当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0115086

漏洞标题:翼龙贷多站配置不当影响用户账户安全和敏感信息

相关厂商:eloancn.com

漏洞作者: 擼管俠

提交时间:2015-05-20 10:18

修复时间:2015-07-04 12:24

公开时间:2015-07-04 12:24

漏洞类型:重要敏感信息泄露

危害等级:高

自评Rank:12

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-05-20: 细节已通知厂商并且等待厂商处理中
2015-05-20: 厂商已经确认,细节仅向厂商公开
2015-05-30: 细节向核心白帽子及相关领域专家公开
2015-06-09: 细节向普通白帽子公开
2015-06-19: 细节向实习白帽子公开
2015-07-04: 细节向公众公开

简要描述:

传说有礼物相送···我就跟着来了

详细说明:

1.
119.90.56.135:11211
119.90.56.202:11211
都存在Memcached配置不当导致未授权访问。

QQ截图20150520040000.jpg

QQ截图20150520040000.jpg

<code>


QQ截图20150520040135.jpg

</code>

QQ截图20150520040135.jpg

STAT uptime 4229047
STAT time 1432064155
STAT version 1.4.20
STAT libevent 2.0.21-stable
STAT pointer_size 64
STAT rusage_user 331.896544
STAT rusage_system 1026.781905
STAT curr_connections 5
STAT total_connections 24664
STAT connection_structures 306
STAT reserved_fds 20
STAT cmd_get 12466101
STAT cmd_set 772796
STAT cmd_flush 0
STAT cmd_touch 0
STAT get_hits 11819623
STAT get_misses 646478
STAT delete_misses 0
STAT delete_hits 0
STAT incr_misses 0
STAT incr_hits 0
STAT decr_misses 0
STAT decr_hits 0
STAT cas_misses 0
STAT cas_hits 0
STAT cas_badval 0
STAT touch_hits 0
STAT touch_misses 0
STAT auth_cmds 0
STAT auth_errors 0
STAT bytes_read 6640140810
STAT bytes_written 484657098585
STAT limit_maxbytes 268435456
STAT accepting_conns 1
STAT listen_disabled_num 0
STAT threads 4
STAT conn_yields 0
STAT hash_power_level 16
STAT hash_bytes 524288
STAT hash_is_expanding 0
STAT malloc_fails 0
STAT bytes 2697422
STAT curr_items 817
STAT total_items 772796
S


