baidu 百度在搞什么啊?
想申请百度联盟,需要下载一个文件 bdunion.txt 放在自己的服务器上,已证明服务器是自己的。
结果
baidu竟然给上传了一个 regIndividualCustomer.jsp
kao!
两个问题:
- 百度怎么上传的这个文件? 利用的我的网站漏洞?
- 这种行为有点可耻把。
btw:因为没有通过审核,鄙视baidu!
-rw-rw-r-- 1 cobola cobola 33340 Nov 28 11:03 regIndividualCustomer.jsp
这个文件的写入时间
<!--STATUS OK-->
<html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>百度联盟-会员注册</title>
<link href="css/union.css" rel="stylesheet" type="text/css">
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_jumpMenu(targ,selObj,restore){ //v3.0
eval(targ+".location='"+selObj.options[selObj.selectedIndex].value+"'");
if (restore) selObj.selectedIndex=0;
}
//-->
</script>
</head>
<base href="http://union.baidu.com/regIndividualCustomer.jsp">
<script language="javascript" type="text/javascript" src="js/check.js"></script>
<script>
function switchShow()
{
regForm.action="initRegEnterpriseCustomerAction.do?switchShow=1";
regForm.submit();
}
function checkform(form){
if(validateRegIndividualCustomerForm(form)){
if(form.password.value!=form.verifyPassword.value){
alert("两次输入的密码不一致");
return false;
}
return isvalidpassword(form.password.value,2,"密码格式不正确,必须包含小写字母、大写字母和阿拉伯数字中的两种字符");
}
return false;
}
function load(){
var eleValue = document.regForm.bizType.options[document.regForm.bizType.selectedIndex].value;
var showElement = document.getElementById('cprohelp');
var verifiedTableDescElement = document.getElementById('verifiedTableDesc');
var verifiedTableDataElement = document.getElementById('verifiedTableData');
var verifiedTableInfoElement = document.getElementById('verifiedTableInfo');
if(eleValue!= null && eleValue== 2){
showElement.style.display = "block";
}else{
showElement.style.display = "none";
}
if(eleValue!=1){
verifiedTableDescElement.style.display = "block";
verifiedTableDataElement.style.display = "block";
verifiedTableInfoElement.style.display = "block";
}else{
verifiedTableDescElement.style.display = "none";
verifiedTableDataElement.style.display = "none";
verifiedTableInfoElement.style.display = "none";
}
}
/**
*针对首选业务下拉框选中网站搜索和主题推广,将提示文字说明显示
*/
function checkShowCpro(element){
var eleValue = element.options[element.selectedIndex].value;
var showElement = document.getElementById('cprohelp');
var verifiedTableDescElement = document.getElementById('verifiedTableDesc');
var verifiedTableDataElement = document.getElementById('verifiedTableData');
var verifiedTableInfoElement = document.getElementById('verifiedTableInfo');
if(eleValue!= null && eleValue== 2){
showElement.style.display = "block";
}else{
showElement.style.display = "none";
}
if(eleValue!=1){
verifiedTableDescElement.style.display = "block";
verifiedTableDataElement.style.display = "block";
verifiedTableInfoElement.style.display = "block";
}else{
verifiedTableDescElement.style.display = "none";
verifiedTableDataElement.style.display = "none";
verifiedTableInfoElement.style.display = "none";
}
}
function switchVerifyShow(){
regForm.action="regVerifiedSiteAdminFinishAction.do?operation=verifiedSiteAdmin&ut=0";
regForm.submit();
regForm.action="regIndividualCustomerAction.do";
}
function switchVerifyDown(){
regForm.action="regVerifiedSiteAdminFinishAction.do?operation=downloadVerifiedFile&ut=0";
regForm.submit();
regForm.action="regIndividualCustomerAction.do";
}
</script>
<script type="text/javascript" language="Javascript1.1">
<!-- Begin
var bCancel = false;
function validateRegIndividualCustomerForm(form) {
if (bCancel)
return true;
else
return validateRequired(form) && validateMinLength(form) && validateMaxLength(form) && validateMask(form) && validateLong(form) && validateEmail(form);
}
function required () {
this.aa = new Array("customerName", "用户名 不能空.", new Function ("varName", "this.maxlength='24'; this.mask=/^[a-z0-9]{0,}$/; this.minlength='4'; return this[varName];"));
this.ab = new Array("password", "登陆密码 不能空.", new Function ("varName", "this.maxlength='16'; this.minlength='6'; return this[varName];"));
