乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-11: 细节已通知厂商并且等待厂商处理中 2015-11-11: 厂商已经确认,细节仅向厂商公开 2015-11-21: 细节向核心白帽子及相关领域专家公开 2015-12-01: 细节向普通白帽子公开 2015-12-11: 细节向实习白帽子公开 2015-12-26: 细节向公众公开
听说提交漏洞送飞机模型~送我老光棍一架飞机啊~!
航空-JP整站备份打包http://jp.ch.com/jp.ch.com.zip
Down之后如图:
敏感信息汇总整理如下:0x0x:
*****息汇总^**********x^*****1.://**.**.**//*****.40:7001/AirSalesWS/remote/ForeignWeb/YhqService"_***************rlinesYhqService.IYhqServicePortType&q***************2.://**.**.**//*****.40:7001/AirSalesWS/remote/ForeignWeb/LyService" binding="basicHttpBinding" contract="LyService.ILyServicePortType" name="ILyServiceHttpPort" />_**********3.://**.**.**//***1.59:9001/AirSalesBiWS/springairline/remoteservice/otherdetailWS" binding="basicHttpBinding" contract="SpringAirlinesBIService.OtherDetailWS_bizPortType" name="OtherDetailWS_bizHttpPort" />_**********4.://**.**.**//***0.51:5001/services/AsaLossReportWs" binding="basicHttpBinding" contract="AsaWebService.AsaLossReportWsPortType" name="AsaLossReportWsHttpPort" />_**********5.://**.**.**//***1.55:8013/Services/SpringAirlinesService.svc" binding="netTcpBinding" contract="SpringAirlinesWCFService.ISpringAirlinesService" name="NetTcpBinding_ISpringAirlinesService"/>_**********6.://**.**.**//*****.40:7001/AirSalesWS/remote/ForeignWeb/ManageService"_***************quot;basicHtt********************inesICustService.IMan********************anageServiceHtt***************7.://**.**.**//*****.40:7001/AirSalesWS/remote/ForeignWeb/TktAppointService"_***************quot;basicHtt********************ervicePortType" name="***************8.://**.**.**//*****.40:7001/AirSalesWS/remote/ForeignWeb/ManageService"_***************quot;basicHtt********************inesManageService.IMa********************anageServiceHtt***************9.://**.**.**//*****.50:7021/AirSalesWSCust/remote/ForeignWeb/CustService" binding="basicHttpBinding" contract="SpringAirlinesCustService.ICustServicePortType" name="ICustServiceHttpPort" />_**********10.://**.**.**//***0.54:8080/chs/remote/webservice/QuestSurveyService" binding="basicHttpBinding" contract="SpringAirlinesQuestSurveyService.QuestSurveyServicePortType" name="QuestSurveyServiceHttpPort"/>_**********11.://**.**.**//springairlines.dmdelivery.com/x/soap-v4/server.php" binding="basicHttpBinding" contract="EmailService.DMdeliverySoapAPIPort" name="DMdeliverySoapAPIPort"/>_**********12.://**.**.**//*****.40:7001/AirSalesWS/remote/ForeignWeb/FlightService" binding="basicHttpBinding" contract="SpringAirlinesFlightService.IFlightServicePortType" name="IFlightServiceHttpPort"/>_**********13.://**.**.**//***0.51:8001/service/JapanJobService" binding="basicHttpBinding" contract="SpringAirlinesJapanJobService.JapanJobServicePortType" name="JapanJobServiceHttpPort"/>_**********14.://**.**.**//*****.40:7001/AirSalesWS/remote/ForeignWeb/OrderService" binding="basicHttpBinding" contract="SpringAirlinesOrderService.IOrderServicePortType" name="IOrderServiceHttpPort"/>_**********15.://**.**.**//*****.40:7001/AirSalesWS/remote/ForeignWeb/PayService" binding="basicHttpBinding" contract="SpringAirlinesPayService.IPayServicePortType" name="IPayServiceHttpPort"/>_**********16.://**.