2.
115.28.42.129:443
存在心脏滴血漏洞

QQ截图20150520023236.jpg


static6.eloancn.com,好像是个活动页面····

QQ截图20150520023401.jpg


.@....SC[...r....+..H...9........w.3....f.....".!.9.8.........5.............................3.2.....E.D...../...A.................................I...........4.2...................................................#.......ble; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)..Accept-Encoding: gzip, deflate..Host: static6.eloancn.com..Connection: Keep-Alive..Cookie: _adwr=154330942%230; Hm_lvt_175c73cd488e8c2324d7bb67adbb9370=1431933816,1432031811,1432031870,1432031986; _ga=GA1.2.2023191567.1430268550; sgsa_id=eloancn.com|1430268550304097; pgv_pvi=6822537216; _adwb=154330942; _gat=1; JMSSESIONID=6D7EB37453EDE5C2-D589AE1C-7D95-4ECF-8A6B-FC530CA9ADF9; _adwc=154330942; _adwp=154330942.0116098990.1430268548.1432031869.1432031985.17; Hm_lpvt_175c73cd488e8c2324d7bb67adbb9370=1432031986; sgsa_vt_221529_227837=1432031986041; pgv_si=s6308643840........p}.".N{.@..M.....................0.....*......tx.}.upk.i...]&....-..54330942%230; Hm_lvt_175c73cd488e8c2324d7bb67adbb9370=1431902813,1431902819,1431903065,1432031913; Hm_lpvt_175c73cd488e8c2324d7bb67adbb9370=1432031913; sgsa_id=eloancn.com|1432031915343261; sgsa_vt_221529_227837=1432031915343; pgv_pvi=5774344192; pgv_si=s487398400.....xZu...<.o..0......\...9X._.[.]m7J<..].bh.Q.~.x.J..#1.2.2068554130.1428227885; sgsa_id=eloancn.com|1428227888434116; pgv_pvi=9863211008; _adwb=154330942; _adwp=154330942.5971590625.1428227882.1432015740.1432028559.3; _gat=1....2g.7.J......@....,.m.............c....0'z...........A.d.4....1...B7A-20140620-061123-de81ab-54b4d0.....u.......%R...;.h.d...KB*O....aKy84.qm..... ..k...3n.S.e..3...+.~y.....!.Q.nUfO...a......).25401320_1002%25252Cta%252540iphone_2_4.2_2_5.8%252526bd_page_type%25253D1%252526baiduid%25253DF6F2FD37DDBCFB07009116D742675C76%252526tj%25253Dtieba2_3_0_10_title%25253Fpn%25253D0%252526%2526lunum%253D6%2526n%253D91091110_cpr%2526pcs%253D360x519%2526pis%253D10000x10000%2526ps%253D2807x0%2526psr%253D720x1280%2526pss%253D360x3003%2526qn%253Dff0a7079a3e2a188%2526rad%253D%2526rsi0%253D360%2526rsi1%253D54%2526rsi5%253D4%2526rss0%253D%2526rss1%2......r. .'.....................,1432029883; Hm_lpvt_175c73cd488e8c2324d7bb67adbb9370=1432029883; _ga=GA1.2.1478918495.1427711278; _gat=1; sgsa_vt_221529_227837=1432029883709.......v..IX......u....X............c...=......S.......677793,1431744207,1431936299,1432004085; Hm_lpvt_175c73cd488e8c2324d7bb67adbb9370=1432004085; LXB_REFER=https; sgsa_vt_221529_227837=1432004086703; pgv_si=s432367616........Y0N.=......J.E.B......GA1..*.,....x.......i...ww.baidu.com; pgv_si=s3029890048......S..TV.{)`@..v.s.%............................................................................................."...)...7...K...........N.7...|...5...U.........]...~...".....n.d.H.............................................................................................................,...7...O...c...........[.r.....F........................................................................................... ......................................................................................."................................................... ................... ...|...~...............u.......y.......s...e...x.......t...a.......q... .......g...d...i...l...W.......t.......i...c...o...c...r.......[...o...\.......s...T... ...l...=... ...a...p..."...i...r...p...s...............:.......M...s...........l...i...........l...(.......m.......n...o...u...)...p...r..."...s.......:...t...u...:...2...................y.......=.....................................................................................m...j.................................................................................................................1.......................................................................................H.......F.......................................9.0.....l.................................................g.........................................................................................j.....M.............".................................................................................................................................................................................................k.................................................................................................................................................................................................~...}...........|...{... ...z...y...x...v...t...w...u...s...r...q...p...n...m...o.......a...s...e...t...j...k...l...h...i...r.......g...d...f...e...(.......i...c...l...".......o...a...`...b...^..._...W...Z...\...Y...]...X...V...[...U...T...S...=...)...........R...u...:...n...p...........O...N...P...M...L...Q.../...............}...c.......m.......*...............I...H...J...F...G...E...B...C...D...K...?...>...=...@...<...;...9...8...A...7...:...6...4...5...3...2.......$.......g...............|...1...y.......\...............f.........................../...,...-.......*...)...+...'...0...&...(...#..."...$...!... ...%...........S...T...................0...b.......1.......&...d...2.......3...'.......j...........................v...............{...,...-...............^..........._...-...,...+...*...)...(...'...&...%...$.......#...........................................................................................(................................................................./.......................................................................................................................................".......%.......................................B...................................................................................................................................................................................................=...................].....)...............3...............................@charset "utf-8";../* CSS Document */...banner{background:url(..@T..............@L................................in............3.;border-bottom:1px solid #ccc.52.line-..font-size:2.;text-align:..explain,.busi_tit .icon01.2.one ...two.wo.. ..btn...pn...position:0 -57..108.width:33.margin:2. 0. p.left{.106..af6104.1..w.bold;float:..r..20..05c02.4...-.:1..bgG.86c883....B.8cdf1.445.Y.ffce5a.50..{.3.ff;.relative.4..4..-.over.w:visible;padding.33....0;dis.y:in.block....ab.ute;.:-..:..2......0............af2 .img01. 68...4..48..../.4.....4...2...-.-1.....20.0.....8...it........068c00.. . 2...34b0ec....7fc....-.:n....3.....8.8......h190.9.three.fb..8..formList{.ffe8bb...5....lbl{...1.....2..2.ip.area..eb...............1.....:..-y:auto....16.....17.curs.poi......18{...22...6..dC.................../.............................................................8...........................................(...............................................................................................................................;.......................9.......................................S.......D.......................`...................I...,...............~...4.........................Q.........................5.............[.............................................................................................................................................................................!...............................................................................................C.................................~.......................................$.............7...........................................d...I.s...............................................................Y...................f.................^.........................Q...........c...........................l...............f...o...............................7.'...............................................c...............<.......$.....L...D..................................................................................... .........................Hv......Hv.........................n.H-p..q.NU..{.X..F.:i@.@P..8 .......j....*...._0..'...p........l..rC..M.4O...B.Uc...Qd]/..r9}..{......f.X...2....#..._...".x.a.....<....a...m..%s........4.es.]2.y,.\@D.28k.......Y...8..9...0.dVy..L..^....h.....K.l...E.Ra...I...JNe ...n..@......8...s..h5..Z@k..V.......5...,...9......./*..gaofei 2014-07-23..*/..String.prototype.trim = function () {...return this .replace(/^\s\s*/, '' ).replace(/\s\s*$/, '' );..