this.ac = new Array("verifyPassword", "重复密码 不能空.", new Function ("varName", "this.maxlength='16'; this.minlength='6'; return this[varName];"));
this.ad = new Array("bizType", "首选业务 不能空.", new Function ("varName", " return this[varName];"));
this.ae = new Array("userType", "用户类型 不能空.", new Function ("varName", "this.mask=/0|1/; return this[varName];"));
this.af = new Array("realName", "姓名 不能空.", new Function ("varName", " return this[varName];"));
this.ag = new Array("sex", "性别 不能空.", new Function ("varName", " return this[varName];"));
this.ah = new Array("identity", "身份证号码 不能空.", new Function ("varName", "this.mask=/^\\d{14}[0-9xX]{1}$|^\\d{17}[0-9xX]{1}$/; return this[varName];"));
this.ai = new Array("phone", "电话号码 不能空.", new Function ("varName", "this.maxlength='15'; this.mask=/^\\d{3}[\\d-]{2}\\d{0,}$/; this.minlength='6'; return this[varName];"));
this.aj = new Array("mobilephone", "手机号码 不能空.", new Function ("varName", "this.mask=/^\\d{11}$/; return this[varName];"));
this.ak = new Array("email", "电子邮件 不能空.", new Function ("varName", " return this[varName];"));
}
function minlength () {
this.aa = new Array("customerName", "用户名 不能小于 4 位.", new Function ("varName", "this.maxlength='24'; this.mask=/^[a-z0-9]{0,}$/; this.minlength='4'; return this[varName];"));
this.ab = new Array("password", "登陆密码 不能小于 6 位.", new Function ("varName", "this.maxlength='16'; this.minlength='6'; return this[varName];"));
this.ac = new Array("verifyPassword", "重复密码 不能小于 6 位.", new Function ("varName", "this.maxlength='16'; this.minlength='6'; return this[varName];"));
this.ad = new Array("phone", "电话号码 不能小于 6 位.", new Function ("varName", "this.maxlength='15'; this.mask=/^\\d{3}[\\d-]{2}\\d{0,}$/; this.minlength='6'; return this[varName];"));
}
function maxlength () {
this.aa = new Array("customerName", "用户名 不能超过 24 位.", new Function ("varName", "this.maxlength='24'; this.mask=/^[a-z0-9]{0,}$/; this.minlength='4'; return this[varName];"));
this.ab = new Array("password", "登陆密码 不能超过 16 位.", new Function ("varName", "this.maxlength='16'; this.minlength='6'; return this[varName];"));
this.ac = new Array("verifyPassword", "重复密码 不能超过 16 位.", new Function ("varName", "this.maxlength='16'; this.minlength='6'; return this[varName];"));
this.ad = new Array("phone", "电话号码 不能超过 15 位.", new Function ("varName", "this.maxlength='15'; this.mask=/^\\d{3}[\\d-]{2}\\d{0,}$/; this.minlength='6'; return this[varName];"));
}
function mask () {
this.aa = new Array("customerName", "用户名 格式不正确.", new Function ("varName", "this.maxlength='24'; this.mask=/^[a-z0-9]{0,}$/; this.minlength='4'; return this[varName];"));
this.ab = new Array("userType", "用户类型 格式不正确.", new Function ("varName", "this.mask=/0|1/; return this[varName];"));
this.ac = new Array("identity", "身份证号码 格式不正确.", new Function ("varName", "this.mask=/^\\d{14}[0-9xX]{1}$|^\\d{17}[0-9xX]{1}$/; return this[varName];"));
this.ad = new Array("phone", "电话号码 格式不正确.", new Function ("varName", "this.maxlength='15'; this.mask=/^\\d{3}[\\d-]{2}\\d{0,}$/; this.minlength='6'; return this[varName];"));
this.ae = new Array("mobilephone", "手机号码 格式不正确.", new Function ("varName", "this.mask=/^\\d{11}$/; return this[varName];"));
}
function LongValidations () {
this.aa = new Array("bizType", "首选业务 应该为 数字.", new Function ("varName", " return this[varName];"));
}
function email () {
this.aa = new Array("email", "电子邮件 email格式不正确.", new Function ("varName", " return this[varName];"));
}
function validateFloatRange(form) {
var isValid = true;
var focusField = null;
var i = 0;
var fields = new Array();
oRange = new floatRange();
for (x in oRange) {
var field = form[oRange[x][0]];
if ((field.type == 'text' ||
field.type == 'textarea') &&
(field.value.length > 0)) {
var fMin = parseFloat(oRange[x][2]("min"));
var fMax = parseFloat(oRange[x][2]("max"));
var fValue = parseFloat(field.value);