**.**//*****.40:7001/AirSalesWS/remote/ForeignWeb/SubProdService" binding="basicHttpBinding" contract="SpringAirlinesSubProdService.ISubProdServicePortType" name="ISubProdServiceHttpPort"/>_**********17.://**.**.**//*****.40:7001/AirSalesWS/remote/ForeignWeb/TktModifyService" binding="basicHttpBinding" contract="SpringAirlinesTktModifyService.ITktModifyServicePortType" name="ITktModifyServiceHttpPort"/>_**********18.://**.**.**//***1.8:9001/derbyhotel/webservice/hotelB2CReservation" binding="basicHttpBinding" contract="SpringHotelService.HotelB2CReservationService" name="HotelB2CReservationServiceImplPort" /> _**********19.://**.**.**//content.daodao.com/ContentService" binding="basicHttpBinding" contract="DaoDaoService.ContentServicePortType" name="ContentServiceHttpPort" />_**********20.://**.**.**//*****.40:7001/AirSalesWS/remote/ForeignWeb/FlightHotelService" binding="basicHttpBinding" contract="FlightHotelService.IFlightHotelServicePortType" name="IFlightHotelServiceHttpPort" />_**********21.://**.**.**//***1.8:9001/derbyhotel/webservice/hotelAirlineReservation" binding="basicHttpBinding" contract="SpringHotelService.HotelAirlineReservationService" name="HotelAirlineReservationServiceImplPort" bindingConfiguration="hotelAirlineHttpBinding"/> _**********22.://**.**.**//*****.50:7021/AirSalesWSCust/remote/ForeignWeb/FfpService" binding="basicHttpBinding" bindingConfiguration="IFfpServiceHttpBinding" contract="SpringAirlinesFFPService.IFfpServicePortType" name="IFfpServiceHttpPort" />_**********23.://**.**.**//***1.12:9001/AirSalesWSCust/remote/ForeignWeb/BtgService"_***************"basicH********************tgServicePortType" name=******************************1:******************************区*****24.://**.**.**//***2.60:1521/orcl;Min Pool Size=10;Max Pool Size=30;Connection Lifetime=120;Connection Timeout=60;Incr Pool Size=5; Decr Pool Size=2;" providerName="Oracle.DataAccess.Client" />_**********25.://**.**.**//***2.60:1521/orcl;Min Pool Size=10;Max Pool Size=30;Connection Lifetime=120;Connection Timeout=60;Incr Pool Size=5; Decr Pool Size=2;" providerName="Oracle.DataAccess.Client" />_**********26.://**.**.**//***2.60:1521/orcl1;Min Pool Size=10;Max Pool Size=30;Connection Lifetime=120;Connection Timeout=60;Incr Pool Size=5; Decr Pool Size=2;" providerName="Oracle.DataAccess.Client" />_******************************27.://**.**.**//***2.60:1521/orcl;Min Pool Size=10;Max Pool Size=30;Incr Pool Size=5; Decr Pool Size=2;" providerName="Oracle.DataAccess.Client" />_*************************2:********************区**********^^.92" port=&***************28.://**.**.**/><endpoint address="http://*****.40:7001/AirSalesWS/remote/ForeignWeb/YhqService"_***************rlinesYhqService.IYhqServicePortType&q***************29.://**.**.**//*****.40:7001/AirSalesWS/remote/ForeignWeb/LyService" binding="basicHttpBinding" contract="LyService.ILyServicePortType" name="ILyServiceHttpPort" />_**********30.://**.**.**//***1.59:9001/AirSalesBiWS/springairline/remoteservice/otherdetailWS" binding="basicHttpBinding" contract="SpringAirlinesBIService.OtherDetailWS_bizPortType" name="OtherDetailWS_bizHttpPort" />_**********31.://**.