d %p [%c] - <%m>%n
权限~~
危害等级:高
漏洞Rank:20
确认时间:2015-11-25 10:27
感谢反馈,已联系技术人员处理。
暂无