当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-027832

漏洞标题:久游网多个分站敏感信息泄露,路径、数据库配置等

相关厂商:久游网

漏洞作者: 爱上平顶山

提交时间:2013-07-05 11:32

修复时间:2013-08-19 11:33

公开时间:2013-08-19 11:33

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-07-05: 细节已通知厂商并且等待厂商处理中
2013-07-05: 厂商已经确认,细节仅向厂商公开
2013-07-15: 细节向核心白帽子及相关领域专家公开
2013-07-25: 细节向普通白帽子公开
2013-08-04: 细节向实习白帽子公开
2013-08-19: 细节向公众公开

简要描述:

RT.

详细说明:

久游网 敏感信息泄露 数据库连接等。。
http://album.9you.com/conf/server.xml
- <Server port="8005" shutdown="SHUTDOWN">
- <!-- APR library loader. Documentation at /docs/apr.html
-->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
- <!-- Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html
-->
<Listener className="org.apache.catalina.core.JasperListener" />
- <!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html
-->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
- <GlobalNamingResources>
<Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
- <Service name="Catalina">
<Connector port="80" maxHttpHeaderSize="8192" maxThreads="1024" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="gbk" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="gbk" />
- <Engine name="Catalina" defaultHost="album.9you.com">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" />
- <Host name="album.9you.com" appBase="" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="access_log." suffix=".txt" pattern="common" resolveHosts="false" />
- <Context path="" docBase="/usr/db/htdocs/album-au.9you.com/" reloadable="false">
<Resource name="jdbc/album" type="javax.sql.DataSource" driverClassName="oracle.jdbc.driver.OracleDriver" maxIdle="30" maxWait="5000" username="album" password="nyqs8ap" url="jdbc:oracle:thin:@192.168.0.229:1521:album" maxActive="20" factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory" removeAbandoned="true" removeAbandonedTimeout="20" />
</Context>
</Host>
- <Host name="zhoubian.9you.com" appBase="" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
- <Context path="" docBase="/usr/db/htdocs/zhoubian.9you.com" debug="1" reloadable="false" crossContext="true">
<Resource name="jdbc/zbsc" type="javax.sql.DataSource" driverClassName="oracle.jdbc.driver.OracleDriver" maxIdle="30" maxWait="5000" username="shop" password="nyqs8ap" url="jdbc:oracle:thin:@192.168.0.229:1521:gshop" maxActive="100" factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory" removeAbandoned="true" removeAbandonedTimeout="20" logAbandoned="true" />
</Context>
</Host>
- <Host name="gdclan.9you.com" appBase="" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
- <Context path="/" docBase="/usr/db/htdocs/gdclan.9you.com">
<Resource name="jdbc/gd_local" driverClass="oracle.jdbc.driver.OracleDriver" user="gd" password="nyqs8ap" jdbcUrl="jdbc:oracle:thin:@192.168.0.229:1521:gdclandg" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
- <!-- test
-->
<Resource name="jdbc/gd_clan_0" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://125.211.204.121:29806;DatabaseName=GDClan" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_common_0" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://125.211.204.121:29806;DatabaseName=GDCommon" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_store_0" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://125.211.204.121:29806;DatabaseName=GDStoreBilling" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_level_0" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://125.211.204.123:29806;DatabaseName=GOnlineGame" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
- <!-- 1
-->
<Resource name="jdbc/gd_clan_1" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://180.153.120.43:1433;DatabaseName=GDClan;SelectMethod=Cursor;" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_common_1" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://180.153.120.43:1433;DatabaseName=GDCommon" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_store_1" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://180.153.120.43:1433;DatabaseName=GDStoreBilling" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_level_1" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://180.153.120.73:1433;DatabaseName=GOnlineGame" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
- <!-- 2
-->
<Resource name="jdbc/gd_clan_2" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://125.211.205.56:1433;DatabaseName=GDClan;SelectMethod=Cursor;" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_common_2" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://125.211.205.56:1433;DatabaseName=GDCommon" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_store_2" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://125.211.205.56:1433;DatabaseName=GDStoreBilling" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_level_2" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://125.211.205.70:1433;DatabaseName=GOnlineGame" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
- <!-- 3
-->
<Resource name="jdbc/gd_clan_3" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://113.105.225.29:1433;DatabaseName=GDClan;SelectMethod=Cursor;" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_common_3" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://113.105.225.29:1433;DatabaseName=GDCommon" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_store_3" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://113.105.225.29:1433;DatabaseName=GDStoreBilling" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_level_3" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://113.105.225.13:1433;DatabaseName=GOnlineGame" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
- <!-- new
-->
<Resource name="jdbc/gd_clan_4" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://113.105.225.12:1433;DatabaseName=GDClan;SelectMethod=Cursor;" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_common_4" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://113.105.225.12:1433;DatabaseName=GDCommon" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_store_4" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://113.105.225.12:1433;DatabaseName=GDStoreBilling" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_level_4" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://113.105.225.13:1433;DatabaseName=GOnlineGame" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
</Context>
</Host>
</Engine>
</Service>
</Server>

