乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-04: 细节已通知厂商并且等待厂商处理中 2015-05-08: 厂商已经确认,细节仅向厂商公开 2015-05-18: 细节向核心白帽子及相关领域专家公开 2015-05-28: 细节向普通白帽子公开 2015-06-07: 细节向实习白帽子公开 2015-06-22: 细节向公众公开
数据库烟花筒:duang!duang!duang!duang!duang! 好多响!
浙江省人力职业培训平台http://zjpxb.nvq.net.cn/TRP/trainingMessage/training_indexUI.action描述:站点存在Struts2命令执行导致getshell
0x02:易宝支付key&配置
# 内控师易宝支付的密钥app.cic.yeepay.key=Yvz0bB90nD322976X7K70Qx6r610bz8536p2V5265911pwh83syKj99a44HX# 内控师易宝商户号app.cic.yeepay.mid=10000913966app.cic.yeepay.paDetails=75app.cicpx.netpay.returnurl=/command/cicpx/%qrsfxmglb%/%qrsfstylename%/ecStudentFeeYeePayReturnapp.cicpx.netqrsf.returnurl=/command/cicpx/%qrsfxmglb%/%qrsfstylename%/%qrsfstudentid%/ecStudentQRSFYeePayReturn
配置
#e-Commerce System#Mon Oct 31 18:24:26 CST 2011app.analysis.JTest.xmlpath=D\:/VHost/App/hzxmApp/WEB-INF/JTest.xmlapp.analysis.Sqahnd.xmlpath=D\:/VHost/App/hzxmApp/WEB-INF/Sqahnd.xmlapp.analysis.baoMingDian.xmlpath=D\:/VHost/App/hzxmApp/WEB-INF/baoMingDian.xmlapp.analysis.baoMingJiGou.xmlpath=D\:/VHost/App/hzxmApp/WEB-INF/baoMingJiGou.xmlapp.analysis.baoMingJiGouJtest.xmlpath=D\:/VHost/App/hzxmApp/WEB-INF/baoMingJiGouJtest.xmlapp.analysis.cic.import.xmlpath=D\:/VHost/App/hzxmApp/WEB-INF/cic_import.xmlapp.analysis.kaoDian.xmlpath=D\:/VHost/App/hzxmApp/WEB-INF/kaoDian.xmlapp.analysis.oktest.import.xmlpath=D\:/VHost/App/hzxmApp/WEB-INF/oktest_import.xmlapp.analysis.peiXunDian.xmlpath=D\:/VHost/App/hzxmApp/WEB-INF/peiXunDian.xmlapp.analysis.pthlCicXmglb.xmlpath=D\:/VHost/App/hzxmApp/WEB-INF/pthl_cic_xmglb.xmlapp.analysis.pthlXmglb.jtest.xmlpath=D\:/VHost/App/hzxmApp/WEB-INF/pthl_xmglb_jtest.xmlapp.analysis.pthlXmglb.xmlpath=D\:/VHost/App/hzxmApp/WEB-INF/pthl_xmglb.xmlapp.analysis.sqahnd.school.xmlpath=D\:/VHost/App/hzxmApp/WEB-INF/sqahnd_school.xmlapp.analysis.xiangMuGuanLiBan.xmlpath=D\:/VHost/App/hzxmApp/WEB-INF/xiangMuGuanLiBan.xml#####批量导入、导出数据模板文件路径######app.analysis.xiangMuGuanLiBan.xmlpath=D\:/VHost/App/hzxmApp/WEB-INF/xiangMuGuanLiBan.xml# 博奥教育主管部门IDapp.boao.xmglbID=21276app.certificate.del.log=D\:/VHost/App/hzxmApp/jsp/zsgl/file/certificate_del_log.xml####导出csv路径########app.certificate.exportCSV=I\:/AppData/hzxmApp/upload/csv/#####导出excel路径######app.certificate.exportEXCEL=I\:/AppData/hzxmApp/upload/excel/####导出zip路径########app.certificate.exportZIP=I\:/AppData/hzxmApp/upload/zip/####日志文件##########app.certificate.import.log=D\:/VHost/App/hzxmApp/jsp/zsgl/file/certificate_import_log.xmlapp.certificate.modify.log=D\:/VHost/App/hzxmApp/WEB-INF/CertificateLog.logapp.cic.netpay.returnurl=/command/cic/%qrsfxmglb%/%qrsfstylename%/ecStudentFeeYeePayReturnapp.cic.netqrsf.returnurl=/command/cic/%qrsfxmglb%/%qrsfstylename%/%qrsfstudentid%/ecStudentQRSFYeePayReturnapp.cic.yeepay.autoSplit=1####院校管理历史位置##################### app.sqa_xinxishenbao.file=E:/pthl/hzxm/src/config/Declare.xml# app.sqa_chengjishenbao.file=E:/pthl/hzxm/src/config/ChengJiShenBao.xml# app.sqa_zhengshushenbao.file=E:/pthl/hzxm/src/config/ZhengShuShenBao.xml# app.sqa_zhengshuhaoshenbao.file=E:/pthl/hzxm/src/config/ZhengShuHaoShenBao.xml# app