当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0111446

漏洞标题:DNSPod又一处源代码泄露

相关厂商:DNSPod

漏洞作者: 路人甲

提交时间:2015-05-04 11:39

修复时间:2015-06-18 22:30

公开时间:2015-06-18 22:30

漏洞类型:系统/服务运维配置不当

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-05-04: 细节已通知厂商并且等待厂商处理中
2015-05-04: 厂商已经确认,细节仅向厂商公开
2015-05-14: 细节向核心白帽子及相关领域专家公开
2015-05-24: 细节向普通白帽子公开
2015-06-03: 细节向实习白帽子公开
2015-06-18: 细节向公众公开

简要描述:

DNSPod又一处源代码泄露
听说dnspod是个有很节操的厂商 应该不会不确认吧

详细说明:

还是git配置不当问题 避免重复2个一起发了
blog.dnspod.cn

/** MySQL database username */
define('DB_USER', 'dnspodblog');
/** MySQL database password */
define('DB_PASSWORD', '789GIU&%4*************^**&GJH');
/** MySQL hostname */
define('DB_HOST', 'localhost');


support.dnspod.cn

<?php
return array(
//'配置项'=>'配置值'
'DB_DSN' => 'mysql://sptweb:k!e*GchF0*****fY&jSGCWak*****8U@10.66.1.197:1026/swift440',
'WEB_PATH' => 'https://www.dnspod.cn',
'DOMAIN_PATH' => 'https://domains.dnspod.cn',
'MP_PATH' => 'http://127.0.0.1:8081',
'MP_PATH8081' => 'http://127.0.0.1:8081',
'TICKETS_PATH' => 'tickets.dnspod.cn',
'SUPPORT_PATH' => 'https://support.dnspod.cn',
'KY_API_KEY' => 'd324c62a-a8c8-1804-a13f-1********be',
'KY_SECRET_KEY' => 'ZTBmZGM0YmItNzJmZS1****************lZjAtYjJjMi0xZTc0LWU1N2QtODZmNzMwOWM3NjQ0',
'KY_API_URL' => 'http://tickets.dnspod.cn/api/index.php?',
'CUSTOM_FIELD_ID' => '4apmljqbp5n6',
'LOG_RECORD' => true,
'DEFAULT_MODULE' => 'Support',
'DEFAULT_ACTION' => 'support',
'URL_ROUTER_ON' => true,
'URL_ROUTER_RULES' => array(
'tools/domain/:domain' => 'Tools/tools',
'trace/id/:id' => 'Ticket/trace/',
'showarticle/tsid/:tsid' => 'Kb/showarticle',
'submit/domain/:domain' => 'Tickets/submit',
'kb/keyword/:keyword' => 'Kb/kb',
'getl2/qid/:qid' => 'Kb/getl2',
'getl3/qid/:qid' => 'Kb/getl3',
'mytks/tkstatus/:tkstatus/' => 'Tickets/mytks'
),
'CACHE_TYPE' => 'File',
'CACHE_OPTION' => array(
'expire' => 600,
),
'LOGIN_URL' => 'https://www.dnspod.cn/Index/Login?r=https://support.dnspod.cn',
'LOGOUT_URL' => 'https://www.dnspod.cn/Auth/Logout?r=https://support.dnspod.cn',
'API_URL' => 'https://www.dnspod.cn/Api/',
);
?>


漏洞证明:

还是git配置不当问题 避免重复2个一起发了
blog.dnspod.cn

/** MySQL database username */
define('DB_USER', 'dnspodblog');
/** MySQL database password */
define('DB_PASSWORD', '789GIU&%4*************^**&GJH');
/** MySQL hostname */
define('DB_HOST', 'localhost');


support.dnspod.cn

<?php
return array(
//'配置项'=>'配置值'
'DB_DSN' => 'mysql://sptweb:k!e*GchF0*****fY&jSGCWak*****8U@10.66.1.197:1026/swift440',
'WEB_PATH' => 'https://www.dnspod.cn',
'DOMAIN_PATH' => 'https://domains.dnspod.cn',
'MP_PATH' => 'http://127.0.0.1:8081',
'MP_PATH8081' => 'http://127.0.0.1:8081',
'TICKETS_PATH' => 'tickets.dnspod.cn',
'SUPPORT_PATH' => 'https://support.dnspod.cn',
'KY_API_KEY' => 'd324c62a-a8c8-1804-a13f-1********be',
'KY_SECRET_KEY' => 'ZTBmZGM0YmItNzJmZS1****************lZjAtYjJjMi0xZTc0LWU1N2QtODZmNzMwOWM3NjQ0',
'KY_API_URL' => 'http://tickets.dnspod.cn/api/index.php?',
'CUSTOM_FIELD_ID' => '4apmljqbp5n6',
'LOG_RECORD' => true,
'DEFAULT_MODULE' => 'Support',
'DEFAULT_ACTION' => 'support',
'URL_ROUTER_ON' => true,
'URL_ROUTER_RULES' => array(
'tools/domain/:domain' => 'Tools/tools',
'trace/id/:id' => 'Ticket/trace/',
'showarticle/tsid/:tsid' => 'Kb/showarticle',
'submit/domain/:domain' => 'Tickets/submit',
'kb/keyword/:keyword' => 'Kb/kb',
'getl2/qid/:qid' => 'Kb/getl2',
'getl3/qid/:qid' => 'Kb/getl3',
'mytks/tkstatus/:tkstatus/' => 'Tickets/mytks'
),
'CACHE_TYPE' => 'File',
'CACHE_OPTION' => array(
'expire' => 600,
),
'LOGIN_URL' => 'https://www.dnspod.cn/Index/Login?r=https://support.dnspod.cn',
'LOGOUT_URL' => 'https://www.dnspod.cn/Auth/Logout?r=https://support.dnspod.cn',
'API_URL' => 'https://www.dnspod.cn/Api/',
);
?>


修复方案:

null

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:4

确认时间:2015-05-04 22:28

厂商回复:

问题已经确认并且修复,谢谢该白帽子。
主要是调用工单系统的接口来展示 wiki 和用户工单,不存储任何数据,并且代码是完全独立的,对 DNSPod 主站及用户数据没有任何影响。

最新状态:

暂无