2015-12-19: 细节已通知厂商并且等待厂商处理中 2015-12-23: 厂商已经确认,细节仅向厂商公开 2016-01-02: 细节向核心白帽子及相关领域专家公开 2016-01-12: 细节向普通白帽子公开 2016-01-22: 细节向实习白帽子公开 2016-02-04: 细节向公众公开
前面已经提交了两个漏洞了哦,就第二次发了一次礼物!这次依旧求礼物!!这次依旧求礼物!!这次依旧求礼物!!这次依旧求礼物!!这次依旧求礼物!!
2016招聘网站:
http://campus.social-touch.com/http://campus.social-touch.com/campus.zip
如图:
随便贴一段信息,更多信息你自己心里清楚:
mail:pms@social-touch.comSQpms%^&it 'db'=>array( 'class' => 'CDbConnection', // 数据库连接类 'connectionString' => 'mysql:host=192.168.0.192;dbname=campus_app;port=3306', 'emulatePrepare' => true, 'username' => 'mosh', // 数据库用户 'password' => 'h@j*y$&$', // 数据库密码 'charset' => 'utf8', // 默认字符集 'tablePrefix' => '', // 表名前缀 'schemaCachingDuration'=>3600, // 缓存时间 ), 'default'=>array( 'class' => 'CDbConnection', // 数据库连接类 'connectionString' => 'mysql:host=192.168.0.192;dbname=campus_app;port=3306', 'emulatePrepare' => true, 'username' => 'mosh', // 数据库用户 'password' => 'h@j*y$&$', // 数据库密码 'charset' => 'utf8', // 默认字符集 'tablePrefix' => '', // 表名前缀 'schemaCachingDuration'=>3600, // 缓存时间 ), 'campus_app'=>array( 'class' => 'CDbConnection', // 数据库连接类 'connectionString' => 'mysql:host=192.168.0.192;dbname=campus_app;port=3306', 'emulatePrepare' => true, 'username' => 'mosh', // 数据库用户 'password' => 'h@j*y$&$', // 数据库密码 'charset' => 'utf8', // 默认字符集 'tablePrefix' => '', // 表名前缀 'schemaCachingDuration'=>3600, // 缓存时间 ), /** mssql数据库 */ 'mssqlDb'=>array( 'class' => 'CDbConnection', 'connectionString' => 'dblib:host=host;dbname=dbName', //'emulatePrepare' => false, 'username' => 'userName', 'password' => 'passWord', 'charset' => 'utf8', 'schemaCachingDuration'=>3600, ),
测试的都给你挖到了:
<?php$config = array ( 'basePath' => dirname(__FILE__).DIRECTORY_SEPARATOR.'..', 'name' => '时趣校招', 'preload' => array('log'), // 自动导入的类 'import' => array ( 'application.models.*', 'application.custom.models.*', 'application.components.*', 'application.custom.components.*', 'sa_ext.fun.*',a ), 'modules' => array ( // uncomment the following to enable the Gii tool 'gii' => array ( 'class' => 'system.gii.GiiModule', 'password' => 'password', 'ipFilters' => array ('192.168.5.106', '*'), 'generatorPaths'=> include(SA_SHIQUTECH.'/config/gii.php'), ), ), 'controllerMap'=> array ( 'kindeditor' => array ( 'class' => 'sa_ext.kindeditor.KindeditorController' ), ), //应用程序组件 'components' => array ( // 默认错误页 'errorHandler' => array ( 'errorAction' => 'site/error', ), 'user' => array ( 'class' => 'sa_ext.JCookieWebUser.JCookieWebUser', 'secretKey' => array ( 'default', 'default' ), 'authTimeout'=> 24 * 3600, ), 'badword'=>array( 'class'=>'sa_ext.badwordFilter.BadwordFilter', ), // 微博登陆 'weibo' => array ( 'class' => 'application.components.WeiboLogin', 'mustLogin' => true ), // 客户端读取 'mobile'=>array( 'class'=>"MobileDetect" ), // 页面模版 'widgetFactory' => array ( 'enableSkin' => true, 'skinPath' => SA_SHIQUTECH.'/views/adminSkins', ), // 临时模版配置 'assetManager' => array( 'class' => 'STAssetManager', 'basePath' => SA_APPLICATION.'