当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0112081

漏洞标题:中国平安内网代理PAC脚本泄露(内网系统渗透关键信息)

相关厂商:中国平安保险(集团)股份有限公司

漏洞作者: prolog

提交时间:2015-05-05 10:29

修复时间:2015-06-23 15:56

公开时间:2015-06-23 15:56

漏洞类型:网络敏感信息泄漏

危害等级:中

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-05: 细节已通知厂商并且等待厂商处理中
2015-05-09: 厂商已经确认,细节仅向厂商公开
2015-05-19: 细节向核心白帽子及相关领域专家公开
2015-05-29: 细节向普通白帽子公开
2015-06-08: 细节向实习白帽子公开
2015-06-23: 细节向公众公开

简要描述:

...

详细说明:

https://github.com/SiQLuxe/Snapshot/blob/c6a532699920ca4de6f8342cc25aa881dde64dd0/network/proxy/PAC/proxyforwebx.pac


function FindProxyForURL(url, host)
{      
if(isInNet(myIpAddress(),"10.22.68.0","255.255.252.0")||
	isInNet(myIpAddress(),"10.22.96.0","255.255.240.0"))  
	return "DIRECT";   
else if(shExpMatch(url,"*//10.35.192.102")||
      shExpMatch(host,"10.35.192.110")||  
      shExpMatch(host,"10.35.192.138")||
      shExpMatch(host,"auto.pa18.com")|| 
      shExpMatch(host,"adms.pa18.com")||
      shExpMatch(host,"stg.pa18.com")|| 
      shExpMatch(host,"cargotest.pa18.com")|| 
      shExpMatch(host,"ybttest.pa18.com")||
      shExpMatch(host,"grouplife.pa18.com")||
      shExpMatch(host,"download-stg.pa18.com")||
      shExpMatch(host,"toa-dmz-newpir.paic.com.cn")||
      shExpMatch(host,"download-stag.pingan.com.cn")||
      shExpMatch(host,"stgadms.pa18.com")||
      shExpMatch(host,"10.35.192.186")||
      shExpMatch(host,"10.35.192.187")||
      shExpMatch(host,"10.35.192.228")||
      shExpMatch(host,"10.35.192.229")||
      shExpMatch(host,"10.35.192.95")||
      shExpMatch(host,"10.35.192.96")||
      shExpMatch(host,"10.35.192.97")||
      shExpMatch(host,"10.36.192.194")||
      shExpMatch(host,"ybt.pa18.com")||
      shExpMatch(host,"wap.stg.pingan.com.cn")||
      shExpMatch(host,"wap-stg.pingan.com.cn")||
      shExpMatch(host,"wap-ebank-stg.pingan.com.cn")||
      shExpMatch(host,"wap-stock-stg.pingan.com.cn")||
      shExpMatch(host,"pa18softnext01.pa18.com")||
      shExpMatch(host,"10.35.193.64")||
      shExpMatch(host,"10.35.193.144")||
      shExpMatch(host,"pa18softnext02.pa18.com")||
      shExpMatch(host,"10.35.195.205")||
      shExpMatch(host,"10.35.195.206")||
      shExpMatch(host,"myspam.paic.com.cn")||
      shExpMatch(host,"cexp-stg.pingan.com.cn")||
      shExpMatch(host,"ibc-stg2.pingan.com.cn")||
      shExpMatch(host,"ibp-stg3.pingan.com.cn")||
      shExpMatch(host,"ehis-hms-stg.pingan.com.cn")||
      shExpMatch(host,"10.35.193.65"))
      return "PROXY 10.11.111.161:8080;"+   
             "PROXY 10.11.111.176:8080";
   else if(shExpMatch(host,"corporate.18ebank.com"))
      return "PROXY 10.35.195.23:8080;"+   
             "PROXY 10.35.195.14:8080"; 
   else if(shExpMatch(host,"fp.gdltax.gov.cn"))
      return "PROXY 10.35.216.154:8080;"+   
             "PROXY 10.35.216.155:8080"; 
  else if(shExpMatch(host,"i.pingan.com.cn"))
     return getProxy();
   else if(shExpMatch(host,"p.generalv.com")||
           shExpMatch(host,"v.ku6vms.com")||
           shExpMatch(host,"img.ku6.com")||
           shExpMatch(host,"main.gslb.ku6.com")||
           shExpMatch(host,"player.ku6cdn.com")||
           shExpMatch(host,"v.ku6.com")||
           shExpMatch(host,"upload.ku6vms.com")||
	   shExpMatch(url,"*//121.10.109.*")||
	   shExpMatch(url,"*//220.181.23.*")||
           shExpMatch(url,"*//121.14.14.*")||
           shExpMatch(url,"*//121.14.15.*")||
           shExpMatch(host,"st.vq.ku6.cn")||
           shExpMatch(url,"*//211.162.79.*")||
           shExpMatch(url,"*//183.60.130.*")||
           shExpMatch(url,"*//113.106.201.*")||
           shExpMatch(url,"*//121.15.253.*")||
           shExpMatch(url,"*//121.10.240.*")||
           shExpMatch(url,"*//58.248.217.*")||
           shExpMatch(url,"*//112.90.39.*")||
           shExpMatch(url,"*//122.72.12.*")||
           shExpMatch(url,"*//116.77.72.*")||
           shExpMatch(url,"*//121.14.252.*"))
        return "PROXY 10.37.84.47:80;"+
               "PROXY 10.37.84.48:80";
  else if(shExpMatch(host,"10.35.173.179")||
          shExpMatch(host,"172.29.4.81")||
          shExpMatch(host,"172.29.4.82")||
          shExpMatch(host,"10.35.173.180")||
          shExpMatch(host,"10.254.1.*")||
          shExpMatch(host,"10.254.2.23")||
          shExpMatch(host,"192.168.160.111")||
          shExpMatch(host,"10.254.2.5"))
        return "PROXY 10.35.156.15:8080;"+
               "PROXY 10.35.156.16:8080";
  else if(shExpMatch(host,"10.35.174.14")||
          shExpMatch(host,"10.35.174.15"))
        return "PROXY 10.16.111.76:8080;"+
               "PROXY 10.16.111.77:8080";
  else if(shExpMatch(host,"xatopbc.bszp.pingan.com.cn")||
          shExpMatch(host,"xapbcml.bszp.pingan.com.cn")||
          shExpMatch(host,"9.24.*.*")||
          shExpMatch(host,"9.104.45.*")||
          shExpMatch(host,"9.104.47.*")||
          shExpMatch(host,"172.16.38.1")||
          shExpMatch(host,"9.0.81.1")||
          shExpMatch(host,"100.1.64.*")||
          shExpMatch(host,"100.1.248.*")||
          shExpMatch(host,"100.1.95.5")||
           shExpMatch(host,"10.72.254.11")||