.nvq_xmglbzhengshushenbao.file=E:/pthl/hzxm/src/config/nvq_ZhengShuShenBao.xml# app.nvq_kpzxzhengshushenbao.file=E:/pthl/hzxm/src/config/nvq_KpzxZhengShuShenBao.xml# app.nvq_zhengshuhaoshenbao.file=E:/pthl/hzxm/src/config/nvq_ZhengShuHaoShenBao.xml# app.apt_studentinfo.file=E:/pthl/hzxm/src/config/apt_StudengInfo.xml# app.apt_kaochanganpai.file=E:/pthl/hzxm/src/config/apt_KaoChangAnPai.xml# app.apt_studentgrade.file=E:/pthl/hzxm/src/config/apt_StudentGrade.xml# app.apt_zhengshu.file=E:/pthl/hzxm/src/config/apt_ZhengShu.xml####文件上传临时目录####################app.dataExp.tmp=I\:/AppData/hzxmApp/upload/tmp/# 数据交换平台证书名称英文标识app.dataex.cert.name.gjzs=GuoJiZhengShu# 数据交换平台证书类型名app.dataex.cert.type.1=gjzs# 数据交换数据库连接app.dataex.providername=dataexProvider# 数据交换平台地址app.dataex.zhengshu.gjzs.signs=104app.dataex.server=http\://localhost\:8080app.db.datasource=CoreDataSourceapp.db.driver=net.sourceforge.jtds.jdbc.Driverapp.db.password=sqahnddb\!))@app.db.pool.name=appPoolapp.db.pool.size=50app.db.pool.timeout=60000app.db.url=jdbc\:jtds\:sqlserver\://db.pthl.net\:12433/SQAHNDDB;user\=sqahnddb;password\=sqahnddb\!))@app.db.username=sqahnddbapp.dbnciss.datasource=CoreDataSourceapp.dbnciss.driver=net.sourceforge.jtds.jdbc.Driverapp.dbnciss.password=nciisdbapp.dbnciss.pool.name=ncissPoolapp.dbnciss.pool.size=50app.dbnciss.pool.timeout=60000app.dbnciss.url=jdbc\:jtds\:sqlserver\://db.pthl.net\:12433;DatabaseName\=NCIISDB;user\=nciisdb;password\=nciisdbapp.dbnciss.username=nciisdb# nciisdb地址# app.nciis.db.providername=nciisProviderapp.nciis.db.datasource=CoreDataSourceapp.nciis.db.driver=net.sourceforge.jtds.jdbc.Driverapp.nciis.db.password=nciisdbapp.nciis.db.pool.name=ncissPoolapp.nciis.db.pool.size=50app.nciis.db.pool.timeout=60000app.nciis.db.url=jdbc\:jtds\:sqlserver\://database.pthl.net;DatabaseName\=NCIISDB;user\=nciisdb;password\=nciisdbapp.nciis.db.url=jdbc\:jtds\:sqlserver\://db.pthl.net\:12433;DatabaseName\=NCIISDB;user\=nciisdb;password\=nciisdbapp.nciis.db.username=nciisdb# 用户上传的证书数据的FTP路径app.examResult.ftp.dir=I\:/AppData/pthl/ftp/# 切换到数据交换平台角色app.gjzsb.dataex.roleId=150app.hjtz.netpay.returnurl=/command/hjtz/ecOktestYeePayReturn####导入数据记录##########app.hzxm.import.floder=I\:/AppData/hzxmApp/upload/importData/app.hzxm.upload.ftp.oktest=I\:/AppData/hzxmApp/data/userftp/app.hzxm.upload.tempimg=I\:/AppData/hzxmApp/data/tempimg/yinhong/app.hzxm.yx.role.id.aptech=68####院校的角色##########app.hzxm.yx.role.id.boao=118app.hzxm.yx.role.id.nvq=68app.hzxm.yx.role.id.sqahnd=68app.jtest.netpay.returnurl=/command/jtest/%qrsfxmglb%/%qrsfstylename%/ecStudentJtestFeeYeePayReturnapp.jtest.netqrsf.returnurl=/command/jtest/%qrsfxmglb%/%qrsfstylename%/%qrsfstudentid%/ecStudentQRSFYeePayReturn# JTEST院校IDapp.jtest.wsbm.schoolid=21618# 商务J.TEST打印准考证的回次信息app.jtest.shangwu.huici.value=115# 是否自动分账app.jtest.yeepay.autoSplit=1# 日语易宝支付的密钥app.jtest.yeepay.key=3n7Jo12LNXB15673F884M9KyMU3Iay7Wij11ADRJ14856z0b8V69Cv2fH816# 日语app.jtest.yeepay.key.28157=3n7Jo12LNXB15673F884M9KyMU3Iay7Wij11ADRJ14856z0b8V69Cv2fH816# 日语易宝商户号app.jtest.yeepay.mid=10001119734# 