当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0222609

漏洞标题:映客某处信息泄露多个数据库服务器沦陷

相关厂商:ingkee.com

漏洞作者: ago

提交时间:2016-06-24 06:30

修复时间:2016-06-29 09:50

公开时间:2016-06-29 09:50

漏洞类型:重要敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-06-24: 细节已通知厂商并且等待厂商处理中
2016-06-24: 厂商已查看当前漏洞内容,细节仅向厂商公开
2016-06-29: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

。。。

详细说明:

https://github.com/jiagh/inkestreaming/blob/f47045ce6214d5adb963f380e9f55fb37be9f6c7/inke-streaming/.idea/%E6%9C%8D%E5%8A%A1%E5%99%A8%E4%BF%A1%E6%81%AF.txt


1.png


简单证明

2.jpg


3.jpg

漏洞证明:

Skip to content
This repository
Search
Pull requests
Issues
Gist
@sea-god
Watch 1
Star 0
Fork 0 jiagh/inkestreaming
Code Issues 0 Pull requests 0 Wiki Pulse Graphs
Tree: f47045ce62 Find file Copy pathinkestreaming/inke-streaming/.idea/服务器信息.txt
f47045c 3 days ago
@jiagh jiagh streaming
1 contributor
RawBlameHistory 273 lines (177 sloc) 5.58 KB
hadoop集群列表:
42.62.88.99 hadoop01
42.62.88.100 hadoop02
42.62.88.101 hadoop03
42.62.88.102 hadoop04
42.62.88.103 hadoop05
42.62.88.104 hadoop06
42.62.88.105 hadoop07
42.62.88.106 hadoop08
42.62.88.107 hadoop09
42.62.88.108 hadoop10
42.62.88.109 hadoop11
42.62.88.110 hadoop12
42.62.88.114 hadoop13
42.62.88.115 hadoop14
42.62.88.116 hadoop15
42.62.88.117 hadoop16
kafka
42.62.88.118 hadoop17
42.62.88.119 hadoop18
42.62.88.120 hadoop19
42.62.88.121 hadoop20
root/
zumdkz2xm0Zb^Pr
Cloudera Manager
http://42.62.88.106:7180/cmf/home
admin/hadoop@meelive2016
机房网络流量监控
alarm.lenet.com.cn
mlw/idc-mlw@123
Smartbi_MYSQL_BI
42.62.88.121 hadoop20 db_name: smartbi
username/password: smartbi / smartbi
SmartBI
http://hadoop02:8080/xquery/vision/index.jsp admin/manager
管理
http://hadoop02:8080/xquery/vision/config.jsp admin/hadoop@meelive2016
cronhub
http://hadoop01:8080/
阿里云测试服务器
117.121.50.244 2222 bo.chen/bo.chen!@#
--------------------------------------------------------------------------------
BI 业务 MYSQL
1. 数据库地址:rm-2zey3j5d26s8i68x8o.mysql.rds.aliyuncs.com 账号:hadoop 密码:7rLfptWs0
2. hadoop 6uXWyqisg5 101.201.80.222:3307
3. 123.56.246.98 hadoop,hadoop_2016
--------------------------------------------------------------------------------
log_base 历史数据库 20150420 - 20160505 已导入至Hive inke.log_base
mysql -h123.56.84.161 -uhadoop -p7rLfptWs0 -Dlive_log
mysql -h123.56.179.222 -uhadoop -pgGfXhsx71 -Dlive_log
mysql -uying.wang -pying.wang123 -h101.201.36.27 -Dlive_log
--------------------------------------------------------------------------------
inke_tv
web访问日志:
ali_bj_web31 101.201.106.69 10.25.94.141
ali_bj_web30 101.201.106.72 10.25.94.145
ali_bj_web29 101.201.105.61 10.25.94.176
ali_bj_web28 101.201.105.112 10.25.94.166
ali_bj_web27 101.201.106.76 10.25.94.151
ali_bj_web26 101.201.105.172 10.25.94.159
ali_bj_web13 101.201.37.210 10.24.192.39
ali_bj_web12 101.201.40.30 10.24.192.58
ali_bj_web11 101.201.37.103 10.24.189.74
ali_bj_web10 101.201.37.94 10.24.189.63
ali_bj_web04 101.201.212.71 10.46.176.44
ali_bj_web03 101.201.212.9 10.46.176.1
ali_bj_web02 101.201.212.4 10.46.176.28
ali_bj_web01 101.201.212.67 10.46.176.37
web 服务的账号 开通了 hadoop :hadoop#123
/a8root/logs/nginx
--------------------------------------------------------------------------------
maidian_recv / maidian_common_log
埋点日志服务器列表
10.24.195.93 common_log
10.24.195.117 common_log
10.24.200.69 common_log
10.24.201.36 common_log
10.24.201.41 common_log
10.46.177.126
10.46.161.96
10.47.210.207 common_log
10.47.208.106 common_log
10.44.19.97
10.172.219.33
hadoop : 14UlnZ+do
视频埋点日志 数据来源为2个
/a8root/logs/live_common_log/common_log/live_common_log_business-20160510.log /a8root/logs/crash_recv/recv_business-20160510.log
/a8root/logs/live_common_log/common_log
/a8root/logs/crash_recv 这两个路径
--------------------------------------------------------------------------------
user_account
101.201.36.250
101.201.37.27
101.201.37.4
bo.chen bo.chen123
用户新增相关信息需要到/a8root/logs/live_user_account/common_log 目录下查看business日志。Business日志命名格式:如2016年05月04日15时则命名为: business-2016050415.log
--------------------------------------------------------------------------------
service_info
101.201.36.253
101.201.36.216
101.201.36.159
101.201.48.37
101.201.48.6
101.201.37.8
账号:hadoop 密码:npfqO28:vU
access.log-20160502.gz
/a8root/logs/live_serviceinfo/access.log-20160502.gz
--------------------------------------------------------------------------------
log_base / gift
增量数据同步安排如下:
ps:live_back服务器列表:
101.200.12.116
101.200.2.210
123.56.229.161
123.56.180.204
123.56.181.129
123.56.181.188
123.56.182.141
123.56.183.33
123.56.183.11
123.56.188.175 无 gift
hadoop hadoop123
ssh -p 2222 hadoop@101.200.12.116
事件402日志 路径为 -> /a8root/logs/live_gift_backend/gift_business-20160510.log
其他的事件 路径为: /a8root/logs/live_backend/back_business-20160510.log
--------------------------------------------------------------------------------
API
api.busi.inke.tv 服务器列表
ali_bj_web21 101.201.40.140 10.24.192.83
ali_bj_web20 101.201.48.215 10.24.201.109
ali_bj_web19 101.201.40.111 10.24.192.141
ali_bj_web18 101.201.40.152 10.24.192.149
hadoop hadoop#123
/a8root/logs/nginx/api.busi.log
--------------------------------------------------------------------------------
Pay
旧的三台机器(后面会全部淘汰,还有少部分请求到这台机器):
1、10.46.176.234
2、10.45.37.20
3、10.45.37.17

