乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-04-15: 细节已通知厂商并且等待厂商处理中 2014-04-15: 厂商已经确认,细节仅向厂商公开 2014-04-25: 细节向核心白帽子及相关领域专家公开 2014-05-05: 细节向普通白帽子公开 2014-05-15: 细节向实习白帽子公开 2014-05-30: 细节向公众公开
太平洋网络某站svn泄露,可读源码
问题出自太平洋网络采编发系统http://14.23.152.207/admin/login.jsp,存在svn泄露,源码可读比如http://14.23.152.207/.svn/text-base/autopub_log.jsp.svn-base
<%@ page language="java" contentType="text/html; charset=GBK" pageEncoding="GBK"%><%@ page import="java.util.*,java.text.*" %><%response.setHeader("Cache-Control","no-cache"); //Forces caches to obtain a new copy of the page from the origin serverresponse.setHeader("Cache-Control","no-store"); //Directs caches not to store the page under any circumstanceresponse.setDateHeader("Expires", 0); //Causes the proxy cache to see the page as "stale"response.setHeader("Pragma","no-cache"); //HTTP 1.0 backward compatibilityCalendar calendar = Calendar.getInstance();int hour = calendar.get(Calendar.HOUR_OF_DAY);int minute = calendar.get(Calendar.MINUTE);if (hour < 1 && minute < 31) { out.println("<h1>发布任务还没开始执行!</h1>"); return;}%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=GBK"><title>凌晨重发一二级栏目监控页面</title></head><body><%SimpleDateFormat format = new SimpleDateFormat("yyyyMMdd");String file = "/autopub/" + format.format(new Date()) + ".txt";request.setAttribute("file",file);%><%try {%><jsp:include page="<%=file%>" flush="true"/><%} catch (Exception ee) { out.println("<h1><font color=red>自动发布没有执行,请联系相关人员!</font></h1>");}%></body></html>
http://14.23.152.207/.svnhttp://14.23.152.207/admin/.svnhttp://14.23.152.207/css/.cvn不一一列举,自行排查
。
危害等级:中
漏洞Rank:10
确认时间:2014-04-15 14:43
感谢“if、so”提供的漏洞信息,反馈的问题确实存在,我们已经在安排修复中。感谢你对 太平洋系列网站 信息安全作出的贡献。
暂无