           shExpMatch(host,"10.72.254.13")||
           shExpMatch(host,"10.72.254.14")||
	   shExpMatch(host,"10.72.254.21")||
           shExpMatch(host,"100.94.10.5")||
           shExpMatch(host,"100.94.10.20")||
           shExpMatch(host,"100.94.10.24")||
           shExpMatch(host,"100.94.10.39")||
           shExpMatch(host,"100.100.50.132")||
           shExpMatch(host,"19.104.246.*")||
           shExpMatch(host,"19.104.250.*")||
           shExpMatch(host,"11.36.1.74")||
           shExpMatch(host,"56.17.0.2")||
           shExpMatch(host,"56.17.0.10")||
           shExpMatch(host,"57.0.63.*")||
           shExpMatch(host,"8.56.2.*")||
           shExpMatch(host,"8.56.7.146")||
           shExpMatch(host,"9.107.207.*")||
           shExpMatch(host,"9.72.47.*")||
           shExpMatch(host,"9.72.46.*")||
           shExpMatch(host,"9.96.15.*")||
           shExpMatch(host,"9.96.47.*")||
           shExpMatch(host,"19.100.246.*")||
           shExpMatch(host,"cnapsgz1.bszp.pingan.com.cn")|| 
	   shExpMatch(host,"cnapsgz2.bszp.pingan.com.cn")|| 
           shExpMatch(host,"jiaohuipingtai.bszp.pingan.com.cn")|| 
           shExpMatch(host,"pmis-renhang.bszp.pingan.com.cn")|| 
           shExpMatch(host,"waiguanju.bszp.pingan.com.cn")|| 
           shExpMatch(host,"xmyjqyts.bszp.pingan.com.cn")||
          shExpMatch(host,"fjyj-web.bszp.pingan.com.cn")||
          shExpMatch(host,"fjyj-mail.bszp.pingan.com.cn")||
          shExpMatch(host,"fjyj-credit.bszp.pingan.com.cn")||
          shExpMatch(host,"fjyj-risk.bszp.pingan.com.cn")||
          shExpMatch(host,"cnapsfz1.bszp.pingan.com.cn")||
          shExpMatch(host,"cnapsfz2.bszp.pingan.com.cn")||
          shExpMatch(url,"*//58.0.61.*")|| 
	  shExpMatch(url,"*//58.2.60.2")|| 
	  shExpMatch(url,"*//168.11.205.*")|| 
	  shExpMatch(url,"*//172.30.19.*")|| 
	  shExpMatch(url,"*//100.134.2.*")|| 
	  shExpMatch(url,"*//19.136.250.*")|| 
	  shExpMatch(url,"*//19.72.250.*")|| 
	  shExpMatch(url,"*//19.100.250.*")|| 
	  shExpMatch(url,"*//172.100.1.*")|| 
          shExpMatch(host,"212.231.9.*")||
          shExpMatch(host,"10.156.23.*")||
          shExpMatch(host,"191.168.1.130")||
          shExpMatch(host,"191.168.1.132")||        
	  shExpMatch(url,"*//172.40.1.*")|| 
          shExpMatch(host,"19.68.246.*")||
          shExpMatch(host,"10.72.254.20")||
          shExpMatch(host,"10.72.254.22")||
          shExpMatch(host,"bpay-pmis.bszp.pingan.com.cn")||
          shExpMatch(host,"bpay-ra.bszp.pingan.com.cn")||
          shExpMatch(host,"cz.bszp.pingan.com.cn")||
          shExpMatch(host,"czjk.bszp.pingan.com.cn")||
          shExpMatch(host,"chinamoneyrmb03.bszp.pingan.com.cn")||
          shExpMatch(host,"btcps.bszp.pingan.com.cn"))
        return "PROXY 10.35.163.210:8080;"+
               "PROXY 10.35.163.211:8080";
   else if(shExpMatch(host,"172.6.6.1"))
      return "PROXY 10.35.178.10:8080;"+   
             "PROXY 10.35.178.11:8080"; 
   else if(shExpMatch(host,"bisc.gzebsc")||
	   shExpMatch(host,"iisw.gzebsc")||
	   shExpMatch(host,"*.bszp.pingan.com.cn"))
      return "PROXY 10.35.163.210:8080;"+   
             "PROXY 10.35.163.211:8080"; 
   else if(shExpMatch(host,"*.iszp.pingan.com.cn")||
           shExpMatch(host,"*.audatex.cn")||
           shExpMatch(host,"*.audatex.net")||
           shExpMatch(host,"*.audatex.com"))
    return "PROXY 10.35.156.15:8080;"+
           "PROXY 10.35.156.16:8080";
   else if(shExpMatch(host,"*.sszp.pingan.com.cn"))
      return "PROXY 10.17.138.11:8080;"+  
             "PROXY 10.17.138.12:8080"; 
   else if(shExpMatch(host,"*.bshp.pingan.com.cn"))
      return "PROXY 10.37.178.11:8080;"+  
             "PROXY 10.37.178.12:8080"; 
   else if(shExpMatch(host,"10.192.0.39")||
           shExpMatch(host,"10.192.0.40")||
           shExpMatch(host,"10.192.32.128")||
           shExpMatch(host,"10.192.0.41")||
           shExpMatch(host,"192.168.154.125")||
           shExpMatch(host,"192.168.154.180")||
           shExpMatch(host,"10.192.0.33")||
           shExpMatch(host,"192.168.154.183")||
           shExpMatch(host,"*.ishp.pingan.com.cn"))  
      return "PROXY 10.37.179.11:8080;"+  
             "PROXY 10.37.179.12:8080";
//TOA-DMZ ISA
   else if(shExpMatch(host,"health.pingan.com")||
	   shExpMatch(host,"member.pingan.com.cn")||
           shExpMatch(host,"new.pa18.com")||
      	   shExpMatch(host,"pre.pa18.com")||
           shExpMatch(host,"che.pingan.com")||
           shExpMatch(host,"www.pa18.com.cn")||
           shExpMatch(host,"www.pa18.com.hk")||
           shExpMatch(host,"www.pa18.hk")||
           shExpMatch(host,"www.paic.com.cn")||
           shExpMatch(host,"stock.pingan.com")||
	   shExpMatch(host,"eim.pingan.com")||
           shExpMatch(host,"fund.pingan.com")||
           shExpMatch(host,"futures.pingan.com")||
           shExpMatch(host,"money.pingan.com")||
           shExpMatch(host,"shop.pingan.com")||
           shExpMatch(host,"www.realestate.pingan.com")||
           shExpMatch(host,"www.realestate.pingan.com.cn")||