**.**//***0.51:5001/services/AsaLossReportWs" binding="basicHttpBinding" contract="AsaWebService.AsaLossReportWsPortType" name="AsaLossReportWsHttpPort" />_**********32.://**.**.**//***1.55:8013/Services/SpringAirlinesService.svc" binding="netTcpBinding" contract="SpringAirlinesWCFService.ISpringAirlinesService" name="NetTcpBinding_ISpringAirlinesService"/>_**********33.://**.**.**//*****.40:7001/AirSalesWS/remote/ForeignWeb/ManageService"_***************quot;basicHtt********************inesICustService.IMan********************anageServiceHtt**********3:**********;appSett**********!--航班时刻表查询白名***************34.://**.**.**//foc.9cair.com/web/seasonPlan.jsonjsonpcallback=jsonp1340853354774"/> <!--航班时刻表获取url-->_*****险相^*****35.://**.**.**//dicc.ins24.com/ah/session" />_36.://**.**.**//dicc.ins24.com/ah/pdf_printer/policies" />_*****quot; value=&qu**********t; value="s********** **********n" value=&quo**********led" value=&**********头由16位纯数字**********value="208810**********^^字和字母组^**********ue="9irdgr6sx8a7s2**********宝网^*****37.://**.**.**//mapi.alipay.com/gateway.do" />_*****^^取成功后^*****38.://**.**.**//j.springairlines.com/Alipay/AlipayResult" />_*****^^定成功^*****39.://**.**.**//j.springairlines.com/Alipay/Successful" />_*****^录加^**********uot; value="123*****40.://**.**.**//www.passport.com/login/shareSsoLogin"/>_41.://**.**.**//www.ssoair.com"/>_*****t; value="2**********uot; value="S********** ********** ********** ********** *****42.://**.**.**//www.ssoair.com"/>_*****录日^**********t; value="2**********uot; value="S********************ies 设**********ot; value="**********ot; value="**********t; value=".chi********************接口发^**********p" value=&q**********me" value=&qu**********" value="**********" value=&q********** **********^^邮箱^**********alue="service@to**********; value="211.**********t" value=&**********e" value=&qu**********d" value=&qu**********uot; value="********** **********送设^**********t; value="D:\**********\springairlinesjp\App_Data\w********************险相^*****43.://**.**.**//dicc.ins24.com/ah/session" />_44.://**.**.**//dicc.ins24.com/ah/pdf_printer/policies" />_*****quot; value=&qu**********t; value="s***************45.://**.**.**//j.springairlines.com" />_46.://**.**.**//jd.china-sss.com" />_*****\website\springairlinesjp\C********************果提交^*****47.://**.**.**//j.springairlines.com" />_48.://**.**.**//j.springairlines.com" />_***************s登陆*****49.://**.**.**//j.springairlines.com" />_***** **********^^加^**********uot; value=&quo**********ot; value="********************ion名^**********quot; value="**********mit" value=&q**********mit" value=&q********************;!-**********宝^**********uot; value="**********p73h1435Y1X3m08c36bo68ym87m84*****50.://**.**.**//www.yeepay.com/app-merchant-proxy/node"/>_*****gt;**********ML配置^**********quot;/Content/SpringChart/********************^^密^**********alue="71A2B3**********lue="0000000**********t; value="888**********通商^**********网银*****51.://**.**.**//www.econ.ne.jp/odr/rcv/rcv_odr.aspx"/>_*****ot; value="81**********店支付*****52.://**.**.