日语app.jtest.yeepay.mid.28157=10001119734# 分账金额app.jtest.yeepay.paDetails=75app.jtest_gzgz.netpay.returnurl=/command/jtest/%qrsfxmglb%/%qrsfstylename%/ecStudentJtestgzgzFeeYeePayReturn# 数据交换平台查询库路径app.lucene.Cert=D\:/Lucene/# nciic授权文件app.nciic.licensefile.dir=E\:\\config\\hzxmApp\\授权文件_bjpthltx10163_1092.txt# nciic业务账号app.nciic.loginname=bjpthltx10163# 证书数据核查结果库目录app.nciic.lucene.cert.dir=I\:\\Lucene\\nciis-cert\\# nciic data lucene directory# 身份证核查结果Lucene库目录app.nciic.lucene.dir=I:\\citizens\\# 学历证书核查结果Lucene库目录#app.nciic.lucene.educert.dir=I\:\\citizens\\# 是否查询公安部系统app.nciic.query=true# 校验相片存放目录app.nciis.photo.dir=I\:/AppData/hzxmApp/data/productphotoapp.nciss.search.charge=5# 网上银行支付的密钥app.oktest.netpay.key=putianheliwangshangzhifu# 网上银行商户号app.oktest.netpay.mid=20747175app.oktest.netpay.returnurl=/command/oktest/%qrsfxmglb%/%qrsfstylename%/ecStudentFeeYeePayReturnapp.oktest.netqrsf.returnurl=/command/oktest/%qrsfxmglb%/%qrsfstylename%/%qrsfstudentid%/ecStudentQRSFYeePayReturn# 成绩和证书信息是否对外公布 0 为不公布 1为公布app.oktest.wsbm.publish=0# 韩谐院校IDapp.oktest.wsbm.schoolid=21550###################以下是老系统中的配置############# 易宝支付的密钥app.oktest.yeepay.key=9c1iwuk4xiib9mnjkrjoffb32w7cpv03e8r3ptynwk7rjg1771vvl4v6881z# 韩语app.oktest.yeepay.key.26755=225x911Cf21g1C86F6069Z13p50vLz3GAJ999J58g4tPa1t31A053Qm4TJq9# 日语app.oktest.yeepay.key.28157=9c1iwuk4xiib9mnjkrjoffb32w7cpv03e8r3ptynwk7rjg1771vvl4v6881z# 内控师 点一app.oktest.yeepay.key.28732=Yvz0bB90nD322976X7K70Qx6r610bz8536p2V5265911pwh83syKj99a44HX# 内控师 本地app.oktest.yeepay.key.28746=Yvz0bB90nD322976X7K70Qx6r610bz8536p2V5265911pwh83syKj99a44HX# 黄金分析师 本地app.oktest.yeepay.key.28903=# 内控师 公网app.oktest.yeepay.key.28996=Yvz0bB90nD322976X7K70Qx6r610bz8536p2V5265911pwh83syKj99a44HX# 易宝商户号app.oktest.yeepay.mid=10000616777# 韩语app.oktest.yeepay.mid.26755=10011844334# 日语app.oktest.yeepay.mid.28157=10000616777# 内控师 点一app.oktest.yeepay.mid.28732=10000913966# 内控师 本地app.oktest.yeepay.mid.28746=10000616777# 黄金分析师 本地app.oktest.yeepay.mid.28903=# 内控师 公网app.oktest.yeepay.mid.28996=10000913966# 易宝交易请求地址app.oktest.yeepay.nodeAuthorizationURL=http\://www.yeepay.com/app-merchant-proxy/nodeapp.ozny.netpay.returnurl=/command/ozny/%qrsfxmglb%/%qrsfstylename%/ecStudentFeeYeePayReturn####院校管理分页-每页显示记录数app.pagesize.yxgl=25# 阅卷专家机构app.papermarking.examiner.organization=21583# 阅卷系统考试职业app.papermarking.examplan.occupation=5957,6966,7796,7820# 阅卷系统考核管理单位app.papermarking.examplan.organization=2,3,4,5,93# 答卷图存放路径app.papermarking.examresult.dir=I\:/AppData/hzxmApp/upload/papermarking/result/app.papermarking.examresult.dir.url=/hzxmApp/upload/papermarking/result/# 阅卷专家阅卷工作最大超时时间(单位毫秒)app.papermarking.marking.max.timeout=600000# 阅卷系统判卷专家app.papermarking.markinguser.downname=PAPERMARKING# 阅卷系统复审专家app.papermarking.rehearinguser.downname=PAPERMARKING_FS# 项目基础配置模板app.project.baseprojectsetting.xmlpath=E\:/pthl/hzxm/src/config/baseProjectSetting.xml# 项目配置模板app.project.projectsetting.xmlpath=E\:/pthl/hzxm/src/config/projectSetting.xml# 