来源:自学PHP网 时间:2015-04-15 15:00 作者: 阅读:次
[导读] 厂商,能不能求小礼物呢,菜鸟表示还没收到过礼物 不行就算了 - -求走大厂商啊 数据库权限不多说了拿到了数据库的权限可以任意操控数据库,可以登陆SSH服务器利用的是文件包含漏洞问...
| 厂商,能不能求小礼物呢,菜鸟表示还没收到过礼物 不行就算了 -.- 拿到了数据库的权限可以任意操控数据库,可以登陆SSH服务器
 
 
 <context-param> <param-name>uploadPath</param-name> <param-value>/var/www/html/vasee_pics/</param-value> <!--<param-value>D:\\upload\\</param-value>--> </context-param> <context-param> <param-name>pdfPath</param-name> <param-value>/user/local/vasee_pdfs/</param-value> <!--<param-value>d:\\xx\\</param-value>--> </context-param> <context-param> <param-name>exlPath</param-name> <param-value>/user/local/vasee_exls/</param-value> <!--<param-value>D:\\upload\\</param-value>--> </context-param> <filter> <filter-name>SetCharacterEncoding</filter-name> <filter-class> com.vasee.filters.SetCharacterEncodingFilter </filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> </filter> <!-- Filters for the display tag functionality --> <filter> <filter-name>ResponseOverrideFilter</filter-name> <filter-class> org.displaytag.filter.ResponseOverrideFilter </filter-class> </filter> <filter> <filter-name>hibernatesession</filter-name> <filter-class> org.springframework.orm.hibernate3.support.OpenSessionInViewFilter </filter-class> </filter> <filter-mapping> <filter-name>hibernatesession</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>SetCharacterEncoding</filter-name> <url-pattern>*.do</url-pattern> </filter-mapping> <filter-mapping> <filter-name>SetCharacterEncoding</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>ResponseOverrideFilter</filter-name> <url-pattern>*.do</url-pattern> </filter-mapping> <filter-mapping> <filter-name>ResponseOverrideFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> <!--伪静态的过滤 --> <filter> <filter-name>UrlRewriteFilter</filter-name> <filter-class> org.tuckey.web.filters.urlrewrite.UrlRewriteFilter </filter-class> <init-param> <param-name>confPath</param-name> <param-value>/WEB-INF/urlrewrite.xml</param-value> </init-param> </filter> <filter-mapping> <filter-name>UrlRewriteFilter</filter-name> <url-pattern>/g/*</url-pattern> </filter-mapping> <servlet> <servlet-name>DrawImageServlet</servlet-name> <servlet-class> net.sourceforge.jimagetaglib.servlet.DrawImageServlet </servlet-class> </servlet> <servlet-mapping> <servlet-name>DrawImageServlet</servlet-name> <url-pattern>/jit</url-pattern> </servlet-mapping> <!-- Action Servlet Configuration --> <servlet> <servlet-name>action</servlet-name> <servlet-class> org.apache.struts.action.ActionServlet </servlet-class> <init-param> <param-name>config</param-name> <param-value>/WEB-INF/struts-config.xml</param-value> </init-param> <init-param> <param-name>debug</param-name> <param-value>2</param-value> </init-param> <init-param> <param-name>validate</param-name> <param-value>true</param-value> </init-param> </servlet> <!-- Action Servlet Mapping --> <servlet-mapping> <servlet-name>action</servlet-name> <url-pattern>*.do</url-pattern> </servlet-mapping> <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/applicationContext.xml</param-value> </context-param> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> 
 <context-param> <param-name>uploadPath</param-name> <param-value>/var/www/html/vasee_pics/</param-value> <!--<param-value>D:\\upload\\</param-value>--> </context-param> 
 <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/applicationContext.xml</param-value> </context-param> 
 <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="locations"> <list> <value>/WEB-INF/config.properties</value> </list> </property> </bean> 
 subDomain.id=1006 hibernate.connection.driver_class org.postgresql.Driver hibernate.connection.username=postgres #hibernate.connection.url=jdbc\:postgresql\://127.0.0.1/test hibernate.connection.url=jdbc\:postgresql\://127.0.0.1/vaseedbstable #hibernate.connection.url=jdbc\:postgresql\://103.31.201.95/test #hibernate.connection.password=123456 hibernate.connection.password=e2010ee_yan #hibernate.connection.password=root #hibernate.connection.password=voasseeee #hibernate.connection.password=vpaosseteg phoneapp.android.version=1.1 phoneapp.iphone.version=1.1 phoneapp.android.update_url=http://down.mumayi.com/94512 phoneapp.iphone.update_url=https://itunes.apple.com/cn/app/vasee/id488543987?mt=8 #font.src.path=c\:/windows/fonts/ font.src.path=/user/local/vasee_pdfs/source/ 
 
 
 
 
 
 
 修复方案:包含处进行过滤,SSH也设置一下连接IP,文件上传处也过滤一下,把密码改一下,虽然,目前没发现利用点不过以后的事很难说,最后请厂商相信我,我连看都没看数据库就是连接了一下然后截了图退出了. | 
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com