           shExpMatch(host,"realestate.pingan.com.cn")||
           shExpMatch(host,"taobao.pingan.com")||
	         shExpMatch(host,"insurance.pingan.com")||
           shExpMatch(host,"bank.pingan.com")||
           shExpMatch(host,"ibank.pingan.com.cn")||
           shExpMatch(host,"ibank.pingan.com")||
           shExpMatch(host,"ibank-pre1.pingan.com.cn")||
           shExpMatch(host,"ibank-pre2.pingan.com.cn")||
           shExpMatch(host,"ibank-pre3.pingan.com.cn")||
           shExpMatch(host,"creditcard.pingan.com")||
           shExpMatch(host,"baoxian.pingan.com")||
           shExpMatch(host,"www.baoxian.pingan.com")||
	   shExpMatch(host,"bankcdn.pingan.com.cn")||
           shExpMatch(host,"chexian.pingan.com")||
           shExpMatch(host,"life.pingan.com")||
           shExpMatch(host,"xintuo.pingan.com")||
           shExpMatch(host,"annuity.pingan.com")||
	   shExpMatch(host,"adcdn.pingan.com")||
           shExpMatch(host,"asset.pingan.com")||
           shExpMatch(host,"ir.pingan.com")||
           shExpMatch(host,"property.pingan.com")||
           shExpMatch(host,"realestate.pingan.com")||
           shExpMatch(host,"invest.pingan.com")||
           shExpMatch(host,"about.pingan.com")||
           shExpMatch(host,"ued.pingan.com")||
           shExpMatch(host,"www.daikuan.pingan.com")||
           shExpMatch(host,"caifu.pingan.com")||
           shExpMatch(host,"vip.pingan.com")||
           shExpMatch(host,"russell.pingan.com")||
           shExpMatch(host,"img2.pingan.com")||
           shExpMatch(host,"css2.pingan.com")||
           shExpMatch(host,"script2.pingan.com")||
           shExpMatch(host,"static2.pingan.com")||
           shExpMatch(host,"css1.pingan.com")||
           shExpMatch(host,"img1.pingan.com")||
           shExpMatch(host,"resources.pingan.com")||
           shExpMatch(host,"script1.pingan.com")||
           shExpMatch(host,"wwwtest.pingan.com.cn")||
           shExpMatch(host,"static1.pingan.com")||
	   shExpMatch(host,"fund.pingan.com.cn")||
	   shExpMatch(host,"puf-hsws.pingan.com")||
	   shExpMatch(host,"www.creditcard.pingan.com.cn")||
           shExpMatch(host,"www.creditcard.pingan.com")||
           shExpMatch(host,"ssl.pingan.com")||
           shExpMatch(host,"daikuan.pingan.com.cn")||
           shExpMatch(host,"www.intrust.pingan.com")||
           shExpMatch(host,"www.about.pingan.com")||
           shExpMatch(host,"www.annuity.pingan.com")||
           shExpMatch(host,"www.asset.pingan.com")||
           shExpMatch(host,"www.bank.pingan.com")||
           shExpMatch(host,"www.caifu.pingan.com")||
           shExpMatch(host,"www.stock.pingan.com")||
           shExpMatch(host,"www.stock.pingan.com.cn")||
           shExpMatch(host,"www.fund.pingan.com")||
           shExpMatch(host,"www.health.pingan.com")||
           shExpMatch(host,"www.insurance.pingan.com")||
           shExpMatch(host,"www.invest.pingan.com")||
           shExpMatch(host,"www.ir.pingan.com")||
           shExpMatch(host,"www.life.pingan.com")||
           shExpMatch(host,"www.money.pingan.com")||
           shExpMatch(host,"www.property.pingan.com")||
           shExpMatch(host,"www.vip.pingan.com")||
	   shExpMatch(host,"www.bank.pingan.com.cn")||
           shExpMatch(host,"www.xintuo.pingan.com")||
	   shExpMatch(host,"russell.pingan.com.cn")||
	   shExpMatch(host,"www.russell.pingan.com.cn")||      
	   shExpMatch(host,"www.russell.pingan.com")||
           shExpMatch(host,"mycard.pingan.com")||
           shExpMatch(host,"www.mycard.pingan.com")||
           shExpMatch(host,"www.futures.pingan.com")||
           shExpMatch(host,"www.95511.com.cn")||
           shExpMatch(host,"www.pinganonline.com.cn")||
           shExpMatch(host,"www.pinganonline.com")||
           shExpMatch(host,"www.4008-000-000.com.cn")||
           shExpMatch(host,"www.pinganshop.com.cn")||
           shExpMatch(host,"4008000000.com")||
           shExpMatch(host,"www.4008000000.com")||
           shExpMatch(host,"www.money.pingan.com.cn")||
           shExpMatch(host,"money.pingan.com.cn")||
           shExpMatch(host,"www.taobao.pingan.com")||
           shExpMatch(host,"www.chexian.pingan.com")||
           shExpMatch(host,"daikuan.pingan.com")||
	   shExpMatch(host,"www.one.pingan.com")||
           shExpMatch(host,"trust.pingan.com")||
           shExpMatch(host,"chaoshi.pingan.com")||
           shExpMatch(host,"m.pingan.com")||
           shExpMatch(host,"www.pingan.com.cn")||
           shExpMatch(host,"u.pingan.com")||
           shExpMatch(host,"www.pingan.com")||
           shExpMatch(host,"one.pingan.com")||
           shExpMatch(host,"wap.pingan.com")||
           shExpMatch(host,"wap.pingan.com.cn")||
           shExpMatch(host,"1010-0000.pingan.com")||
           shExpMatch(host,"bmmsz.pingan.com")||
           shExpMatch(host,"download.pingan.com.cn")||
           shExpMatch(host,"guanjia.pingan.com")||
           shExpMatch(host,"www.pingancdn.com")||
           shExpMatch(host,"1010-0000.com")||
           shExpMatch(host,"www.1010-0000.com")||
