当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0116863

漏洞标题:七匹狼分站- 敏感信息泄露 源码泄漏 目录遍历 内部敏感信息泄漏

相关厂商:七匹狼

漏洞作者: susp

提交时间:2015-05-29 14:27

修复时间:2015-07-13 14:28

公开时间:2015-07-13 14:28

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:5

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-29: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-07-13: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

七匹狼配置不当分站数据库配置泄露+源码打包

详细说明:

http://ipos.septwolves.com/

1.png


2.png


3.jpg


4.png


<?php
/**
 * ipos配置文件
 */
// ipos mysql 数据库配置
$db_server = "mysql";
$db_host   = "10.7.78.10";
$db_name   = "ipos";
$db_user   = "ipos2";
$db_pass   = "ipos!@#QAZ";
/*
 * 调试模式,开启后会在logs下生成执行过的sql语句的日志,生产环境会产生大量日志,降低系统性能,不建议长时间开启
 */
define('DEBUG_MODE', 0);//调试模式,0不开启,1开启
//ipos_mysql 读写分离配置
$GLOBALS['dxfl'] = 0;//是否开启读写分离(0为未开启,1为开启)
//读写分离(读)服务器配置
$read_db_cfg  = array('dbhost'=>'10.7.78.12','dbuser'=>'iposcx','dbname'=>'ipos','dbpw'=>'iposcx@123',);
$GLOBALS['fkfb'] = 0;//是否开启分库分表(0为未开启,1为开启)
$GLOBALS['aliyun_qtsy'] = 0;//是否开启阿里云收银模式(云上仅收银)默认0关闭,1云下系统,2云系统
$GLOBALS['local_urls'] = 'http://localhost/ipos';//阿里云收银模式(2云系统)时有效
$GLOBALS['aliyun_node_number'] = 0;//阿里云节点数,即切分库数(开启分库分表和阿里云收银模式(2云系统)时此参数才生效)
$GLOBALS['aliyun_data_days'] = 0;//阿里云数据有效天数配置,阿里云收银模式(2云系统)时此参数才生效,0为永
$GLOBALS['o2o']=1;	//	O2O 开启 
$prefix                 = "";
$timezone               = "Asia/Shanghai";
$cookie_path            = "/";
$cookie_domain          = "";
$admin_dir              = "admin";
$session                = "1440";
$filesync_host          = "http://localhost/sources";
$GLOBALS['manage_tpl']  = 'web/templates/manage';	//	manger 模版路径
$GLOBALS['shop_tpl']    = 'web/templates/shop';		//	shop 模版路径
$GLOBALS['public_tpl']  = 'web/templates';			//	公共 模版路径
$GLOBALS['cfg_session_time']   = '864000';//	session 时间
$GLOBALS['cfg_session_domain'] = '';//	作用域
$GLOBALS['cfg_apache_port']     =  80;//	apache_port(端口号)
$GLOBALS['cfg_mem_on']          = '0';//	memcache 开启 1 关闭 0
$GLOBALS['cfg_memcache_host']   = 'localhost';//	mem memcache_host
$GLOBALS['cfg_memcache_port']   = '11211';//	memcache_port
$GLOBALS['MEMCACHE_COMPRESSED'] = 'MEMCACHE_COMPRESSED';
/**
 * 多库位配置参数
 */
$GLOBALS['dkw']     = '1'; //默认情况下为0,即不启用多库位,为1时才是启用多库位
$GLOBALS['MAC'] = 0;//终端注册时只检测MAC地址(0为未开启,1为开启)
/**
 * 商品规格配置参数
 */
$GLOBALS['ggpz'] = '0'; //0-不启用规格配置,1-正向规格配置,2-负项规格配置
/**
*帐套数据
*/
$GLOBALS['licenseServer'] = '10.7.9.24';
$GLOBALS['LicensePort']   = '2018';
//$GLOBALS['ZTCompany']   = '1';