网上确认身份所需费用app.qrsf.fee=5app.sqahnd.cert.dir=E\:/pthl/hzxm/src/data/cert/#######学生附件导入失败,文件存放地址#######app.sqahnd.student.fail.dir=I\:/AppData/hzxmApp/src/data/failfujian/#######目标学生附件照片文件夹########app.sqahnd.student.zhaopian.dir=I\:/AppData/hzxmApp/upload/zhaopian/app.sqahnd.student.zhaopian.dir.url=/hzxmApp/upload/zhaopian/#######临时学生附件图片文件夹#########app.sqahnd.upload.tempimg=I\:/AppData/hzxmApp/data/tempImg/#######导出院校信息存放路径#######app.sqahnd.yuanxiao.dir=E\:/pthl/hzxm/src/data/school/# 首页app.wsbm.firstpage=/command/ecStudentKaoShiMain # 易宝退费请求地址app.yeepay.distributeRefundExtUrl=http\://www.yeepay.com/app-airsupport/AirSupportCommand.action# 内控师密钥app.yeepay.key.cic=Yvz0bB90nD322976X7K70Qx6r610bz8536p2V5265911pwh83syKj99a44HX # 内控师岗位技能培训密钥app.yeepay.key.cicpx=Yvz0bB90nD322976X7K70Qx6r610bz8536p2V5265911pwh83syKj99a44HX# 日语密钥app.yeepay.key.jtest=3n7Jo12LNXB15673F884M9KyMU3Iay7Wij11ADRJ14856z0b8V69Cv2fH816# 韩语密钥app.yeepay.key.oktest=225x911Cf21g1C86F6069Z13p50vLz3GAJ999J58g4tPa1t31A053Qm4TJq9# 欧洲能源管理师密钥app.yeepay.key.ozny=18j90X7J8F2C5R4S03884V9U554BJW7gHTAJ7v72Xn77s64X36x7w08ci15R###################新系统整理############### 普天合力密钥app.yeepay.key.pthl=9c1iwuk4xiib9mnjkrjoffb32w7cpv03e8r3ptynwk7rjg1771vvl4v6881z# 内控师易宝商户号app.yeepay.mid.cic=10000913966# 内控师岗位技能培训易宝商户号app.yeepay.mid.cicpx=10000913966# 日语易宝商户号app.yeepay.mid.jtest=10001119734# 韩语易宝商户号app.yeepay.mid.oktest=10011844334# 欧洲能源管理师易宝商户号app.yeepay.mid.ozny=10011206448# 普天合力易宝商户号app.yeepay.mid.pthl=10000616777# 易宝分账交易请求地址app.yeepay.nodeSplitAuthorizationURL=http\://www.yeepay.com/app-airsupport/AirSupportService.actionapp.yeepay.queryByOrderReqURL=http\://www.yeepay.com/app-merchant-proxy/command####院校管理专业模板位置####################app.zhuanye.model=D\:/VHost/App/hzxmApp/WEB-INF/zhuanye.txtbase.db.datasource=CoreDataSourcebase.db.driver=net.sourceforge.jtds.jdbc.Driverbase.db.password=coreDBc)$\!\#cbase.db.pool.name=basePoolbase.db.pool.size=50base.db.pool.timeout=60000base.db.url=jdbc\:jtds\:sqlserver\://db.pthl.net\:12433/COREDB;user\=coredb;password\=coreDBc)$\!\#cbase.db.username=coredb# db.connection.type=DataSourcedb.connection.type=ConnectionPooldb.sequence.id.increment.by=1db.sequence.id.start.value=1# system.role.application.authorization.method=1db.use.oracle.sequence=false# 数据交换平台证书中文名称message.app.dataex.cert.name.desc.gjzs=国际证书# 页脚公司名称message.foot.company.26755=北京韩谐商务咨询有限公司message.foot.company.28732=中经安信息科技(北京)有限公司message.foot.company.28746=中经安信息科技(北京)有限公司message.foot.company.28903=黄金投资有限公司message.foot.company.28996=中经安信息科技(北京)有限公司# 考试信息获取途径message.kaoShi.infoChannel=1,2,3,12,13,15,99message.kaoShi.infoChannel.26755=1,2,3,11,12,13,14,15,99message.kaoShi.infoChannel.28732=1,2,3,12,13,15,99message.kaoShi.infoChannel.28746=1,2,3,12,13,15,99message.kaoShi.infoChannel.28903=1,2,3,12,13,15,99message.kaoShi.infoChannel.28996=1,2,3,12,13,15,99# 系统名称(各系统用项目管理办ID标识,文字信息要以message开头)message.system.title=管理系统message.system.title.26755=OK-TEST职业韩国语能力考试网上报名系统message.system.title.28157=实用日本语鉴定考试message.system.title.28732=国际注册内部控制师考试管理系统message.system.title.28746=国际注册内部控制师考试管理系统message.system.title.28903=黄金分析师项目管理系统message.system.title.28996=国际注册内部控制师考试管理系统# 