           shExpMatch(host,"www.10100000.com")||
           shExpMatch(host,"search.pingan.com")||
           shExpMatch(host,"resources.pingancdn.com")||
           shExpMatch(host,"rlms.pingan.com")||
           shExpMatch(host,"elife.pingan.com")||
           shExpMatch(host,"cardmall.tmp-bank.pingan.com")||
           shExpMatch(host,"loan.pingan.com")||
           shExpMatch(host,"sis-fw.pingan.com.cn")||
           shExpMatch(host,"shoptest.pingan.com")||
           shExpMatch(host,"spfordf.pingan.com.cn")||
           shExpMatch(host,"spfordf.wanlitong.com")||
           shExpMatch(host,"spfortoa.wanlitong.com")||
           shExpMatch(host,"static.pingancdn.com")||
           shExpMatch(host,"pa18-shop-auto-2013.pingan.com.cn")||
           shExpMatch(host,"img.pingancdn.com")||
           shExpMatch(host,"css.pingancdn.com")||
           shExpMatch(host,"script.pingancdn.com")||
           shExpMatch(host,"xinbao.pingan.com")||
           shExpMatch(host,"chexian.4008000000.com")||
           shExpMatch(host,"www.chexian.4008000000.com")||
           shExpMatch(host,"www.chexian.4008000000.com")||
           shExpMatch(host,"annuity.pingan.com.cn")||
           shExpMatch(host,"resources.pingan.com.cn"))
	return getTOAProxy();
//BANK-DMZ ISA 
else if(shExpMatch(host,"enterprise.18ebank.com")||
	shExpMatch(host,"bank.pingan.com.cn")||
	shExpMatch(host,"ibank-ds.pingan.com.cn")||
	shExpMatch(host,"ibank-pbd.pingan.com.cn")||
	shExpMatch(host,"personal.18ebank.com.cn")||
	shExpMatch(host,"personal.18ebank.com")||
	shExpMatch(host,"caifu.pingan.com.cn")||
	shExpMatch(host,"cfe.pingan.com.cn")||
	shExpMatch(host,"bankupload.pingan.com.cn")||
	shExpMatch(host,"creditcard.pingan.com.cn")||
	shExpMatch(host,"creditcard.tmp-bank.pingan.com.cn")||
        shExpMatch(host,"bestrss.pingan.com.cn")||
	shExpMatch(host,"netpay.pingan.com.cn"))
      return WebbankProxy();
//OTHERS-DMZ ISA
   else if(shExpMatch(host,"epcis-pais.pingan.com.cn")||
           shExpMatch(host,"sdc.pingan.com")||
           shExpMatch(host,"pmit.pingan.com.cn")||
           shExpMatch(host,"sdc.pingan.com.cn")||
           shExpMatch(host,"icore-pts.pingan.com.cn")||
           shExpMatch(host,"lds.pingan.com.cn")||
           shExpMatch(host,"lds10.pingan.com.cn")||
	   shExpMatch(host,"umlogon.pingan.com.cn")||
	   shExpMatch(host,"im-core.pingan.com.cn")||
           shExpMatch(host,"im-core-share.pingan.com.cn")||
           shExpMatch(host,"im-core-epcis.pingan.com.cn")||
           shExpMatch(host,"im-core-life.pingan.com.cn")||
	   shExpMatch(host,"elis-lms.pingan.com.cn")||
	   shExpMatch(host,"*.agent.pa18.com")||
	   shExpMatch(host,"autoclaim.pingan.com.cn")||
	   shExpMatch(host,"cargo.pa18.com")||
	   shExpMatch(host,"download.pa18.com")||
           shExpMatch(host,"nj.pingan.com")||
           shExpMatch(host,"nj-download.pingan.com")||
           shExpMatch(host,"abbs.pa18.com")||
           shExpMatch(host,"um.pa18.com")||
           shExpMatch(host,"elis-ipms.pingan.com")||
           shExpMatch(host,"paosms.pingan.com.cn")||
           shExpMatch(host,"learn.pingan.com.cn")||
           shExpMatch(host,"egvip.pingan.com.cn")||
           shExpMatch(host,"pss-sdc.pa18.com")||
           shExpMatch(host,"eim.pingan.com.cn")||
	   shExpMatch(host,"esalesdownload.pingan.com")||
           shExpMatch(host,"mail.pa18.com")||
           shExpMatch(host,"salesmail.pa18.com")||
           shExpMatch(host,"pamdm.pingan.com.cn")||
           shExpMatch(host,"pa18softnext03.pa18.com")||
           shExpMatch(host,"pa18softnext04.pa18.com")||
           shExpMatch(host,"vip-pp.pingan.com.cn")||
           shExpMatch(host,"hm-iss.pingan.com.cn")||
           shExpMatch(host,"172.28.48.137")||
           shExpMatch(host,"172.28.48.138")||
           shExpMatch(host,"172.28.48.139")||
           shExpMatch(host,"pensionfile.paic.com.cn")||
           shExpMatch(host,"baojia.pingan.com.cn")||
           shExpMatch(host,"itjob.pingan.com.cn")||
           shExpMatch(host,"itjob.pingan.com")||
           shExpMatch(host,"invoice-dmz.paic.com.cn")||
           shExpMatch(host,"ecss-cms.paic.com.cn")||
           shExpMatch(host,"tfms.pingan.com.cn")||
	   shExpMatch(host,"mb.pingan.com.cn")||
           shExpMatch(host,"rdas1.pingan.com.cn")||
           shExpMatch(host,"rdas2.pingan.com.cn")||
           shExpMatch(host,"pacz.pa18.com")||
           shExpMatch(host,"mrss.pingan.com.cn")||
           shExpMatch(host,"icorepams.pingan.com.cn")||
           shExpMatch(host,"hmcs.pa18.com")||
           shExpMatch(host,"esalesann.pingan.com"))
	return "PROXY 10.35.30.12:8080;"+   
               "PROXY 10.35.30.11:8080";         
   else if(shExpMatch(host,"192.168.192.44"))
      return "PROXY 10.35.178.14:8080;"+  
             "PROXY 10.35.178.15:8080"; 
   else if(shExpMatch(host,"lpms-pp-stg-sh.dmzstg.pingan.com.cn")||
           shExpMatch(host,"pidms.dr.pingan.com.cn")||
           shExpMatch(host,"lpms-cust-stg.dmzstg.pingan.com.cn")||
           shExpMatch(host,"lpms-pp-stg.dmzstg.pingan.com.cn")||
