乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-26: 细节已通知厂商并且等待厂商处理中 2015-08-26: 厂商已经确认,细节仅向厂商公开 2015-09-05: 细节向核心白帽子及相关领域专家公开 2015-09-15: 细节向普通白帽子公开 2015-09-25: 细节向实习白帽子公开 2015-10-10: 细节向公众公开
顺丰多个站点源码泄漏涉及数据库密码
https://github.com/xym-loveit/lucky-imoney
mail.host=10.0.13.65[email protected]mail.pwd=pass@word1
jdbc.url=jdbc:oracle:thin:@10.79.11.213:1521:actbmdbjdbc.driver=oracle.jdbc.driver.OracleDriverjdbc.username=omsjdbc.password=omsjdbc.url=jdbc:oracle:thin:@localhost:1521:sfpayjdbc.driver=oracle.jdbc.driver.OracleDriverjdbc.username=cpsjdbc.password=cpsjdbc.url=jdbc:oracle:thin:@10.79.11.217:1521:coredbjdbc.driver=oracle.jdbc.driver.OracleDriverjdbc.username=colpjdbc.password=colpjdbc.url=jdbc:oracle:thin:@10.79.11.213:1521:coredbjdbc.driver=oracle.jdbc.driver.OracleDriverjdbc.username=wm_omsjdbc.password=wm_omsSMS_SERVER=http://10.79.11.207:9014/sms/hessianACCOUNT_SERVER=http://10.79.11.207:9002/account/hessianMEMBER_SERVER=http://10.79.11.207:9004/member/hessianORDER_SERVER=http://10.79.11.207:9006/order/hessianREPORT_SERVER=http://10.79.11.207:9001/report/hessianOMS_SERVER=http://10.79.11.207:9007/oms-server/hessianRM_SERVER=http://10.79.11.207:9011/rmms/hessianSCHEDULE_SERVER=http://10.79.11.207:9010/schedule/hessianACQUIRER_SERVER=http://10.79.11.207:9012/acquirer/hessianMMS_SERVER=http://10.79.11.207:9008/mms/hessianWAYBILL_SERVER=http://10.79.11.207:9020/waybill/hessianorg.quartz.dataSource.myDS.URL = jdbc:mysql://127.0.0.1:3306/lucky?useUnicode=true&characterEncoding=utf8 org.quartz.dataSource.myDS.user = root org.quartz.dataSource.myDS.password =123456org.quartz.dataSource.myDS.maxConnections = 5 org.quartz.dataSource.myDS.driver = org.postgresql.Driver #开卡SEND_CODE_OPEN_CARD=贵卡{0}于{1}开通,密码{2}。请通过我司收派员手持终端修改后使用。详询4000555555#重置密码SEND_CODE_REPWD_CARD=贵卡{0}于{1}重置密码成功,密码{2}。请通过我司收派员手持终端修改后使用。详询4000555555#充值SEND_CODE_CHARGE=贵卡{0}于{1}充值{2}元,本金余额{3}元。网上充值及查询登录www.sf-card.com【顺丰速运】#撤销充值预登记SEND_CODE_CHARGEREG_CANCEL=贵卡{0}于{1}撤销充值预登记{2}元。详询4000555555(本短信不作入账凭证)【顺丰速运】#充值预登记修改SEND_CODE_CHARGEREG_MODIFY=贵卡{0}于{1}将充值预登记{2}元改为{3}元。详询4000555555(本短信不作入账凭证)【顺丰速运】#补/换卡SEND_CODE_CARD_CHANGE=贵卡{0}于{1}通过补/换卡操作,变更成尾号{2}的储值卡。详询4000555555#消费退款SEND_CODE_CARD_RETURN=贵卡{0}于{1}消费退款{2}。本金余额{3}元,积分{4}分。详询4000555555SEND_CODE_DATETIME_PATTERN=MM\u6708dd\u65e5HH:mm
危害等级:低
漏洞Rank:5
确认时间:2015-08-26 16:44
感谢提醒,已经通知相关业务部门处理。
暂无