}../**.. * ......................................... * */..function applyJoin(){...var username = $("#busi_name").val();...var mobile = $("#busi_mobile").val();...var city = $("#busi_city").val();...var message = $("#busi_msg").val();...if(username == null || username.trim() == ""){....alert("...................................................");....return;...}...if(city == null || city.trim() == ""){....alert("..............................");....return;...}...if(mobile == null || mobile.trim() == ""){....alert(".........................................................");....return;...}else if(!(/^13\d{9}$/.test(mobile))&& !(/^15\d{9}$/.test(mobile))&& !(/^18\d{9}$/.test(mobile))){....alert("...................................................");....return;...}...$.ajax({....url:"applyToJoin.action",....data:{.....username:username,.....mobile:mobile,.....city:city....},....type:"post",....dataType:"json",....success:applySuccess,....error:applyError...});..}..function applySuccess(data){...if(data.tip==null||data.tip.trim()==""){....alert("......................................................");....$("#busi_name").val("");....$("#busi_mobile").val("");....$("#busi_city").val("");....$("#busi_msg").val("");...}else{....alert(data.tip)...}..}..function applyError(data){...alert("............");..}..................................................................................................................................................................................................................................................................parseInt(c.curCSS(a,"left",true),10)||0......................................................................................................................................................................A...B.............................................m...K...........................C...........................................................1...........T...U...........s...................p.....!.>.......................................}...}.....................\.........................................................................................>.......9...../...(.......8.............<...7.....................................................................(.......................&.....".............;.........................-...*.................................2...x...................D.......y.......I.............J...........K...w.....................G...O.T.2.......`.O.............................Z.P.........%..... .........*...P...........R...R.............T...T.......K.....?.....................................Q.........%... ................... .H.u.....a.....................g.........>.......>...~.l.............................................A...............................,...........2.....7.........L.................1.V...6...8........._.X.e............._.............................d.............G.j...............V.................................................N.,...}...................4.3.&.*.D.>...e)return f==null?null:this;if(c.isFunction(f))return this.each(function(j){var i=c(this);i[d](f.call(this,j,i[d]()))});return"scrollTo"in.e&&e.document?e.document.compatMode==="CSS1Compat"&&e.document.documentElement["client"+b]||e.document.body["client"+b]:e.nodeType===9?Math.max(e.documentElement["client"+b],e.body["scroll"+b],e.documentElement["scroll"+b],e.body["offset"+b],e.documentElement["offset"+b]):f===w?c.css(e,d):this.css(d,typeof f==="string"?f:f+"px")}});A.jQuery=A.$=c})(window);.></a>";.if(g.firstChild&&typeof g.firstChild.getAttribute!=="undefined"&&g.firstChild.getAttribute("href")!=="#")n.attrHandle.href=function(h){return h.getAttribute("href",2)};g=null})();s.querySelectorAll&&function(){var g=k,h=s.createElement("div");h.innerHTML="<p class='TEST'></p>";if(!(h.querySelectorAll&&h.querySelectorAll(".TEST").length===0)){k=function(m,q,p,v){q=q||s;if(!v&&q.nodeType===9&&!x(q))try{return z(q.querySelectorAll(m),p)}catc..............................................................................................................................................................................................................P.mentsByClassName("[.\.].......`.)){g.lastChi@.............................................................................................nd.CLASS=fun..................4.of l.getElements......~.................A.................G.........0.1...............................................................f...........turn!!(g.compareDocument..sition(h)&..)}:.function(g,h){return g!==h..........ins?g.contains(h):true(.).......ion(g){return(g=(g?g.ownerDocu..............umentElement)?g.nodeName!=....<.":false},ga=function(g........l=[],m="",q;for(h=..............(...p..match.PSEUDO.ex,.-.......=.+.........................................ative[g]?g................................;...................................l)};c.find=k;c.e....;.............C.pr[":"]=c.ex................n.....8.iqueSort;c{.ext=a;c.isXMLDoc=x..9.......s=E})();var eb=/Until$/,fb=/^(?:parents|prevUntil|........................M...............................n(a,b,d){if(c.isFunction(b))return c.grep(a,function..,j){return!!b...ll(e,j,e)===d});elV. if(b.node..pe)return c.grep(a,function(e){return e===b===d});.........................."){var f=c.grep(a,function(e){return e.nodeType===1});if(U..test(b))return c.filte;.b,f,!d);else b=c.filter(b,f)}return c.grZ.$...............X.....R......................./.....h.tend({find........................his.pushStack("","find",a),d=0,f=0,e=this.length;f<e;f++....b.length;.c.find(a,this[f],b);if(f>0)for..ar j=d;j<b.length;j++)fo).......0;i<d;i++)2...K...==b[j]){b.splice(j--,1............:.n b},has:f..........A.B.r tip='';....$(function(){...//.............. .$("#i..................?.......-.......................................7.8.9.......................................q..out_allBg..}.....se....par.(.hi........c.....g..docu..g....e.ById('.3..tyle.displ........................................)...........6.......aByUrl(..$.post.,...................ey in ...=...b........M.......................return.e....................#.[0]..'expe5.6.7.....1.............K.........borrow+2..................)..........,......e.....2.J.E.........g.f.q.................}.~.Y.......r.m....ex=0..Texn.$(................)>-1.."..L....a."........."I?.omeAndOutC.&.... .!.....................].................................".....1.H.3...............o.;r&&r.ownerDocumen..&r!==b;){if(k?k.index(r)>-1:c(r).is(a)....I.k.l.2.......ntNode}return nu..})},index:function(a){if..a||typeof a===."string")return c..nArray(this[0],a?c(a..this.parent().children());returnb.`.nArray(a.jquery?-.0]:a,this)},............(a,b){a=typeof a==="..ring"?c(a,b||t....F...M.L.:c.makeArray(a);b=c.merge(this.get()@.A.B.....s.his.pushStack(qa(a..])||qa(b[0])....................Self:function(){return this.add(this.prevObject)}});c.each({parent:function(a){return(a=a.parentNode)&&a.nodeType!==11?a:null},parents:function(a){return c.dir(a,"parentNode")},parentsUntil:function(a,b,d){return c.dir(a,"parentNode",.d)},next:function(a){return c.nth(a,2,"nextSibling")},prev:function(a){return c.nth(a,2,"previousSibling")},nextAll:function(a){return c.dir(a,"nextSibling")},prevAll:function(a){return c.dir(a,"previousSibling")},nextUntil:function(a,b,d){return c.dir(a,"nextSibling",d)},prevUntil:function(a,b,d){return c.dir(a,"previousSibling",d)},siblings:function(a){return c.sibling(a.parentNode.firstChild,a)},children:function(a){return c.sibling(a.firstChild)},contents:function(a){return c.nodeName(a,"iframe")?.a.contentDocument||a.contentWindow.document:c.makeArray(a.childNodes)}},function(a,b){c.fn[a]=function(d,f){var e=c.map(this,b,d);eb.test(a)||(f=d);if(f&&typeof f==="string")e=c.fia.......Hv......Hv.......7.......7......if((this.length>1||gb.test(f))&&fb.test(a))e=e.reverse();return this.pushStack(e,a,R.call(arguments).join(","))}});c.extend({filter:function(a,b,d){if(d)a=":not("+a+")";return c.find.matches(a,b)},dir:function(a,b,d){var f=[];for(a=a[b];a&&a.nodeType!==9&&........