           shExpMatch(host,"lpms-core-stg.pingan.com.cn")||
           shExpMatch(host,"lpms-cust-p5.dmzstg.pingan.com.cn")||
           shExpMatch(host,"lpms-admin-pir.paic.com.cn")||
           shExpMatch(host,"lpms-cust-p1.dmzstg.pingan.com.cn")||
           shExpMatch(host,"lpms-cust-p3.dmzstg.pingan.com.cn")||
           shExpMatch(host,"lpms-cust-p4.dmzstg.pingan.com.cn")||
           shExpMatch(host,"lpms-admin-p2.paic.com.cn")||
           shExpMatch(host,"jk-bis-stg.dmzstg.pingan.com.cn")||
           shExpMatch(host,"lpms-payment-stg.dmzstg.pingan.com.cn")||
           shExpMatch(host,"lpms-member-stg.dmzstg.pingan.com.cn")||
           shExpMatch(host,"lpms-member-p1.dmzstg.pingan.com.cn")||
           shExpMatch(host,"lpms-admin-p3.paic.com.cn")||
           shExpMatch(host,"lpms-cust-p6.dmzstg.pingan.com.cn")||
           shExpMatch(host,"lpms-cust-p7.dmzstg.pingan.com.cn")||
	         shExpMatch(host,"lpms-cust-stg-sh.dmzstg.pingan.com.cn"))
	   return "DIRECT";
   else if(shExpMatch(host,"ibank-peps-stg.pingan.com.cn")||
           shExpMatch(host,"ibankpepsstg.pingan.com.cn")||
	   shExpMatch(host,"ibank-peps-prj2.pingan.com.cn")||
	   shExpMatch(host,"ibank-peps-stg-cup.pingan.com.cn")||
           shExpMatch(host,"ibank-peps-pir.pingan.com.cn")||
	   shExpMatch(host,"*.dmzstg.paic.com.cn")||
	   shExpMatch(host,"salespir.pa18.com")||
	   shExpMatch(host,"sales-np1.pa18.com")||
           shExpMatch(host,"shop-stg.pingan.com.cn")||
           shExpMatch(host,"pa18-shop-formit-stg.pingan.com.cn")||
           shExpMatch(host,"192.168.143.21")||
           shExpMatch(host,"stg3.pingan.com.cn")||
           shExpMatch(host,"xinbao.dmzstg.pingan.com.cn")||
           shExpMatch(host,"test-creditcard.pingan.com.cn")||
           shExpMatch(host,"ibank-peps-stg4.pingan.com.cn")||
           shExpMatch(host,"ibank-peps-stg5.pingan.com.cn")||
           shExpMatch(host,"ibank-ibc-stg4.pingan.com.cn")||
           shExpMatch(host,"ibank-stg.pingan.com.cn")||
           shExpMatch(host,"*.dmzstg.pingan.com.cn")||
           shExpMatch(host,"pfms-pmis.dr.pingan.com.cn")||
           shExpMatch(host,"np.pa18.com")||
           shExpMatch(host,"testibankprj.pingan.com.cn")||
           shExpMatch(host,"sso-clp-ecss-dmzstg.pingan.com.cn")||
           shExpMatch(host,"*.dmzstg.pingan.com"))
      return "PROXY 10.36.192.157:8080;"+
             "PROXY 10.36.192.156:8080";
else if(shExpMatch(host,"itms.paic.com.cn")||
        shExpMatch(host,"www.qdjob.com")||
        shExpMatch(host,"itms-stg.paic.com.cn")||
        shExpMatch(host,"itms-xian.paic.com.cn")||
        shExpMatch(host,"itms-neijiang.paic.com.cn")||
        shExpMatch(host,"itms-guangzhou.paic.com.cn")||
        shExpMatch(host,"itms-shenyang.paic.com.cn")||
        shExpMatch(host,"itms-chengdu.paic.com.cn")||
        shExpMatch(host,"itms-shanghai.paic.com.cn")||
        shExpMatch(host,"itms-zhengzhou.paic.com.cn")||
        shExpMatch(host,"itms-wuhan.paic.com.cn")||
        shExpMatch(host,"itms-csr.paic.com.cn")||
        shExpMatch(host,"192.168.10.*"))
      return "PROXY 10.37.173.38:8080;"+
             "PROXY 10.37.173.37:8080";
   else if(shExpMatch(host,"172.18.10.253")||
	   shExpMatch(host,"172.18.10.254"))
	       return "PROXY 10.37.179.11:8080;"+
          	      "PROXY 10.37.179.12:8080";
   else if(shExpMatch(host,"pa18-int.pa18.com")||
           shExpMatch(host,"stock.pa18.com")||
           shExpMatch(host,"cardmall.pingan.com")||
           shExpMatch(host,"abbs-stg.pa18.com")||
           shExpMatch(host,"abbs-np3.pa18.com")||
           shExpMatch(host,"recruit.pingan.com.cn")||
           shExpMatch(host,"filetransfer.pingan.com.cn")||
           shExpMatch(host,"mail.pingan.com.cn")||
           shExpMatch(host,"mx1.pingan.com.cn")||
           shExpMatch(host,"recruit-stg.pingan.com.cn")||
           shExpMatch(host,"rss.pingan.com.cn")||
           shExpMatch(host,"recruite-test.pingan.com.cn")||
           shExpMatch(host,"sales-test.pingan.com.cn")||
           shExpMatch(host,"mx2.pingan.com.cn")||
           shExpMatch(host,"paca.pingan.com.cn")||
           shExpMatch(host,"career-test.pingan.com.cn")||
           shExpMatch(host,"vpn.pingan.com.cn")||
           shExpMatch(host,"vpn7.pingan.com.cn")||
           shExpMatch(host,"recruit-teststaging.pingan.com.cn")||
           shExpMatch(host,"recruit-test.pingan.com.cn")||
           shExpMatch(host,"mailout2.pingan.com.cn")||
           shExpMatch(host,"egcqs.pingan.com.cn")||
           shExpMatch(host,"mailout1.pingan.com.cn")||
           shExpMatch(host,"eai-riis-prd.pingan.com.cn")||
           shExpMatch(host,"mx3.pingan.com.cn")||
           shExpMatch(host,"mx4.pingan.com.cn")||
           shExpMatch(host,"stg-shdmz.pingan.com.cn")||
           shExpMatch(host,"ebank-stg-shdmz.pingan.com.cn")||
           shExpMatch(host,"recruit-stg-shdmz.pingan.com.cn")||
           shExpMatch(host,"epcis-upc-stg-shdmz.pingan.com.cn")||
           shExpMatch(host,"vpn.otp.pingan.com.cn")||