$GLOBALS['ZTName']        = $db_host.'-'.$db_name;
$GLOBALS['ZTDBName']      = $db_name;
/**
*网络订单前台收银配置 及 OPENSHOP的vip对接
*/
$web             = 0;//是否启用
$GLOBALS['opvip']  = 0;//是否使用线上使用线下vip 1:启用 0:关闭
$OP['url']       = 'http://192.168.175.79:8012/?app_act=API/';
$OP['api_name']  = 'api_user';
$OP['api_key']   = '1315922587';
$OP['api_token'] = 'a8d3bbc5cf84f91d39c4bd054a67c642';
/**
 * 短信发送对接系统[暂时放置这里,可考虑增加系统参数]
 **/
$sendsys = 1; // 1.Isms短信平台   2.SQ_sms短息发送服务  3.移动短信接口平台(九牧王用)
/**
 *
 * 发生短信配置
 */
$start_msg = 1;
$sendConf['IP']   = '192.168.175.55';
$sendConf['PORT'] = '9011';
/**
 * 发送彩信服务配置  或  SQ_SMS 短信发送服务配置
 */
$sendConf['smsurl'] = "http://192.168.158.151:8888/sms/"; //服务[注:用于SQ_SMS短息发送或Isms的彩信发送] 去掉发送短信调用的方法具体逻辑在PHP中实现
$sendConf['ipos_key'] = 'BS01_ps_6_vCreyExVWK_243'; //产品锁[注:用于SQ_SMS]
$sendConf['ipos_secret'] = '47a41eedc41ee6257740983105003346'; //密钥[注:用于SQ_SMS]
$sendConf['sms_sub_account_id'] = '255'; //子帐号[注:用于SQ_SMS]
$sendConf['app_version'] = '2'; //版本号[注:用于SQ_SMS]
/*
 * 上传图片服务器ip和存放的路径
 */
$GLOBALS['uploadServer'] = ''; //图片服务器,待开发
$GLOBALS['uploadPath']   = '../uploads/'; //文件路径,事先创建并可写
$GLOBALS['upload_max_filesize'] = '1048576'; //同时修改php.ini的upload_max_filesize值
/***********************************erp图片服务器地址设置,用于erp图片下载***********/
$GLOBALS['erp_tp_down'] = 0;//是否开启图片下载
$GLOBALS['erp_tp_ip']   = "192.168.175.250";//服务器IP
$GLOBALS['erp_tp_port'] = "3030";//服务器端口
/**
 * 定义出错处理
 */
define('SYS_LOG_ALL',	 	0);
define('SYS_LOG_NOTICE', 	1);
define('SYS_LOG_WARNING', 	2);
define('SYS_LOG_ERROR', 	3);
define('SYS_LANG',	 	'zh_cn');
define('OS_CHARSET','utf-8');
define('MAX_CONTROLLER',50);
define('SYS_LOG_LEVEL', 2);//0 all, 1: notice, 2: warning, 3: error
/**
 * ERP数据库配置
 */
$erp_config = array(
			'db_server'=>'10.7.9.201',
			'db_name'=>'qpl',//iPOS_Business1213',
			'db_user'=>'ipos_user',
			'db_pass'=>'zyiposO0O0202'
		);
/**
 * BStyle数据库配置
 */
$erp_tyle = array(
			'db_server'=>'192.168.176.160',
			'db_name'=>'yq_bstyle_bus',//iPOS_Business1213',
			'db_user'=>'sa',
			'db_pass'=>'baison'
		);
//启用总部的机器注册控制
$GLOBALS['manage_register'] = 0;
/**
 * BStyle_new接口配置
 */
$bsConf['url'] = "http://192.168.147.43:4321/bapweb/api/"; //BStyle_new配置地址
$bsConf['key'] = 'IPOSAPI'; //产品锁[注:用于BStyle_new]
$bsConf['secret'] = '612dc980b56a3ca6092c9738c18339f5'; //密钥[注:用于BStyle_new]
$bsConf['dbcode'] = 'DEV'; //[注:用于BStyle_new]
$bsConf['version'] = '1.0'; //版本号[注:用于BStyle_new]
$bsConf['name']    = 'xp.hua';
$bsConf['password']= 'test';