.@....SC[...r....+..H...9........w.3....f.....".!.9.8.........5.............................3.2.....E.D...../...A.................................I...........4.2...................................................#.......ble; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)..Accept-Encoding: gzip, deflate..Host: static6.eloancn.com..Connection: Keep-Alive..Cookie: _adwr=154330942%230; Hm_lvt_175c73cd488e8c2324d7bb67adbb9370=1431933816,1432031811,1432031870,1432031986; _ga=GA1.2.2023191567.1430268550; sgsa_id=eloancn.com|1430268550304097; pgv_pvi=6822537216; _adwb=154330942; _gat=1; JMSSESIONID=6D7EB37453EDE5C2-D589AE1C-7D95-4ECF-8A6B-FC530CA9ADF9; _adwc=154330942; _adwp=154330942.0116098990.1430268548.1432031869.1432031985.17; Hm_lpvt_175c73cd488e8c2324d7bb67adbb9370=1432031986; sgsa_vt_221529_227837=1432031986041; pgv_si=s6308643840........p}.".N{.@..M.....................0.....*......tx.}.upk.i...]&....-..54330942%230; Hm_lvt_175c73cd488e8c2324d7bb67adbb9370=1431902813,1431902819,1431903065,1432031913; Hm_lpvt_175c73cd488e8c2324d7bb67adbb9370=1432031913; sgsa_id=eloancn.com|1432031915343261; sgsa_vt_221529_227837=1432031915343; pgv_pvi=5774344192; pgv_si=s487398400.....xZu...<.o..0......\...9X._.[.]m7J<..].bh.Q.~.x.J..#1.2.2068554130.1428227885; sgsa_id=eloancn.com|1428227888434116; pgv_pvi=9863211008; _adwb=154330942; _adwp=154330942.5971590625.1428227882.1432015740.1432028559.3; _gat=1....2g.7.J......@....,.m.............c....0'z...........A.d.4....1...B7A-20140620-061123-de81ab-54b4d0.....u.......%R...;.h.d...KB*O....aKy84.qm..... ..k...3n.S.e..3...+.~y.....!.Q.nUfO...a......).25401320_1002%25252Cta%252540iphone_2_4.2_2_5.8%252526bd_page_type%25253D1%252526baiduid%25253DF6F2FD37DDBCFB07009116D742675C76%252526tj%25253Dtieba2_3_0_10_title%25253Fpn%25253D0%252526%2526lunum%253D6%2526n%253D91091110_cpr%2526pcs%253D360x519%2526pis%253D10000x10000%2526ps%253D2807x0%2526psr%253D720x1280%2526pss%253D360x3003%2526qn%253Dff0a7079a3e2a188%2526rad%253D%2526rsi0%253D360%2526rsi1%253D54%2526rsi5%253D4%2526rss0%253D%2526rss1%2......r. .'.....................,1432029883; Hm_lpvt_175c73cd488e8c2324d7bb67adbb9370=1432029883; _ga=GA1.2.1478918495.1427711278; _gat=1; sgsa_vt_221529_227837=1432029883709.......v..IX......u....X............c...=......S.......677793,1431744207,1431936299,1432004085; Hm_lpvt_175c73cd488e8c2324d7bb67adbb9370=1432004085; LXB_REFER=https; sgsa_vt_221529_227837=1432004086703; pgv_si=s432367616........Y0N.=......J.E.B......GA1..*.,....x.......i...ww.baidu.com; pgv_si=s3029890048......S..TV.{)`@..v.s.%............................................................................................."...)...7...K...........N.7...|...5...U.........]...~...".....n.d.H.............................................................................................................,...7...O...c...........[.r.....F........................................................................................... ......................................................................................."................................................... ................... ...|...~...............u.......y.......s...e...x.......t...a.......q... .......g...d...i...l...W.......t.......i...c...o...c...r.......[...o...\.......s...T... ...l...=... ...a...p..."...i...r...p...s...............:.......M...s...........l...i...........l...(.......m.......n...o...u...)...p...r..."...s.......:...t...u...:...2...................y.......=.....................................................................................m...j.................................................................................................................1.......................................................................................H.......F.......................................9.0.....l.................................................g.........................................................................................j.....M.............".................................................................................................................................................................................................k.................................................................................................................................................................................................~...}...........|...{... ...z...y...x...v...t...w...u...s...r...q...p...n...m...o.......a...s...e...t...j...k...l...h...i...r.......g...d...f...e...(.......i...c...l...".......o...a...`...b...^..._...W...Z...\...Y...]...X...V...[...U...T...S...=...)...........R...u...:...n...p...........O...N...P...M...L...Q.../...............}...c.......m.......*...............I...H...J...F...G...E...B...C...D...K...?...>...=...@...<...;...9...8...A...7...:...6...4...5...3...2.......$.......g...............|...1...y.......\...............f.........................../...,...-.......*...)...+...'...0...&...(...#..."...$...!... ...%...........S...T...................0...b.......1.......&...d...2.......3...'.......j...........................v...............{...,...-...............^..........._...-...,...+...*...)...(...'...&...%...$.......#...........................................................................................(................................................................./.......................................................................................................................................".......%.......................................B...................................................................................................................................................................................................=...................].....)...............3...............................@charset "utf-8";../* CSS Document */...banner{background:url(..@T..............@L................................in............3.;border-bottom:1px solid #ccc.52.line-..font-size:2.;text-align:..explain,.busi_tit .icon01.2.one ...two.wo.. ..btn...pn...position:0 -57..108.width:33.margin:2. 0. p.left{.106..af6104.1..w.bold;float:..r..20..05c02.4...-.:1..bgG.86c883....B.8cdf1.445.Y.ffce5a.50..{.3.ff;.relative.4..4..-.over.w:visible;padding.33....0;dis.y:in.block....ab.ute;.:-..:..2......0............af2 .img01. 68...4..48..../.4.....4...2...-.-1.....20.0.....8...it........068c00.. . 2...34b0ec....7fc....-.:n....3.....8.8......h190.9.three.fb..8..formList{.ffe8bb...5....lbl{...1.....2..2.ip.area..eb...............1.....:..-y:auto....16.....17.curs.poi......18{...22...6..dC.................../.............................................................8...........................................(...............................................................................................................................;.......................9.......................................S.......D.......................`...................I...,...............~...4.........................Q.........................5.............[.............................................................................................................................................................................!...............................................................................................C.................................~.......................................$.............7...........................................d...I.s...............................................................Y...................f.................^.........................Q...........c...........................l...............f...o...............................7.'...............................................c...............<.......$.....L...D..................................................................................... .........................Hv......Hv.........................n.H-p..q.NU..{.X..F.:i@.@P..8 .......j....*...._0..'...p........l..rC..M.4O...B.Uc...Qd]/..r9}..{......f.X...2....#..._...".x.a.....<....a...m..%s........4.es.]2.y,.\@D.28k.......Y...8..9...0.dVy..L..^....h.....K.l...E.Ra...I...JNe ...n..@......8...s..h5..Z@k..V.......5...,...9......./*..gaofei 2014-07-23..*/..String.prototype.trim = function () {...return this .replace(/^\s\s*/, '' ).replace(/\s\s*$/, '' );..}../**.. * ......................................... * */..function applyJoin(){...var username = $("#busi_name").val();...var mobile = $("#busi_mobile").val();...var city = $("#busi_city").val();...var message = $("#busi_msg").val();...if(username == null || username.trim() == ""){....alert("...................................................");....return;...}...if(city == null || city.trim() == ""){....alert("..............................");....return;...}...if(mobile == null || mobile.trim() == ""){....alert(".........................................................");....return;...}else if(!(/^13\d{9}$/.test(mobile))&& !(/^15\d{9}$/.test(mobile))&& !(/^18\d{9}$/.test(mobile))){....alert("...................................................");....return;...}...$.ajax({....url:"applyToJoin.action",....data:{.....username:username,.....mobile:mobile,.....city:city....},....type:"post",....dataType:"json",....success:applySuccess,....error:applyError...});..