乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-03-11: 细节已通知厂商并且等待厂商处理中 2016-03-11: 厂商已经主动忽略漏洞,细节向公众公开
水木社区全站源码泄露(可间接二次代码审计扩大影响)设计部署安装文档、用户数据结构、数据库配置信息,全都泄露了
#1 概述漏洞发现原由水木二站的svn信息泄露漏洞地址:http://bloom.newsmth.net/.svn/entries
HTTP/1.1 200 OKcontent-length: 19803via: 1.0 www.2.newsmth.net (squid/3.1.10)x-cache: HIT from www.2.newsmth.netaccept-ranges: bytesserver: nginxlast-modified: Tue, 10 Apr 2012 06:12:27 GMTconnection: keep-aliveetag: "4f83cf4b-4d5b"date: Fri, 11 Mar 2016 05:00:33 GMTcontent-type: application/octet-streamx-cache-lookup: HIT from www.2.newsmth.net:800010dir11132http://svn.kcn.cn/repos/kbs/trunk/www2http://svn.kcn.cn/repos/kbs2012-03-22T12:51:01.977509Z11109jiangjun
#2 结果这是一个没有访问控制的SVN服务器
#3 水木社区的源码全在这里
http://svn.kcn.cn/repos/kbssvn co http://svn.kcn.cn/repos/kbs ./kbs
/* 数据库相关 */define("DB_ENABLED", true);$dbuser = "wForum";$dbpasswd = "fuckatp";$dbname = "wForum";/* 其他附加功能 */define("SHOWTELNETPARAM", false);define("ALLOW_SYSOP_MULTIQUERY", true);define('ALLOW_SELF_MULTIQUERY', true);define("SUPPORT_TEX", true);define("ONBOARD_USERS", true);
<?phpif (!defined('_BBS_WWW2_BOARD_PHP_')){define('_BBS_WWW2_BOARD_PHP_', 1);function bbs_boards_navigation_bar(){?><p align="center">[<a href="<?php echo MAINPAGE_FILE; ?>">首页导读</a>][<a href="bbssec.php">分类讨论区</a>][<a href="bbsxmlbrd.php?flag=2">新开讨论区</a>][<a href="bbsxmlbrd.php?flag=0">推荐讨论区</a>][<a href="bbsxmlbrd.php?flag=1">讨论区人气排名</a>][<a href="bbs0an.php">精华公布栏</a>][<a href="javascript:history.go(-1)">快速返回</a>]<br /></p><?php }function undo_html_format($str){ $str = preg_replace("/'/i", "'", $str); $str = preg_replace("/>/i", ">", $str); $str = preg_replace("/</i", "<", $str); $str = preg_replace("/"/i", "\"", $str); $str = preg_replace("/&/i", "&", $str); return $str;}if (version_compare(PHP_VERSION,'5','>=')) require_once('domxml-php4-to-php5.inc.php'); //Load the PHP5 converter# iterate through an array of nodes# looking for a text node# return its contentfunction get_content($parent){ $nodes = $parent->child_nodes(); while($node = array_shift($nodes)) if ($node->node_type() == XML_TEXT_NODE) return $node->node_value(); return "";}# get the content of a particular nodefunction find_content($parent,$name){ $nodes = $parent->child_nodes(); while($node = array_shift($nodes)) if ($node->node_name() == $name) return undo_html_format(urldecode(get_content($node))); return "";}
用户数据结构
CREATE TABLE IF NOT EXISTS `board_user` ( `board` varchar(32) COLLATE gbk_bin NOT NULL, `user` varchar(32) COLLATE gbk_bin NOT NULL, `time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, `status` int(11) NOT NULL, `manager` varchar(32) COLLATE gbk_bin NOT NULL, `score` int(11) NOT NULL, `flag` bigint(20) NOT NULL, UNIQUE KEY `member` (`board`,`user`), KEY `board` (`board`), KEY `user` (`user`), KEY `time` (`time`), KEY `flag` (`flag`), KEY `status` (`status`), KEY `score` (`score`)) ENGINE=InnoDB DEFAULT CHARSET=gbk COLLATE=gbk_bin;
# 删除水木二站的svn问题# svn server 加入鉴权机制
危害等级:无影响厂商忽略
忽略时间:2016-03-11 15:59
是kbs开源项目对外的源码展示站点。不过好久没更新了。谢谢关心
暂无