当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-094171

漏洞标题:百度某站源码泄露

相关厂商:百度

漏洞作者: 路人N

提交时间:2015-01-27 16:01

修复时间:2015-03-13 16:02

公开时间:2015-03-13 16:02

漏洞类型:重要敏感信息泄露

危害等级:低

自评Rank:1

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-01-27: 细节已通知厂商并且等待厂商处理中
2015-01-27: 厂商已经确认,细节仅向厂商公开
2015-02-06: 细节向核心白帽子及相关领域专家公开
2015-02-16: 细节向普通白帽子公开
2015-02-26: 细节向实习白帽子公开
2015-03-13: 细节向公众公开

简要描述:

详细说明:

http://119.75.219.41/s
http://rw.baidu.com/

<?php
require_once(__DIR__.'/auth/Auth.php');
var_dump(class_exists('Auth'));
$domain = 'http://dbl-bigdata-jeep01.dbl01.baidu.com:8886';
$url = $domain . '/v1/email';
$postData = array('mail' => array(
    'source' => array(
        'from' => 'crowdtest_auto@baidu.com'
    ),
    'destination' => array(
        'to_addr' => array(
            'addr' => 'guxinbiao@baidu.com'
        )
    )
),
'subject' => array(
    'data' => 'test'
),
'message' => array(
    'data' => 'ajajajaj'
),
);
//$auth = new Auth('468e74e1f1a04ca18c9ee9f8b8618816', '600f9ee05fda492ca3988e453bc70d4f');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$data = curl_exec($ch);
var_dump($data);


<?php
/*
 * Copyright (c) 2014 Baidu.com, Inc. All Rights Reserved
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */
namespace baidubce\sms\samples;
use baidubce\sms\SmsClient;
require_once(__DIR__ . '/../util/AutoLoader.php'); 
require_once(__DIR__ . '/../SmsConfig.php');
/*
We assume that you have correctly configured the basic parameters.
Please check file \baidubce\sms\SmsConfig.php first, be sure properly
defined follow const value:
		define ( 'SMS_AK', 'your ak' );
		define ( 'SMS_SK', 'your sk' );
		define ( 'SMS_HOST', 'the sms host' );
		define ( 'SMS_PORT', 'the sms port' );
		define ('SMS_DEBUG_MODE', true);
		define ( 'SMS_API_VERSION', 'v1' ); 
*/ 
// we use default configure here(defined in SmsConfigure.php).
$client = SmsClient::getInstance();
//1. create a SMS template
$now = time();
$templateName = 'tpl_' . $now;    // template name can not be more than 32 characters in length
$templateContent = 'this is content for ${TEMPLATE_NAME}, now time is ${CURRENT_TIME}';  // the ${...} string will be replaced later
$response = $client->templateCreate('tpl_' . time(), $templateContent);
$templateId = $response->getTemplateId();
echo "we create a SMS template, the templateId=${templateId}.\n";
//2. set SMS tempalte status to VALID
$response = $client->templateUpdate($templateId, null, null, SmsClient::TEMPLATE_STATUS_VALID);
echo "we set $templateId status to " . SmsClient::TEMPLATE_STATUS_VALID . ".\n";
//3. send message use tempalte
$receiverList = array('13000000000', '13000000001');
$contentVarMap = array('TEMPLATE_NAME'=>$templateName, 'CURRENT_TIME'=>$now);
$response = $client->messageSend($templateId, $receiverList, $contentVarMap);
echo "we send message to '" . implode(',', $receiverList) . "',\n";
echo "    send count: " . $response->getSendCount() . "\n";
echo "    success count: " . $response->getSuccessCount() . "\n";
echo "    fail list: " . json_encode($response->getFailList()) . "\n";
?>

漏洞证明:

ttt.png

修复方案:

版权声明:转载请注明来源 路人N@乌云

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-01-27 19:48

厂商回复:

感谢提交,已通知业务部门处理

最新状态:

暂无