考试信息获取途径message.welcome.message=登录信息管理系统!message.welcome.message.26755=登录职业韩国语能力考试信息管理系统!message.welcome.message.28157=登录实用日本语鉴定考试!message.welcome.message.28732=登录国际注册内部控制师考试信息管理系统!message.welcome.message.28746=登录国际注册内部控制师考试信息管理系统!message.welcome.message.28903=登录黄金分析师项目管理系统!message.welcome.message.28996=登录国际注册内部控制师考试信息管理系统!nvqhnd.app.root.id.value=19004nvqhnd.app.zhuanye.root.id.value=84881shell.word=C\:\\eclipse\\jdk1.5\\bin\\java -classpath D\:\\VHost\\App\\hzxmApp\\WEB-INF\\lib\\jacob.jar;E\:\\config\\lib-hzxm\\servlet-api.jar;D\:\\VHost\\App\\hzxmApp\\WEB-INF\\lib\\nvq-hzxm.jar;D\:\\VHost\\App\\hzxmApp\\WEB-INF\\lib\\ecommerce.jar;D\:\\VHost\\App\\hzxmApp\\WEB-INF\\lib\\log4j.jar;E\:\\config\\classes-hzxm# SQA JTEST项目办sqahnd.app.email.pay.jtest.dir=D\:/VHost/App/hzxmApp/WEB-INF/email_pay_jtest.txt# SQA 韩谐项目办sqahnd.app.email.pay.oktest.dir=D\:/VHost/App/hzxmApp/WEB-INF/email_pay_oktest.txt# SQA 内控师项目办sqahnd.app.email.paysuccess.cic.dir=D\:/VHost/App/hzxmApp/WEB-INF/email_paysuccess_cic.txt# SQA 内控师岗位技能培训交费成功邮件sqahnd.app.email.paysuccess.cicpx.dir=D\:/VHost/App/hzxmApp/WEB-INF/email_paysuccess_cicpx.txt# SQA JTEST项目办sqahnd.app.email.paysuccess.jtest.dir=D\:/VHost/App/hzxmApp/WEB-INF/email_paysuccess_jtest.txt# 读取发送邮件的文件路径# SQA 韩谐项目办sqahnd.app.email.paysuccess.oktest.dir=D\:/VHost/App/hzxmApp/WEB-INF/email_paysuccess_oktest.txt# SQA 洲能源管理师交费成功邮件sqahnd.app.email.paysuccess.ozny.dir=D\:/VHost/App/hzxmApp/WEB-INF/email_paysuccess_ozny.txt# SQA JTEST项目办sqahnd.app.email.pwd.jtest.dir=D\:/VHost/App/hzxmApp/WEB-INF/email_pwd_jtest.txt# SQA 韩谐项目办sqahnd.app.email.pwd.oktest.dir=D\:/VHost/App/hzxmApp/WEB-INF/email_pwd_oktest.txt# jtest 退费邮件sqahnd.app.email.refund.jtest.dir=D\:/VHost/App/hzxmApp/WEB-INF/email_refund_jtest.txt# SQA 内控师项目办sqahnd.app.email.register.cic.dir=D\:/VHost/App/hzxmApp/WEB-INF/email_register_cic.txt# SQA 内控师岗位技能培训注册邮件sqahnd.app.email.register.cicpx.dir=D\:/VHost/App/hzxmApp/WEB-INF/email_register_cicpx.txt# SQA 黄金分析师项目办sqahnd.app.email.register.hjtz.dir=D\:/VHost/App/hzxmApp/WEB-INF/email_register_hjtz.txt# SQA JTEST项目办sqahnd.app.email.register.jtest.dir=D\:/VHost/App/hzxmApp/WEB-INF/email_register_jtest.txt# SQA 韩谐项目办sqahnd.app.email.register.oktest.dir=D\:/VHost/App/hzxmApp/WEB-INF/email_register_oktest.txt# SQA 欧洲能源管理师注册邮件sqahnd.app.email.register.ozny.dir=D\:/VHost/App/hzxmApp/WEB-INF/email_register_ozny.txt# SQA 吟虹导出金地鑫文件的计划IDsqahnd.app.jihua.dir=D\:/VHost/App/hzxmApp/WEB-INF/jiHuaID.txtsqahnd.app.root.id.value=16867# SQA 国际内控师项目办sqahnd.app.xmglb.cic.id=28996# 内控师岗位技能培训sqahnd.app.xmglb.cicpx.id=31706# SQA 黄金分析师项目办sqahnd.app.xmglb.hjtz.id=28903# SQA JTEST项目办sqahnd.app.xmglb.jtest.id=28157# SQA韩谐项目办sqahnd.app.xmglb.oktest.id=26755# 欧洲能源管理师sqahnd.app.xmglb.ozny.id=31738# 普天合力项目管理办sqahnd.app.xmglb.pthl.id=1428# SQA吟虹项目办sqahnd.app.xmglb1.id=3407# SQA英伦育才项目办sqahnd.app.xmglb2.id=20965# SQA博奥项目办sqahnd.app.xmglb3.id=21114# SQA韩谐项目办sqahnd.app.xmglb4.id=26755# SQA JTEST项目办sqahnd.app.xmglb5.id=28157# SQA 国际内控师项目办sqahnd.app.xmglb6.id=28996# SQA 黄金分析师项目办sqahnd.app.xmglb7.id=28903sqahnd.app.zhuanye.root.id.value=84827# Word 生成重试等待时间,单位为秒system.activex.retry.word=60system.allow.external.authentication=true# 生成花名册的urlsystem.app.exportPhoto=http\://a.app.nvq.net.cn/hzxmApp/command/ecExportPhotoViewsystem.app.map.name=hzxmApp# 打印准考证时,在此时间内不再生成新的pdf文件,下载上次生成的system.app.pdfmodify.time=300000# 打印准考证时,是否把doc转化为pdf文件system.app.pdfmodify.yesorno.