漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-087301
漏洞标题:微软某站配置信息泄漏
相关厂商:微软
漏洞作者: hack雪花
提交时间:2014-12-16 09:32
修复时间:2015-01-30 09:34
公开时间:2015-01-30 09:34
漏洞类型:应用配置错误
危害等级:高
自评Rank:20
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-12-16: 细节已通知厂商并且等待厂商处理中
2014-12-19: 厂商已经确认,细节仅向厂商公开
2014-12-29: 细节向核心白帽子及相关领域专家公开
2015-01-08: 细节向普通白帽子公开
2015-01-18: 细节向实习白帽子公开
2015-01-30: 细节向公众公开
简要描述:
微软某站配置信息泄漏
详细说明:
你们看http://careers.microsoft.com/web.zip 不过被别人修护了好像 有人录过视频昨天 不知道微软知道补
配置信息我下载了<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<configSections>
<!--CSP-->
<sectionGroup name="system.web">
<section name="ContentService" type="Microsoft.Mscom.Rendering.Content.ContentServiceSection, Mscom.Rendering.Content, Version=2.0.0.0, Culture=neutral, PublicKeyToken=a30896880e965ef2" allowDefinition="Everywhere" restartOnExternalChanges="true" />
</sectionGroup>
<section name="socioLibSettings" type="Microsoft.IT.Staffing.SocioLib.Provider.SocioLibConfiguration, Microsoft.IT.Staffing.SocioLib.Provider" />
<section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings, Microsoft.Practices.EnterpriseLibrary.Data, Version=3.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<remove name="scriptResourceHandler" />
<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />
<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<remove name="jsonSerialization" />
<remove name="profileService" />
<remove name="authenticationService" />
<remove name="roleService" />
<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere" />
<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />
<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />
<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />
</sectionGroup>
</sectionGroup>
</sectionGroup>
<sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<section name="MS.IT.Staffing.GlobalCareers.Webportal.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
<section name="MS.IT.Staffing.GlobalCareers.Services.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</sectionGroup>
<!-- required to read the <dataCacheClient> element -->
<section name="dataCacheClient" type="Microsoft.ApplicationServer.Caching.DataCacheClientSection,Microsoft.ApplicationServer.Caching.Core, Version=1.0.0.0,Culture=neutral, PublicKeyToken=31bf3856ad364e35" allowLocation="true" allowDefinition="Everywhere" />
<section name="FileScanProvider" type="MS.IT.Staffing.GlobalCareers.FileHandler.FileScanConfiguration, MS.IT.Staffing.GlobalCareers.FileHandler" />
<sectionGroup name="csp.rendering">
<section name="cachePolicy" type="Microsoft.Mscom.Rendering.Framework.Caching.Configuration.CachePoliciesSection, Mscom.Rendering.Framework, Version=2.0.0.0, Culture=neutral, PublicKeyToken=a30896880e965ef2" allowDefinition="Everywhere" restartOnExternalChanges="true" />
</sectionGroup>
</configSections>
<csp.rendering>
<cachePolicy>
<outputCache>
<add name="PageCachePolicy" policyType="Html" type="MS.IT.Staffing.GlobalCareers.CachePolicy.WpcCachePolicy, MS.IT.Staffing.GlobalCareers.CachePolicy" />
</outputCache>
</cachePolicy>
</csp.rendering>
<!-- cache client -->
<dataCacheClient>
<!-- cache host(s) -->
<hosts>
<!-- host name="10.1.54.206" cachePort="22233" /> -->
<host name="10.2.155.97" cachePort="22233" />
<!-- <host name="10.2.155.98" cachePort="22233"/> -->
</hosts>
</dataCacheClient>
<FileScanProvider defaultProvider="VirusScanProvider">
<providers>
<add name="VirusScanProvider" type="MS.IT.Staffing.GlobalCareers.FileHandler.VirusScanner, MS.IT.Staffing.GlobalCareers.FileHandler" UploadFolder="e:\resumeupload\app_data" />
</providers>
</FileScanProvider>
<dataConfiguration defaultDatabase="GlobalCareers" />
<connectionStrings>
<add name="GlobalCareers" connectionString="Data Source=BY2MSFTVSQLGC50;Failover Partner=BY2MSFTVSQLGC50;Initial Catalog=GlobalCareers;Integrated Security=True" providerName="System.Data.SqlClient" />
</connectionStrings>
<appSettings file="machineDependent.config">
<add key="CollegePopUPURL" value="grad-" />
<!-- environment specific values starting -->
<add key="RadTempFolder" value="e:\resumeupload\app_data" />
<add key="ReturnURL" value="https://careers.microsoft.com" />
<add key="SiteName" value="default" />
<add key="GCLPStudentLink" value="https://careers.microsoft.com/careers/en/gbl/student.aspx" />
<add key="CSPPublishingRoot" value="D:/CSPPublishingRoot/" />
<add key="CSPContentSiteKey" value="https://sdws03.redmond.corp.microsoft.com/careers/{0}/{1}/page1.aspx" />
<!--HIP Settings-->