           shExpMatch(host,"labdemo.pingan.com.cn")||
	   shExpMatch(host,"bmms.pingan.com.cn")||
           shExpMatch(host,"lpms-stg.pingan.com.cn")||
	   shExpMatch(host,"gcss-stg-shdmz.pingan.com.cn")||
	   shExpMatch(host,"ctx.pingan.com.cn")||
           shExpMatch(host,"*.txt.pingan.com.cn")||
           shExpMatch(host,"im-core-stg.pingan.com.cn")||
           shExpMatch(host,"*txt.pingan.com.cn")||
	   shExpMatch(host,"gcss.pa18.com"))
	      return getProxy();
   else if(shExpMatch(host,"*dmzstg1.paic.com.cn")||
	   shExpMatch(host,"*dmzstg2.paic.com.cn")||
	   shExpMatch(host,"*dmzstg3.paic.com.cn")||
           shExpMatch(host,"*dmzstg4.paic.com.cn")||
           shExpMatch(host,"*dmzstg1.pingan.com.cn")||
           shExpMatch(host,"*dmzstg2.pingan.com.cn")||
           shExpMatch(host,"*dmzstg3.pingan.com.cn")||
           shExpMatch(host,"*dmzstg4.pingan.com.cn")||
           shExpMatch(host,"*dmzstg1.pingan.com")||
           shExpMatch(host,"*dmzstg2.pingan.com")||
           shExpMatch(host,"*dmzstg3.pingan.com")||
           shExpMatch(host,"*dmzstg4.pingan.com")||
           shExpMatch(host,"*dmzstg1.pa18.com")||
           shExpMatch(host,"*dmzstg2.pa18.com")||
           shExpMatch(host,"*dmzstg3.pa18.com")||
           shExpMatch(host,"*dmzstg4.pa18.com")||
           shExpMatch(host,"*stg1.xa18.com.cn")||
           shExpMatch(host,"*stg2.xa18.com.cn")||
           shExpMatch(host,"*.dr.pa18.com")||
           shExpMatch(host,"umlogon.dr.pingan.com.cn")||
           shExpMatch(host,"www.dr.xa18.com.cn")||
           shExpMatch(host,"pfms-pmis.dr.pingan.com.cn")||
           shExpMatch(host,"test-member.pingan.com.cn")||
           shExpMatch(host,"wcm-core-search-dmzstg1.pingan.com.cn")||
           shExpMatch(host,"test-www.4008000000.com")||
           shExpMatch(host,"test-www.chexian.4008000000.com")||
           shExpMatch(host,"*.dr.pingan.com")||
           shExpMatch(host,"test-tfms.pingan.com.cn")||
           shExpMatch(host,"*dmzrt.pingan.com.cn")||
           shExpMatch(host,"hmcs-stg.pa18.com")||
           shExpMatch(host,"*.dr.pingan.com.cn"))
      return dmzstgProxy();
   else if(shExpMatch(host,"stock.pingan.com.cn"))
      return "PROXY 10.11.111.233:8080;"+
             "PROXY 10.11.111.234:8080;"+   
             "PROXY 10.11.111.235:8080";
   else if(shExpMatch(host,"test*.1qianbao.com"))
      return "PROXY 10.189.6.186:8080;"+ 
             "PROXY 10.189.6.187:8080";
   else if(shExpMatch(host,"*.1qianbao.com"))
      return "PROXY 10.189.6.188:8080;"+
             "PROXY 10.189.6.189:8080";
   else if(isPlainHostName(host)||
	   shExpMatch(url,"*//10.*.*.*")|| 
   	   shExpMatch(url,"*//127.*.*.*")||
   	   shExpMatch(url,"*//172.18.*.*")||
	   shExpMatch(url,"*//172.19.*.*")|| 
	   shExpMatch(url,"*//192.168.10.*")|| 
	   shExpMatch(host,"*.paic.com.cn")||
	   shExpMatch(host,"*.pingan.com.cn")||
	   shExpMatch(host,"*.pingan.cn")||
	   shExpMatch(host,"ay.pingan.com")||
	   shExpMatch(host,"*.paicdom.local")||
	   shExpMatch(host,"*.uc.pingan.com")||
	   shExpMatch(host,"www.resolver.com")||   
	   shExpMatch(host,"*.pa18.com")||
           shExpMatch(host,"success.sdb.com.cn")||
           shExpMatch(host,"oa.sdb.com.cn")||
           shExpMatch(host,"cmmd.sdb.com.cn")||
           shExpMatch(host,"stat.sdb.com.cn")||
           shExpMatch(host,"cms.sdb.com.cn")||
           shExpMatch(host,"itdoc.sdb.com.cn")||
           shExpMatch(host,"itsm.sdb.com.cn")||
	   shExpMatch(host,"rpt.sdb.com.cn")||
	   shExpMatch(host,"webmail.sdb.com.cn")||
	   shExpMatch(host,"eccore.pingan.com")||
           shExpMatch(host,"esalesbank.pingan.com")||
           shExpMatch(host,"sso-clp-sales4bank-prd.pingan.com")||
           shExpMatch(host,"pssbank.pingan.com")||
           shExpMatch(host,"xdsp.pingan.com")||
	   shExpMatch(host,"ecpub.pingan.com")||
	   shExpMatch(host,"sso-clp-ecss.pingan.com")||
           shExpMatch(host,"sso-clp-ecss-prd.pingan.com")||
           shExpMatch(host,"ecss.pingan.com")||
           shExpMatch(host,"ams.sdb.com.cn")||
           shExpMatch(host,"cfss.sdb.com.cn")||
           shExpMatch(host,"uip.sdb.com.cn")||
           shExpMatch(host,"counterbank.sdb.com.cn")||
           shExpMatch(host,"pac.pingan.com")||
	   shExpMatch(url,"*//172.110.*.*")||
	   shExpMatch(url,"*//100.1.248.*")||
           shExpMatch(host,"aml.sdb.com.cn")||
           shExpMatch(host,"www.wanlitong.com")||
           shExpMatch(host,"wanlitong.com")||
           shExpMatch(host,"tuan.wanlitong.com")||
           shExpMatch(host,"lpms.pingan.com.cn")||
           shExpMatch(host,"partner.wanlitong.com")||
           shExpMatch(host,"static.wanlitong.com")||
           shExpMatch(host,"member.wanlitong.com")||
           shExpMatch(host,"test-member-p2.wanlitong.com")||
           shExpMatch(host,"test-member-p3.wanlitong.com")||
           shExpMatch(host,"test-member-p4.wanlitong.com")||
           shExpMatch(url,"*//11.37.227.*"))
	   return "DIRECT";
   else if(shExpMatch(host,"www.kdos.cn")||
           shExpMatch(host,"pingan.ebankunion.com")||
