乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-05: 细节已通知厂商并且等待厂商处理中 2015-06-09: 厂商已经确认,细节仅向厂商公开 2015-06-19: 细节向核心白帽子及相关领域专家公开 2015-06-29: 细节向普通白帽子公开 2015-07-09: 细节向实习白帽子公开 2015-07-24: 细节向公众公开
低调。。
http://www.zjhrss.gov.cn/download/downfile.jsp?pathfile=download/downfile.jsp&sitename=zjstmhwz
<%@page import="org.apache.derby.tools.sysinfo"%><%@page import="java.io.File"%><%@page import="java.io.OutputStream"%><%@page import="java.io.FileInputStream"%><%@page import="java.net.URLEncoder"%><%@page language="java" contentType="application/x-msdownload" pageEncoding="utf-8"%><% String downloadname = null; String strFilePath = null; int nClassID = 0;//Integer.parseInt(request.getParameter("classid")); //String strFileName = String.valueOf((request.getParameter("filename")==null?"":request.getParameter("filename"))); String strFileName = new String((request.getParameter("filename")==null?"":request.getParameter("filename")).getBytes("ISO-8859-1"),"utf-8"); if(strFileName!=null) strFileName = strFileName.replace("../", ""); String pathfile = request.getParameter("pathfile"); if(pathfile!=null ) pathfile = pathfile.replace("../", ""); pathfile = (pathfile == null ? "" : pathfile); String strTemp = ""; out.clear(); out = pageContext.pushBody(); System.out.println("strFileName:old----------------"+strFileName); pathfile=java.net.URLDecoder.decode(pathfile,"UTF-8"); strFileName=java.net.URLDecoder.decode(strFileName,"UTF-8"); System.out.println("strFileName:new----------------"+strFileName); if("".equals(strFileName)){ strFileName=pathfile.substring(pathfile.lastIndexOf("/")+1) ; } if (pathfile.equals("")) { pathfile = "/jcms/jcms_files/jcms1/web1/site/attach/" + nClassID + "/" + strFileName; } //System.out.println("pathfile2----------------"+pathfile); String fileDir=request.getSession().getServletContext().getRealPath("/")+ pathfile; //System.out.println("fileDir----------------"+fileDir); File file = new File(fileDir); if (!file.exists()) { out.println("<script type=\"text/javascript\">alert(\"下载失败,文件不存在!\");</script>"); return; } response.setContentType("application/octet-stream; charset=UTF-8"); String filedisplay = strFileName; filedisplay = URLEncoder.encode(filedisplay, "UTF-8"); response.addHeader("Content-Disposition", "attachment;filename=" + filedisplay); OutputStream outp = null; FileInputStream in = null; try { outp = response.getOutputStream(); in = new FileInputStream(fileDir); byte[] b = new byte[1024]; int i = 0; while ((i = in.read(b)) > 0) { outp.write(b, 0, i); } outp.flush(); } catch (Exception e) { System.out.println("Error!"); e.printStackTrace(); } finally { if (in != null) { in.close(); in = null; } if (outp != null) { outp.close(); outp = null; } }%>
危害等级:中
漏洞Rank:7
确认时间:2015-06-09 18:29
CNVD确认并复现所述情况,已经转由CNCERT下发给浙江分中心,由其后续协调网站管理单位处置。
暂无