<add key="LiveSiteID" value="260133" />
<add key="HIPCertThumbprint" value="cf34f3e979b4e3e50a6d5aca6032678f88e63283" />
<add key="HIPServerURL" value="https://partner.hip.live.com/VerifyHipService.asmx" />
<add key="HIPClientURL" value="https://client.hip.live.com/GetHIP/{0}/{1}?" />
<!--J2W-->
<add key="J2WAPI" value="https://api.jobs2web.com/members" />
<add key="APIKey" value="xNs40DPQMcjB2FMeR6W0eAxOcvVxuylt5k97tqBlh5rNvmu4H6+/pWJy9Bk0e4gN" />
<add key="UserId" value="7Zj2Roa5Dn5HiOaxD32mYw==" />
<add key="Password" value="4NzMV+RnCvI4M3CP315gs1UL1Cc1yOvRMGuAyUlE6O4=" />
<add key="AESKey" value="+w5uDVBzbmoD44rDO0BDEhsabMo/5Y5X3adWf04i81ObrjvHKn6CdyKO/BE8VL5B" />
<!--WebTrend Key-->
<add key="WTKey" value="dcsriiqi600000s5zc34hhdwc_2h1h" />
<add key="WTKeyURL" value="http://m.webtrends.com/dcsriiqi600000s5zc34hhdwc_2h1h/njs.gif?dcsuri=/nojavascript&WT.js=No&WT.tv=MS.3.0.0" />
<!-- this is a configuration file for the mobile redirector component-->
<add key="mappingsFile" value="\Webcontrols\MobileRedirector\MobileRedirectorMappings.xml" />
<add key="RadTempFolder_TimeFrame_ToDelete" value="-24" />
<!-- Environment Independent fields-->
<!--Job List Settings-->
<add key="CacheTimeoutInHrs" value="12" />
<add key="FileNameLength" value="50" />
<add key="MaxResumeSize" value="1048576" />
<add key="SupportedFileFormats" value="DOC|DOCX|TXT|HTM|HTML|RTF|PDF|ODT" />
<add key="RSSTtl" value="60" />
<add key="RSSResultsCap" value="500" />
<add key="RSSDescription" value="Global Careers Job Results" />
<add key="RSSCopyright" value="© Microsoft" />
<add key="RSSTitle" value="Global Careers" />
<add key="SqlTimeout" value="90" />
<add key="AppName" value="" />
<add key="GotPassport" value="true" />
<add key="ResumeBuilderMaxLineItems" value="25" />
<add key="SearchResultMaxRecords" value="500" />
<add key="MaxNumberResume" value="3" />
<add key="MaxNumberSavedJobs" value="100" />
<add key="MaxNumberAppliedJobs" value="10" />
<add key="EventSourceName" value="GlobalCareersApp" />
<add key="EventLogName" value="GlobalCareersLog" />
<add key="MiniMeContentRows" value="5" />
<add key="DefaultLanguage" value="EN" />
<add key="DefaultGeoLocation" value="GBL" />
<add key="IsExtensionUsed" value="true" />
<add key="enableSocioLog" value="True"/>
<add key="SocioLog.logLevel" value="1"/>
<!--Job Description Length -->
<add key="JobDescriptionLength" value="500" />
<!--only used as the default for CSP Components-->
<add key="ProductDivisionEnable" value="true" />
<!-- CSP Content Keys-->
<add key="CSPNavContentKey" value="Careers/Components/NavigationComponents/{0}NAV{1}.xml" />
<add key="CSPNavColContentKey" value="Careers/Components/NavigationComponents/{0}NAVCOL{1}.xml" />
<add key="CSPProfileContentKey" value="Careers/Components/HeaderComponents/{0}LOGO{1}.xml" />
<add key="CSPFooterContentKey" value="Careers/Components/FooterComponents/{0}FOOT{1}.xml" />
<add key="CSPJobDetailsSidebarContentKey" value="Careers/Components/HeaderComponents/{0}LOGO{1}.xml" />
<add key="CSPSiteConfigKey" value="Careers/{0}/{1}/site.config" />
<add key="CSPHeaderContentKey" value="Careers/Components/HeaderComponents/{0}HEADER{1}.xml" />
<!--Validation Expressions-->
<add key="EmailValidationExpression" value="\w+([-+.']\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*" />
<add key="MSEmailValidationExpression" value="^((?!@microsoft\.com).)*$" />
<add key="SearchValidationExpression" value="[^\^\{\}\[\]<>'\;%]" />
<add key="PhoneNumberValidationExpression" value="[^\^\{\}\[\]<>'\;%]" />
<add key="FreeTextValidationExpression" value="[^\^\{\}\[\]<>'\;%]" />
<!--Validation Error Messages-->
<add key="SearchValidationExpressionBlackList" value="^ { } [ ] < > % ' ;" />
<add key="FreeTextValidationExpressionBlackList" value="^ { } [ ] < > % ' ;" />
<add key="PhoneNumberValidationExpressionBlackList" value="^ { } [ ] < > % ' ;" />
<!-- Exception Handling -->
<add key="ExceptionsToIgnore" value="" />
<!-- EEO Settings -->
<add key="DaysToExpireEEORecord" value="30" />
<!-- GCLP SL Config -->
<add key="enableloop" value="true" />
<add key="medialink" value="" />
<add key="jumpinterval" value="5" />
<!--ImagePath to share images on facebook for job details-->
<add key="DefaultImageForJobPost" value="/Images/FaceBookJobShareImages/FB-MS-1.jpg" />
<add key="FaceBookJobShareImageFolder" value="~/Images/FaceBookJobShareImages" />
<add key="SocialMediaLink" value="true" />
<!--J2W-->
<add key="KeySize" value="256" />
<add key="PasswordIterations" value="2" />
