乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-19: 细节已通知厂商并且等待厂商处理中 2016-01-21: 厂商已经确认,细节仅向厂商公开 2016-01-31: 细节向核心白帽子及相关领域专家公开 2016-02-10: 细节向普通白帽子公开 2016-02-20: 细节向实习白帽子公开 2016-03-05: 细节向公众公开
乐视网某分站存在svn信息泄露
svn地址:http://test2.m.letv.com:443/.svn/entries
public static $db = array( 'dbr' => array ( 'host' => array( '117.121.54.227', ), 'port' => '3317', 'dbname' => 'ptv', 'username' => 'user_mobile_r', 'password' => 'HYexgygqrL8DHtNWeer3fr', 'driver_options' => array( PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true, PDO::ATTR_EMULATE_PREPARES => true, ), ), 'dbrvrs' => array ( 'host' =>'117.121.54.212', 'port' => '3316', 'dbname' => 'vrs', 'username' => 'mphone', 'password' => 't4RcKpHpjpRFpHwplFyH', 'driver_options' => array( PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true, PDO::ATTR_EMULATE_PREPARES => true, ), ), 'dbrm' => array ( //'host' =>'127.0.0.1', //'port' => '3308', 'host' =>'10.180.1.249', 'port' => '3306', 'dbname' => 'mclient', 'username' => 'mclient_wr', 'password' => 'xp4S198l', 'driver_options' => array( PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true, PDO::ATTR_EMULATE_PREPARES => true, PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8';", ), ), 'dbwm' => array ( 'host' =>'127.0.0.1', 'port' => '3306', 'dbname' => 'mclient', 'username' => 'mclient_wr', 'password' => 'xp4S198l', 'driver_options' => array( PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true, PDO::ATTR_EMULATE_PREPARES => true, PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8';", ), ), 'dbwms' => array ( 'host' =>'123.126.32.180', 'port' => '3309', 'dbname' => 'mclient', 'username' => 'mclient_slave_w', 'password' => 'minSLV7V5O8bEkhUibyS', 'driver_options' => array( PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true, PDO::ATTR_EMULATE_PREPARES => true, PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8';", ), ), 'dbrms' => array ( 'host' =>'123.126.32.180', 'port' => '3309', 'dbname' => 'mclient', 'username' => 'mclient_slave_r', 'password' => 'ddrvKCr2IhZ6OrorjzjZ', 'driver_options' => array( PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true, PDO::ATTR_EMULATE_PREPARES => true, PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8';", ), ), 'dbw_statistics' => array ( 'host' =>'123.126.32.39', 'port' => '3308', 'dbname' => 'statistics', 'username' => 'statistics_w', 'password' => 'jaxy7ejOqGwsTDoX3m4Y', 'driver_options' => array( PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true, PDO::ATTR_EMULATE_PREPARES => true, PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8';", ), ), ); const MC_ENABLE = true; const MC_KEYS_LIMIT = 500; #一次memcache连接最多可获取的对象数 const MC_LIFETIME_SHORT = 10; #防攻击过期时间 const SEARCH_EXPIRE_TIME = 900; #搜索结果缓存时间 /** * memcache server param */ public static $mc = array( 'mcMain' => array( array('host' => '127.0.0.1', 'port' => '11211', 'weight' => 1), ), 'cbase' => array( array('host' => '127.0.0.1', 'port' => '11211', 'weight' => 1), ), 'cbase-androidpushmsg' => array( array('host' => '127.0.0.1', 'port' => '11212', 'weight' => 1), ), 'localmemcached' => array( array('host' => '127.0.0.1', 'port' => '11213', 'weight' => 1), ), ); /** * ampq server param */ public static $ampq = array( 'ampqMclient' => array( 'host' => '115.182.93.237', 'port' => '5674', 'login' => 'letv_mobile_task', 'password' => '597434423dcc069c2710fe55301951ed', 'vhost' => 'letv_mobile_task' ), );
const SMARTY_DIR = '/letv/data/www/www/htdocs/ppup/includes/plugins/smarty/libs/'; const SMARTY_TEMPLATE_DIR = '/letv/data/www/www/tpl/'; const SMARTY_CONFIG_DIR = '/letv/data/cache/ptv/config/'; const SMARTY_COMPILE_DIR = '/letv/data/cache/ptv/compile/'; const SMARTY_CACHE_DIR = '/letv/data/cache/ptv/cache/'; const SMARTY_LEFT_DELIMITER = '{{'; const SMARTY_RIGHT_DELIMITER = '}}'; const DB_MAX_INT = 4200000000; #数据库整数最大值 const GROUP_CONCAT_SQL = 'SET SESSION group_concat_max_len = 360000'; #group_concat 最大长度 /** * db server param */ public static $db = array( 'dbrppi' => array ( 'host' =>'115.182.93.55', 'port' => '3309', 'dbname' => 'ppi', 'username' => 'ppi_readonly', 'password' => '!HY%wn&#*nse', 'driver_options' => array( PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true, PDO::ATTR_EMULATE_PREPARES => true, ), ), /* 'dbwppi' => array ( 'host' =>'60.28.199.201', 'port' => '3306', 'dbname' => 'ppi', 'username' => 'ppi_write', 'password' => '@#$!DEd*hhhsa', 'driver_options' => array( PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true, PDO::ATTR_EMULATE_PREPARES => true, ), ), */ 'dbwppi' => array ( 'host' =>'115.182.93.55', 'port' => '3309', 'dbname' => 'ppi', 'username' => 'ppi_write', 'password' => '@#$!DEd*hhhsa', 'driver_options' => array( PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true, PDO::ATTR_EMULATE_PREPARES => true,
数据库信息全部泄露。但是不能外联了。
。。。
危害等级:高
漏洞Rank:12
确认时间:2016-01-21 10:52
感谢提交。
暂无
