中搜某多个站点源码泄漏(数据库配置等敏感信息泄露泄漏)

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0128845

漏洞标题：中搜某多个站点源码泄漏(数据库配置等敏感信息泄露泄漏)

漏洞作者： Expl0r3r

提交时间：2015-07-28 14:13

修复时间：2015-09-11 14:14

公开时间：2015-09-11 14:14

漏洞类型：重要敏感信息泄露

危害等级：高

自评Rank：15

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-07-28：积极联系厂商并且等待厂商认领中，细节不对外公开
2015-09-11：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

RT. wb<5不能进入zone

详细说明：

1.m.zhongsou.com这么重要的站点
m.zhongsou.com/.svn/entries 存在svn源码泄漏

数据库配置文件：

整整10个数据库

源码打包，数据字典等
呵呵，这安全做的
2.http://un.zhongsou.com/.svn/entries 存在SVN源代码泄露

数据库配置文件：

又是四个数据库

var $default = array(
		'driver' => 'mysql',
		'persistent' => false,
		'host' => '103.29.135.94',
		'login' => 'hemser',
		'password' => 'heM&$Er',
		'database' => 'ad_second',
		'prefix' => 'adt_',
		'encoding' => 'utf8',
	);
	
	var $adt_buss = array(
		'driver' => 'mssql',
		'persistent' => false,
		'host' => '192.168.10.83',
		'login' => 'searchsort',
		'password' => 'test',
		'database' => 'SearchSortFinal2',
		'prefix' => '',
		//'encoding' => 'utf8',
	);
	var $ad_union = array(
		'driver' => 'mysql',
		'persistent' => false,
		'host' => '103.29.135.94',
		'login' => 'hemser',
		'password' => 'heM&$Er',
		'database' => 'ad_union',
		'prefix' => 'adt_',
		'encoding' => 'utf8',
	);
	var $cma_db = array(
			'driver' => 'mysql',
			'persistent' => false,
			'host' => '103.29.134.124',
			'login' => 'd3ser',
			'password' => 'd3ser',
			'database' => 'cma',
			'prefix' => 'cma_',
			'encoding' => 'utf8',

漏洞证明：

3.http://adm.zhongsou.com/.svn/entries 存在SVN源代码泄露

数据库配置信息：

整整8个数据库

var $default1 = array(
		'driver' => 'mysql',
		'persistent' => false,
		'host' => '192.168.33.128',
		'login' => 'root',
		'password' => '',
		'database' => 'adt_users',
		'prefix' => 'adt_',
		'encoding' => 'utf8',
	);
	var $default = array(
		'driver' => 'mysql',
		'persistent' => false,
		'host' => '61.135.210.37',
		'login' => 'ader',
		'password' => 'D3MAdSG(^37&3',
		'database' => 'ad_second',
		'prefix' => 'adt_',
		'encoding' => 'utf8',
	);
	
	var $adt_user = array(
		'driver' => 'mysql',
		'persistent' => false,
		'host' => '192.168.33.246',
		'login' => 'root',
		'password' => '',
		'database' => 'adt_users',
		'prefix' => 'adt_',
		'encoding' => 'utf8',
	);
	var $adt_buss = array(
		'driver' => 'mssql',
		'persistent' => false,
		'host' => '61.135.210.140',
		'login' => 'searchsort',
		'password' => 'ZS@#searchsort',
		'database' => 'SearchSortFinal',
		'prefix' => '',
		//'encoding' => 'utf8',
	);
    var $hems = array(
		'driver' => 'mysql',
		'persistent' => false,
		'host' => '202.108.1.19',
		'login' => 'hems_on',
		'password' => 'hecM20$E!@rOn',
		'database' => 'hems2_online',
		'prefix' => '',
        'encoding' => 'utf8',
	);
	var $hemsuser = array(
	        'driver' => 'mysql',
	        'persistent' => false,
	        'host' => '202.108.1.19',
	        'login' => 'hems_on',
	        'password' => 'hecM20$E!@rOn',
	        'database' => 'usercenter_online',
	        'prefix' => '',
	        'encoding' => 'utf8',
    	);
	var $cma = array(
        'driver' => 'mysql',
        'persistent' => false,
        'host' => '61.135.210.37',
        'login' => 'ader',
        'password' => 'D3MAdSG(^37&3',
        'database' => 'cma',
        'prefix' => '',
        'encoding' => 'utf8',
    );
/*
	var $adt_buss = array(
			'driver' => 'mssql',
			'persistent' => false,
			'host' => '192.168.10.83',
			'login' => 'searchsort',
			'password' => 'test',
			'database' => 'SearchSortFinal2',
			'prefix' => '',
			//'encoding' => 'utf8',