漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2012-05746
漏洞标题:搜狐某站数据库报错致敏感信息泄露
相关厂商:搜狐
漏洞作者: zeracker
提交时间:2012-04-02 20:37
修复时间:2012-05-17 20:38
公开时间:2012-05-17 20:38
漏洞类型:重要敏感信息泄露
危害等级:低
自评Rank:5
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2012-04-02: 细节已通知厂商并且等待厂商处理中
2012-04-02: 厂商已经确认,细节仅向厂商公开
2012-04-12: 细节向核心白帽子及相关领域专家公开
2012-04-22: 细节向普通白帽子公开
2012-05-02: 细节向实习白帽子公开
2012-05-17: 细节向公众公开
简要描述:
搜狐某站数据库报错致敏感信息泄露
新浪,搜狐,亲,你们都是肿么了。
老大,我还是建议批量上图,不然太慢了。卡卡卡。
详细说明:
http://vip.club.sohu.com/wenwang/question/index.php
Warning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on '192.168.103.24' (110) 亲地址暴露了喔。
in /opt/Sites/vip.club.sohu.com/wenwang/question/include/dsn.php on line 2
无法连接到数据库!
Warning: mysql_query() expects parameter 2 to be resource, boolean given in /opt/Sites/vip.club.sohu.com/wenwang/question/include/dsn.php on line 14
Warning: mysql_fetch_array() expects parameter 1 to be resource, null given in /opt/Sites/vip.club.sohu.com/wenwang/question/include/dsn.php on line 15
Warning: mysql_query() expects parameter 2 to be resource, boolean given in /opt/Sites/vip.club.sohu.com/wenwang/question/include/dsn.php on line 27
Warning: mysql_num_rows() expects parameter 1 to be resource, null given in /opt/Sites/vip.club.sohu.com/wenwang/question/include/dsn.php on line 28
Warning: mysql_query() expects parameter 2 to be resource, boolean given in /opt/Sites/vip.club.sohu.com/wenwang/question/index.php on line 31
Warning: mysql_num_rows() expects parameter 1 to be resource, null given in /opt/Sites/vip.club.sohu.com/wenwang/question/index.php on line 32
Warning: mysql_query() expects parameter 2 to be resource, boolean given in /opt/Sites/vip.club.sohu.com/wenwang/question/index.php on line 128
漏洞证明:
修复方案:
你们都懂的
===》QQ2036234
继续关注。
版权声明:转载请注明来源 zeracker@乌云
漏洞回应
厂商回应:
危害等级:低
漏洞Rank:5
确认时间:2012-04-02 21:32
厂商回复:
3q3q
最新状态:
暂无