**//www.econ.ne.jp/odr/rcv/rcv_odr.aspx"/>_***** value="8110**********quot; value=&qu********************票 是否^**********quot; value=&q**********一次清空^**********" value=&q**********将被加入黑**********ot; value=&quo********************^^刷^**********Time" value**********[email protected],ljj@17u********************gt;<!--航班时刻表查询^***************53.://**.**.**//******:4005/web/seasonPlan.jsonjsonpcallback=jsonp1340853354774"/><!--航班时刻表获取url-->_*****^^际情况修改IP即可^*****54.://**.**.**//******.81:61616connection.AsyncSend=true"/>_*****队列^**********ion" value=&quo**********^加密^**********uot; value=&quo**********员userId,**********; value="2**********value="9C06**********^^SSO-**********ue="8db2f07d0f5e48********** value="9C00211**********^^SSO-********************材料存储的FTP服务器********************oducti**********; value="****************rName" value=**********sword" value=&**********^^的图^**********quot; value=".jpg**********最大限^**********ize" value=**********^^三字^**********quot; value="BKK,**********" value=&q********************^问限制,所以配^*****55.://**.**.**//127.0.0.1"/>_***************^^否 是日分**********er" value=&***************56.://**.**.**//pay.ips.com.cn/icpay/customization/chinassssimple/ordersubmit.aspx "/>_*****ot; value="81**********t; value="81**********uot;/App_Data/DHpay/9**********/App_Data/DHpay/99bill.c*****57.://**.**.**//www.99bill.com/fxapi/unified/request.htm"/>_*****" value=&qu*****58.://**.**.**//epay.cmbc.com.cn/ipad/service.html"/>_*****; value="2014-**********uot; value="8**********^^间跳*****59.://**.**.**//www.ch.com" />_60.://**.**.**//www.ch.com/Btg/BtgIndex" />_61.://**.**.**//" />_62.://**.**.**//order.ch.com" />_63.://**.**.**//flights.ch.com/search" />_64.://**.**.**//payment.ch.com" />_65.://**.**.**//help.ch.com" />_66.://**.**.**//passport.ch.com" />_67.://**.**.**//i.ch.com" />_68.://**.**.**//pages.ch.com" />_69.://**.**.**//jp.ch.com"/>_*************************ue="9C0021131**********quot;8db2f07d0f5e48bb*****70.://**.**.**//jp.ch.com"/>_*************************^返 东京(成^**********" value="[N******************************ettin**********de&g********************^指出,你^*****
0x03:
<appSettings><add key="WhiteIp" value=""/><!--航班时刻表查询白名单,ip地址之间用逗号分隔--> <add key="FlightTimeTable" value="http://foc.9cair.com/web/seasonPlan.json?jsonpcallback=jsonp1340853354774"/> <!--航班时刻表获取url--> <!--延误险相关--> <add key="ywxSign" value="http://dicc.ins24.com/ah/session" /> <add key="downYwxSign" value="http://dicc.ins24.com/ah/pdf_printer/policies" /> <add key="ywxUname" value="cqhk" /> <add key="ywxUpwd" value="spring89" /> <add key="webpages:Version" value="2.0.0.0" /> <add key="webpages:Enabled" value="false" /> <!--合作身份者ID,以2088开头由16位纯数字组成的字符串--> <add key="AlipayID" value="2088101909164661"/> <!--交易安全检验码,由数字和字母组成的32位字符串--> <add key="AlipayCheckCode" value="9irdgr6sx8a7s20905ndvqhp77jeeerg"/> <!--支付宝网关--> <add key="AlipayGateway" value="https://mapi.alipay.com/gateway.do?" /> <!--支付宝实名数据获取成功后跳转的界面--> <add key="AlipayResult" value="http://j.springairlines.com/Alipay/AlipayResult" /> <!--支付宝账户绑定成功通知界面--> <add key="AlipaySuccessful" value="http://j.springairlines.com/Alipay/Successful" /> <!