当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0191974

漏洞标题:顺丰优选某站源码泄露|银行证书|与支付平台的公钥私钥|CDN、QQ、WEIXIN接口KEY泄露

相关厂商:顺丰优选

漏洞作者: ADVERT

提交时间:2016-04-03 10:46

修复时间:2016-05-20 09:30

公开时间:2016-05-20 09:30

漏洞类型:网络敏感信息泄漏

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-04-03: 细节已通知厂商并且等待厂商处理中
2016-04-05: 厂商已经确认,细节仅向厂商公开
2016-04-15: 细节向核心白帽子及相关领域专家公开
2016-04-25: 细节向普通白帽子公开
2016-05-05: 细节向实习白帽子公开
2016-05-20: 细节向公众公开

简要描述:

内容吓尿我。

详细说明:

59.151.22.134

禁止访问了,可http://59.151.22.134/.svn/entries没设权限

http://59.151.22.134/i.php
Variable Value
_SERVER["USER"] nginx
_SERVER["HOME"] /home/nginx
_SERVER["FCGI_ROLE"] RESPONDER
_SERVER["SCRIPT_FILENAME"] /home/www/api2/i.php
_SERVER["QUERY_STRING"] no value
_SERVER["REQUEST_METHOD"] GET
_SERVER["CONTENT_TYPE"] no value
_SERVER["CONTENT_LENGTH"] no value
_SERVER["SCRIPT_NAME"] /i.php
_SERVER["REQUEST_URI"] /i.php
_SERVER["DOCUMENT_URI"] /i.php
_SERVER["DOCUMENT_ROOT"] /home/www/api2
_SERVER["SERVER_PROTOCOL"] HTTP/1.1
_SERVER["GATEWAY_INTERFACE"] CGI/1.1
_SERVER["SERVER_SOFTWARE"] nginx/1.0.0
_SERVER["REMOTE_ADDR"] 175.152.1.241
_SERVER["REMOTE_PORT"] 1122
_SERVER["SERVER_ADDR"] 10.102.36.171
_SERVER["SERVER_PORT"] 80
_SERVER["SERVER_NAME"] api2.t.com
_SERVER["WWW_URL"] http://www.t.com
_SERVER["HOME_URL"] http://home.t.com
_SERVER["PASSPORT_URL"] http://passport.t.com
_SERVER["CAS_URL"] https://10.102.34.116:8443
_SERVER["I_URL"] http://i.t.com
_SERVER["P_URL"] http://p.t.com
_SERVER["IMG01_URL"] http://img.t.com
_SERVER["P01_URL"] http://p01.t.com
_SERVER["P02_URL"] http://p02.t.com
_SERVER["P03_URL"] http://p03.t.com
_SERVER["ANDROID_URL"] http://android.t.com
_SERVER["IMG_URL"] http://img01.t.com
_SERVER["CORP_URL"] http://corp.t.com
_SERVER["WULIU_URL"] http://wuliu.t.com
_SERVER["JSMS_URL"] http://ms.t.com:8880
_SERVER["MC_URL"] mc.t.com
_SERVER["MC1_URL"] mc1.t.com
_SERVER["DBM_URL"] IDC-T-sfbest
_SERVER["DBS_URL"] dbs.t.com
_SERVER["DBS_URL_CART"] dbs.t.com
_SERVER["API_URL"] api.t.com
_SERVER["API2_URL"] 59.151.22.134
_SERVER["PIC_URL"] http://pic.t.com
_SERVER["DEBUG"] 1
_SERVER["SERVER_DOMAIN"] t.com
_SERVER["SEARCH_URL"] http://search.t.com
_SERVER["SEARCH_ADDR_URL"] http://searchaddr.t.com
_SERVER["LOG_SERVER"] 10.102.36.171:8081
_SERVER["LOG_VIEW_SERVER"] 10.102.36.171:8080
_SERVER["GWEBORDER_HOST"] orderdb.t.com
_SERVER["GWEBORDER_NAME"] sf_weborder_all
_SERVER["GWEBORDER_PWD"] s28CbxSHrh9d
_SERVER["SEARCH1_URL"] search1.t.com
_SERVER["GWMS_URL"] 10.0.44.92
_SERVER["GWMS_DBNAME"] oms-platform
_SERVER["GWMS_NAME"] oms
_SERVER["GWMS_PWD"] SF!@_oms
_SERVER["WMSCOMPANY"] 58773096-8