<add key="J2WEncryptionEnabled" value="true" />
<!--Mobile Redirector-->
<add key="mobileRedirect" value="true" />
<add key="MobileLinkDisplayName" value="Mobile Site" />
<!--LinkedIn Settings -->
<!--Microsoft CompanyCode=1035 as Per LinkedIn Team-->
<add key="CompanyCode" value="1035" />
<!-- Switch to Enable or Disable CompanyInsider Widget-->
<add key="CompanyInsiderEnabled" value="True" />
<!--Recommended Jobs-->
<!--<add key="MaxNumberRecommendedJobs" value="5" />-->
<add key="RecommendedJobsRankCutoff" value="1" />
<add key="RecommendedJobsRollBack" value="3" />
<add key="RecommendedJobsEnabled" value="True" />
<add key="MaxNumberMSRecommendedJobs" value="5" />
<add key="MaxNumberLinkedInRecommendedJobs" value="5" />
<add key="EnableLinkedInRecommendedJobs" value="ON" />
<add key="MaxNumberLinkedInFeed" value="100" />
<add key="LinkedInFeedTimeOut" value="13000" />
<add key="SocioLib.EnableVerboseWebException" value="true"/>
</appSettings>
<applicationSettings>
<MS.IT.Staffing.GlobalCareers.Webportal.Properties.Settings>
<setting name="MS_IT_Staffing_GlobalCareers_Webportal_com_live_int_hipservice_HIPSoapServer" serializeAs="String">
<value>https://hipservice.live.com/HIPServerWSDL.srf</value>
</setting>
</MS.IT.Staffing.GlobalCareers.Webportal.Properties.Settings>
<MS.IT.Staffing.GlobalCareers.Services.Properties.Settings>
<setting name="ServiceClass" serializeAs="String">
<value>NGSGlobalCareers</value>
</setting>
<setting name="FromEmailAddress" serializeAs="String">
<value>staffing@microsoft.com</value>
</setting>
</MS.IT.Staffing.GlobalCareers.Services.Properties.Settings>
</applicationSettings>
<socioLibSettings defaultProvider="Linkedin">
<providers>
<clear />
<!-- Use the following if want to use overriden provider-->
<add name="Facebook" description="FaceBook Provider" type="Microsoft.IT.Staffing.SocioLib.Provider.OAuthV2SocioLibProvider, Microsoft.IT.Staffing.SocioLib.Provider" appKey="5XaxGB24ShrpM7j2Vkw7ZQ==" appSecret="+SffCOvtVkkdHN4npJu+fv1yk/EjJXgkW+JU+lcMdejFETdmy5yJ4UssZ3saxLDU" encryptedKeys="appKey,appSecret" scopeAttributes="email" returnUrl="https://careers.microsoft.com/signin.aspx" tokenEndpoint="https://graph.facebook.com/oauth/access_token" authzEndpoint="https://graph.facebook.com/oauth/authorize" profileEndpoint="https://graph.facebook.com/me" profileMapping="~first_name:FirstName;id:ID;last_name:LastName;email:Email;" />
<!-- Use the following if want to use overriden provider-->
<add name="Linkedin" description="Linkedin Provider" type="Microsoft.IT.Staffing.SocioLib.Provider.OAuthV1SocioLibProvider, Microsoft.IT.Staffing.SocioLib.Provider" appKey="cDr9/SeysiP1Q5G6qeXmUg==" appSecret="zqQ+44sY7HBcVQyX6FQEWjvpyiWsvY9hhUzulDKe7p0=" encryptedKeys="appKey,appSecret" returnUrl="https://careers.microsoft.com/signin.aspx" tokenEndpoint="https://api.linkedin.com/uas/oauth/accessToken" requestTokenEndpoint="https://api.linkedin.com/uas/oauth/requestToken?scope=r_fullprofile+r_contactinfo+r_emailaddress" authEndpoint="https://api.linkedin.com/uas/oauth/authorize" authzEndpoint="https://api.linkedin.com/uas/oauth/authorize" profileEndpoint="http://api.linkedin.com/v1/people/~:(id,first-name,last-name,maiden-name,summary,location:(name),industry,interests,date-of-birth,positions,educations,skills,courses,main-address,phone-numbers,certifications,email-address)" profileMapping="person~id:Id;first-name:FirstName;last-name:LastName;summary:Summary;interests:Interests;industry:Industry;email-address:Email;main-address:Address;date-of-birth.month+(/)date-of-birth.day+(/)date-of-birth.year:DoB;positions:{position~id:Id;title:Title;summary:Summary;is-current:IsCurrent;company.name:Company;company.industry:Industry;start-date.month+(-)start-date.year:StartDate;end-date.month+(-)end-date.year:EndDate;}Positions;location.name:Location;educations:{education~id:Id;start-date.year:StartYear;end-date.year:EndYear;school-name:Institution;degree:DegreeName;field-of-study:FieldOfStudy;activities:Activities;}Educations;skills:{skill~id:Id;skill.name:Name;}Skills;courses:{course~id:Id;name:Name;number:Number;}Courses;phone-numbers:{phone-number~phone-type:ContactType;phone-number:Number;}ContactNumbers;" />
<!--Added for import functionality-->