5.png


-- ----------------------------
-- Table structure for `admin_user`
-- ----------------------------
CREATE TABLE `admin_user` (
  `user_id` smallint(5) NOT NULL AUTO_INCREMENT,
  `user_code` varchar(20) NOT NULL DEFAULT '',
  `user_name` varchar(50) NOT NULL DEFAULT '',
  `user_name2` varchar(30) DEFAULT NULL,
  `password` varchar(50) NOT NULL DEFAULT '',
  `xb` smallint(6) NOT NULL DEFAULT '0',
  `email` varchar(255) NOT NULL DEFAULT '',
  `add_time` int(11) DEFAULT NULL,
  `last_login` int(11) DEFAULT NULL,
  `last_ip` varchar(50) NOT NULL DEFAULT '',
  `action_list` text,
  `lang_type` varchar(50) NOT NULL DEFAULT '',
  `dp_id` int(11) DEFAULT '0',
  `sd_id` int(11) DEFAULT '0',
  `is_admin` tinyint(3) DEFAULT '0',
  `favorites_menu` varchar(50) DEFAULT NULL,
  PRIMARY KEY (`user_id`)
) ENGINE=InnoDB AUTO_INCREMENT=43 DEFAULT CHARSET=utf8 AVG_ROW_LENGTH=1170;
-- ----------------------------
-- Records of admin_user
-- ----------------------------
INSERT INTO `admin_user` VALUES ('1', '000', 'admin', '系统管理员', 'cf79ae6addba60ad018347359bd144d2', '0', 'admin', null, '1294443989', '0.0.0.0', 'all', '', '-1', '3', '0', null);
INSERT INTO `admin_user` VALUES ('10', 'hjf', 'hjf', '锦凤', 'ad1485cab68667d54af96dd1aa597e0e', '0', '', null, '1286825380', '192.168.1.3', '', '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('11', 'hj', 'hj', '佳', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286835386', '192.168.1.136', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('12', 'lyw', 'lyw', '亚文', 'b59c67bf196a4758191e42f76670ceba', '0', '', null, '1286834148', '192.168.1.12', '', '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('13', 'hyh', 'hyh', '元华', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1282457134', '192.168.1.22', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('14', 'zhuangxueying', 'zhuangxueying', '学英', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286437463', '192.168.1.15', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('28', 'ck_lyr', 'ck_lyr', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286831461', '59.56.254.106', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('29', 'ck_clp', 'ck_clp', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286728853', '59.56.254.106', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('30', 'ck_lxl', 'ck_lxl', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286833630', '59.56.254.106', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('31', 'ck_lcq', 'ck_lcq', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, null, '', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('32', 'ck_hlm', 'ck_hlm', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286831562', '59.56.254.106', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('33', 'gzl', 'gzl', '志兰', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286835018', '192.168.1.13', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('34', 'zfxdd', 'zfxdd', '下载分销订单', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286833384', '192.168.1.134', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('35', 'zzydd', 'zzydd', '下载直营订单', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286838667', '192.168.1.22', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('37', 'ttt', 'ttt', '测试用户', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1283885559', '192.168.1.126', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('38', 'shirley', 'shirley', '志红', 'ac45069e1398f2115abb1f581e86eb4c', '0', '', null, '1285999022', '120.34.66.115', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('39', 'wxh', 'wxh', '小花', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286784647', '192.168.1.9', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('40', 'wmg', 'wmg', '总', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1281145367', '192.168.1.126', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('41', 'wln', 'wln', '丽娜', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286782907', '192.168.1.7', null, '', '0', '0', '0', null);

漏洞证明:

