乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-14: 细节已通知厂商并且等待厂商处理中 2015-06-16: 厂商已经确认,细节仅向厂商公开 2015-06-26: 细节向核心白帽子及相关领域专家公开 2015-07-06: 细节向普通白帽子公开 2015-07-16: 细节向实习白帽子公开 2015-07-31: 细节向公众公开
51信用卡管家1、越权开放查询http://www.51zhangdan.com/share/invite/admin.html
2、数据库账号、密码 各种配置
https://www.u51.com/service/log4net.xmlhttps://www.u51.com/service/%E5%A4%8D%E4%BB%B6%20(4)%20bin/MongoDB.Driver.xmlhttps://www.u51.com/service/%E5%A4%8D%E4%BB%B6%20(4)%20bin/MongoDB.Bson.xmlhttps://www.u51.com/service/%E5%A4%8D%E4%BB%B6%20(4)%20bin/log4net.xml
<code lang="XML" escaped="true"><appender name="AdoNetAppender_SqlServer" type="log4net.Appender.AdoNetAppender"><connectionType value="System.Data.SqlClient.SqlConnection, System.Data, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/><connectionString value="data source=SQLSVR;initial catalog=test_log4net;integrated security=false;persist security info=True;User ID=sa;Password=sa"/><commandText value="INSERT INTO Log ([Date],[Thread],[Level],[Logger],[Message]) VALUES (@log_date, @thread, @log_level, @logger, @message)"/><parameter><parameterName value="@log_date"/><dbType value="DateTime"/><layout type="log4net.Layout.PatternLayout" value="%date{yyyy'-'MM'-'dd HH':'mm':'ss'.'fff}"/></parameter><parameter><parameterName value="@thread"/><dbType value="String"/><size value="255"/><layout type="log4net.Layout.PatternLayout" value="%thread"/></parameter><parameter><parameterName value="@log_level"/><dbType value="String"/><size value="50"/><layout type="log4net.Layout.PatternLayout" value="%level"/></parameter><parameter><parameterName value="@logger"/><dbType value="String"/><size value="255"/><layout type="log4net.Layout.PatternLayout" value="%logger"/></parameter><parameter><parameterName value="@message"/><dbType value="String"/><size value="4000"/><layout type="log4net.Layout.PatternLayout" value="%message"/></parameter></appender>
</code>不用就关闭好了。ok
RT
删了吧
危害等级:低
漏洞Rank:2
确认时间:2015-06-16 13:37
非常谢谢 @路人甲 ,我们立马排查
暂无