--单点登录加密key--> <add key="CrossDomainAesKey" value="123qweQWEzxcrtyf"/> <add key="shareSsoUrl" value="http://www.passport.com/login/shareSsoLogin"/> <add key="retUrl" value="http://www.ssoair.com"/> <add key="RegDate" value="2011-10-27"/> <add key="DomainAppName" value="SpringAirlines"/> <add key="retUrl" value="http://www.ssoair.com"/> <!--可登录日期--> <add key="RegDate" value="2011-10-28"/> <add key="DomainAppName" value="SpringAirlines"/> <!--cookies 设置--> <add key="codelang" value="Code_Lang" /> <add key="I18nCode" value="Code_Lang" /> <add key="CookiesDomain" value=".china-sss.com" /> <!--是否用新接口发送邮件--> <add key="IsUseNewsmtp" value="Yes"/> <add key="NewsenderUserName" value="yangmian"/> <add key="NewsenderPassword" value="Zrhfxszdd3]"/> <add key="EnableSSL" value="false"/> <!--自动发送邮箱设置--> <add key="senderAddress" value="[email protected]"/> <add key="senderSmtp" value="211.144.86.30"/> <add key="senderPort" value="2503"/> <add key="senderUserName" value="root" /> <add key="senderPassword" value="!@#$%^" /> <add key="EnableSSL" value="false" /> <!--PDF发送设置--> <add key="pdfSavePath" value="D:\orderdetail\"/> <add key="pdfEXE" value="D:\website\springairlinesjp\App_Data\wkhtmltopdf\wkhtmltopdf.exe"/> <!--延误险相关--> <add key="ywxSign" value="http://dicc.ins24.com/ah/session" /> <add key="downYwxSign" value="http://dicc.ins24.com/ah/pdf_printer/policies" /> <add key="ywxUname" value="cqhk" /> <add key="ywxUpwd" value="spring89" /> <add key="domain" value="http://j.springairlines.com" /><add key="hoteldomain" value="http://jd.china-sss.com" /> <add key="MerchantList" value="D:\website\springairlinesjp\Content\MerchantList.xml"/> <!-- 支付结果提交地址--> <add key="payResultUrl" value="http://j.springairlines.com" /> <add key="AliPayReturnDomain" value="http://j.springairlines.com" /> <!--https登陆--> <add key="httpsDomain" value="http://j.springairlines.com" /> <!--邮件加密--> <add key="mailKey" value="aaaaaa"/> <add key="mailIv" value="111111"/> <!--session名称--> <add key="oldsessionid" value="sss%5Fsid" /> <add key="oldsessionminlimit" value="200001" /> <add key="oldsessionmaxlimit" value="400000" /> <!-- 易宝支付 <add key="merhantId" value="10001708016"/> <add key="keyValue" value="NoCUEBeDp73h1435Y1X3m08c36bo68ym87m84lJtT87P0PJT50GIgLF9WS77"/> <add key="authorizationURL" value="https://www.yeepay.com/app-merchant-proxy/node"/> --> <!--航图网XML配置地址--> <add key="SpringChartConfig" value="/Content/SpringChart/SpringChartConfig.xml"/> <!--华腾密码--> <add key="htkey" value="71A2B3C904D5E6F8"/> <add key="htiv" value="0000000000000000"/> <add key="htContactNo" value="888880111110001"/> <!--商旅通商户号--> <!--dg网银--> <add key="dgPayostUrl" value="https://www.econ.ne.jp/odr/rcv/rcv_odr.aspx"/> <add key="dbPaychkCode" value="811022020023"/> <!--dg便利店支付配置--> <add key="dgStorePostUrl" value="https://www.econ.ne.jp/odr/rcv/rcv_odr.aspx"/> <add key="chkCode" value="811022020023"/> <add key="isTestIp" value="false"/> <!--防刷新机票 是否开启--> <add key="isOpen" value="1"/> <!--多少小时清理一次清空静态变量--> <add key="Cleartime" value="72"/> <!--一天内访问xx次将被加入黑名单限制--> <add key="Hits" value="20000"/> <!--防止刷新--> <add key="isOverCountTime" value="1.5"/> <add key="RefreshList" value="[email protected],[email protected],[email protected]"/> <add key="WhiteIp" value="211.151.33.9"/><!