乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-03: 细节已通知厂商并且等待厂商处理中 2015-06-03: 厂商已经确认,细节仅向厂商公开 2015-06-13: 细节向核心白帽子及相关领域专家公开 2015-06-23: 细节向普通白帽子公开 2015-07-03: 细节向实习白帽子公开 2015-07-18: 细节向公众公开
新浪微博某站点git泄漏源代码,可获取数据库邮箱等配置
Git泄漏:
http://wyxgw.game.weibo.com/.git/
测试脚本:
https://github.com/lijiejie/GitHack
'mysqlDb' => array ( //线上 'site' => array( 'host' => '10.205.22.181' , 'port' => 3306 , 'user' => 'weiyouxi' , 'passwd' => 'N*********mF' , 'name' => 'wyxwg' ) , //'site' => array( 'host' => 'w.rdc.sae.sina.com.cn' , 'port' => 3307 , 'user' => '1wnxko5m11' , 'passwd' => '4m**********1xkyxx' , 'name' => 'app_wyxwg' ) , //测试 'site_dev' => array( 'host' => 'w.rdc.sae.sina.com.cn' , 'port' => 3307 , 'user' => '4k41250z2k' , 'passwd' => 'kj**************k20z' , 'name' => 'app_wyxdevelopers' ) , 'pay' => array( 'host' => '10.73.89.127' , 'port' => 3306 , 'user' => 'zz' , 'passwd' => 'w******y' , 'name' => 'app_pay' ) , ) ,
sae的数据库,我没有帐号。其他接口信息很多。
//发送Email的邮箱 'mailConfig' => array ( 'app' => array //后台应用审核通知 ( 'host' => 'smtp.sina.com' , 'port' => 25 , 'encryption' => 8 , //smtp加密方式(2 => TLS; 4 => SSL; 8 => OFF) 'username' => 'weiyouxi_app' , //smtp账户名 'password' => 'f******s' , //smtp密码 'emailAddress' => '[email protected]' //smtp邮箱地址 ) , ) ,
//SAE配置 'sae' => array ( 'accessKey' => '0yxmzkkzn5' , 'secretKey' => 'yxkh3zyhwkxyi320wwhx0hxji4km0yyhymzzz3h4' , 'storage' => 'img' , 'resize' => true , //图片是否根据长宽缩放 ) ,
'mail' => array ( 'server' => 'smtp.qiye.163.com' , 'port' => 25 , 'user' => '[email protected]' , 'password' => 'w********a' , 'from' => '[email protected]' , 'to' => array ( '[email protected]' , '[email protected]' , // '[email protected]' , // '[email protected]' , '[email protected]' , ) ,
删除.git文件夹
危害等级:中
漏洞Rank:8
确认时间:2015-06-03 14:19
感谢支持,已经通知业务整改
暂无