乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2011-03-28: 积极联系厂商并且等待厂商认领中,细节不对外公开 2011-04-27: 厂商已经主动忽略漏洞,细节向公众公开
敏感信息泄露
泄露数据库IP、密码等
http://www.zol.com.cn/global.asa
<SCRIPT LANGUAGE=VBScript RUNAT=Server>'You can add special event handlers in this file that will get run automatically when'special Active Server Pages events occur. To create these handlers, just create a'subroutine with a name from the list below that corresponds to the event you want to'use. For example, to create an event handler for Session_OnStart, you would put the'following code into this file (without the comments):'Sub Session_OnStart'**Put your code here **'End Sub'EventName Description'Session_OnStart Runs the first time a user runs any page in your application'Session_OnEnd Runs when a user's session times out or quits your application'Application_OnStart Runs once when the first page of your application is run for the first time by any user'Application_OnEnd Runs once when the web server shuts down</SCRIPT><SCRIPT LANGUAGE=VBScript RUNAT=Server>Sub Application_OnStart '==Visual InterDev Generated - startspan== '--Project Data Connection' Application("Connection1_ConnectionString") = "DSN=newsdsn;User Id=newsadm;PASSWORD=news201;SERVER=202.106.156.155;UID=newsadm;WSID=LEE;DATABASE=zolnews;Network=DBMSSOCN;Address=202.106.156.155,1433" Application("Connection1_ConnectionString") = "DBQ=C:\My Documents\zonline.mdb;DefaultDir=C:\My Documents;Driver={Microsoft Access Driver (*.mdb)};DriverId=25;FIL=MS Access;ImplicitCommitSync=Yes;MaxBufferSize=512;MaxScanRows=8;PageTimeout=5;Threads=3;UID=admin;UserCommitSync=Yes;;DBQ=c:\My Documents\zonline.mdb;DefaultDir=c:\My Documents;DriverId=25;FIL=MS Access;MaxBufferSize=512;PageTimeout=5;" Application("Connection1_ConnectionTimeout") = 15 Application("Connection1_CommandTimeout") = 30 Application("Connection1_CursorLocation") = 3 Application("Connection1_RuntimeUserName") = "" Application("Connection1_RuntimePassword") = "" '-- Project Data Environment 'Set DE = Server.CreateObject("DERuntime.DERuntime") 'Application("DE") = DE.Load(Server.MapPath("Global.ASA"), "_private/DataEnvironment/DataEnvironment.asa") '==Visual InterDev Generated - endspan==End Sub</SCRIPT>
控制该页面访问权限
未能联系到厂商或者厂商积极拒绝
漏洞Rank:2 (WooYun评价)