           shExpMatch(host,"202.69.18.176")||
	         shExpMatch(host,"ins.carrierweb.com")||
           shExpMatch(host,"*.mapabc.com")||
           shExpMatch(host,"*.autonavi.com")||
           shExpMatch(host,"*.macromedia.com")||
           shExpMatch(host,"*.cib.com.cn")||
           shExpMatch(url,"*//60.28.25.152"))
	 return MapProxy();
   else if(shExpMatch(host,"172.26.8.80")||
          shExpMatch(host,"172.26.8.81"))
        return "PROXY 10.35.160.100:8080;"+
               "PROXY 10.35.160.101:8080";
   else if(shExpMatch(myIpAddress(),"172.18.*.*")||
           shExpMatch(myIpAddress(),"172.19.*.*")||
           shExpMatch(myIpAddress(),"10.10.178.*")|| 
           shExpMatch(myIpAddress(),"10.10.28.*")||
           shExpMatch(myIpAddress(),"10.200.138.*")||
           shExpMatch(myIpAddress(),"10.10.29.*")||  
           shExpMatch(myIpAddress(),"10.10.40.*")||
           shExpMatch(myIpAddress(),"10.10.41.*")||
           shExpMatch(myIpAddress(),"10.10.42.*")||
           shExpMatch(myIpAddress(),"10.10.43.*")||
           shExpMatch(myIpAddress(),"10.10.44.*")||
           shExpMatch(myIpAddress(),"10.10.45.*")||
           shExpMatch(myIpAddress(),"10.10.46.*")||
           shExpMatch(myIpAddress(),"10.10.47.*")||
           shExpMatch(myIpAddress(),"10.10.49.*")||
	   shExpMatch(myIpAddress(),"10.10.54.*")||
           shExpMatch(myIpAddress(),"10.10.146.*")||
           shExpMatch(myIpAddress(),"10.10.149.*")||
           shExpMatch(myIpAddress(),"10.10.150.*")||
	   shExpMatch(myIpAddress(),"10.10.151.*")||
	   shExpMatch(myIpAddress(),"10.10.152.*")||
	   shExpMatch(myIpAddress(),"10.10.153.*")||
	   shExpMatch(myIpAddress(),"10.10.154.*")||
           shExpMatch(myIpAddress(),"10.10.155.*")||
           shExpMatch(myIpAddress(),"10.10.158.*")||
           shExpMatch(myIpAddress(),"10.10.161.*")||
           shExpMatch(myIpAddress(),"10.10.163.*")||
           shExpMatch(myIpAddress(),"10.10.167.*")||
           shExpMatch(myIpAddress(),"10.10.168.*")||
	   shExpMatch(myIpAddress(),"10.202.100.*")||
	   shExpMatch(myIpAddress(),"10.202.101.*")||
           shExpMatch(myIpAddress(),"10.10.148.*")||
	   shExpMatch(myIpAddress(),"10.201.101.*")||
           shExpMatch(myIpAddress(),"10.203.100.*")||
           shExpMatch(myIpAddress(),"10.203.101.*")||
           shExpMatch(myIpAddress(),"10.201.100.*")||
           shExpMatch(myIpAddress(),"10.201.102.*")||
           shExpMatch(myIpAddress(),"10.240.1.*")||
           shExpMatch(myIpAddress(),"10.10.160.*")||
           shExpMatch(myIpAddress(),"10.201.103.*")||
           shExpMatch(myIpAddress(),"10.201.104.*")||
           shExpMatch(myIpAddress(),"10.201.105.*")||
           shExpMatch(myIpAddress(),"10.10.157.*")||
           shExpMatch(myIpAddress(),"10.10.159.*")||
           shExpMatch(myIpAddress(),"10.10.50.*")||
           shExpMatch(myIpAddress(),"10.10.51.*")||
 	   shExpMatch(myIpAddress(),"10.10.48.*")||
           shExpMatch(myIpAddress(),"10.40.51.99")||
           shExpMatch(myIpAddress(),"10.43.4.11")||
           shExpMatch(myIpAddress(),"10.43.4.4")||
           shExpMatch(myIpAddress(),"10.43.5.7")||
	   shExpMatch(myIpAddress(),"10.50.99.24")||
	   shExpMatch(myIpAddress(),"10.50.98.12")||
	   shExpMatch(myIpAddress(),"10.50.99.5")||
	   shExpMatch(myIpAddress(),"10.50.99.104")||
	   shExpMatch(myIpAddress(),"10.50.98.29")||
	   shExpMatch(myIpAddress(),"10.50.99.22")||
	   shExpMatch(myIpAddress(),"10.50.98.16")||
	   shExpMatch(myIpAddress(),"10.50.99.12")||
           shExpMatch(myIpAddress(),"10.50.98.19")||
           shExpMatch(myIpAddress(),"10.50.99.80")||
           shExpMatch(myIpAddress(),"10.40.140.23")||
           shExpMatch(myIpAddress(),"10.40.140.77")||
           shExpMatch(myIpAddress(),"10.50.99.59")||
           shExpMatch(myIpAddress(),"10.40.17.125")||           
           shExpMatch(myIpAddress(),"10.40.17.127")||
           shExpMatch(myIpAddress(),"10.10.165.*")||
           shExpMatch(myIpAddress(),"10.10.164.*")||
           shExpMatch(myIpAddress(),"10.201.106.*")||
           shExpMatch(myIpAddress(),"10.201.107.*")||
           shExpMatch(myIpAddress(),"10.40.51.3")){
	   if(shExpMatch(host,"*.sdb.com.cn"))return "DIRECT"; 
  	   else return "PROXY 10.16.111.13:80;"+
                  "PROXY 10.16.111.11:80"; }
   else if(shExpMatch(myIpAddress(),"10.17.216.*")||
           shExpMatch(myIpAddress(),"10.17.217.*")||
           shExpMatch(myIpAddress(),"10.17.218.*")||
           shExpMatch(myIpAddress(),"10.17.219.*")||
           shExpMatch(myIpAddress(),"10.17.220.*")||
           shExpMatch(myIpAddress(),"10.17.221.*")||
           shExpMatch(myIpAddress(),"10.17.222.*")||
           shExpMatch(myIpAddress(),"10.17.223.*")||
           shExpMatch(myIpAddress(),"10.17.224.*")||
           shExpMatch(myIpAddress(),"10.17.225.*")||
           shExpMatch(myIpAddress(),"10.17.226.*")||
           shExpMatch(myIpAddress(),"10.17.227.*")||
           shExpMatch(myIpAddress(),"10.17.228.*")||
           shExpMatch(myIpAddress(),"10.17.229.*")||
