www.lijiejie.com PR:2 Alexa排名:1881774 李劼杰的博客

网站综合查询

网站综合信息 www.lijiejie.com

标题:
李劼杰的博客

关键字:
李劼杰 LiJieJie 西工大的猫西工大浏览器

描述:
李劼杰的生活记录

域名信息
域名年龄:15年9个月15天 注册日期:2009年08月07日 到期时间:2014年08月07日
邮箱:abuse 电话:+86.1082151122
注册商:BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN

服务器空间
IP:106.187.34.156 同IP网站1个详情
地址:日本 Linode互联网数据中心

备案信息
备案号:未备案

网站收录SEO数据

搜索引擎
收录量
反向链接
其他

百度
286
2,390
快照:2014-06-04

Google
86
0
pr:2

雅虎
0

搜搜
0

搜狗
321
评级:4/10

360搜索
185

域名流量Alexa排名

一周平均
一个月平均
三个月平均

Alexa全球排名
-
-
1,881,774

平均日IP
-
-
-

日总PV
-
-
-

人均PV(PV/IP比例)
-
-
-

反向链接
0

dmoz目录收录
-

流量走势图

域名注册Whois信息

lijiejie.com

域名年龄: 15年9个月15天
注册时间: 2009-08-07
到期时间: 2014-08-07
注册商: BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
注册邮箱: abuse
联系电话: +86.1082151122

获取时间: 2014年07月24日 08:54:11
Domain Name: LIJIEJIE.COM
Registrar: BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
Whois Server: whois.dns.com.cn
Referral URL: http://www.dns.com.cn
Name Server: F1G1NS1.DNSPOD.NET
Name Server: F1G1NS2.DNSPOD.NET
Status: clientTransferProhibited
Updated Date: 2013-05-28
Creation Date: 2009-08-07
Expiration Date: 2014-08-07

>>> Last update of whois database: Thu, 2014-Jul-24 00:54:30 UTC <<<

Domain name: lijiejie.com
Registry Domain ID:
Registrar WHOIS Server: whois.dns.com.cn
Registrar URL: http://www.dns.com.cn
Updated Date: 2013-05-28T17:19:43Z
Creation Date: 2009-08-07T15:26:23Z
Registrar Registration Expiration Date: 2014-08-07T15:26:23Z
Registrar: Beijing Innovative Linkage Technology Ltd.
Registrar IANA ID: 633
Registrar Abuse Contact Email: abuse
Registrar Abuse Contact Phone: +86.1082151122
Reseller:
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: li jiejie
Registrant Organization: Li Jiejie
Registrant Street: northwestern polytechnical university
Registrant City: Xian
Registrant State/Province: SN
Registrant Postal Code: 637000
Registrant Country: CN
Registrant Phone: +86.8173891419
Registrant Phone Ext:
Registrant Fax: +86.8173891419
Registrant Fax Ext:
Registrant Email: ameriapeople
Registry Admin ID:
Admin Name: li jiejie
Admin Organization: Li Jiejie
Admin Street: northwestern polytechnical university
Admin City: Xian
Admin State/Province: SN
Admin Postal Code: 637000
Admin Country: CN
Admin Phone: +86.8173891419
Admin Phone Ext:
Admin Fax: +86.8173891419
Admin Fax Ext:
Admin Email: ameriapeople
Registry Tech ID:
Tech Name: li jiejie
Tech Organization: Li Jiejie
Tech Street: northwestern polytechnical university
Tech City: Xian
Tech State/Province: SN
Tech Postal Code: 637000
Tech Country: CN
Tech Phone: +86.8173891419
Tech Phone Ext:
Tech Fax: +86.8173891419
Tech Fax Ext:
Tech Email: ameriapeople
Name Server: f1g1ns2.dnspod.net
Name Server: f1g1ns1.dnspod.net
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: Thu Jul 24 08:54:38 2014 +0800

The data in this whois database is provided to you for information
purposes only, that is, to assist you in obtaining information about or
related to a domain name registration record. We make this information
available "as is," and do not guarantee its accuracy. By submitting a
whois query, you agree that you will use this data only for lawful
purposes and that, under no circumstances will you use this data to: (1)
enable high volume, automated, electronic processes that stress or load
this whois database system providing you this information; or (2) allow,
enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via direct mail, electronic
mail, or by telephone. The compilation, repackaging, dissemination or
other use of this data is expressly prohibited without prior written
consent from us. We reserve the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.