7.png


久游网敏感信息泄露--第二弹 :路径、数据库配置等
http://bbs.9you.com/conf/server.xml
- <Server port="8005" shutdown="SHUTDOWN">
- <!-- APR library loader. Documentation at /docs/apr.html
-->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
- <!-- Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html
-->
<Listener className="org.apache.catalina.core.JasperListener" />
- <!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html
-->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
- <GlobalNamingResources>
<Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
- <Service name="Catalina">
<Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" URIEncoding="UTF-8" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="UTF-8" />
- <Engine name="Catalina" defaultHost="bbs.9you.com">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" />
- <Host name="bbs.9you.com" appBase="" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
- <Context path="" docBase="/usr/db/htdocs/bbsindex.9you.com" reloadable="true">
<Resource name="jdbc/commonRead" type="javax.sql.DataSource" driverClassName="com.mysql.jdbc.Driver" username="MHdevLop" password="d7xessRL" maxIdle="2" maxWait="3000" url="jdbc:mysql://60.206.15.40:3306/common?characterEncoding=GBK" maxActive="20" autoReconnect="true" />
<Resource name="jdbc/commonWrite" type="javax.sql.DataSource" driverClassName="com.mysql.jdbc.Driver" username="MHdevLop" password="d7xessRL" maxIdle="2" maxWait="3000" url="jdbc:mysql://60.206.15.16:3306/common?characterEncoding=GBK" maxActive="20" autoReconnect="true" />
<Resource name="jdbc/forum2Read" type="javax.sql.DataSource" driverClassName="com.mysql.jdbc.Driver" username="MHdevLop" password="d7xessRL" maxIdle="2" maxWait="3000" url="jdbc:mysql://60.206.15.40:3306/forum2?characterEncoding=GBK" maxActive="20" autoReconnect="true" />
<Resource name="jdbc/forum2Write" type="javax.sql.DataSource" driverClassName="com.mysql.jdbc.Driver" username="MHdevLop" password="d7xessRL" maxIdle="2" maxWait="3000" url="jdbc:mysql://60.206.15.16:3306/forum2?characterEncoding=GBK" maxActive="20" autoReconnect="true" />
<Resource name="jdbc/forum1Read" type="javax.sql.DataSource" driverClassName="com.mysql.jdbc.Driver" username="MHdevLop" password="d7xessRL" maxIdle="2" maxWait="3000" url="jdbc:mysql://60.206.15.40:3306/forum1?characterEncoding=GBK" maxActive="20" autoReconnect="true" />
<Resource name="jdbc/forum1Write" type="javax.sql.DataSource" driverClassName="com.mysql.jdbc.Driver" username="MHdevLop" password="d7xessRL" maxIdle="2" maxWait="3000" url="jdbc:mysql://60.206.15.16:3306/forum1?characterEncoding=GBK" maxActive="20" autoReconnect="true" />
</Context>
</Host>
</Engine>
</Service>
</Server>

