首页 > 安全资讯 >

搜狐垃圾邮件帮助中心SQL注射漏洞及信息泄漏漏洞及修复

11-04-13

简要描述:搜狐垃圾邮件中心是使用python编写的,但是由于对一些参数过滤不正确以及错误的程序配置,可能泄漏更多信息 详细说明:HTTP/1.1 500 Internal Server Error   Server: nginx/0.7.65   Date: Fri, 11 Mar 2011 0

简要描述:
搜狐垃圾邮件中心是使用python编写的,但是由于对一些参数过滤不正确以及错误的程序配置,可能泄漏更多信息

详细说明:
HTTP/1.1 500 Internal Server Error

 

Server: nginx/0.7.65

 

Date: Fri, 11 Mar 2011 09:11:19 GMT

 

Content-Type: text/html

 

Transfer-Encoding: chunked

 

Connection: close

 

 

 

f73

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">

<head>

  <meta http-equiv="content-type" content="text/html; charset=utf-8" />

  <meta name="robots" content="NONE,NOARCHIVE" />

  <title><class _mysql_exceptions.ProgrammingError> at /queryip/</title>

  <style type="text/css">

    html * { padding:0; margin:0; }

    body * { padding:10px 20px; }

    body * * { padding:0; }

    body { font:small sans-serif; }

    body>div { border-bottom:1px solid #ddd; }

    h1 { font-weight:normal; }

    h2 { margin-bottom:.8em; }

    h2 span { font-size:80%; color:#666; font-weight:normal; }

    h3 { margin:1em 0 .5em 0; }

    h4 { margin:0 0 .5em 0; font-weight: normal; }

    table {

        border:1px solid #ccc; border-collapse: collapse; background:white; }

    tbody td, tbody th { vertical-align:top; padding:2px 3px; }

    thead th {

        padding:1px 6px 1px 3px; background:#fefefe; text-align:left;

        font-weight:normal; font-size:11px; border:1px solid #ddd; }

    tbody th { text-align:right; color:#666; padding-right:.5em; }

    table.vars { margin:5px 0 2px 40px; }

    table.vars td, table.req td { font-family:monospace; }

    table td.code { width:100%;}

    table td.code div { overflow:hidden; }

    table.source th { color:#666; }

    table.source td {

        font-family:monospace; white-space:pre; border-bottom:1px solid #eee; }

    ul.traceback { list-style-type:none; }

    ul.traceback li.frame { margin-bottom:1em; }

    div.context { margin: 10px 0; }

    div.context ol {

        padding-left:30px; margin:0 10px; list-style-position: inside; }

    div.context ol li {

        font-family:monospace; white-space:pre; color:#666; cursor:pointer; }

    div.context ol.context-line li { color:black; background-color:#ccc; }

    div.context ol.context-line li span { float: right; }

    div.commands { margin-left: 40px; }

    div.commands a { color:black; text-decoration:none; }

    #summary { background: #ffc; }

    #summary h2 { font-weight: normal; color: #666; }

    #explanation { background:#eee; }

    #template, #template-not-exist { background:#f6f6f6; }

    #template-not-exist ul { margin: 0 0 0 20px; }

    #traceback { background:#eee; }

    #requestinfo { background:#f6f6f6; padding-left:120px; }

    #summary table { border:none; background:transparent; }

    #requestinfo h2, #requestinfo h3 { position:relative; margin-left:-100px; }

    #requestinfo h3 { margin-bottom:-1em; }

    .error { background: #ffc; }

    .specific { color:#cc3300; font-weight:bold; }

  </style>

  <script type="text/javascript">

  //<!--

    function getElementsByClassName(oElm, strTagName, strClassName){

        // Written by Jonathan Snook, http://www.snook.ca/jon;

        // Add-ons by Robert Nyman, http://www.robertnyman.com

        var arrElements = (strTagName == "*" && document.all)? document.all :

        oElm.getElementsByTagName(strTagName);

        var arrReturnElements = new Array();

        strClassName = strClassName.replace(/-/g, "-");

        var oRegExp = new RegExp("(^|s)" + strClassName + "(s|$)");

        var oElement;

        for(var i=0; i<arrElements.length; i++){

            oElement = arrElements;

            if(oRegExp.test(oElement.className)){

                arrReturnElements.push(oElement);

            }

        }

        return (arrReturnElements)

    }

    function hideAll(elems) {

      for (var e = 0; e < elems.length; e++) {

        elems[e].style.display = none;

      }

    }

    window.onload = function() {

      hideAll(getElementsByClassName(document, table, vars));

      hideAll(getElementsByClassName(document, ol, pre-context));

      hideAll(getElementsByClassName(document, ol, post-context));

    }

    function toggle() {

      for (var i = 0; i < arguments.length; i++) {

        var e = document.getElementById(arguments);

        if (e) {

 

 

1000

 

         e.style.display = e.style.display == none ? block : none;

        }

      }

      return false;

    }

    function varToggle(link, id) {

      toggle(v + id);

      var s = link.getElementsByTagName(span)[0];

      var uarr = String.fromCharCode(0x25b6);

      var darr = String.fromCharCode(0x25bc);

      s.innerHTML = s.innerHTML == uarr ? darr : uarr;

&

相关文章
最新文章
热点推荐