}..function applySuccess(data){...if(data.tip==null||data.tip.trim()==""){....alert("......................................................");....$("#busi_name").val("");....$("#busi_mobile").val("");....$("#busi_city").val("");....$("#busi_msg").val("");...}else{....alert(data.tip)...}..}..function applyError(data){...alert("............");..}..................................................................................................................................................................................................................................................................parseInt(c.curCSS(a,"left",true),10)||0......................................................................................................................................................................A...B.............................................m...K...........................C...........................................................1...........T...U...........s...................p.....!.>.......................................}...}.....................\.........................................................................................>.......9...../...(.......8.............<...7.....................................................................(.......................&.....".............;.........................-...*.................................2...x...................D.......y.......I.............J...........K...w.....................G...O.T.2.......`.O.............................Z.P.........%..... .........*...P...........R...R.............T...T.......K.....?.....................................Q.........%... ................... .H.u.....a.....................g.........>.......>...~.l.............................................A...............................,...........2.....7.........L.................1.V...6...8........._.X.e............._.............................d.............G.j...............V.................................................N.,...}...................4.3.&.*.D.>...e)return f==null?null:this;if(c.isFunction(f))return this.each(function(j){var i=c(this);i[d](f.call(this,j,i[d]()))});return"scrollTo"in.e&&e.document?e.document.compatMode==="CSS1Compat"&&e.document.documentElement["client"+b]||e.document.body["client"+b]:e.nodeType===9?Math.max(e.documentElement["client"+b],e.body["scroll"+b],e.documentElement["scroll"+b],e.body["offset"+b],e.documentElement["offset"+b]):f===w?c.css(e,d):this.css(d,typeof f==="string"?f:f+"px")}});A.jQuery=A.$=c})(window);.></a>";.if(g.firstChild&&typeof g.firstChild.getAttribute!=="undefined"&&g.firstChild.getAttribute("href")!=="#")n.attrHandle.href=function(h){return h.getAttribute("href",2)};g=null})();s.querySelectorAll&&function(){var g=k,h=s.createElement("div");h.innerHTML="<p class='TEST'></p>";if(!(h.querySelectorAll&&h.querySelectorAll(".TEST").length===0)){k=function(m,q,p,v){q=q||s;if(!v&&q.nodeType===9&&!x(q))try{return z(q.querySelectorAll(m),p)}catc..............................................................................................................................................................................................................P.mentsByClassName("[.\.].......`.)){g.lastChi@.............................................................................................nd.CLASS=fun..................4.of l.getElements......~.................A.................G.........0.1...............................................................f...........turn!!(g.compareDocument..sition(h)&..)}:.function(g,h){return g!==h..........ins?g.contains(h):true(.).......ion(g){return(g=(g?g.ownerDocu..............umentElement)?g.nodeName!=....<.":false},ga=function(g........l=[],m="",q;for(h=..............(...p..match.PSEUDO.ex,.-.......=.+.........................................ative[g]?g................................;...................................l)};c.find=k;c.e....;.............C.pr[":"]=c.ex................n.....8.iqueSort;c{.ext=a;c.isXMLDoc=x..9.......s=E})();var eb=/Until$/,fb=/^(?:parents|prevUntil|........................M...............................n(a,b,d){if(c.isFunction(b))return c.grep(a,function..,j){return!!b...ll(e,j,e)===d});elV. if(b.node..pe)return c.grep(a,function(e){return e===b===d});.........................."){var f=c.grep(a,function(e){return e.nodeType===1});if(U..test(b))return c.filte;.b,f,!d);else b=c.filter(b,f)}return c.grZ.$...............X.....R......................./.....h.tend({find........................his.pushStack("","find",a),d=0,f=0,e=this.length;f<e;f++....b.length;.c.find(a,this[f],b);if(f>0)for..ar j=d;j<b.length;j++)fo).......0;i<d;i++)2...K...==b[j]){b.splice(j--,1............:.n b},has:f..........A.B.r tip='';....$(function(){...//.............. .$("#i..................?.......-.......................................7.8.9.......................................q..out_allBg..}.....se....par.(.hi........c.....g..docu..g....e.ById('.3..tyle.displ........................................)...........6.......aByUrl(..$.post.,...................ey in ...=...b........M.......................return.e....................#.[0]..'expe5.6.7.....1.............K.........borrow+2..................)..........,......e.....2.J.E.........g.f.q.................}.~.Y.......r.m....ex=0..Texn.$(................)>-1.."..L....a."........."I?.omeAndOutC.&.... .!.....................].................................".....1.H.3...............o.;r&&r.ownerDocumen..&r!==b;){if(k?k.index(r)>-1:c(r).is(a)....I.k.l.2.......ntNode}return nu..})},index:function(a){if..a||typeof a===."string")return c..nArray(this[0],a?c(a..this.parent().children());returnb.`.nArray(a.jquery?-.0]:a,this)},............(a,b){a=typeof a==="..ring"?c(a,b||t....F...M.L.:c.makeArray(a);b=c.merge(this.get()@.A.B.....s.his.pushStack(qa(a..])||qa(b[0])....................Self:function(){return this.add(this.prevObject)}});c.each({parent:function(a){return(a=a.parentNode)&&a.nodeType!==11?a:null},parents:function(a){return c.dir(a,"parentNode")},parentsUntil:function(a,b,d){return c.dir(a,"parentNode",.d)},next:function(a){return c.nth(a,2,"nextSibling")},prev:function(a){return c.nth(a,2,"previousSibling")},nextAll:function(a){return c.dir(a,"nextSibling")},prevAll:function(a){return c.dir(a,"previousSibling")},nextUntil:function(a,b,d){return c.dir(a,"nextSibling",d)},prevUntil:function(a,b,d){return c.dir(a,"previousSibling",d)},siblings:function(a){return c.sibling(a.parentNode.firstChild,a)},children:function(a){return c.sibling(a.firstChild)},contents:function(a){return c.nodeName(a,"iframe")?.a.contentDocument||a.contentWindow.document:c.makeArray(a.childNodes)}},function(a,b){c.fn[a]=function(d,f){var e=c.map(this,b,d);eb.test(a)||(f=d);if(f&&typeof f==="string")e=c.fia.......Hv......Hv.......7.......7......if((this.length>1||gb.test(f))&&fb.test(a))e=e.reverse();return this.pushStack(e,a,R.call(arguments).join(","))}});c.extend({filter:function(a,b,d){if(d)a=":not("+a+")";return c.find.matches(a,b)},dir:function(a,b,d){var f=[];for(a=a[b];a&&a.nodeType!==9&&........
.@....SC[...r....+..H...9........w.3....f.....".!.9.8.........5.............................3.2.....E.D...../...A.................................I...........4.2...................................................#.......ble; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)..Accept-Encoding: gzip, deflate..Host: static6.eloancn.com..Connection: Keep-Alive..Cookie: _adwr=154330942%230; Hm_lvt_175c73cd488e8c2324d7bb67adbb9370=1431933816,1432031811,1432031870,1432031986; _ga=GA1.2.2023191567.1430268550; sgsa_id=eloancn.com|1430268550304097; pgv_pvi=6822537216; _adwb=154330942; _gat=1; JMSSESIONID=6D7EB37453EDE5C2-D589AE1C-7D95-4ECF-8A6B-FC530CA9ADF9; _adwc=154330942; _adwp=154330942.0116098990.1430268548.1432031869.1432031985.17; Hm_lpvt_175c73cd488e8c2324d7bb67adbb9370=1432031986; sgsa_vt_221529_227837=1432031986041; pgv_si=s6308643840........p}.".N{.@..M.....................0.....*......tx.}.upk.i...]&....-..54330942%230; Hm_lvt_175c73cd488e8c2324d7bb67adbb9370=1431902813,1431902819,1431903065,1432031913; Hm_lpvt_175c73cd488e8c2324d7bb67adbb9370=1432031913; sgsa_id=eloancn.com|1432031915343261; sgsa_vt_221529_227837=1432031915343; pgv_pvi=5774344192; pgv_si=s487398400.....xZu...<.o..0......\...9X._.[.]m7J<..].bh.Q.~.x.J..#1.2.2068554130.1428227885; sgsa_id=eloancn.com|1428227888434116; pgv_pvi=9863211008; _adwb=154330942; _adwp=154330942.5971590625.1428227882.1432015740.1432028559.3; _gat=1....2g.7.J......@....,.m.............c....0'z...........A.d.4....1...B7A-20140620-061123-de81ab-54b4d0.....u.......