<add name="LinkedinImport" description="LinkedinImport Provider" type="Microsoft.IT.Staffing.SocioLib.Provider.OAuthV1SocioLinkedInImportProvider, Microsoft.IT.Staffing.SocioLib.Provider" appKey="cDr9/SeysiP1Q5G6qeXmUg==" appSecret="zqQ+44sY7HBcVQyX6FQEWjvpyiWsvY9hhUzulDKe7p0=" encryptedKeys="appKey,appSecret" returnUrl="https://careers.microsoft.com/signin.aspx" tokenEndpoint="https://api.linkedin.com/uas/oauth/accessToken" requestTokenEndpoint="https://api.linkedin.com/uas/oauth/requestToken?scope=r_fullprofile+r_contactinfo+r_emailaddress" authEndpoint="https://api.linkedin.com/uas/oauth/authorize" authzEndpoint="https://api.linkedin.com/uas/oauth/authorize" profileEndpoint="http://api.linkedin.com/v1/people/~:(id,first-name,last-name,maiden-name,summary,location:(name),industry,interests,date-of-birth,positions,educations,skills,courses,main-address,phone-numbers,certifications,email-address)" profileMapping="person~id:Id;first-name:FirstName;last-name:LastName;summary:Summary;interests:Interests;industry:Industry;email-address:Email;main-address:Address;date-of-birth.day+(/)date-of-birth.month+(/)date-of-birth.year:DoB;positions:{position~id:Id;title:Title;summary:Summary;is-current:IsCurrent;company.name:Company;company.industry:Industry;start-date.month+(-)start-date.year:StartDate;end-date.month+(-)end-date.year:EndDate;}Positions;location.name:Location;educations:{education~id:Id;start-date.year:StartYear;end-date.year:EndYear;school-name:Institution;degree:DegreeName;field-of-study:FieldOfStudy;activities:Activities;}Educations;skills:{skill~id:Id;skill.name:Name;}Skills;courses:{course~id:Id;name:Name;number:Number;}Courses;phone-numbers:{phone-number~phone-type:ContactType;phone-number:Number;}ContactNumbers;" />
<!-- Use the following if want to use overriden provider-->
<add name="Twitter" description="Twitter Provider" type="Microsoft.IT.Staffing.SocioLib.Provider.OAuthV1SocioLibProvider, Microsoft.IT.Staffing.SocioLib.Provider" appKey="WM9x8b3Y3Sccr5/gmlNXDCh/ybDbI14sfiWPkXiDDJc=" appSecret="kuRTNlP4PY9AzVs9G0WOSdXcIZLfT/s29Rz3sedPVKMya91tT6shAdnwVi1dwA5z" encryptedKeys="appKey,appSecret" returnUrl="https://careers.microsoft.com/signin.aspx" tokenEndpoint="https://api.twitter.com/oauth/access_token" requestTokenEndpoint="https://api.twitter.com/oauth/request_token" authEndpoint="https://api.twitter.com/oauth/authenticate" authzEndpoint="https://api.twitter.com/oauth/authorize" profileEndpoint="https://api.twitter.com/1.1/account/verify_credentials.json" profileMapping="user~name:FirstName;id:ID;" />
<add name="Google" description="Google Provider" type="Microsoft.IT.Staffing.SocioLib.Provider.OAuthV2SocioLibProvider, Microsoft.IT.Staffing.SocioLib.Provider" appKey="RlhZ8j11HRJnXASn3VTUM+NYvlj4MW8REAK4s6ViceNUDVub8Ces1rS/MaY/2PIR3BfXOUCGTnFejjKF2dGjJwN/RSzr0OHzdgM00PwgWUI=" appSecret="iBhUNIfnnOfj2EaCNuWkAnUhROHnY9hcqKAOisqP0zM=" encryptedKeys="appKey,appSecret" preDefinedReturnUrl="true" scopeAttributes="https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile" returnUrl="https://careers.microsoft.com/signin.aspx" tokenEndpoint="https://accounts.google.com/o/oauth2/token" authzEndpoint="https://accounts.google.com/o/oauth2/auth" profileEndpoint="https://www.googleapis.com/oauth2/v1/userinfo" profileMapping="~id:Id;given_name:FirstName;family_name:LastName;email:Email;" />
<add name="Yahoo" description="Yahoo Provider" type="Microsoft.IT.Staffing.SocioLib.Provider.OAuthV1YahooProvider, Microsoft.IT.Staffing.SocioLib.Provider" appKey="0S6+HL+Hwcp5Ur109NoG9ubVg4lwg+AjEVd7nBiaMtIBW7WDb8ZCxe9PRpV7tsSp4psG2wJS+kUo9Tmz3/ychA2i/uRKbGOaKcGu2S0lgJfCqS/jAnH+Ljo+3xTaMCmc4J2NOy8Y04Hsv8YensNzGg==" appSecret="iCf5Cmu/UrlPEYQaiDRALWynnFw4t+lxsjxFfidiPRRDmkCUNGY1p9d0DTdtoD6Y" encryptedKeys="appKey,appSecret" returnUrl="https://careers.microsoft.com/signin.aspx" tokenEndpoint="https://api.login.yahoo.com/oauth/v2/get_token" requestTokenEndpoint="https://api.login.yahoo.com/oauth/v2/get_request_token" authEndpoint="https://api.login.yahoo.com/oauth/v2/request_auth" authzEndpoint="https://api.login.yahoo.com/oauth/v2/request_auth" profileEndpoint="https://social.yahooapis.com/v1/user/{0}/profile" profileMapping="profile~givenName:FirstName;familyName:LastName;guid:ID;emails{handle}:Email" />
</providers>
</socioLibSettings>
<system.web>
<sessionState mode="Custom" customProvider="SessionStoreProvider" timeout="20">
<providers>
<add name="SessionStoreProvider" type="Microsoft.ApplicationServer.Caching.DataCacheSessionStoreProvider, Microsoft.ApplicationServer.Caching.Client, Version=1.0.0.0, Culture=neutral, PublicToken=31bf3856ad364e35" cacheName="GlobalCareersCache" retryCount="5" />
</providers>
</sessionState>