http://ipos.septwolves.com/

1.png


2.png


3.jpg


4.png


<?php
/**
 * ipos配置文件
 */
// ipos mysql 数据库配置
$db_server = "mysql";
$db_host   = "10.7.78.10";
$db_name   = "ipos";
$db_user   = "ipos2";
$db_pass   = "ipos!@#QAZ";
/*
 * 调试模式,开启后会在logs下生成执行过的sql语句的日志,生产环境会产生大量日志,降低系统性能,不建议长时间开启
 */
define('DEBUG_MODE', 0);//调试模式,0不开启,1开启
//ipos_mysql 读写分离配置
$GLOBALS['dxfl'] = 0;//是否开启读写分离(0为未开启,1为开启)
//读写分离(读)服务器配置
$read_db_cfg  = array('dbhost'=>'10.7.78.12','dbuser'=>'iposcx','dbname'=>'ipos','dbpw'=>'iposcx@123',);
$GLOBALS['fkfb'] = 0;//是否开启分库分表(0为未开启,1为开启)
$GLOBALS['aliyun_qtsy'] = 0;//是否开启阿里云收银模式(云上仅收银)默认0关闭,1云下系统,2云系统
$GLOBALS['local_urls'] = 'http://localhost/ipos';//阿里云收银模式(2云系统)时有效
$GLOBALS['aliyun_node_number'] = 0;//阿里云节点数,即切分库数(开启分库分表和阿里云收银模式(2云系统)时此参数才生效)
$GLOBALS['aliyun_data_days'] = 0;//阿里云数据有效天数配置,阿里云收银模式(2云系统)时此参数才生效,0为永
$GLOBALS['o2o']=1;	//	O2O 开启 
$prefix                 = "";
$timezone               = "Asia/Shanghai";
$cookie_path            = "/";
$cookie_domain          = "";
$admin_dir              = "admin";
$session                = "1440";
$filesync_host          = "http://localhost/sources";
$GLOBALS['manage_tpl']  = 'web/templates/manage';	//	manger 模版路径
$GLOBALS['shop_tpl']    = 'web/templates/shop';		//	shop 模版路径
$GLOBALS['public_tpl']  = 'web/templates';			//	公共 模版路径
$GLOBALS['cfg_session_time']   = '864000';//	session 时间
$GLOBALS['cfg_session_domain'] = '';//	作用域
$GLOBALS['cfg_apache_port']     =  80;//	apache_port(端口号)
$GLOBALS['cfg_mem_on']          = '0';//	memcache 开启 1 关闭 0
$GLOBALS['cfg_memcache_host']   = 'localhost';//	mem memcache_host
$GLOBALS['cfg_memcache_port']   = '11211';//	memcache_port
$GLOBALS['MEMCACHE_COMPRESSED'] = 'MEMCACHE_COMPRESSED';
/**
 * 多库位配置参数
 */
$GLOBALS['dkw']     = '1'; //默认情况下为0,即不启用多库位,为1时才是启用多库位
$GLOBALS['MAC'] = 0;//终端注册时只检测MAC地址(0为未开启,1为开启)
/**
 * 商品规格配置参数
 */
$GLOBALS['ggpz'] = '0'; //0-不启用规格配置,1-正向规格配置,2-负项规格配置
/**
*帐套数据
*/
$GLOBALS['licenseServer'] = '10.7.9.24';
$GLOBALS['LicensePort']   = '2018';
//$GLOBALS['ZTCompany']   = '1';
$GLOBALS['ZTName']        = $db_host.'-'.$db_name;
$GLOBALS['ZTDBName']      = $db_name;
/**
*网络订单前台收银配置 及 OPENSHOP的vip对接
*/
$web             = 0;//是否启用
$GLOBALS['opvip']  = 0;//是否使用线上使用线下vip 1:启用 0:关闭
$OP['url']       = 'http://192.168.175.79:8012/?app_act=API/';
$OP['api_name']  = 'api_user';
$OP['api_key']   = '1315922587';
$OP['api_token'] = 'a8d3bbc5cf84f91d39c4bd054a67c642';
/**
 * 短信发送对接系统[暂时放置这里,可考虑增加系统参数]
 **/
$sendsys = 1; // 1.Isms短信平台   2.SQ_sms短息发送服务  3.移动短信接口平台(九牧王用)
/**
 *
 * 发生短信配置
 */
$start_msg = 1;
$sendConf['IP']   = '192.168.175.55';
$sendConf['PORT'] = '9011';
/**
 * 发送彩信服务配置  或  SQ_SMS 短信发送服务配置
 */
$sendConf['smsurl'] = "http://192.168.158.151:8888/sms/"; //服务[注:用于SQ_SMS短息发送或Isms的彩信发送] 去掉发送短信调用的方法具体逻辑在PHP中实现
$sendConf['ipos_key'] = 'BS01_ps_6_vCreyExVWK_243'; //产品锁[注:用于SQ_SMS]
$sendConf['ipos_secret'] = '47a41eedc41ee6257740983105003346'; //密钥[注:用于SQ_SMS]
$sendConf['sms_sub_account_id'] = '255'; //子帐号[注:用于SQ_SMS]
$sendConf['app_version'] = '2'; //版本号[注:用于SQ_SMS]
/*
 * 上传图片服务器ip和存放的路径
 */
$GLOBALS['uploadServer'] = ''; //图片服务器,待开发
$GLOBALS['uploadPath']   = '../uploads/'; //文件路径,事先创建并可写
$GLOBALS['upload_max_filesize'] = '1048576'; //同时修改php.ini的upload_max_filesize值
/***********************************erp图片服务器地址设置,用于erp图片下载***********/
$GLOBALS['erp_tp_down'] = 0;//是否开启图片下载
$GLOBALS['erp_tp_ip']   = "192.168.175.250";//服务器IP
$GLOBALS['erp_tp_port'] = "3030";//服务器端口
/**
 * 定义出错处理
 */
define('SYS_LOG_ALL',	 	0);
define('SYS_LOG_NOTICE', 	1);
define('SYS_LOG_WARNING', 	2);
define('SYS_LOG_ERROR', 	3);
define('SYS_LANG',	 	'zh_cn');
define('OS_CHARSET','utf-8');
define('MAX_CONTROLLER',50);
define('SYS_LOG_LEVEL', 2);//0 all, 1: notice, 2: warning, 3: error
/**
 * ERP数据库配置
 */
$erp_config = array(
			'db_server'=>'10.7.9.201',
			'db_name'=>'qpl',//iPOS_Business1213',
			'db_user'=>'ipos_user',
			'db_pass'=>'zyiposO0O0202'
		);
/**
 * BStyle数据库配置
 */
$erp_tyle = array(
			'db_server'=>'192.168.176.160',
			'db_name'=>'yq_bstyle_bus',//iPOS_Business1213',
			'db_user'=>'sa',
			'db_pass'=>'baison'
		);
//启用总部的机器注册控制
$GLOBALS['manage_register'] = 0;
/**
 * BStyle_new接口配置
 */
$bsConf['url'] = "http://192.168.147.43:4321/bapweb/api/"; //BStyle_new配置地址
$bsConf['key'] = 'IPOSAPI'; //产品锁[注:用于BStyle_new]
$bsConf['secret'] = '612dc980b56a3ca6092c9738c18339f5'; //密钥[注:用于BStyle_new]
$bsConf['dbcode'] = 'DEV'; //[注:用于BStyle_new]
$bsConf['version'] = '1.0'; //版本号[注:用于BStyle_new]
$bsConf['name']    = 'xp.hua';
$bsConf['password']= 'test';