%R...;.h.d...KB*O....aKy84.qm..... ..k...3n.S.e..3...+.~y.....!.Q.nUfO...a......).25401320_1002%25252Cta%252540iphone_2_4.2_2_5.8%252526bd_page_type%25253D1%252526baiduid%25253DF6F2FD37DDBCFB07009116D742675C76%252526tj%25253Dtieba2_3_0_10_title%25253Fpn%25253D0%252526%2526lunum%253D6%2526n%253D91091110_cpr%2526pcs%253D360x519%2526pis%253D10000x10000%2526ps%253D2807x0%2526psr%253D720x1280%2526pss%253D360x3003%2526qn%253Dff0a7079a3e2a188%2526rad%253D%2526rsi0%253D360%2526rsi1%253D54%2526rsi5%253D4%2526rss0%253D%2526rss1%2......r. .'.....................,1432029883; Hm_lpvt_175c73cd488e8c2324d7bb67adbb9370=1432029883; _ga=GA1.2.1478918495.1427711278; _gat=1; sgsa_vt_221529_227837=1432029883709.......v..IX......u....X............c...=......S.......677793,1431744207,1431936299,1432004085; Hm_lpvt_175c73cd488e8c2324d7bb67adbb9370=1432004085; LXB_REFER=https; sgsa_vt_221529_227837=1432004086703; pgv_si=s432367616........Y0N.=......J.E.B......GA1..*.,....x.......i...ww.baidu.com; pgv_si=s3029890048......S..TV.{)`@..v.s.%............................................................................................."...)...7...K...........N.7...|...5...U.........]...~...".....n.d.H.............................................................................................................,...7...O...c...........[.r.....F........................................................................................... ......................................................................................."................................................... ................... ...|...~...............u.......y.......s...e...x.......t...a.......q... .......g...d...i...l...W.......t.......i...c...o...c...r.......[...o...\.......s...T... ...l...=... ...a...p..."...i...r...p...s...............:.......M...s...........l...i...........l...(.......m.......n...o...u...)...p...r..."...s.......:...t...u...:...2...................y.......=.....................................................................................m...j.................................................................................................................1.......................................................................................H.......F.......................................9.0.....l.................................................g.........................................................................................j.....M.............".................................................................................................................................................................................................k.................................................................................................................................................................................................~...}...........|...{... ...z...y...x...v...t...w...u...s...r...q...p...n...m...o.......a...s...e...t...j...k...l...h...i...r.......g...d...f...e...(.......i...c...l...".......o...a...`...b...^..._...W...Z...\...Y...]...X...V...[...U...T...S...=...)...........R...u...:...n...p...........O...N...P...M...L...Q.../...............}...c.......m.......*...............I...H...J...F...G...E...B...C...D...K...?...>...=...@...<...;...9...8...A...7...:...6...4...5...3...2.......$.......g...............|...1...y.......\...............f.........................../...,...-.......*...)...+...'...0...&...(...#..."...$...!... ...%...........S...T...................0...b.......1.......&...d...2.......3...'.......j...........................v...............{...,...-...............^..........._...-...,...+...*...)...(...'...&...%...$.......#...........................................................................................(................................................................./.......................................................................................................................................".......%.......................................B...................................................................................................................................................................................................=...................].....)...............3...............................@charset "utf-8";../* CSS Document */...banner{background:url(..@T..............@L................................in............3.;border-bottom:1px solid #ccc.52.line-..font-size:2.;text-align:..explain,.busi_tit .icon01.2.one ...two.wo.. ..btn...pn...position:0 -57..108.width:33.margin:2. 0. p.left{.106..af6104.1..w.bold;float:..r..20..05c02.4...-.:1..bgG.86c883....B.8cdf1.445.Y.ffce5a.50..{.3.ff;.relative.4..4..-.over.w:visible;padding.33....0;dis.y:in.block....ab.ute;.:-..:..2......0............af2 .img01. 68...4..48..../.4.....4...2...-.-1.....20.0.....8...it........068c00.. . 2...34b0ec....7fc....-.:n....3.....8.8......h190.9.three.fb..8..formList{.ffe8bb...5....lbl{...1.....2..2.ip.area..eb...............1.....:..-y:auto....16.....17.curs.poi......18{...22...6..dC.................../.............................................................8...........................................(...............................................................................................................................;.......................9.......................................S.......D.......................`...................I...,...............~...4.........................Q.........................5.............[.............................................................................................................................................................................!...............................................................................................C.................................~.......................................$.............7...........................................d...I.s...............................................................Y...................f.................^.........................Q...........c...........................l...............f...o...............................7.'...............................................c...............<.......$.....L...D..................................................................................... .........................Hv......Hv.........................n.H-p..q.NU..{.X..F.:i@.@P..8 .......j....*...._0..'...p........l..rC..M.4O...B.Uc...Qd]/..r9}..{......f.X...2....#..._...".x.a.....<....a...m..%s........4.es.]2.y,.\@D.28k.......Y...8..9...0.dVy..L..^....h.....K.l...E.Ra...I...JNe ...n..@......8...s..h5..Z@k..V.......5...,...9......./*..gaofei 2014-07-23..*/..String.prototype.trim = function () {...return this .replace(/^\s\s*/, '' ).replace(/\s\s*$/, '' );..}../**.. * ......................................... * */..function applyJoin(){...var username = $("#busi_name").val();...var mobile = $("#busi_mobile").val();...var city = $("#busi_city").val();...var message = $("#busi_msg").val();...if(username == null || username.trim() == ""){....alert("...................................................");....return;...}...if(city == null || city.trim() == ""){....alert("..............................");....return;...}...if(mobile == null || mobile.trim() == ""){....alert(".........................................................");....return;...}else if(!(/^13\d{9}$/.test(mobile))&& !(/^15\d{9}$/.test(mobile))&& !(/^18\d{9}$/.test(mobile))){....alert("...................................................");....return;...}...$.ajax({....url:"applyToJoin.action",....data:{.....username:username,.....mobile:mobile,.....city:city....},....type:"post",....dataType:"json",....success:applySuccess,....error:applyError...});..}..function applySuccess(data){...if(data.tip==null||data.tip.trim()==""){....alert("......................................................");....$("#busi_name").val("");....$("#busi_mobile").val("");....$("#busi_city").val("");....$("#busi_msg").val("");...}else{....alert(data.tip)...}..}..function applyError(data){...alert("............");..}..................................................................................................................................................................................................................................................................parseInt(c.curCSS(a,"left",true),10)||0......................................................................................................................................................................A...B.............................................m...K...........................C...........................................................1...........T...U...........s...................p.....!.