if (!(fValue >= fMin && fValue <= fMax)) {
if (i == 0) {
focusField = field;
}
fields[i++] = oRange[x][1];
isValid = false;
}
}
}
if (fields.length > 0) {
focusField.focus();
alert(fields.join('\n'));
}
return isValid;
}
function validateByte(form) {
var bValid = true;
var focusField = null;
var i = 0;
var fields = new Array();
oByte = new ByteValidations();
for (x in oByte) {
var field = form[oByte[x][0]];
if (field.type == 'text' ||
field.type == 'textarea' ||
field.type == 'select-one' ||
field.type == 'radio') {
var value = '';
// get field's value
if (field.type == "select-one") {
var si = field.selectedIndex;
if (si >= 0) {
value = field.options[si].value;
}
} else {
value = field.value;
}
if (value.length > 0) {
if (!isAllDigits(value)) {
bValid = false;
if (i == 0) {
focusField = field;
}
fields[i++] = oByte[x][1];
} else {
var iValue = parseInt(value);
if (isNaN(iValue) || !(iValue >= -128 && iValue <= 127)) {
if (i == 0) {
focusField = field;
}
fields[i++] = oByte[x][1];
bValid = false;
}
}
}
}
}
if (fields.length > 0) {
focusField.focus();
alert(fields.join('\n'));
}
return bValid;
}
function validateMaxLength(form) {
var isValid = true;
var focusField = null;
var i = 0;
var fields = new Array();
oMaxLength = new maxlength();
for (x in oMaxLength) {
var field = form[oMaxLength[x][0]];
if (field.type == 'text' ||
field.type == 'textarea'||field.type == 'password') {
var iMax = parseInt(oMaxLength[x][2]("maxlength"));
if (field.value.length > iMax) {
if (i == 0) {
focusField = field;
}
fields[i++] = oMaxLength[x][1];
isValid = false;
}
}
}
if (fields.length > 0) {
focusField.focus();
alert(fields.join('\n'));
}
return isValid;
}
function validateRequired(form) {
var isValid = true;
var focusField = null;
var i = 0;
var fields = new Array();
oRequired = new required();
for (x in oRequired) {
var field = form[oRequired[x][0]];
if (field.type == 'text' ||
field.type == 'textarea' ||
field.type == 'file' ||
field.type == 'select-one' ||
field.type == 'radio' ||
field.type == 'password') {
var value = '';
// get field's value
if (field.type == "select-one") {
var si = field.selectedIndex;
if (si >= 0) {
value = field.options[si].value;
}
} else {
value = field.value;
}
if (trim(value).length == 0) {
if (i == 0) {
focusField = field;
}
fields[i++] = oRequired[x][1];
isValid = false;
}
}
}
if (fields.length > 0) {
focusField.focus();
alert(fields.join('\n'));
}
return isValid;
}
// Trim whitespace from left and right sides of s.
function trim(s) {
return s.replace( /^\s*/, "" ).replace( /\s*$/, "" );
}
function validateInteger(form) {
var bValid = true;
var focusField = null;
var i = 0;
var fields = new Array();
oInteger = new IntegerValidations();
for (x in oInteger) {
var field = form[oInteger[x][0]];
if (field.type == 'text' ||
field.type == 'textarea' ||
field.type == 'select-one' ||
field.type == 'radio') {
var value = '';
// get field's value
if (field.type == "select-one") {
var si = field.selectedIndex;
if (si >= 0) {
value = field.options[si].value;
}
} else {
value = field.value;
}
if (value.length > 0) {
if (!isAllDigits(value)) {
bValid = false;
if (i == 0) {
focusField = field;
}
fields[i++] = oInteger[x][1];
} else {
var iValue = parseInt(value);
if (isNaN(iValue) || !(iValue >= -2147483648 && iValue <= 2147483647)) {
if (i == 0) {
focusField = field;
}
fields[i++] = oInteger[x][1];
bValid = false;
}
}
}
}
}
if (fields.length > 0) {
focusField.focus();
alert(fields.join('\n'));
}
return bValid;
}
function isAllDigits(argvalue) {
argvalue = argvalue.toString();
var validChars = "0123456789";
var startFrom = 0;
if (argvalue.substring(0, 2) == "0x") {
validChars = "0123456789abcdefABCDEF";
startFrom = 2;
} else if (argvalue.charAt(0) == "0") {
validChars = "01234567";
startFrom = 1;
} else if (argvalue.charAt(0) == "-") {
startFrom = 1;
}
for (var n = startFrom; n < argvalue.length; n++) {