=falsesystem.app.pdfmodify.yesorno.jtest=falsesystem.app.pdfmodify.yesorno.oktest=true# 批处理生成准考证时,在此时间内不再生成新的准考证system.app.pdfmodifysleep.time=0# 打印准考证时是否压缩成包system.app.printzkz.zip=falsesystem.app.root.dir=D\:/VHost/App/hzxmApp/system.app.template.home.footer=/jsp/template/home/foot.jspsystem.app.template.home.topper=/jsp/template/home/top.jspsystem.audit.log.classname=com.ecommerce.log.AuditLogManagersystem.audit.log.on=falsesystem.authentication.classname=com.ecommerce.authentication.AuthenticationClasssystem.auto.printzkz.jtest.method=JTEST_MODELsystem.auto.printzkz.oktest.method=OKTEST_MODEL# 系统自动生成准考证的项目system.auto.printzkz.stylename=jtest,oktestsystem.classloader.command.directory=D\:/VHost/App/hzxmApp/WEB-INF/classes/# 正式运行时把此设置注释# system.classloader.command.directory1=D\:/VHost/App/hzxmApp/src/classes##############学生成绩1、成绩2、证书附件存放路径##########################system.data.attach.dir=I\:/AppData/hzxmApp/data/attach/system.dept.depart.from.user=falsesystem.display.dateformat=yyyy-MM-dd HH\:mm\:sssystem.display.records.per.page=10system.email.enabled=truesystem.email.smtp.host=mail.pthl.net[email protected]system.email.smtp.password=system@@pthl[email protected]#system.email.smtp.host=mail.pthl.net#[email protected]#system.email.smtp.password=Fww85282055#[email protected]system.email.thread.pool.size=10system.encryption.method=SHAsystem.encryption.type=3system.http.exception.redirect.page=/hzxmApp/command/ecAdminExceptionPagesystem.http.permission.deny.redirect.page=/hzxmApp/command/ecPermissionDenysystem.http.permission.home.redirect.page=ecHomesystem.http.server.command.package=com.ecommerce.commandsystem.http.session.timeout.redirect.page=/hzxmApp/command/ecAdminSessionTimeoutPagesystem.image.banner=/hzxmApp/images/zh_CN/banner.jpgsystem.image.banner.26755=/hzxmApp/images/zh_CN/logo-top-oktest.gifsystem.image.banner.28157=/hzxmApp/images/zh_CN/logo-top-jtest.gifsystem.image.banner.28732=/hzxmApp/images/zh_CN/logo-top-cic.gifsystem.image.banner.28746=/hzxmApp/images/zh_CN/logo-top-cic.gifsystem.image.banner.28903=/hzxmApp/images/zh_CN/logo-top-hjtz.gifsystem.image.banner.28996=/hzxmApp/images/zh_CN/logo-top-cic.gifsystem.image.banner.wsbm=/hzxmApp/images/zh_CN/wsbm/oktest/banner.gifsystem.image.banner.wsbm.26755=/hzxmApp/images/zh_CN/wsbm/oktest/banner.gifsystem.image.banner.wsbm.28732=/hzxmApp/images/zh_CN/wsbm/oktest/banner-cic.jpgsystem.image.banner.wsbm.28746=/hzxmApp/images/zh_CN/wsbm/oktest/banner-cic.jpgsystem.image.banner.wsbm.28903=/hzxmApp/images/zh_CN/wsbm/oktest/banner-hjtz.jpgsystem.image.banner.wsbm.28996=/hzxmApp/images/zh_CN/wsbm/oktest/banner-cic.jpgsystem.image.logo=/hzxmApp/images/zh_CN/logo-top.gifsystem.image.logo.aptech=/hzxmApp/images/zh_CN/logo-top-aptech.gifsystem.image.logo.boao=/hzxmApp/images/zh_CN/logo-top-boao.gifsystem