<machineKey validationKey="6750A2D7BD567862F25EF996A480C9767E6F07E9FF730190185C094E857D9EBE663B7C8CF112FD3A5ED8CFFFCF8D34C7F64353AEA9B6C19ED2D5013109D20C55" decryptionKey="6198ECAD23175308DC6EE3FD5881CDCE8EAB8D8D5A9F19B5" validation="SHA1" />
<!--Do not check in web.config with customErrors Off-->
<customErrors mode="On" redirectMode="ResponseRedirect" defaultRedirect="~/Error.aspx" />
<trace enabled="false" localOnly="true" pageOutput="true" />
<compilation>
<assemblies>
<add assembly="System.Web.Entity, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Data.Entity, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</assemblies>
</compilation>
<authentication mode="Forms">
<forms loginUrl="search.aspx" timeout="2880" defaultUrl="search.aspx" />
</authentication>
<pages>
<controls>
<add tagPrefix="gc" namespace="MS.IT.Staffing.GlobalCareers.Webportal.Webcontrols" assembly="MS.IT.Staffing.GlobalCareers.Webportal" />
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</controls>
</pages>
<httpHandlers>
<!--CSP-->
<remove path="*.aspx" verb="*" />
<add path="*.aspx" verb="*" type="Microsoft.Mscom.Rendering.Framework.RenderingPageHandlerFactory, Mscom.Rendering.Framework, Version=2.0.0.0, Culture=neutral, PublicKeyToken=a30896880e965ef2" validate="false" />
<remove path="*.geo" verb="*" />
<add path="*.geo" verb="*" type="System.Web.HttpForbiddenHandler" />
<add verb="GET" path="LocalizedScript.axd" type=" MS.IT.Staffing.GlobalCareers.Webportal.JSResourceHandler, MS.IT.Staffing.GlobalCareers.Webportal" />
<add path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" validate="false" />
<add path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.RadUploadProgressHandler" verb="*" validate="false" />
<add path="Telerik.Web.UI.WebResource.axd" verb="*" type="Telerik.Web.UI.WebResource, Telerik.Web.UI" validate="false" />
<remove verb="*" path="*.asmx" />
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</httpHandlers>
<httpModules>
<!--CSP-->
<add name="GeoRedirectModule" type="Microsoft.Mscom.Rendering.Framework.GeoRedirect.GeoRedirectModule, Mscom.Rendering.Framework, Version=2.0.0.0, Culture=neutral, PublicKeyToken=a30896880e965ef2" />
<add name="RadUploadModule" type="Telerik.Web.UI.RadUploadHttpModule" />
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</httpModules>
<globalization uiCulture="auto" culture="auto" resourceProviderFactoryType=" MS.IT.Staffing.GlobalCareers.Webportal.Classes.DBResourceProvider.DBResourceProviderFactory" />
<!--CSP-->
<ContentService defaultProvider="FileProvider">
<providers>
<remove name="FileProvider" />
<add name="FileProvider" applicationName="Csp Rendering" type="Microsoft.Mscom.Rendering.Content.FileProvider, Mscom.Rendering.Content, Version=2.0.0.0, Culture=neutral, PublicKeyToken=a30896880e965ef2" protocol="file" />
</providers>
</ContentService>
<browserCaps>
<file src="pc2mobile.config" />
</browserCaps>
</system.web>
<system.codedom>
<compilers>
<!--NOTE: For PROD ensure compilerOptions="/d:CSP" for dev compilerOptions=""-->
<compiler language="c#;cs;csharp" extension=".cs" compilerOptions="" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<providerOption name="CompilerVersion" value="v3.5" />
<providerOption name="WarnAsError" value="false" />
</compiler>
</compilers>
</system.codedom>
<!--
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<!--CSP-->
<remove name="GeoRedirectModule" />
<add name="GeoRedirectModule" type="Microsoft.Mscom.Rendering.Framework.GeoRedirect.GeoRedirectModule, Mscom.Rendering.Framework, Version=2.0.0.0, Culture=neutral, PublicKeyToken=a30896880e965ef2" />
<remove name="ScriptModule" />
<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</modules>
<handlers>
<remove name="WebServiceHandlerFactory-Integrated" />
<remove name="ScriptHandlerFactory" />
<remove name="ScriptHandlerFactoryAppServices" />
<remove name="ScriptResource" />
<!--CSP-->
<remove name="RenderingPageHandlerFactory" />
<add name="RenderingPageHandlerFactory" verb="*" path="*.aspx" preCondition="integratedMode" type="Microsoft.Mscom.Rendering.Framework.RenderingPageHandlerFactory, Mscom.Rendering.Framework, Version=2.0.0.0, Culture=neutral, PublicKeyToken=a30896880e965ef2" />
<remove name="GeoHandler" />
<add name="GeoHandler" verb="*" path="*.geo" preCondition="integratedMode" type="System.Web.ForbiddenHandler" />
<add name="JSLocalization" verb="GET" path="LocalizedScript.axd" type=" MS.IT.Staffing.GlobalCareers.Webportal.JSResourceHandler, MS.IT.Staffing.GlobalCareers.Webportal" />