8.png


久游网敏感信息泄露
第三弹:SD敢达OL分站路径、数据库配置 后台等
http://gdclan.9you.com/conf/server.xml
- <Server port="8005" shutdown="SHUTDOWN">
- <!-- APR library loader. Documentation at /docs/apr.html
-->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
- <!-- Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html
-->
<Listener className="org.apache.catalina.core.JasperListener" />
- <!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html
-->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
- <GlobalNamingResources>
<Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
- <Service name="Catalina">
<Connector port="80" maxHttpHeaderSize="8192" maxThreads="1024" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="gbk" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="gbk" />
- <Engine name="Catalina" defaultHost="album.9you.com">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" />
- <Host name="album.9you.com" appBase="" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="access_log." suffix=".txt" pattern="common" resolveHosts="false" />
- <Context path="" docBase="/usr/db/htdocs/album-au.9you.com/" reloadable="false">
<Resource name="jdbc/album" type="javax.sql.DataSource" driverClassName="oracle.jdbc.driver.OracleDriver" maxIdle="30" maxWait="5000" username="album" password="nyqs8ap" url="jdbc:oracle:thin:@192.168.0.229:1521:album" maxActive="20" factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory" removeAbandoned="true" removeAbandonedTimeout="20" />
</Context>
</Host>
- <Host name="zhoubian.9you.com" appBase="" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
- <Context path="" docBase="/usr/db/htdocs/zhoubian.9you.com" debug="1" reloadable="false" crossContext="true">
<Resource name="jdbc/zbsc" type="javax.sql.DataSource" driverClassName="oracle.jdbc.driver.OracleDriver" maxIdle="30" maxWait="5000" username="shop" password="nyqs8ap" url="jdbc:oracle:thin:@192.168.0.229:1521:gshop" maxActive="100" factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory" removeAbandoned="true" removeAbandonedTimeout="20" logAbandoned="true" />
</Context>
</Host>
- <Host name="gdclan.9you.com" appBase="" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
- <Context path="/" docBase="/usr/db/htdocs/gdclan.9you.com">
<Resource name="jdbc/gd_local" driverClass="oracle.jdbc.driver.OracleDriver" user="gd" password="nyqs8ap" jdbcUrl="jdbc:oracle:thin:@192.168.0.229:1521:gdclandg" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
- <!-- test
-->
<Resource name="jdbc/gd_clan_0" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://125.211.204.121:29806;DatabaseName=GDClan" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_common_0" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://125.211.204.121:29806;DatabaseName=GDCommon" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_store_0" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://125.211.204.121:29806;DatabaseName=GDStoreBilling" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_level_0" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://125.211.204.123:29806;DatabaseName=GOnlineGame" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
- <!-- 1
-->
<Resource name="jdbc/gd_clan_1" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://180.153.120.43:1433;DatabaseName=GDClan;SelectMethod=Cursor;" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_common_1" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://180.153.120.43:1433;DatabaseName=GDCommon" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_store_1" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://180.153.120.43:1433;DatabaseName=GDStoreBilling" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_level_1" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://180.153.120.73:1433;DatabaseName=GOnlineGame" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
- <!-- 2
-->
<Resource name="jdbc/gd_clan_2" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://125.211.205.56:1433;DatabaseName=GDClan;SelectMethod=Cursor;" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_common_2" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://125.211.205.56:1433;DatabaseName=GDCommon" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_store_2" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://125.211.205.56:1433;DatabaseName=GDStoreBilling" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_level_2" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://125.211.205.70:1433;DatabaseName=GOnlineGame" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
- <!-- 3
-->
<Resource name="jdbc/gd_clan_3" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://113.105.225.29:1433;DatabaseName=GDClan;SelectMethod=Cursor;" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_common_3" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://113.105.225.29:1433;DatabaseName=GDCommon" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_store_3" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://113.105.225.29:1433;DatabaseName=GDStoreBilling" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_level_3" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://113.105.225.13:1433;DatabaseName=GOnlineGame" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
- <!-- new
-->
<Resource name="jdbc/gd_clan_4" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://113.105.225.12:1433;DatabaseName=GDClan;SelectMethod=Cursor;" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_common_4" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://113.105.225.12:1433;DatabaseName=GDCommon" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_store_4" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://113.105.225.12:1433;DatabaseName=GDStoreBilling" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
<Resource name="jdbc/gd_level_4" driverClass="net.sourceforge.jtds.jdbc.Driver" user="webclan" password="37dac1Vesw2C2" jdbcUrl="jdbc:jtds:sqlserver://113.105.225.13:1433;DatabaseName=GOnlineGame" factory="org.apache.naming.factory.BeanFactory" type="com.mchange.v2.c3p0.ComboPooledDataSource" maxPoolSize="50" minPoolSize="2" maxIdleTime="60" maxStatements="10" numHelperThreads="8" testConnectionOnCheckin="true" idleConnectionTestPeriod="60" />
</Context>
</Host>
</Engine>
</Service>
</Server>

9.png


管理后台:
http://gdclan.9you.com/admin/login.jsp

漏洞证明:

7.png


8.png


9.png


管理后台:
http://gdclan.9you.com/admin/login.jsp

修复方案:

你懂。

版权声明:转载请注明来源 爱上平顶山@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2013-07-05 11:50

厂商回复:

确认存在。

最新状态:

暂无