.image.logo.cic=/hzxmApp/images/zh_CN/logo-top-cic.gifsystem.image.logo.cicpx=/hzxmApp/images/zh_CN/logo-top-cicpx.jpgsystem.image.logo.hjtz=/hzxmApp/images/zh_CN/logo-top-hjtz.gifsystem.image.logo.jtest=/hzxmApp/images/zh_CN/logo-top-jtest.gifsystem.image.logo.nvq=/hzxmApp/images/zh_CN/logo-top-nvq.gifsystem.image.logo.oktest=/hzxmApp/images/zh_CN/logo-top-oktest.gifsystem.image.logo.ozny=/hzxmApp/images/zh_CN/logo-top-ozny.jpgsystem.image.logo.sqahnd=/hzxmApp/images/zh_CN/logo-top-sqahnd.gifsystem.license.on=falsesystem.login.once.with.same.login.name=falsesystem.online.choose.plan.cic=multiplesystem.online.choose.plan.cicpx=multiple# 配置项目显示的可以报名的批次是一个还是多个system.online.choose.plan.jtest=singlesystem.online.choose.plan.ozny=multiplesystem.role.application.authorization.method=0# 报名管理下鉴定中心进入培训机构的角色system.roleId.name=52#####导出doc路径######system.runtime.data.dir=I\:/AppData/hzxmApp/data/oktestzhunkaozheng/system.styleName.26755=oktestsystem.styleName.28157=jtestsystem.styleName.28732=cicsystem.styleName.28746=cicsystem.styleName.28903=hjtzsystem.styleName.28996=cicsystem.upload.attach.dir=I\:/AppData/hzxmApp/upload/attach/# 数据交换平台system.upload.attach.dir.dataex=I\:/AppData/hzxmApp/upload/attach/system.upload.importPhoto.dir=I\:/AppData/hzxmApp/data/hzxmPhoto/system.upload.max.size=100000000system.upload.news.dir=I\:/AppData/hzxmApp/upload/news/system.valid.control.on=falsesystem.validatingclassloader.enable=true#日语J.TEST G级别打印准考证的回次信息app.jtest.G.huici.value=117
0x03:数据库烟花
#SQL Server jdbc.driverClassName=net.sourceforge.jtds.jdbc.Driverjdbc.url=jdbc\:jtds\:sqlserver\://192.168.0.9:12433;DatabaseName\=SAASjdbc.username=SAASjdbc.password=SAASpthl140124
第二弹:
#SQL Server jdbc.driverClassName=net.sourceforge.jtds.jdbc.Driverjdbc.url=jdbc\:jtds\:sqlserver\://192.168.0.9:12433;DatabaseName\=SAASGJZSBjdbc.username=SAASGJZSBjdbc.password=SAASpthl140124GJZSB
第三弹:
#SQL Server jdbc.driverClassName=net.sourceforge.jtds.jdbc.Driverjdbc.url=jdbc\:jtds\:sqlserver\://192.168.0.9:12433;DatabaseName\=SAASZXjdbc.username=SAASZXjdbc.password=SAASpthl140124ZX
第四弹:
第五弹:
#### SQLServer DriverdriverClass=net.sourceforge.jtds.jdbc.Driver#jdbcUrl=jdbc\:jtds\:sqlserver\://127.0.0.1;DatabaseName\=TRP#user=sa#password=sajdbcUrl=jdbc\:jtds\:sqlserver\://192.168.0.9:12433;DatabaseName\=TRPuser=TRPZJpassword=TRPZJpthl140124ZJ#jdbcUrl=jdbc:oracle:thin:@localhost:1521:orcl#driverClass=oracle.jdbc.driver.OracleDriver#user=sa#password=sa#jdbcUrl=jdbc:mysql://localhost/TRP#driverClass=com.mysql.jdbc.Driver#user=root#password=1234
第六弹:
#### SQLServer DriverdriverClassS=net.sourceforge.jtds.jdbc.Driverjdbc.url=jdbc\:jtds\:sqlserver\://192.168.0.9:12433;DatabaseName\=SAASjdbc.username=SAASjdbc.password=SAASpthl140124#jdbcUrlS=jdbc\:jtds\:sqlserver\://172.16.16.49;DatabaseName\=SAAS#userS=testsaas#passwordS=testsaas#jdbcUrl=jdbc:oracle:thin:@localhost:1521:orcl#driverClass=oracle.jdbc.driver.OracleDriver#user=sa#password=sa#jdbcUrl=jdbc:mysql://localhost/TRP#driverClass=com.mysql.jdbc.Driver#user=root#password=1234
数据库都这么多了,再送你一配置文件,内含某处账号密码信息:
#e-Commerce System#Sun Jun 01 18:22:14 CST 2008####管理分页-每页显示记录数app.books.pagesize=20app.db.datasource=CoreDataSourceapp.db.driver=net.sourceforge.jtds.jdbc.Driverapp.db.password=dataex%db$app.db.pool.name=appPoolapp.db.pool.size=50app.db.pool.timeout=60000app.db.url=jdbc\:jtds\:sqlserver\://db.pthl.net\:12433;DatabaseName=DATAEXDB;user\=dataexdb;password\=dataex%db$app.db.username=dataexdbapp.questions.pagesize=10base.db.datasource=CoreDataSourcebase.db.driver=net.sourceforge.jtds.jdbc.Driverbase.db.password=coreDBc)$!#cbase.db.pool.name=basePoolbase.db.pool.size=50base.db.pool.timeout=60000base.db.url=jdbc\:jtds\:sqlserver\://db.pthl.net\:12433;DatabaseName=COREDB;user\=coredb;password\=coreDBc)$\!\#cbase.db.username=coredbdb.connection.type=ConnectionPooldb.sequence.id.increment.by=1db.sequence.id.start.value=1db.use.oracle.sequence=falseshell.word=E:\\bea814\\jdk142_05\\bin\\java.exe -classpath e:\\config\\lib-app\\jacob-1.9.1.jar;e:\\config\\lib-app\\servlet-api.jar;D:\\VHost\\App\\xinzhiyeApp\\WEB-INF\\lib\\nvq-xinzhiye.jar;D:\\VHost\\App\\xinzhiyeApp\\WEB-INF\\lib\\ecommerce.jar;D:\\VHost\\App\\xinzhiyeApp\\WEB-INF\\lib\\log4j.jar;e:\\config\\classes-app cn.net.nvq.xinzhiye.requisition.WordDocumentsystem.allow.external.authentication=truesystem.app.bzc.roleid=102system.app.map.name=xinzhiyeAppsystem.app.name=新职业申报system.app.pszj.roleid=103system.app.root.dir=../system.app.template.home.footer=/jsp/template/home/foot.jspsystem.app.template.home.topper=/jsp/template/home/top.jspsystem.audit.log.classname=com.ecommerce.log.AuditLogManagersystem.audit.log.on=falsesystem.authentication.classname=com.ecommerce.authentication.AuthenticationClasssystem.classloader.command.directory=../WEB-INF/classes/system.classloader.command.directory1=E\:/PTHL/xinzhiye/src/classessystem.dept.depart.from.user=falsesystem.display.dateformat=yyyy-MM-ddsystem.display.records.per.page=10[email protected]system.email.enabled=truesystem.email.smtp.host=mail.pthl.netsystem.email.smtp.password=system@@pthl[email protected]system.email.thread.pool.size=10system.encryption.method=SHAsystem.encryption.type=3system.http.exception.redirect.page=/xinzhiyeApp/command/ecAdminExceptionPagesystem.http.permission.deny.redirect.page=/xinzhiyeApp/command/ecPermissionDenysystem.http.permission.home.redirect.page=ecHomesystem.http.server.command.package=com.ecommerce.commandsystem.http.session.timeout.redirect.page=/xinzhiyeApp/command/ecAdminSessionTimeoutPagesystem.http.session.timeout.url=http\://xzy.nvq.net.cn/system.license.on=falsesystem.login.once.with.same.login.name=falsesystem.role.application.authorization.method=0system.runtime.data.dir=I:/AppData/xinzhiyeApp/data/system.template.data.dir=D:/VHost/App/xinzhiyeApp/system.upload.attach.dir=I:/AppData/xinzhiyeApp/upload/attach/system.upload.max.size=100000000system.upload.news.dir=../upload/news/system.valid.control.on=falsesystem.validatingclassloader.enable=true
希望重视安全问题,尽快修复!数据库未链接获取数据处于检测权限。危害多大你懂得,包括链接数据库之后获取的examstudent等信息。
危害等级:高
漏洞Rank:11
确认时间:2015-05-08 17:45
CNVD确认并复现所述情况,已经转由CNCERT下发给浙江分中心,由其后续协调网站管理单位处置。
暂无