if (validChars.indexOf(argvalue.substring(n, n+1)) == -1) return false;
}
return true;
}
function validateRange(form) {
return validateIntRange(form);
}
function validateCreditCard(form) {
var bValid = true;
var focusField = null;
var i = 0;
var fields = new Array();
oCreditCard = new creditCard();
for (x in oCreditCard) {
if ((form[oCreditCard[x][0]].type == 'text' ||
form[oCreditCard[x][0]].type == 'textarea') &&
(form[oCreditCard[x][0]].value.length > 0)) {
if (!luhnCheck(form[oCreditCard[x][0]].value)) {
if (i == 0) {
focusField = form[oCreditCard[x][0]];
}
fields[i++] = oCreditCard[x][1];
bValid = false;
}
}
}
if (fields.length > 0) {
focusField.focus();
alert(fields.join('\n'));
}
return bValid;
}
/**
* Reference: http://www.ling.nwu.edu/~sburke/pub/luhn_lib.pl
*/
function luhnCheck(cardNumber) {
if (isLuhnNum(cardNumber)) {
var no_digit = cardNumber.length;
var oddoeven = no_digit & 1;
var sum = 0;
for (var count = 0; count < no_digit; count++) {
var digit = parseInt(cardNumber.charAt(count));
if (!((count & 1) ^ oddoeven)) {
digit *= 2;
if (digit > 9) digit -= 9;
};
sum += digit;
};
if (sum == 0) return false;
if (sum % 10 == 0) return true;
};
return false;
}
function isLuhnNum(argvalue) {
argvalue = argvalue.toString();
if (argvalue.length == 0) {
return false;
}
for (var n = 0; n < argvalue.length; n++) {
if ((argvalue.substring(n, n+1) < "0") ||
(argvalue.substring(n,n+1) > "9")) {
return false;
}
}
return true;
}
function validateDate(form) {
var bValid = true;
var focusField = null;
var i = 0;
var fields = new Array();
oDate = new DateValidations();
for (x in oDate) {
var value = form[oDate[x][0]].value;
var datePattern = oDate[x][2]("datePatternStrict");
if ((form[oDate[x][0]].type == 'text' ||
form[oDate[x][0]].type == 'textarea') &&
(value.length > 0) &&
(datePattern.length > 0)) {
var MONTH = "MM";
var DAY = "dd";
var YEAR = "yyyy";
var orderMonth = datePattern.indexOf(MONTH);
var orderDay = datePattern.indexOf(DAY);
var orderYear = datePattern.indexOf(YEAR);
if ((orderDay < orderYear && orderDay > orderMonth)) {
var iDelim1 = orderMonth + MONTH.length;
var iDelim2 = orderDay + DAY.length;
var delim1 = datePattern.substring(iDelim1, iDelim1 + 1);
var delim2 = datePattern.substring(iDelim2, iDelim2 + 1);
if (iDelim1 == orderDay && iDelim2 == orderYear) {
dateRegexp = new RegExp("^(\\d{2})(\\d{2})(\\d{4})$");
} else if (iDelim1 == orderDay) {
dateRegexp = new RegExp("^(\\d{2})(\\d{2})[" + delim2 + "](\\d{4})$");
} else if (iDelim2 == orderYear) {
dateRegexp = new RegExp("^(\\d{2})[" + delim1 + "](\\d{2})(\\d{4})$");
} else {
dateRegexp = new RegExp("^(\\d{2})[" + delim1 + "](\\d{2})[" + delim2 + "](\\d{4})$");
}
var matched = dateRegexp.exec(value);
if(matched != null) {
if (!isValidDate(matched[2], matched[1], matched[3])) {
if (i == 0) {
focusField = form[oDate[x][0]];
}
fields[i++] = oDate[x][1];
bValid = false;
}
} else {
if (i == 0) {
focusField = form[oDate[x][0]];
}
fields[i++] = oDate[x][1];
bValid = false;
}
} else if ((orderMonth < orderYear && orderMonth > orderDay)) {
var iDelim1 = orderDay + DAY.length;
var iDelim2 = orderMonth + MONTH.length;
var delim1 = datePattern.substring(iDelim1, iDelim1 + 1);
var delim2 = datePattern.substring(iDelim2, iDelim2 + 1);
if (iDelim1 == orderMonth && iDelim2 == orderYear) {
dateRegexp = new RegExp("^(\\d{2})(\\d{2})(\\d{4})$");
} else if (iDelim1 == orderMonth) {
dateRegexp = new RegExp("^(\\d{2})(\\d{2})[" + delim2 + "](\\d{4})$");
} else if (iDelim2 == orderYear) {
dateRegexp = new RegExp("^(\\d{2})[" + delim1 + "](\\d{2})(\\d{4})$");
} else {
dateRegexp = new RegExp("^(\\d{2})[" + delim1 + "](\\d{2})[" + delim2 + "](\\d{4})$");
}
var matched = dateRegexp.exec(value);
if(matched != null) {
if (!isValidDate(matched[1], matched[2], matched[3])) {
if (i == 0) {
focusField = form[oDate[x][0]];
}
fields[i++] = oDate[x][1];
bValid = false;
&nbs