<add name="Telerik_Web_UI_DialogHandler_aspx" verb="*" preCondition="integratedMode" path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" />
<add name="Telerik_RadUploadProgressHandler_ashx" verb="*" preCondition="integratedMode" path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.RadUploadProgressHandler" />
<add name="Telerik.Web.UI.WebResource.axd_*" path="Telerik.Web.UI.WebResource.axd" verb="*" type="Telerik.Web.UI.WebResource, Telerik.Web.UI" preCondition="integratedMode" />
<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</handlers>
<rewrite>
<rules>
<rule name="Redirect CorpBusinesses to Jobs2Web" stopProcessing="true">
<match url="(corpbusinesses|corphr|corplca|corpfinance).aspx$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Redirect" url="https://www.microsoft-careers.com/content/corporate-business/" appendQueryString="false" />
</rule>
<rule name="Redirect CorpRD to Jobs2Web" stopProcessing="true">
<match url="corprd.aspx$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Redirect" url="https://www.microsoft-careers.com/content/corporate-research/" appendQueryString="false" />
</rule>
<rule name="Redirect IEB to Jobs2Web" stopProcessing="true">
<match url="interactive.aspx$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Redirect" url="https://www.microsoft-careers.com/content/interactive-entertainment-business/" appendQueryString="false" />
</rule>
<rule name="Redirect MBS to Jobs2Web" stopProcessing="true">
<match url="microsoftbusinesssolutions.aspx$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Redirect" url="https://www.microsoft-careers.com/content/business-solutions/home/" appendQueryString="false" />
</rule>
<rule name="Redirect MOD to Jobs2Web" stopProcessing="true">
<match url="officedivision.aspx$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Redirect" url="https://www.microsoft-careers.com/content/mod/home/" appendQueryString="false" />
</rule>
<rule name="Redirect SMSG to Jobs2Web" stopProcessing="true">
<match url="(smsg|smsg-consumeronline|smsg-it|smsg-marketing|smsg-operations|smsg-sales|smsg-servicessupport).aspx$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Redirect" url="https://www.microsoft-careers.com/content/sales/" appendQueryString="false" />
</rule>
<rule name="Redirect OSD to Jobs2Web" stopProcessing="true">
<match url="onlineservices.aspx$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Redirect" url="https://www.microsoft-careers.com/content/bing/bing-home/" appendQueryString="false" />
</rule>
<rule name="Redirect STB to Jobs2Web" stopProcessing="true">
<match url="servertools.aspx$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Redirect" url="https://www.microsoft-careers.com/content/server-and-tools/" appendQueryString="false" />
</rule>
<rule name="Redirect Windows to Jobs2Web" stopProcessing="true">
<match url="(windows|windowsphone).aspx$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Redirect" url="https://www.microsoft-careers.com/content/windows-division/" appendQueryString="false" />
</rule>
<rule name="Redirect Profiles to Home" stopProcessing="true">
<match url="^careers/([a-z]{2}|(zh\-(cn|tw)))/([a-z]{2,3})/(profilefauziacss|profilejoslyncom|profilejdhs|profiledanmbu|profileblaisemsn|profilestafforddi|profilepablosql|profileclausd|profilekristinbmo|profilejulief|profilerenesmsp|profileelizabethhrit|profileroyhs|profilejenchrisnel|profileberniecm|profileraymondwe|profilepeterco).aspx$" />
<action type="Redirect" url="/careers/{R:1}/{R:4}/home.aspx" appendQueryString="true" />
</rule>
<!--Removing trailing slash-->
<rule name="RemoveTrailingSlashRule1" stopProcessing="true">
<match url="(.*)/$" />
<action type="Redirect" url="{ToLower:{R:1}}" redirectType="Permanent" />
</rule>
<!--Redirect to home.aspx for default page-->
<rule name="home.aspx">
<match url="^careers/([A-Z]{2})/([A-Z]{2,3})[/]?$" />
<action type="Redirect" url="{ToLower:careers/{R:1}/{R:2}/home.aspx}" redirectType="Permanent" />
</rule>
<!--Redirect to lower case for .aspx page URLs-->
<rule name="LowerCaseRule1" stopProcessing="true">
<match url="[A-Z]+.*\.aspx" ignoreCase="false" />
<action type="Redirect" url="{ToLower:{URL}}" redirectType="Permanent" />
</rule>
<!--Redirect to lower case for .aspx page URLs-->
<rule name="LowerCaseRule2" stopProcessing="true">
<match url="[.](A[sS][pP][xX])|(aS[pP][xX])|(asP[xX])|(aspX)" ignoreCase="false" />
<action type="Redirect" url="{ToLower:{URL}}" redirectType="Permanent" />
</rule>
<rule name="Redirect to root for gclp.aspx" stopProcessing="true">