           shExpMatch(myIpAddress(),"10.17.230.*")||
           shExpMatch(myIpAddress(),"10.17.231.*")||
           shExpMatch(myIpAddress(),"10.17.232.*")||
           shExpMatch(myIpAddress(),"10.17.233.*")||
           shExpMatch(myIpAddress(),"10.17.234.*")||
           shExpMatch(myIpAddress(),"10.17.235.*")||
           shExpMatch(myIpAddress(),"10.17.236.*")||
           shExpMatch(myIpAddress(),"10.17.237.*")||
           shExpMatch(myIpAddress(),"10.17.238.*")||
           shExpMatch(myIpAddress(),"10.17.239.*")||
           shExpMatch(myIpAddress(),"10.17.240.*")||
           shExpMatch(myIpAddress(),"10.17.241.*")||
           shExpMatch(myIpAddress(),"10.17.242.*")||
           shExpMatch(myIpAddress(),"10.17.243.*")||
           shExpMatch(myIpAddress(),"10.17.244.*")||
           shExpMatch(myIpAddress(),"10.17.245.*")||
           shExpMatch(myIpAddress(),"10.17.170.*")|| 
           shExpMatch(myIpAddress(),"10.17.178.*")||
           shExpMatch(myIpAddress(),"10.17.192.*")||
           shExpMatch(myIpAddress(),"10.17.193.*")||
           shExpMatch(myIpAddress(),"10.17.194.*")||
           shExpMatch(myIpAddress(),"10.17.195.*")||
           shExpMatch(myIpAddress(),"10.17.174.*")) 
  	   return "PROXY 10.17.171.10:8080;"+
                  "PROXY 10.17.171.11:8080"; 
   else if(shExpMatch(myIpAddress(),"10.63.0.*")||
	   shExpMatch(myIpAddress(),"10.63.1.*")||
           shExpMatch(myIpAddress(),"10.63.188.*")||
           shExpMatch(myIpAddress(),"10.63.189.*")||
	   shExpMatch(myIpAddress(),"10.63.100.*")||
	   isInNet(myIpAddress(),"10.22.83.0","255.255.255.224"))  
  	   return "PROXY 10.63.1.221:8080;"+
                  "PROXY 10.63.1.222:8080"; 
   else if(shExpMatch(myIpAddress(),"10.63.64.*"))  
           return "PROXY 10.63.64.91:3128;"+
                  "PROXY 10.63.64.92:3128";
   else if (shExpMatch(host,"192.168.1.*")||
            shExpMatch(host,"192.168.2.*")||
            shExpMatch(host,"192.168.50.*")||
            shExpMatch(host,"192.168.249.*"))
          return "DIRECT";   
   else return getProxy();
}
function getProxy() { 
    switch(parseInt(myIpAddress().split(".")[3])%6) { 
         default: 
             return "PROXY 10.37.84.114:8080;"+"PROXY 10.37.84.115:8080;"+"PROXY 10.37.84.116:8080;"+"PROXY 10.37.84.117:8080;"+"PROXY 10.37.84.118:8080;"+"PROXY 10.37.84.119:8080";
         case 1: 
             return "PROXY 10.37.84.115:8080;"+"PROXY 10.37.84.116:8080;"+"PROXY 10.37.84.117:8080;"+"PROXY 10.37.84.118:8080;"+"PROXY 10.37.84.119:8080;"+"PROXY 10.37.84.114:8080";
	       case 2: 
             return "PROXY 10.37.84.116:8080;"+"PROXY 10.37.84.117:8080;"+"PROXY 10.37.84.118:8080;"+"PROXY 10.37.84.119:8080;"+"PROXY 10.37.84.114:8080;"+"PROXY 10.37.84.115:8080";
	       case 3: 
             return "PROXY 10.37.84.117:8080;"+"PROXY 10.37.84.118:8080;"+"PROXY 10.37.84.119:8080;"+"PROXY 10.37.84.114:8080;"+"PROXY 10.37.84.115:8080;"+"PROXY 10.37.84.116:8080";
         case 4: 
             return "PROXY 10.37.84.118:8080;"+"PROXY 10.37.84.119:8080;"+"PROXY 10.37.84.114:8080;"+"PROXY 10.37.84.115:8080;"+"PROXY 10.37.84.116:8080;"+"PROXY 10.37.84.117:8080";
         case 5: 
             return "PROXY 10.37.84.119:8080;"+"PROXY 10.37.84.114:8080;"+"PROXY 10.37.84.115:8080;"+"PROXY 10.37.84.116:8080;"+"PROXY 10.37.84.117:8080;"+"PROXY 10.37.84.118:8080";
             }     
}
function WebbankProxy() { 
    switch(parseInt(myIpAddress().split(".")[3])%2) { 
         case 0: 
             return "PROXY 10.35.240.18:8080;"+"PROXY 10.35.240.17:8080";
        default: 
             return "PROXY 10.35.240.17:8080;"+"PROXY 10.35.240.18:8080";
     }     
}  
function MapProxy() { 
    switch(parseInt(myIpAddress().split(".")[3])%2) { 
         case 0: 
             return "PROXY 10.35.216.156:8080;"+"PROXY 10.35.216.155:8080";
        default: 
             return "PROXY 10.35.216.155:8080;"+"PROXY 10.35.216.156:8080";
     }     
} 
function dmzstgProxy(){ 
    switch(parseInt(myIpAddress().split(".")[3])%2) { 
         case 0: 
             return "PROXY 10.36.232.17:8080;"+"PROXY 10.36.232.18:8080";
        default: 
             return "PROXY 10.36.232.18:8080;"+"PROXY 10.36.232.17:8080";
     }     
}  
 
function getTOAProxy() { 
    switch(parseInt(myIpAddress().split(".")[3])%4) { 
         case 0: 
             return "PROXY 10.35.29.11:8080;"+"PROXY 10.35.29.12:8080;"+"PROXY 10.35.29.14:8080;"+"PROXY 10.35.29.15:8080";
         case 1: 
             return "PROXY 10.35.29.12:8080;"+"PROXY 10.35.29.14:8080;"+"PROXY 10.35.29.15:8080;"+"PROXY 10.35.29.11:8080";
         case 2: 
             return "PROXY 10.35.29.14:8080;"+"PROXY 10.35.29.15:8080;"+"PROXY 10.35.29.11:8080;"+"PROXY 10.35.29.12:8080"; 
         default: 
             return "PROXY 10.35.29.15:8080;"+"PROXY 10.35.29.11:8080;"+"PROXY 10.35.29.12:8080;"+"PROXY 10.35.29.14:8080";
     } 
}


各种系统以及走什么代理都泄露了..

漏洞证明:

p1.png

修复方案:

...

版权声明:转载请注明来源 prolog@乌云

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-05-09 15:55

厂商回复:

非生产脚本

最新状态:

暂无