>.......................................}...}.....................\.........................................................................................>.......9...../...(.......8.............<...7.....................................................................(.......................&.....".............;.........................-...*.................................2...x...................D.......y.......I.............J...........K...w.....................G...O.T.2.......`.O.............................Z.P.........%..... .........*...P...........R...R.............T...T.......K.....?.....................................Q.........%... ................... .H.u.....a.....................g.........>.......>...~.l.............................................A...............................,...........2.....7.........L.................1.V...6...8........._.X.e............._.............................d.............G.j...............V.................................................N.,...}...................4.3.&.*.D.>...e)return f==null?null:this;if(c.isFunction(f))return this.each(function(j){var i=c(this);i[d](f.call(this,j,i[d]()))});return"scrollTo"in.e&&e.document?e.document.compatMode==="CSS1Compat"&&e.document.documentElement["client"+b]||e.document.body["client"+b]:e.nodeType===9?Math.max(e.documentElement["client"+b],e.body["scroll"+b],e.documentElement["scroll"+b],e.body["offset"+b],e.documentElement["offset"+b]):f===w?c.css(e,d):this.css(d,typeof f==="string"?f:f+"px")}});A.jQuery=A.$=c})(window);.></a>";.if(g.firstChild&&typeof g.firstChild.getAttribute!=="undefined"&&g.firstChild.getAttribute("href")!=="#")n.attrHandle.href=function(h){return h.getAttribute("href",2)};g=null})();s.querySelectorAll&&function(){var g=k,h=s.createElement("div");h.innerHTML="<p class='TEST'></p>";if(!(h.querySelectorAll&&h.querySelectorAll(".TEST").length===0)){k=function(m,q,p,v){q=q||s;if(!v&&q.nodeType===9&&!x(q))try{return z(q.querySelectorAll(m),p)}catc..............................................................................................................................................................................................................P.mentsByClassName("[.\.].......`.)){g.lastChi@.............................................................................................nd.CLASS=fun..................4.of l.getElements......~.................A.................G.........0.1...............................................................f...........turn!!(g.compareDocument..sition(h)&..)}:.function(g,h){return g!==h..........ins?g.contains(h):true(.).......ion(g){return(g=(g?g.ownerDocu..............umentElement)?g.nodeName!=....<.":false},ga=function(g........l=[],m="",q;for(h=..............(...p..match.PSEUDO.ex,.-.......=.+.........................................ative[g]?g................................;...................................l)};c.find=k;c.e....;.............C.pr[":"]=c.ex................n.....8.iqueSort;c{.ext=a;c.isXMLDoc=x..9.......s=E})();var eb=/Until$/,fb=/^(?:parents|prevUntil|........................M...............................n(a,b,d){if(c.isFunction(b))return c.grep(a,function..,j){return!!b...ll(e,j,e)===d});elV. if(b.node..pe)return c.grep(a,function(e){return e===b===d});.........................."){var f=c.grep(a,function(e){return e.nodeType===1});if(U..test(b))return c.filte;.b,f,!d);else b=c.filter(b,f)}return c.grZ.$...............X.....R......................./.....h.tend({find........................his.pushStack("","find",a),d=0,f=0,e=this.length;f<e;f++....b.length;.c.find(a,this[f],b);if(f>0)for..ar j=d;j<b.length;j++)fo).......0;i<d;i++)2...K...==b[j]){b.splice(j--,1............:.n b},has:f..........A.B.r tip='';....$(function(){...//.............. .$("#i..................?.......-.......................................7.8.9.......................................q..out_allBg..}.....se....par.(.hi........c.....g..docu..g....e.ById('.3..tyle.displ........................................)...........6.......aByUrl(..$.post.,...................ey in ...=...b........M.......................return.e....................#.[0]..'expe5.6.7.....1.............K.........borrow+2..................)..........,......e.....2.J.E.........g.f.q.................}.~.Y.......r.m....ex=0..Texn.$(................)>-1.."..L....a."........."I?.omeAndOutC.&.... .!.....................].................................".....1.H.3...............o.;r&&r.ownerDocumen..&r!==b;){if(k?k.index(r)>-1:c(r).is(a)....I.k.l.2.......ntNode}return nu..})},index:function(a){if..a||typeof a===."string")return c..nArray(this[0],a?c(a..this.parent().children());returnb.`.nArray(a.jquery?-.0]:a,this)},............(a,b){a=typeof a==="..ring"?c(a,b||t....F...M.L.:c.makeArray(a);b=c.merge(this.get()@.A.B.....s.his.pushStack(qa(a..])||qa(b[0])....................Self:function(){return this.add(this.prevObject)}});c.each({parent:function(a){return(a=a.parentNode)&&a.nodeType!==11?a:null},parents:function(a){return c.dir(a,"parentNode")},parentsUntil:function(a,b,d){return c.dir(a,"parentNode",.d)},next:function(a){return c.nth(a,2,"nextSibling")},prev:function(a){return c.nth(a,2,"previousSibling")},nextAll:function(a){return c.dir(a,"nextSibling")},prevAll:function(a){return c.dir(a,"previousSibling")},nextUntil:function(a,b,d){return c.dir(a,"nextSibling",d)},prevUntil:function(a,b,d){return c.dir(a,"previousSibling",d)},siblings:function(a){return c.sibling(a.parentNode.firstChild,a)},children:function(a){return c.sibling(a.firstChild)},contents:function(a){return c.nodeName(a,"iframe")?.a.contentDocument||a.contentWindow.document:c.makeArray(a.childNodes)}},function(a,b){c.fn[a]=function(d,f){var e=c.map(this,b,d);eb.test(a)||(f=d);if(f&&typeof f==="string")e=c.fia.......Hv......Hv.......7.......7......if((this.length>1||gb.test(f))&&fb.test(a))e=e.reverse();return this.pushStack(e,a,R.call(arguments).join(","))}});c.extend({filter:function(a,b,d){if(d)a=":not("+a+")";return c.find.matches(a,b)},dir:function(a,b,d){var f=[];for(a=a[b];a&&a.nodeType!==9&&........
.@....SC[...r....+..H...9........w.3....f.....".!.9.8.........5.............................3.2.....E.D...../...A.................................I...........4.2...................................................#.......ble; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)..Accept-Encoding: gzip, deflate..Host: static6.eloancn.com..Connection: Keep-Alive..Cookie: _adwr=154330942%230; Hm_lvt_175c73cd488e8c2324d7bb67adbb9370=1431933816,1432031811,1432031870,1432031986; _ga=GA1.2.2023191567.1430268550; sgsa_id=eloancn.com|1430268550304097; pgv_pvi=6822537216; _adwb=154330942; _gat=1; JMSSESIONID=6D7EB37453EDE5C2-D589AE1C-7D95-4ECF-8A6B-FC530CA9ADF9; _adwc=154330942; _adwp=154330942.0116098990.1430268548.1432031869.1432031985.17; Hm_lpvt_175c73cd488e8c2324d7bb67adbb9370=1432031986; sgsa_vt_221529_227837=1432031986041; pgv_si=s6308643840........p}.".N{.@..M.....................0.....*......tx.}.upk.i...]&....-..54330942%230; Hm_lvt_175c73cd488e8c2324d7bb67adbb9370=1431902813,1431902819,1431903065,1432031913; Hm_lpvt_175c73cd488e8c2324d7bb67adbb9370=1432031913; sgsa_id=eloancn.com|1432031915343261; sgsa_vt_221529_227837=1432031915343; pgv_pvi=5774344192; pgv_si=s487398400.....xZu...<.o..0......\...9X._.[.]m7J<..].bh.Q.~.x.J..#1.2.2068554130.1428227885; sgsa_id=eloancn.com|1428227888434116; pgv_pvi=9863211008; _adwb=154330942; _adwp=154330942.5971590625.1428227882.1432015740.1432028559.3; _gat=1....2g.7.J......@....,.m.............c....0'z...........A.d.4....1...B7A-20140620-061123-de81ab-54b4d0.....u.......%R...;.h.d...KB*O....aKy84.qm..... ..k...3n.S.e..3...+.~y.....!.Q.nUfO...a......).25401320_1002%25252Cta%252540iphone_2_4.2_2_5.8%252526bd_page_type%25253D1%252526baiduid%25253DF6F2FD37DDBCFB07009116D742675C76%252526tj%25253Dtieba2_3_0_10_title%25253Fpn%25253D0%252526%2526lunum%253D6%2526n%253D91091110_cpr%2526pcs%253D360x519%2526pis%253D10000x10000%2526ps%253D2807x0%2526psr%253D720x1280%2526pss%253D360x3003%2526qn%253Dff0a7079a3e2a188%2526rad%253D%2526rsi0%253D360%2526rsi1%253D54%2526rsi5%253D4%2526rss0%253D%2526rss1%2......r. .'.....................,1432029883; Hm_lpvt_175c73cd488e8c2324d7bb67adbb9370=1432029883; _ga=GA1.2.1478918495.1427711278; _gat=1; sgsa_vt_221529_227837=1432029883709.......v..IX......u....X............c...