--航班时刻表查询白名单,ip地址之间用逗号分隔--> <add key="FlightTimeTable" value="http://192.168.210.86:4005/web/seasonPlan.json?jsonpcallback=jsonp1340853354774"/><!--航班时刻表获取url--> <!--ActiveMQ服务器连接字符串(根据实际情况修改IP即可,其他请不要修改)--> <add key="BrokerUri" value="tcp://192.168.190.81:61616?connection.AsyncSend=true"/> <!--测试队列名称--> <add key="NormalQueueDestination" value="payyingda"/> <!--新接口加密串--><add key="Password1" value="Mc2"/><!--非注册会员userId,custId--><add key="userId" value="200000"/><add key="custId" value="9C0600000000"/><!--新版SSO--><add key="SpringGatewayCode" value="8db2f07d0f5e48bb84cf6444cf639434"/><add key="SpringGatewayId" value="9C00211312241938530009"/><!--新版SSO--><!--敏感信息存储:限制性常旅客 证明材料存储的FTP服务器信息 by francis 2014-02-13--> <!--production--> <add key="SenertiveFtpIP" value="192.168.191.77/airlines"/> <add key="SenertiveFtpUserName" value="ftpuser"/> <add key="SenertiveFtpIPPassword" value="abcd1234"/> <!--允许上传的图片格式--> <add key="AllowedImageExtentions" value=".jpg,.jpeg,.png,.gif"/> <!--证明材料最大限制(KB)--> <add key="UploadFileSize" value="100"/> <!--泰国机场三字码集合--> <add key="AirportCodesOfThailand" value="BKK,REP,HKT,BKI,CNX"/> <add key="rifenbiao" value="IJ"/><!--某些邮件在抓取网页模板时访问限制,所以配置访问本地的模板--> <add key="EmailDomain" value="http://127.0.0.1"/> <!--当前的服务器 是否 是日分的服务器--> <add key="isJapanServer" value="true"/><add key="SGDpay" value="https://pay.ips.com.cn/icpay/customization/chinassssimple/ordersubmit.aspx "/><add key="dbPaychkCode9C" value="815060202625"/> <add key="chkCode9C" value="815060202625"/><add key="DHpaypfx" value="/App_Data/DHpay/99bill-rsa.pfx"/> <add key="DHpaycer" value="/App_Data/DHpay/99bill.cert.rsa.20140728.cer"/> <add key="DHpay99bill" value="https://www.99bill.com/fxapi/unified/request.htm"/> <add key="DHpayPasswd" value="123456"/><add key="MSpayUrl" value="https://epay.cmbc.com.cn/ipad/service.html"/><add key="luckynumberend" value="2014-12-12 00:00:00"/><add key="dbPaychkCodeB2B" value="821022020023"/> <!--服务器间跳转--> <add key="HomeDomain" value="http://www.ch.com" /> <add key="BtgDomain" value="http://www.ch.com/Btg/BtgIndex" /> <add key="BookDomain" value="https://" /> <add key="OrderDomain" value="https://order.ch.com" /> <add key="SearchDomain" value="http://flights.ch.com/search" /> <add key="PayDomain" value="https://payment.ch.com" /> <add key="HelpDomain" value="http://help.ch.com" /> <add key="PassportDomain" value="https://passport.ch.com" /> <add key="I_Domain" value="https://i.ch.com" /> <add key="Miaosha" value="http://pages.ch.com" /> <add key="JapanDomain" value="http://jp.ch.com"/> <add key="SSOID" value="9C00211312241938530009"/> <add key="SSOCODE" value="8db2f07d0f5e48bb84cf6444cf639434"/> <add key="SSODOMAIN" value="https://jp.ch.com"/> <!--东京(成田)- 重庆 往返 东京(成田)- 重庆 往返--> <add key="IJInternationalFlight" value="[NRT-WUH],[NRT-CKG]"/></appSettings>
其它不再一一指出,你懂得
</mask>
求礼物,求飞机模型!求礼物,求飞机模型!求礼物,求飞机模型!求礼物,求飞机模型!求礼物,求飞机模型!求礼物,求飞机模型!求礼物,求飞机模型!求礼物,求飞机模型!求礼物,求飞机模型!求礼物,求飞机模型!求礼物,求飞机模型!求礼物,求飞机模型!求礼物,求飞机模型!求礼物,求飞机模型!求礼物,求飞机模型!求礼物,求飞机模型!求礼物,求飞机模型!求礼物,求飞机模型!求礼物,求飞机模型!求礼物,求飞机模型!
危害等级:高
漏洞Rank:15
确认时间:2015-11-11 14:52
已收到,谢谢。
暂无