<match url="^gclp.aspx" />
<action type="Redirect" url="/" redirectType="Permanent" />
</rule>
<rule name="Redirect to root for /careers/gclp.aspx" stopProcessing="true">
<match url="^careers/gclp.aspx" />
<action type="Redirect" url="/" redirectType="Permanent" />
</rule>
<rule name="Rewrite root for CSP GCLP">
<match url="^$" />
<action type="Rewrite" url="/careers/gclp.aspx" />
</rule>
</rules>
<outboundRules>
<rule name="Lowercase internal links in the response" preCondition="ResponseIsHtml1" enabled="true">
<match filterByTags="A, Area, Form" pattern="^([\w\-\./]*)(\?.*)?(#.*)?$" />
<action type="Rewrite" value="{ToLower:{R:0}}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
<httpRedirect enabled="false" destination="" exactDestination="true" childOnly="false" httpResponseStatus="Temporary">
<add wildcard="*.aspx" destination="/splash.htm" />
</httpRedirect>
<httpProtocol>
<customHeaders>
<remove name="X-UA-Compatible" />
<add name="svr" value="b1" />
</customHeaders>
</httpProtocol>
<urlCompression doStaticCompression="false" doDynamicCompression="false" />
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Mscom.Rendering.UIC" publicKeyToken="a30896880e965ef2" />
<bindingRedirect oldVersion="1.0.0.0-2.4.0.0" newVersion="3.5.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Mscom.Rendering.Framework" publicKeyToken="a30896880e965ef2" />
<bindingRedirect oldVersion="1.0.0.0-2.4.0.0" newVersion="3.5.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Mscom.Rendering.Helper" publicKeyToken="a30896880e965ef2" />
<bindingRedirect oldVersion="1.0.0.0-2.4.0.0" newVersion="3.5.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Mscom.Rendering.Navigation" publicKeyToken="a30896880e965ef2" />
<bindingRedirect oldVersion="1.0.0.0-2.4.0.0" newVersion="3.5.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Mscom.Rendering.Content" publicKeyToken="a30896880e965ef2" />
<bindingRedirect oldVersion="1.0.0.0-2.4.0.0" newVersion="3.5.0.0" />
</dependentAssembly>
</assemblyBinding>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.JobServiceAspNetAjaxBehavior">
<enableWebScript />
</behavior>
<behavior name="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.SavedJobServiceAspNetAjaxBehavior">
<enableWebScript />
</behavior>
<behavior name="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.MultiSelectServiceAspNetAjaxBehavior">
<enableWebScript />
</behavior>
<behavior name="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.DomainDataAspNetAjaxBehavior">
<enableWebScript />
</behavior>
<behavior name="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.SavedSearchAspNetAjaxBehavior">
<enableWebScript />
</behavior>
<behavior name="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.MiniMeServiceAspNetAjaxBehavior">
<enableWebScript />
</behavior>
<behavior name="MS.IT.Staffing.GlobalCareers.Webportal.WCFServices.LanguageBarServiceAspNetAjaxBehavior">
<enableWebScript />
</behavior>
<behavior name="MS.IT.Staffing.GlobalCareers.Webportal.WCFServices.HorizonServiceAspNetAjaxBehavior">
<enableWebScript />
</behavior>
<behavior name="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.CommonServiceAspNetAjaxBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.DomainDataAspNetAjaxBehavior">
<!-- Required to pass unhandled Exception details to client -->
<serviceMetadata httpGetEnabled="true" httpGetUrl="" />
<serviceDebug httpHelpPageEnabled="true" includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<services>
<service name="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.JobService">
<endpoint address="" behaviorConfiguration="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.JobServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webBindinghttp" contract="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.JobService" />
<endpoint address="" behaviorConfiguration="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.JobServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webBinding" contract="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.JobService" />
</service>
<service name="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.SavedJobService">
<endpoint address="" behaviorConfiguration="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.SavedJobServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webBindinghttp" contract="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.SavedJobService" />
</service>
<service name="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.MultiSelectService">