=......S.......677793,1431744207,1431936299,1432004085; Hm_lpvt_175c73cd488e8c2324d7bb67adbb9370=1432004085; LXB_REFER=https; sgsa_vt_221529_227837=1432004086703; pgv_si=s432367616........Y0N.=......J.E.B......GA1..*.,....x.......i...ww.baidu.com; pgv_si=s3029890048......S..TV.{)`@..v.s.%............................................................................................."...)...7...K...........N.7...|...5...U.........]...~...".....n.d.H.............................................................................................................,...7...O...c...........[.r.....F........................................................................................... ......................................................................................."................................................... ................... ...|...~...............u.......y.......s...e...x.......t...a.......q... .......g...d...i...l...W.......t.......i...c...o...c...r.......[...o...\.......s...T... ...l...=... ...a...p..."...i...r...p...s...............:.......M...s...........l...i...........l...(.......m.......n...o...u...)...p...r..."...s.......:...t...u...:...2...................y.......=.....................................................................................m...j.................................................................................................................1.......................................................................................H.......F.......................................9.0.....l.................................................g.........................................................................................j.....M.............".................................................................................................................................................................................................k.................................................................................................................................................................................................~...}...........|...{... ...z...y...x...v...t...w...u...s...r...q...p...n...m...o.......a...s...e...t...j...k...l...h...i...r.......g...d...f...e...(.......i...c...l...".......o...a...`...b...^..._...W...Z...\...Y...]...X...V...[...U...T...S...=...)...........R...u...:...n...p...........O...N...P...M...L...Q.../...............}...c.......m.......*...............I...H...J...F...G...E...B...C...D...K...?...>...=...@...<...;...9...8...A...7...:...6...4...5...3...2.......$.......g...............|...1...y.......\...............f.........................../...,...-.......*...)...+...'...0...&...(...#..."...$...!... ...%...........S...T...................0...b.......1.......&...d...2.......3...'.......j...........................v...............{...,...-...............^..........._...-...,...+...*...)...(...'...&...%...$.......#...........................................................................................(................................................................./.......................................................................................................................................".......%.......................................B...................................................................................................................................................................................................=...................].....)...............3...............................@charset "utf-8";../* CSS Document */...banner{background:url(..@T..............@L................................in............3.;border-bottom:1px solid #ccc.52.line-..font-size:2.;text-align:..explain,.busi_tit .icon01.2.one ...two.wo.. ..btn...pn...position:0 -57..108.width:33.margin:2. 0. p.left{.106..af6104.1..w.bold;float:..r..20..05c02.4...-.:1..bgG.86c883....B.8cdf1.445.Y.ffce5a.50..{.3.ff;.relative.4..4..-.over.w:visible;padding.33....0;dis.y:in.block....ab.ute;.:-..:..2......0............af2 .img01. 68...4..48..../.4.....4...2...-.-1.....20.0.....8...it........068c00.. . 2...34b0ec....7fc....-.:n....3.....8.8......h190.9.three.fb..8..formList{.ffe8bb...5....lbl{...1.....2..2.ip.area..eb...............1.....:..-y:auto....16.....17.curs.poi......18{...22...6..dC.................../.............................................................8...........................................(...............................................................................................................................;.......................9.......................................S.......D.......................`...................I...,...............~...4.........................Q.........................5.............[.............................................................................................................................................................................!...............................................................................................C.................................~.......................................$.............7...........................................d...I.s...............................................................Y...................f.................^.........................Q...........c...........................l...............f...o...............................7.'...............................................c...............<.......$.....L...D..................................................................................... .........................Hv......Hv.........................n.H-p..q.NU..{.X..F.:i@.@P..8 .......j....*...._0..'...p........l..rC..M.4O...B.Uc...Qd]/..r9}..{......f.X...2....#..._...".x.a.....<....a...m..%s........4.es.]2.y,.\@D.28k.......Y...8..9...0.dVy..L..^....h.....K.l...E.Ra...I...JNe ...n..@......8...s..h5..Z@k..V.......5...,...9......./*..gaofei 2014-07-23..*/..String.prototype.trim = function () {...return this .replace(/^\s\s*/, '' ).replace(/\s\s*$/, '' );..}../**.. * ......................................... * */..function applyJoin(){...var username = $("#busi_name").val();...var mobile = $("#busi_mobile").val();...var city = $("#busi_city").val();...var message = $("#busi_msg").val();...if(username == null || username.trim() == ""){....alert("...................................................");....return;...}...if(city == null || city.trim() == ""){....alert("..............................");....return;...}...if(mobile == null || mobile.trim() == ""){....alert(".........................................................");....return;...}else if(!(/^13\d{9}$/.test(mobile))&& !(/^15\d{9}$/.test(mobile))&& !(/^18\d{9}$/.test(mobile))){....alert("...................................................");....return;...}...$.ajax({....url:"applyToJoin.action",....data:{.....username:username,.....mobile:mobile,.....city:city....},....type:"post",....dataType:"json",....success:applySuccess,....error:applyError...});..}..function applySuccess(data){...if(data.tip==null||data.tip.trim()==""){....alert("......................................................");....$("#busi_name").val("");....$("#busi_mobile").val("");....$("#busi_city").val("");....$("#busi_msg").val("");...}else{....alert(data.tip)...}..}..function applyError(data){...alert("............");..}..................................................................................................................................................................................................................................................................parseInt(c.curCSS(a,"left",true),10)||0......................................................................................................................................................................A...B.............................................m...K...........................C...........................................................1...........T...U...........s...................p.....!.>.......................................}...}.....................\.........................................................................................>.......9...../...(.......8.............<...7.....................................................................(.......................&.....".....

漏洞证明:

3.119.90.56.202:6379
redis可以未授权访问

QQ截图20150520021926.jpg

可以看到泄漏的信息有1万5000多条····而该IP是上传服务器的。

QQ截图20150520024439.jpg

因为数据太大,打开就奔溃·····所以只能浏览器其他db.db1和db14都有大数据

QQ截图20150520023945.jpg

修复方案:

版权声明:转载请注明来源 擼管俠@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-05-20 12:22

厂商回复:

感谢 @擼管俠 我们抓紧修复

最新状态:

暂无