当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0131321

漏洞标题:淘世界Git项目代码泄露(二)

相关厂商:爱美主义

漏洞作者: Feei

提交时间:2015-08-03 16:25

修复时间:2015-09-17 16:38

公开时间:2015-09-17 16:38

漏洞类型:重要敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-03: 细节已通知厂商并且等待厂商处理中
2015-08-03: 厂商已经确认,细节仅向厂商公开
2015-08-13: 细节向核心白帽子及相关领域专家公开
2015-08-23: 细节向普通白帽子公开
2015-09-02: 细节向实习白帽子公开
2015-09-17: 细节向公众公开

简要描述:

Gitlab项目代码泄露,包含主DB账号密码等

详细说明:

ROOT
http://gitlab.aimeizhuyi.com/zhaoming/search_build_index/blob/master/src/config/config.php
ONLINE
http://gitlab.aimeizhuyi.com/zhaoming/search_build_index/blob/master/src/config.online/config.php

漏洞证明:

mask 区域 
*****T
*****
*****=> '*****
*****gt; 'ai*****
**********
*****IN*****
*****gt; 'ai*****
*****gt; 'ai*****


mysql> show tables;
+--------------------------+
| Tables_in_aimeizhuyi |
+--------------------------+
| abnormal_log |
| abnormal_reply |
| action |
| activity |
| activity727_guaguaka |
| activity727_product |
| activity_detail |
| addr_id_card |
| admin |
| admin_group |
| app_config |
| article |
| buyer |
| buyer_account |
| buyer_count |
| buyer_ip |
| buyer_note |
| buyer_notification |
| buyer_opinion |
| buyer_pic |
| buyer_potential |
| buyer_rank |
| buyer_recommond |
| buyer_source |
| buyer_statistic |
| buyer_withdraw |
| category |
| comment |
| comment_black |
| coupon |
| coupon_expire |
| coupon_group |
| coupon_log |
| cron_onshelf |
| delivery_abroad |
| easemob_activity_msg |
| easemob_anonymous |
| easemob_friend |
| easemob_logistics_msg |
| easemob_msg |
| easemob_notify_msg |
| easemob_order_msg |
| easemob_supplement |
| event626_country |
| event626_coupon_record |
| event626_jigsaw_record |
| event626_jigsaw_stock |
| event626_like |
| event626_lottery_item |
| event626_lottery_quota |
| event626_lottery_record |
| event626_stock |
| express_company |
| express_print |
| favor |
| feedback |
| group |
| group_permission |
| hot_brand |
| hot_keyword |
| hot_keyword_list |
| index_new |
| live |
| live_apply |
| live_flow |
| live_forenotice |
| live_log |
| live_stock |
| logistic |
| logistic_overseas_log |
| logistic_tracking |
| notification |
| op_position |
| op_position_detail |
| op_position_detail_snap |
| op_position_snap |
| operator_log |
| order |
| order_addr_log |
| order_grades |
| order_log |
| order_note |
| order_share |
| order_share_like |
| own_buyer |
| pack |
| pack_confirm_log |
| pay_order |
| payment |
| permission |
| pop |
| promote_channel |
| public_notification |
| role_permission |
| securecode |
| send_pack_supplement |
| settlement |
| settlement_account |
| settlement_ignore_buyer |
| settlement_list |
| sms_queue |
| state_rank |
| stock |
| stock_activity_snapshoot |
| stock_amount |
| stock_book |
| stock_brand |
| stock_cate_supplement |
| stock_category |
| stock_comment |
| stock_feedback |
| stock_grade |
| stock_hidden |
| stock_like |
| stock_log |
| storage |
| store_order |
| system_log |
| t_day_order_by_stockid |
| tags |
| tags_item |
| talk |
| task_push |
| template |
| topic |
| trade_cart |
| trade_rate |
| trademsg_queue |
| user |
| user_addr |
| user_advice |
| user_refund |
| user_reminder |
| user_token |
| user_vip |
| userpoint_log |
| wait_refund |
| wapfaver |
| weight_hot_keyword |
+--------------------------+
139 rows in set (0.00 sec)
主DB库,所有订单、用户表都在里面。20rank!

修复方案:

- 不要使用Public仓库
- 限制Mysql Client IP白名单

版权声明:转载请注明来源 Feei@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-08-03 16:36

厂商回复:

感谢Feei,我们的疏忽。

最新状态:

2015-08-03:请问Feei,你是从哪台机器连接的mysql服务器。谢谢。 我们会尽快修复此问题,谢谢。

2015-08-03:请问Feei,你是从哪台机器连接的mysql服务器。谢谢。 我们会尽快修复此问题,谢谢。