新的三台支付机器:
1、101.201.44.8
2、101.201.49.122
3、10.24.196.25

二、日志所在路径:/a8root/logs/live_user_payment/payment_business-xxxxxxxx.log,按天切分,如文件/a8root/logs/live_user_payment/payment_business-20160519.log
hadoop#123
--------------------------------------------------------------------------------
user_phone_login
10.45.37.28
10.46.176.247
10.45.37.5
/a8root/logs/user_phone_login/common_log/
日志名形如:user_phone_login_business-2016051901.log
hadoop hadoop#123
--------------------------------------------------------------------------------
手机登陆 服务器ip:
101.201.28.63
123.56.189.219
123.56.190.45
日志所在目录 /a8root/logs/user_phone_login/common_log/
日志名形如:user_phone_login_business-2016051901.log
10.46.176.234
10.45.37.20
10.45.37.17
10.24.196.25
10.24.201.250
10.24.196.59
10.45.37.28
10.46.176.247
10.45.37.5
hadoop hadoop#123
elastic集群地址信息如下,可导入数据进行测试:
10.10.1.31:9300
10.10.1.31:9301
10.10.1.31:9302

10.10.1.30:9304
10.10.1.30:9305

修复方案:

删除信息

版权声明:转载请注明来源 ago@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-06-29 09:50

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无