乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-27: 细节已通知厂商并且等待厂商处理中 2015-03-04: 厂商已经确认,细节仅向厂商公开 2015-03-14: 细节向核心白帽子及相关领域专家公开 2015-03-24: 细节向普通白帽子公开 2015-04-03: 细节向实习白帽子公开 2015-04-13: 细节向公众公开
http://www.cnemc.cn/news/downLoad.jsp?filePath=
http://www.cnemc.cn/news/downLoad.jsp?filePath=http://www.cnemc.cn/news/downLoad.jsp?filePath=news/downLoad.jsp
<%@ page contentType="text/html;charset=gbk"%><%@ page import="java.io.File"%><%@ page import="java.io.*"%><%@ page import="java.net.*"%><% String filePath = request.getParameter("filePath");String root = request.getRealPath("/"); String fileName = "";filePath=filePath.replaceAll("..//", "");filePath=filePath.replaceAll("WEB-INF", "");String describe = request.getParameter("describe");File fileInfo = new File(root+filePath);if (!fileInfo.exists()) { %> <script type="text/javascript"> alert("下载文件不存在!"); window.close(); </script> <% return;}else{ fileName = fileInfo.getName(); System.out.println(fileInfo.getAbsolutePath());}if(fileName.equals("")){ %> <script type="text/javascript"> alert("下载文件不存在!"); window.close(); </script> <% return;}String _fileName = fileName;StringBuffer s = new StringBuffer(URLEncoder.encode(_fileName,"UTF-8"));_fileName = s.toString().replaceAll("[+]","%20"); response.reset();//后缀名String fileExt = "";int k = _fileName.substring(0,_fileName.indexOf(".")).length();fileExt = _fileName.substring(k,_fileName.length());String title = "";if(!("").equals(describe)){ title = describe+fileExt;}else{ title = fileName.substring(fileName.indexOf("."),fileName.length());}if(title.indexOf("docx") >0){ response.setContentType("application/vnd.openxmlformats-officedocument.wordprocessingml.document; charset=GBK"); //linux}else if(title.indexOf("xlsx") >0){ response.setContentType("application/vnd.openxmlformats-officedocument.spreadsheetml.sheet; charset=GBK"); //linux}else if(title.indexOf("pptx")>0){ response.setContentType("application/vnd.openxmlformats-officedocument.presentationml.presentation; charset=GBK"); //linux}else if(title.indexOf("pdf") >0){ response.setContentType("application/pdf"); //linux}else{ response.setContentType("application/octet-stream; charset=GBK"); //linux}//response.addHeader("Content-Disposition", "attachment; filename=\""+DateProcess.getNum()+title+"\"");if (fileName.length() > 22) { String guessCharset = "gb2312"; _fileName = new String(fileName.getBytes(guessCharset), "ISO8859-1"); }response.addHeader("Content-Disposition", "attachment; filename="+ new String(title.getBytes("GBK"), "ISO-8859-1")); if(title.indexOf("pdf") >0){ response.setHeader("Content-Disposition", "inline; filename="+new String(title.getBytes("GBK"), "ISO-8859-1"));}OutputStream output = null;FileInputStream fis = null;try{ File f = new File(root + filePath); output = response.getOutputStream(); fis = new FileInputStream(f); byte[] b = new byte[(int)f.length()]; int i = 0; while((i = fis.read(b)) > 0){ output.write(b, 0, i); } output.flush();}catch(Exception e){ e.printStackTrace();}finally{ if(fis != null){ fis.close(); fis = null; } if(output != null){ output.close(); output = null; } response.flushBuffer();out.clear();out = pageContext.pushBody();}%>
你们比我懂~
危害等级:中
漏洞Rank:8
确认时间:2015-03-04 09:11
CNVD确认所述情况,已经由CNVD通过网站公开联系方式向网站管理单位通报。
暂无