乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-23: 细节已通知厂商并且等待厂商处理中 2015-03-25: 厂商已经确认,细节仅向厂商公开 2015-04-04: 细节向核心白帽子及相关领域专家公开 2015-04-14: 细节向普通白帽子公开 2015-04-24: 细节向实习白帽子公开 2015-05-09: 细节向公众公开
无忧英语短信接口泄漏
class SendSms{ //定义是否是dev 如果是dev 则不实际发送短信 上线修改为pub var $_is_dev = 'pub'; //pub //报警手机号设置 var $_report_phone = '13070127***'; //定义短信渠道 mw 梦网 ym 亿美 sy 三一 var $_set_sms_channel = 'mw,ym,sy'; //三一恒信用户名配置 var $_sy_user_name = 'sy050'; var $_sy_password = '123456'; /** 发送短信 @param string $phone 发送手机号 @param string $msg 发送内容 @param string $type model_notice/sale_notice/custom_notice/sys_notice/else_notice/admin_notice @param string 为空 及时发送 */
$notice_url = "http://219.239.91.112/sdkproxy/querybalance.action?cdkey=3SDK-EMY-0130-NBTRS&password=194342"; $sale_url = "http://219.239.91.112/sdkproxy/querybalance.action?cdkey=3SDK-EMY-0130-NBTRT&password=198165"; $sale_alone_url = "http://219.239.91.112/sdkproxy/querybalance.action?cdkey=3SDK-EMY-0130-JFXNO&password=569244";
private function _getSmsSelNumMw() { $url = 'http://61.145.229.29:9003/MWGate/wmgw.asmx/MongateQueryBalance?userId=J01279&password=515391'; //通知 //$yx_url = 'http://61.145.229.29:9003/MWGate/wmgw.asmx/MongateQueryBalance?userId=F12525&password=819927';//营销 $result = $this->send_get_curl($url); return $result; }
private function _send_msg_by_mw($phone, $msg , $send_time , $type) { $content = str_replace("%20", " ", $msg); $data_string = "http://61.145.229.29:9003/MWGate/wmgw.asmx/MongateCsSpSendSmsNew?userId=J01279&password=515391 " . $phone . "&pszMsg=" . urlencode($content) . "&iMobiCount=1&pszSubPort=*"; if($this->_is_dev == 'pub') { $result = $this->send_get_curl($data_string); }else { $result = 0; } if(intval($result) == 0) { $this->_send_msg_log($phone, $msg , 1 , $type,'mw'); }else{ $this->_send_msg_log($phone, $msg , 0 , $type, 'mw'); } } /** ymmodel 短信发送 */ private function _send_msg_by_ym($phone , $msg , $send_time , $type) { if (strpos($msg, "【51Talk】") === false) { $msg = "【51Talk】" .'new world'; } if($this->_is_dev == 'pub') { $result = $this->send_get_curl("http://219.239.91.112/sdkproxy/sendsms.action?cdkey=3SDK-EMY-0130-NBTRS&password=194342&phone=$phone&message=$msg"); }else{ $result = 0; } $result = 0; if(intval($result) == 0) { return $this->_send_msg_log($phone, $msg , 1 , $type,'ym'); }else{ return $this->_send_msg_log($phone, $msg , 0 , $type, 'ym'); } } /** ymmodel 短信发送 营销通道 */ private function _send_msg_by_ym_yx($phone , $msg , $send_time , $type) { if (strpos($msg, "【51Talk】") === false) { $msg = "【51Talk】" . $msg; } if($this->_is_dev == 'pub') { $result = $this->send_get_curl("http://219.239.91.112/sdkproxy/sendsms.action?cdkey=3SDK-EMY-0130-NBTRT&password=198165&phone=$phone&message=$msg"); }else{ $result = 0; } $result = 0; if(intval($result) == 0) { return $this->_send_msg_log($phone, $msg , 1 , $type,'ymyx'); }else{ return $this->_send_msg_log($phone, $msg , 0 , $type, 'ymyx'); } } /** ymmodel 短信发送 亿美独享 */ private function _send_msg_by_alone_ym($phone , $msg , $send_time , $type) { /*if (strpos($msg, "【51Talk】") === false) { $msg = "【51Talk】" . $msg; }*/ if($this->_is_dev == 'pub') { $result = $this->send_get_curl("http://219.239.91.112/sdkproxy/sendsms.action?cdkey=3SDK-EMY-0130-JFXNO&password=569244&phone=$phone&message=$msg"); }else{ $result = 0; } if(intval($result) == 0) { return $this->_send_msg_log($phone, $msg , 1 , $type,'ymal'); }else{ return $this->_send_msg_log($phone, $msg , 0 , $type, 'ymal'); } }
危害等级:中
漏洞Rank:5
确认时间:2015-03-25 18:39
谢谢!
暂无
