乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-10: 细节已通知厂商并且等待厂商处理中 2015-05-11: 厂商已经确认,细节仅向厂商公开 2015-05-21: 细节向核心白帽子及相关领域专家公开 2015-05-31: 细节向普通白帽子公开 2015-06-10: 细节向实习白帽子公开 2015-06-25: 细节向公众公开
天弘基金旗下某分站整站源码可下载(可连数据库)
宝粉网(www.baofen.cn)隶属于天弘基金管理有限公司,在2014年6月余额宝上线一周年之际重磅推出,是余额宝用户专属的交流互助平台。http://www.baofen.cn/wwwroot.tar.gz
<?phpif (!defined('SITE_PATH')) exit();return array( 'THEME_NAME' => 'stv1', // 数据库常用配置 'DB_TYPE' => 'mysql', // 数据库类型 'DB_HOST' => 'rdsemmmefemmmef.mysql.rds.aliyuncs.com', // 数据库服务器地址 'DB_NAME' => 'tests', // 数据库名 'DB_USER' => 'fxkj', // 数据库用户名 'DB_PWD' => 'fxkj1234', // 数据库密码 'DB_PORT' => 3306, // 数据库端口 'DB_PREFIX' => 'fts_', // 数据库表前缀(因为漫游的原因,数据库表前缀必须写在本文件) 'DB_CHARSET' => 'utf8', // 数据库编码 'SECURE_CODE' => '91556750452e0b2ff14db8', // 数据加密密钥 'COOKIE_PREFIX' => 'T3_', // 数据加密密钥 'DATA_CACHE_TYPE' => 'memcache', 'MEMCACHE_HOST' => '10.132.64.119',);
indexer{ mem_limit = 128000000}searchd{ listen = 3312 listen = 9306:mysql41 log = /xampp/coreseek/var/log/searchd.log query_log = /xampp/coreseek/var/log/query.log pid_file = /xampp/coreseek/var/log/searchd.pid read_timeout = 3 max_children = 30 max_matches = 1000 seamless_rotate = 1 preopen_indexes = 0 unlink_old = 1}# forum topic & post index #source ts_forum_post{ type = mysql sql_host = 10.88.48.174 sql_user = 3ms_beta sql_pass = xsw2XSW@ sql_db = forum_beta sql_port = 3306 sql_query_pre = SET NAMES utf8 sql_query_range = SELECT min(pid),max(pid) FROM ts_forum_post sql_range_step = 1000 sql_query = SELECT a.pid, \ 20 as indexid, \ a.uid, \ a.maskId, \ crc32(a.maskName) as maskCode, \ a.cTime, \ -1 as gid, \ a.fid as cid, \ -1 as inside, \ istopic as ext1, \ a.title, \ a.content \ FROM ts_forum_post as a,ts_forum_topic as b \ WHERE b.isdel=0 AND a.isdel=0 AND a.tid=b.tid AND a.pid>=$start AND a.pid<=$end sql_attr_uint = indexid sql_attr_uint = uid sql_attr_uint = maskId sql_attr_uint = maskCode sql_attr_timestamp = cTime sql_attr_uint = gid sql_attr_uint = cid sql_attr_uint = inside sql_attr_uint = ext1}index ts_forum_post{ source = ts_forum_post path = /xampp/coreseek/var/data/ts_forum_post docinfo = extern html_strip = 1 html_index_attrs = img=alt,title; a=title; html_remove_elements = style, script min_word_len = 2 charset_dictpath = /xampp/coreseek/etc/ charset_type = zh_cn.utf-8}
后台:http://www.baofen.cn//index.php?app=admin&mod=Public&act=login间接利用:$ uname -a
Linux AY14061623295889102cZ 2.6.32-358.6.2.el6.x86_64 #1 SMP Thu May 16 20:59:36 UTC 2013 x86_64
$ pwd
/home/wwwroot/
删除
危害等级:高
漏洞Rank:18
确认时间:2015-05-11 11:15
感谢作者对互联网安全的热心以及贡献
暂无