<endpoint address="" behaviorConfiguration="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.MultiSelectServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webBindinghttp" contract="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.MultiSelectService" />
</service>
<service name="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.DomainData">
<endpoint address="" behaviorConfiguration="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.DomainDataAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webBinding" contract="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.DomainData" />
<endpoint address="" behaviorConfiguration="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.DomainDataAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webBindinghttp" contract="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.DomainData" />
</service>
<service name="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.SavedSearchService">
<endpoint address="" behaviorConfiguration="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.SavedSearchAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webBinding" contract="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.SavedSearchService" />
<endpoint address="" behaviorConfiguration="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.SavedSearchAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webBindinghttp" contract="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.SavedSearchService" />
</service>
<service name="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.MiniMeService">
<endpoint address="" behaviorConfiguration="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.MiniMeServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webBinding" contract="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.MiniMeService" />
<endpoint address="" behaviorConfiguration="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.MiniMeServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webBindinghttp" contract="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.MiniMeService" />
</service>
<service name="MS.IT.Staffing.GlobalCareers.Webportal.WCFServices.LanguageBarService">
<endpoint address="" behaviorConfiguration="MS.IT.Staffing.GlobalCareers.Webportal.WCFServices.LanguageBarServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webBinding" contract="MS.IT.Staffing.GlobalCareers.Webportal.WCFServices.LanguageBarService" />
<endpoint address="" behaviorConfiguration="MS.IT.Staffing.GlobalCareers.Webportal.WCFServices.LanguageBarServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webBindinghttp" contract="MS.IT.Staffing.GlobalCareers.Webportal.WCFServices.LanguageBarService" />
</service>
<service name="MS.IT.Staffing.GlobalCareers.Webportal.WCFServices.HorizonService">
<endpoint address="" behaviorConfiguration="MS.IT.Staffing.GlobalCareers.Webportal.WCFServices.HorizonServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webBinding" contract="MS.IT.Staffing.GlobalCareers.Webportal.WCFServices.HorizonService" />
<endpoint address="" behaviorConfiguration="MS.IT.Staffing.GlobalCareers.Webportal.WCFServices.HorizonServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webBindinghttp" contract="MS.IT.Staffing.GlobalCareers.Webportal.WCFServices.HorizonService" />
</service>
<service name="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.CommonService">
<endpoint address="" behaviorConfiguration="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.CommonServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webBinding" contract="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.CommonService" />
<endpoint address="" behaviorConfiguration="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.CommonServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webBindinghttp" contract="MS.IT.Staffing.GlobalCareers.Webportal.WCF_Services.CommonService" />
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="webBinding">
<!--PROD-->
<!--security mode="Transport"-->
<!--DEV-->
<security mode="None">
</security>
</binding>
<binding name="webBindinghttp">
<!--PROD-->
<security mode="Transport">
<!--DEV-->
<!--security mode="None"-->
</security>
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
漏洞证明:
修复方案:
你们懂
版权声明:转载请注明来源 hack雪花@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:8
确认时间:2014-12-19 22:34
厂商回复:
CNVD确认并复现所述情况,已经由CNVD通过网站公开联系方式(或以往建立的处置渠道)向网站管理单位(软件生产厂商)通报。
最新状态:
暂无