/../static/admin/assets', 'baseUrl' => 'http://static.app.social-touch.com/admin/assets', ), 'clientScript'=>array( 'class' => 'CClientScript', 'coreScriptUrl' => 'http://static.app.social-touch.com/admin/assets/web-js-source' ), // 助手 'helper' => array ( 'class' => 'application.components.Helper', ), // 缓存配置 'cache' => array ( 'class' => 'system.caching.CFileCache', ), 'settings'=> array( 'class' => 'application.components.CmsSettings', 'cacheComponentId' => 'cache', 'cacheId' => 'global_website_settings', 'cacheTime' => 84000, 'tableName' => '{{settings}}', 'dbComponentId' => 'db', 'createTable' => true, 'dbEngine' => 'InnoDB', ), ), 'language' => 'zh_cn', 'charset' => 'UTF-8', 'defaultController' => 'home', // 扩展参数 调用方式:Yii::app()->params[key] 'params' => array ( ////////////// 配置区域 START ////////////// // [微博配置 V2.0] 'weibo' => array ( // 开关PC & WAP 'on-off-pc' => FALSE, 'on-off-wap' => FALSE, // 新浪微博APPkey 'wb_akey' => '3713829188', 'wb_skey' => 'bd518129d6505c4f667225cd3a97f7f8', 'sub_key' => '2962600716', // 微博地址 'weibo_url' => 'http://e.weibo.com/1762766261/app_2368147542', 'share_url' => 'http://#', 'short_url' => 'http://#', // 企业微博ID 'weibo_uid' => '2792360741',//'2643306394', 'app_signed' => '8s1LtsXP',//'5TtsXP', // 微博弹层授权回调页面 'redirect_uri' => 'http://xxx.app.social-touch.com/index.php?r=home', ), // [微信配置 V1.0] 'we_chat' => array ( // 开关 'on-off' => TRUE, // appid & appsecret 'app_id' => 'wxf7933dc80d9d33b2', 'app_secret' => 'b63b45eaecb35d87775d95d463bb90f7', // Auth2.0 回调地址 'redirect_uri' => 'http://gore-tex-dp.app.social-touch.com/index.php?r=home/authorize', // 自定义验证标识 'state' => 'customApp_GoreTex', 'valid_token' => '' ), // [优酷配置 V1.0] 'youku' => array ( 'youku_client_id' => '2de5869ee42dd525', 'youku_client_secret' => '2258c2dbea9417344311c539cda174fc', ), // [七牛配置 V1.0] // 调取图片方式,true七牛云,false mosh图片 'qbox_image' => TRUE, // 图片id前两位数字,根据项目定义数字 'qbox_image_code' => 10, // 七牛云图片bucket & url 'qbox_image_bucket' => 'customapp', // 七牛云域名后台设置 'qbox_image_url' => 'http://customapp.qiniudn.com', // [管理后台配置 V1.0] // 后台管理员微博ID 'admin_id' => array ( '1468638990', // 田龙哲 '3535437867', // 杨宏伟 '2855146840', // 杨宏伟 '3541622611', // 房皓阳 '2355672605', // '1829794471', // 鹏飞 '5216059095', //dongjie ), // 后台登陆密码 'admin_password' => 'hr5216059095', // [项目版本配置 V1.0] // 后台样式模版名称 'kendo_css' => 'default', // 众趣APPkey 'wb_zhongqu' => '2085793793', // 后台静态文件URL 'admin_static_url' => 'http://static.app.social-touch.com/admin', // 站点地址 'hostInfo' => 'http://campus.social-touch.com', // 静态文件URL //'static_url' => 'http://static.app.social-touch.com/campus', 'static_url' => 'http://campus.social-touch.com/static', // 静态文件URL 'version' => '2.2', ////////////// 配置区域 END ////////////// ),);@include_once(dirname(__FILE__).'/menuList.php');if (!empty($menuList)) { $config['params']['menuList'] = $menuList;} else { $config['params']['menuList'] = '';}if (strstr($_SERVER['SERVER_ADDR'], '211.151.70.') || strstr($_SERVER['SERVER_ADDR'], '127.0.0.')) { $database = @include_once(dirname(__FILE__).'/database-local.php');} else { $database = @include_once(dirname(__FILE__).'/database.php');}if (!empty($database)) { $config['components'] = @array_merge($config['components'], $database);}return $config;
我是来找京东卡的!我是来找京东卡的!我是来找京东卡的!我是来找京东卡的!我是来找京东卡的!我是来找京东卡的!我是来找京东卡的!
危害等级:中
漏洞Rank:7
确认时间:2015-12-23 13:48
谢谢
暂无