5.png


-- ----------------------------
-- Table structure for `admin_user`
-- ----------------------------
CREATE TABLE `admin_user` (
  `user_id` smallint(5) NOT NULL AUTO_INCREMENT,
  `user_code` varchar(20) NOT NULL DEFAULT '',
  `user_name` varchar(50) NOT NULL DEFAULT '',
  `user_name2` varchar(30) DEFAULT NULL,
  `password` varchar(50) NOT NULL DEFAULT '',
  `xb` smallint(6) NOT NULL DEFAULT '0',
  `email` varchar(255) NOT NULL DEFAULT '',
  `add_time` int(11) DEFAULT NULL,
  `last_login` int(11) DEFAULT NULL,
  `last_ip` varchar(50) NOT NULL DEFAULT '',
  `action_list` text,
  `lang_type` varchar(50) NOT NULL DEFAULT '',
  `dp_id` int(11) DEFAULT '0',
  `sd_id` int(11) DEFAULT '0',
  `is_admin` tinyint(3) DEFAULT '0',
  `favorites_menu` varchar(50) DEFAULT NULL,
  PRIMARY KEY (`user_id`)
) ENGINE=InnoDB AUTO_INCREMENT=43 DEFAULT CHARSET=utf8 AVG_ROW_LENGTH=1170;
-- ----------------------------
-- Records of admin_user
-- ----------------------------
INSERT INTO `admin_user` VALUES ('1', '000', 'admin', '系统管理员', 'cf79ae6addba60ad018347359bd144d2', '0', 'admin', null, '1294443989', '0.0.0.0', 'all', '', '-1', '3', '0', null);
INSERT INTO `admin_user` VALUES ('10', 'hjf', 'hjf', '锦凤', 'ad1485cab68667d54af96dd1aa597e0e', '0', '', null, '1286825380', '192.168.1.3', '', '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('11', 'hj', 'hj', '佳', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286835386', '192.168.1.136', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('12', 'lyw', 'lyw', '亚文', 'b59c67bf196a4758191e42f76670ceba', '0', '', null, '1286834148', '192.168.1.12', '', '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('13', 'hyh', 'hyh', '元华', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1282457134', '192.168.1.22', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('14', 'zhuangxueying', 'zhuangxueying', '学英', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286437463', '192.168.1.15', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('28', 'ck_lyr', 'ck_lyr', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286831461', '59.56.254.106', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('29', 'ck_clp', 'ck_clp', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286728853', '59.56.254.106', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('30', 'ck_lxl', 'ck_lxl', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286833630', '59.56.254.106', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('31', 'ck_lcq', 'ck_lcq', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, null, '', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('32', 'ck_hlm', 'ck_hlm', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286831562', '59.56.254.106', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('33', 'gzl', 'gzl', '志兰', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286835018', '192.168.1.13', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('34', 'zfxdd', 'zfxdd', '下载分销订单', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286833384', '192.168.1.134', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('35', 'zzydd', 'zzydd', '下载直营订单', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286838667', '192.168.1.22', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('37', 'ttt', 'ttt', '测试用户', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1283885559', '192.168.1.126', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('38', 'shirley', 'shirley', '志红', 'ac45069e1398f2115abb1f581e86eb4c', '0', '', null, '1285999022', '120.34.66.115', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('39', 'wxh', 'wxh', '小花', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286784647', '192.168.1.9', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('40', 'wmg', 'wmg', '总', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1281145367', '192.168.1.126', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('41', 'wln', 'wln', '丽娜', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286782907', '192.168.1.7', null, '', '0', '0', '0', null);

修复方案:

俺小白不懂

版权声明:转载请注明来源 susp@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