_SERVER["MODU_RELIABLEIPS"] 127.0.0.1|10.102.105.*|10.103.14.*|10.102.106.*|10.102.102.*|10.103.3.*|10.103.16.*|10.103.11.*|10.103.9.*|10.102.36.173
_SERVER["API_RELIABLEIPS"] 127.0.0.1|10.90.100.37|10.90.100.3|10.90.100.12|10.0.38.41|10.103.20.42|10.103.16.*|10.103.11.*|10.103.11.32|10.103.9.178
_SERVER["GCACHE_NAME"] sf_best_soa
_SERVER["GCACHE_PWD"] MXgpOIDZfTuw
_SERVER["GCACHEM_URL"] 10.102.36.130
_SERVER["GCACHES_URL"] 10.102.36.130
_SERVER["SFV_URL"] http://sfvweb.sf-express.com/index.php?app=yxservicesoap&action=require_action
_SERVER["REDIRECT_STATUS"] 200
_SERVER["MAIL_HOST"] mail.sfbest.cn
_SERVER["MAIL_PORT"] 25
_SERVER["MAIL_USERNAME"] customer@sfbest.cn
_SERVER["MAIL_PASSWORD"] bJsF!WLB888
_SERVER["SF_HR_URL"] http://10.103.16.18
_SERVER["CHK_KEY"] sfsfslkjlsdjfkslfjf
_SERVER["BIRE_DBM_URL"] 10.103.16.199
_SERVER["BIRE_NAME"] sfr_php_rmf
_SERVER["BIRE_PWD"] sf-express.com
_SERVER["CRMAPI_SIGN"] 123456
_SERVER["P_IMG"] 001.timg.cn|002.timg.cn|003.timg.cn|004.timg.cn|005.timg.cn|006.timg.cn|007.timg.cn|008.timg.cn|009.timg.cn|010.timg.cn|011.timg.cn|012.timg.cn|013.timg.cn|014.timg.cn|015.timg.cn|016.timg.cn|017.timg.cn|018.timg.cn|019.timg.cn|020.timg.cn
_SERVER["P02_IMG"] 201.timg.cn|202.timg.cn|203.timg.cn|204.timg.cn|205.timg.cn|206.timg.cn|207.timg.cn|208.timg.cn|209.timg.cn|210.timg.cn
_SERVER["P01_IMG"] 101.timg.cn|102.timg.cn|103.timg.cn|104.timg.cn|105.timg.cn
_SERVER["P03_IMG"] 301.timg.cn
_SERVER["SEO_MONGO_URL"] 10.103.16.89
_SERVER["SEO_MONGO_USER"] pseo
_SERVER["SEO_MONGO_PWD"] 2w4r6y8i0p
_SERVER["SEO_MONGO_PORT"] 27017
_SERVER["GCOLLECT_DBM_URL"] IDC-T-sfbest
_SERVER["GCOLLECT_DBS_URL"] dbs.t.com
_SERVER["GCOLLECT_NAME"] sf_best_all
_SERVER["GCOLLECT_PWD"] gUpohxX9Gx67
_SERVER["MONGODB_USER"] sf_jsms
_SERVER["MONGODB_PWD"] M.Jsms#2012
_SERVER["MONGODB_HOST"] 10.102.36.137
_SERVER["MASTER_SLAVE_SWITCH"] true
_SERVER["CACHE_SERVERS"] 10.102.36.152:11211,10.102.36.152:11212
_SERVER["GUSER_NAME"] sf_best_all
_SERVER["GUSER_PWD"] gUpohxX9Gx67
_SERVER["GWEB_NAME"] sf_best_all
_SERVER["GWEB_PWD"] gUpohxX9Gx67
_SERVER["GSHOP_NAME"] sf_best_all
_SERVER["GSHOP_PWD"] gUpohxX9Gx67
_SERVER["GLOG_NAME"] sf_best_all
_SERVER["GLOG_PWD"] gUpohxX9Gx67
_SERVER["GQUEUE_NAME"] sf_best_all
_SERVER["GQUEUE_PWD"] gUpohxX9Gx67
_SERVER["GSFV_NAME"] sf_best_all
_SERVER["GSFV_PWD"] gUpohxX9Gx67
_SERVER["GREPORT_NAME"] sf_best_all
_SERVER["GREPORT_PWD"] gUpohxX9Gx67
_SERVER["GLOGIS_NAME"] sf_best_all
_SERVER["GLOGIS_PWD"] gUpohxX9Gx67
_SERVER["ADDR_NAME"] sf_best_all
_SERVER["ADDR_PWD"] gUpohxX9Gx67
_SERVER["GTMALL_NAME"] sf_best_all
_SERVER["GTMALL_PWD"] gUpohxX9Gx67
