当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-095422

漏洞标题:YOHO!有货某站SVN配置不挡(泄露大量数据库密码)

相关厂商:YOHO!有货

漏洞作者: 牛肉包子

提交时间:2015-02-03 15:40

修复时间:2015-02-08 15:42

公开时间:2015-02-08 15:42

漏洞类型:重要敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-02-03: 细节已通知厂商并且等待厂商处理中
2015-02-08: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

新厂商

详细说明:

随便一扫,就发现个泄露

http://upload.yohobuy.com/.svn/entries


QQ截图20150203145243.png


漏洞证明:

通过上面的脚本,进入了缓存管理。看到了大量数据库密码泄露

QQ截图20150203151724.png


QQ截图20150203151736.png


ArrayObject::__set_state(array(
   'config' => 
  __PHP_Incomplete_Class::__set_state(array(
     '__PHP_Incomplete_Class_Name' => 'Zend_Config_Ini',
     '_nestSeparator' => '.',
     '_sectionSeparator' => ':',
     '_skipExtends' => false,
     '_allowModifications' => false,
     '_index' => 0,
     '_count' => 27,
     '_data' => 
    array (
      'q_pay' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_orders',
          'password' => 'yh***********1234',
          'writers' => '192.168.100.213:3306',
          'readers' => '192.168.100.213:3306,192.168.100.214:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_shops' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_shops',
          'password' => 'yh***********1234',
          'writers' => '192.168.100.215:3306',
          'readers' => '192.168.100.215:3306,192.168.100.216:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_inbox' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yoho_passport',
          'password' => 'yoho***********1234',
          'writers' => '192.168.100.211:3306',
          'readers' => '192.168.100.212:3306,192.168.100.211:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_comments' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_cms',
          'password' => 'yh***********234',
          'writers' => '192.168.100.203:3306',
          'readers' => '192.168.100.204:3306,192.168.100.203:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_lottery' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_cms',
          'password' => 'yh***********34',
          'writers' => '192.168.100.203:3306',
          'readers' => '192.168.100.204:3306,192.168.100.203:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_orders' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_orders',
          'password' => 'yh***********34',
          'writers' => '192.168.100.213:3306',
          'readers' => '192.168.100.213:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_logistics' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_orders',
          'password' => 'yh***********234',
          'writers' => '192.168.100.213:3306',
          'readers' => '192.168.100.213:3306,192.168.100.214:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_passport' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yoho_passport',
          'password' => 'y***********34',
          'writers' => '192.168.100.211:3306',
          'readers' => '192.168.100.212:3306,192.168.100.211:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yoho_passport' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yoho_passport',
          'password' => 'yo***********234',
          'writers' => '192.168.100.211:3306',
          'readers' => '192.168.100.212:3306,192.168.100.211:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_cms' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_cms',
          'password' => 'y***********34',
          'writers' => '192.168.100.203:3306',
          'readers' => '192.168.100.203:3306,192.168.100.204:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_apps' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_cms',
          'password' => 'y***********234',
          'writers' => '192.168.100.203:3306',
          'readers' => '192.168.100.203:3306,192.168.100.204:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_operations' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_cms',
          'password' => 'y***********34',
          'writers' => '192.168.100.203:3306',
          'readers' => '192.168.100.203:3306,192.168.100.204:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'q_msg_system' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yoho_passport',
          'password' => 'y***********234',
          'writers' => '192.168.100.211:3306',
          'readers' => '192.168.100.211:3306,192.168.100.212:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_stat' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_cms',
          'password' => 'yh***********34',
          'writers' => '192.168.100.203:3306',
          'readers' => '192.168.100.203:3306,192.168.100.204:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_unions' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_cms',
          'password' => 'yh***********34',
          'writers' => '192.168.100.203:3306',
          'readers' => '192.168.100.203:3306,192.168.100.204:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_subscribe' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_cms',
          'password' => 'y***********34',
          'writers' => '192.168.100.203:3306',
          'readers' => '192.168.100.203:3306,192.168.100.204:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_mobile' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_cms',
          'password' => 'y***********234',
          'writers' => '192.168.100.203:3306',
          'readers' => '192.168.100.203:3306,192.168.100.204:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yhb_promotion' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_orders',
          'password' => 'y***********234',
          'writers' => '192.168.100.213:3306',
          'readers' => '192.168.100.213:3306,192.168.100.214:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_gallery' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_cms',
          'password' => 'yh***********4',
          'writers' => '192.168.100.203:3306',
          'readers' => '192.168.100.203:3306,192.168.100.204:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'erp_orders' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'erp_root',
          'password' => '***********',
          'writers' => '192.168.200.204:3306',
          'readers' => '192.168.200.204:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_search' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_cms',
          'password' => 'y***********',
          'writers' => '192.168.100.203:3306',
          'readers' => '192.168.100.203:3306,192.168.100.204:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_coupons' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_orders',
          'password' => 'y***********',
          'writers' => '192.168.100.213:3306',
          'readers' => '192.168.100.213:3306,192.168.100.214:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yoho_sms' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yoho_passport',
          'password' => 'y***********4',
          'writers' => '192.168.100.211:3306',
          'readers' => '192.168.100.211:3306,192.168.100.212:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_setting' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_cms',
          'password' => 'y***********',
          'writers' => '192.168.100.203:3306',
          'readers' => '192.168.100.203:3306,192.168.100.204:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_comment' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_cms',
          'password' => 'yh***********',
          'writers' => '192.168.100.203:3306',
          'readers' => '192.168.100.203:3306,192.168.100.204:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yh_special' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_cms',
          'password' => 'yh_***********34',
          'writers' => '192.168.100.203:3306',
          'readers' => '192.168.100.203:3306,192.168.100.204:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
      'yohood' => 
      __PHP_Incomplete_Class::__set_state(array(
         '__PHP_Incomplete_Class_Name' => 'Zend_Config',
         '_allowModifications' => false,
         '_index' => 0,
         '_count' => 4,
         '_data' => 
        array (
          'username' => 'yh_orders',
          'password' => 'yh_***********1234',
          'writers' => '192.168.100.213:3306',
          'readers' => '192.168.100.213:3306,192.168.100.214:3306',
        ),
         '_skipNextIteration' => NULL,
         '_loadedSection' => NULL,
         '_extends' => 
        array (
        ),
         '_loadFileErrorStr' => NULL,
      )),
    ),
     '_skipNextIteration' => NULL,
     '_loadedSection' => 
    array (
      0 => 'mysql',
    ),
     '_extends' => 
    array (
    ),
     '_loadFileErrorStr' => NULL,
  )),
   'lastModified' => 1422943823,
))

修复方案:

运维应该懂吧

版权声明:转载请注明来源 牛肉包子@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-02-08 15:42

厂商回复:

最新状态:

暂无