网站头文件(HTTP Header)

HTTP/1.1 200 OK
访问时间:2015年02月22日 17:56:53
服务器:Apache/2.2.22 (Ubuntu)
修改日期:2015年02月17日 13:55:58
接受单位:字节
文件大小:17849
缓存控制:max-age=3,必须更新
过期时间:2015年02月22日 17:56:56
动作:Accept-Encoding,Cookie
Keep-Alive: timeout=5, max=100
连接:Keep-Alive
类型:text/html; charset=UTF-8
Content-Encoding: gzip
网站编码:UTF-8

同IP网站(同服务器)

106.187.34.156 共1个网站 (日本 Linode互联网数据中心)

李劼杰的博客 www.lijiejie.com

其他后缀域名

顶级域名
相关信息

lijiejie.net
未注册 .net

lijiejie.org
已注册

lijiejie.cn
- .cn

相关类似网站

查询与www.lijiejie.com同域名/关键字的网站

www.lijiejie.com 李劼杰的博客

网站首页快照(纯文字版)

抓取时间:2015年02月22日 17:53:11
网址:http://www.lijiejie.com/
标题:李劼杰的博客
关键字:李劼杰,LiJieJie,西工大的猫,西工大浏览器
描述:李劼杰的生活记录
主体:

李劼杰的博客依然在路上新浪微博You are here: Homepython和django的目录遍历漏洞(任意文件读取)By lijiejie on 2015 年 1 月 20 日 | 浏览 334 次近来我和同事观察到wooyun平台上较多地出现了“任意文件读取漏洞”，类似：Wooyun：优酷系列服务器文件读取攻击者通过请求http://220.181.185.228/../../../../../../../../../etc/sysconfig/network-scripts/ifcfg-eth1或类似URL，可跨目录读取系统敏感文件。 显然，这个漏洞是因为WebServer处理URL不当引入的。我们感兴趣的是，这到底是不是一个通用WebServer的漏洞。经分析验证，我们初步得出，这主要是由于开发人员在python代码中不安全地使用open函数引起，而且低版本的django自身也存在漏洞。1. 什么是目录遍历漏洞“目录遍历漏洞”的英文名称是Directory Traversal 或 Path Traversal。指攻击者通过在URL或参数中构造../..%2F /%c0%ae%c0%ae/%2e%2e%2f或类似的跨父目录字符串，完成目录跳转，读取操作系统各个目录下的敏感文件。很多时候，我们也把它称作“任意文件读取漏洞”。2. Python和Django的目录遍历漏洞历史上python和django曾爆出多个目录遍历漏洞，例如：CVE-2009-2659  Django directory traversal flawCVE-2013-4315   python-django: directory traversal with "ssi" template tagPython CGIHTTPServer File Disclosure and Potential Code Execution内置的模块和Django模板标签，均受过影响。程序员稍不谨慎，就可能写下有漏洞的代码。3. 漏洞代码示例为了演示漏洞的原理，我们写了一段存在明显漏洞的代码：Python# -*- coding: utf-8 -*-import sysimport SocketServerimport BaseHTTPServerimport threadingimport timeimport exceptionsimport osclass MyHttpRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):def do_GET(self):self.send_response(200)self.send_header('Content-type','text/plain')self.end_headers()if os.path.isfile(self.path):file = open(self.path)self.wfile.write(file.read())file.close()else:self.wfile.write('hello world')class ThreadedHttpServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer):__httpd = None@staticmethoddef get():if not ThreadedHttpServer.__httpd:ThreadedHttpServer.__httpd = ThreadedHttpServer(('0.0.0.0', 80), MyHttpRequestHandler)return ThreadedHttpServer.__httpddef main():try:httpd = ThreadedHttpServer.get()httpd.serve_forever()except exceptions.KeyboardInterrupt:httpd.shutdown()except Exception as e:print eif __name__ == '__main__':main()123456789101112131415161718192021222324252627282930313233343536373839404142434445# -*- coding: utf-8 -*-import sysimport SocketServerimport BaseHTTPServerimport threadingimport timeimport exceptionsimport os  class MyHttpRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):    def do_GET(self):        self.send_response(200)        self.send_header('Content-type','text/plain')        self.end_headers()        if os.path.isfile(self.path):            file = open(self.path)            self.wfile.write(file.read())            file.close()        else:            self.wfile.write('hello world')         class ThreadedHttpServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer):    __httpd = None     @staticmethod    def get():        if not ThreadedHttpServer.__httpd:            ThreadedHttpServer.__httpd = ThreadedHttpServer(('0.0.0.0', 80), MyHttpRequestHandler)        return ThreadedHttpServer.__httpd  def main():    try:        httpd = ThreadedHttpServer.get()        httpd.serve_forever()    except exceptions.KeyboardInterrupt:        httpd.shutdown()    except Exception as e:        print e  if __name__ == '__main__':    main()在处理GET请求时，我直接取path，然后使用open函数打开path对应的静态文件，并HTTP响应文件的内容。这里出现了一个明显的目录遍历漏洞，对path未做任