_SERVER["AJAX_PRICE_LOCAL"] 1
_SERVER["DBS_URL_02"] dbs.t.com
_SERVER["CART_URL"] http://cart.t.com
_SERVER["GCART_HOST"] IDC-T-sfbest
_SERVER["GCART_NAME"] sf_best_all
_SERVER["GCART_PWD"] gUpohxX9Gx67
_SERVER["BI_NAME"] sf_best_all
_SERVER["BI_PWD"] gUpohxX9Gx67
_SERVER["BI_DBM_URL"] IDC-T-sfbest
_SERVER["BI_DBS_URL"] dbs.t.com
_SERVER["GMAPP_NAME"] sf_best_all
_SERVER["GMAPP_PWD"] gUpohxX9Gx67
_SERVER["JD_DBM_URL"] IDC-T-sfbest
_SERVER["JD_DBS_URL"] IDC-T-sfbest
_SERVER["GJD_NAME"] sf_best_all
_SERVER["GJD_PWD"] gUpohxX9Gx67
_SERVER["GDC_DBM_URL"] IDC-T-sfbest
_SERVER["GDC_DBS_URL"] dbs.t.com
_SERVER["GDC_NAME"] sf_best_all
_SERVER["GDC_PWD"] gUpohxX9Gx67
_SERVER["WWW_FILECACHE_OPEN"] false
_SERVER["WWW_FILECACHE_TIME"] 160
_SERVER["CART_FILECACHE_OPEN"] false
_SERVER["CART_FILECACHE_TIME"] 160
_SERVER["Recommend_SERVICE_URL"] http://10.102.36.175:8081
_SERVER["SHUNFEN_SERVICE_URL"] http://10.102.34.113:8080
_SERVER["USERS_LOG_DBM_URL"] IDC-T-sfbest
_SERVER["USERS_LOG_DBS_URL_02"] dbs.t.com
_SERVER["GUSERS_LOG_NAME"] sf_best_all
_SERVER["GUSERS_LOG_PWD"] gUpohxX9Gx67
_SERVER["CERT_DIR"] /sfbest/code/key
_SERVER["GACTIVE_DBM_URL"] IDC-T-sfbest
_SERVER["GACTIVE_DBS_URL"] dbs.t.com
_SERVER["GACTIVE_NAME"] sf_best_all
_SERVER["GACTIVE_PWD"] gUpohxX9Gx67
_SERVER["GFD_DBM_URL"] IDC-T-sfbest
_SERVER["GFD_DBS_URL"] dbs.t.com
_SERVER["GFD_NAME"] sf_best_all
_SERVER["GFD_PWD"] gUpohxX9Gx67
_SERVER["DOMAIN"] T
_SERVER["PINFO_GSHOP_NAME"] sfr_pinfo_gshop
_SERVER["PINFO_GSHOP_PWD"] ItKTW]&@RA
_SERVER["銆€M_URL"] http://m.sfbest.com
_SERVER["PL_MERCHANT_DB_MURL"] IDC-T-sfbest
_SERVER["PL_MERCHANT_DB_SURL"] IDC-T-sfbest
_SERVER["PL_MERCHANT_NAME"] sf_best_all
_SERVER["PL_MERCHANT_PWD"] gUpohxX9Gx67
_SERVER["PL_CONTRACT_DB_MURL"] IDC-T-sfbest
_SERVER["PL_CONTRACT_DB_SURL"] IDC-T-sfbest
_SERVER["PL_CONTRACT_NAME"] sf_best_all
_SERVER["PL_CONTRACT_PWD"] gUpohxX9Gx67
_SERVER["FD_DOMAIN"] http://fd.t.com/
_SERVER["PL_ORDER_DB_MURL"] IDC-T-sfbest
_SERVER["PL_ORDER_DB_SURL"] IDC-T-sfbest
_SERVER["PL_ORDER_NAME"] sf_best_all
_SERVER["PL_ORDER_PWD"] gUpohxX9Gx67
_SERVER["WEBLOG_NAME"] sf_best_all
_SERVER["WEBLOG_PWD"] gUpohxX9Gx67
_SERVER["QUALIFICATION_URL"] qualification.t.com
_SERVER["VENDOR_DBM_URL"] IDC-T-sfbest
_SERVER["VENDOR_DBS_URL"] dbs.t.com
_SERVER["VENDOR_NAME"] sf_best_all
_SERVER["VENDOR_PWD"] gUpohxX9Gx67
_SERVER["SHOWAT1111"] no
_SERVER["SAP_GDC_DBM_URL"] IDC-T-sfbest
_SERVER["SAP_GDC_DBS_URL"] dbs.t.com
_SERVER["SAP_GDC_NAME"] sf_best_all
_SERVER["SAP_GDC_PWD"] gUpohxX9Gx67
_SERVER["SAP_DBM_URL"] IDC-T-sfbest
_SERVER["SAP_DBS_URL"] dbs.t.com
_SERVER["SAP_GUSER_NAME"] sf_best_all
_SERVER["SAP_GUSER_PWD"] gUpohxX9Gx67
_SERVER["GFS_DBM_URL"] IDC-T-sfbest
_SERVER["GFS_DBS_URL"] dbs.t.com
_SERVER["GFS_NAME"] sf_best_all
_SERVER["GFS_PWD"] gUpohxX9Gx67
_SERVER["GORDERLOG_DBM_URL"] IDC-T-sfbest
_SERVER["GORDERLOG_DBS_URL"] dbs.t.com
_SERVER["GORDERLOG_NAME"] sf_best_all
_SERVER["GORDERLOG_PWD"] gUpohxX9Gx67
_SERVER["STOCK_SERVICE_URL"] http://stockservice.t.com
_SERVER["ACTIVITY_SERVICE_URL"] http://activityservice.t.com
_SERVER["ORDER_SERVICE_URL"] http://orderapi.t.com:8080
_SERVER["DELIVERY_SERVICE_URL"] http://10.102.36.151:8080
_SERVER["PRODUCT_CHANNEL_URL"] http://10.102.36.151:8088
_SERVER["ERCHANT_DBM_URL"] dbm.t.com
_SERVER["MERCHANT_DBS_URL"] dbs.t.com
_SERVER["MERCHANT_NAME"] sf_best_all
_SERVER["MERCHANT_PWD"] gUpohxX9Gx67
_SERVER["STORE_DBM_URL"] dbm.t.com
_SERVER["STORE_DBS_URL"] dbs.t.com
_SERVER["STORE_NAME"] sf_best_all
_SERVER["STORE_PWD"] gUpohxX9Gx67
_SERVER["GSALE_DBM_URL"] dbm.t.com
_SERVER["GSALE_DBS_URL"] dbs.t.com
_SERVER["GSALE_NAME"] sf_best_all
_SERVER["GSALE_PWD"] gUpohxX9Gx67
_SERVER["CAS_LOGIN"] 1
_SERVER["GMAPP_DBM_URL"] IDC-T-sfbest
_SERVER["GMAPP_DBS_URL"] IDC-T-sfbest
_SERVER["GROUP_BUY_SERVICE_URL"] http://10.102.36.151:8058
_SERVER["CHANNEL_SERVICE_URL"] http://10.103.16.104:8010
_SERVER["CANCEL_ORDER_STORE_SERVICE_URL"] http://10.102.36.183:8080
_SERVER["HTTP_HOST"] 59.151.22.134
_SERVER["HTTP_USER_AGENT"] Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
_SERVER["HTTP_ACCEPT"] text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
_SERVER["HTTP_ACCEPT_LANGUAGE"] zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
_SERVER["HTTP_ACCEPT_ENCODING"] gzip, deflate
_SERVER["HTTP_CONNECTION"] keep-alive
_SERVER["PHP_SELF"] /i.php
_SERVER["REQUEST_TIME"] 1459611175

phpinfo泄露大量敏感信息!

//↓↓↓↓↓↓↓↓↓↓请在这里配置您的基本信息↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓
//合作身份者id,以2088开头的16位纯数字
$aliapy_config['partner'] = '2088011868358875';
//安全检验码,以数字和字母组成的32位字符
$aliapy_config['key'] = 'o49vf4jxuwmfymox0y5gtlz8xun1klgt';
//签约支付宝账号或卖家支付宝帐户
//$aliapy_config['seller_email'] = 'bjsfdzswcwb@sf-express.com';
$aliapy_config['seller_email'] = 'bjsfdzswcwb1@sf-express.com';
//↑↑↑↑↑↑↑↑↑↑请在这里配置您的基本信息↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑

其他看截图了。

Image1.png


Image2.png


Image3.png


Image4.png


Image5.png


Image6.png


Image7.png


Image8.png


Image9.png


21321331.png


当然还包括网站普通源码。

QQ截图20160403000803.png


漏洞证明:

修复方案:

你懂的

版权声明:转载请注明来源 ADVERT@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2016-04-05 09:28

厂商回复:

感谢提交,立刻修复。

最新状态:

暂无