乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-03: 细节已通知厂商并且等待厂商处理中 2016-04-05: 厂商已经确认,细节仅向厂商公开 2016-04-15: 细节向核心白帽子及相关领域专家公开 2016-04-25: 细节向普通白帽子公开 2016-05-05: 细节向实习白帽子公开 2016-05-20: 细节向公众公开
内容吓尿我。
59.151.22.134
禁止访问了,可http://59.151.22.134/.svn/entries没设权限
http://59.151.22.134/i.phpVariable Value_SERVER["USER"] nginx_SERVER["HOME"] /home/nginx_SERVER["FCGI_ROLE"] RESPONDER_SERVER["SCRIPT_FILENAME"] /home/www/api2/i.php_SERVER["QUERY_STRING"] no value_SERVER["REQUEST_METHOD"] GET_SERVER["CONTENT_TYPE"] no value_SERVER["CONTENT_LENGTH"] no value_SERVER["SCRIPT_NAME"] /i.php_SERVER["REQUEST_URI"] /i.php_SERVER["DOCUMENT_URI"] /i.php_SERVER["DOCUMENT_ROOT"] /home/www/api2_SERVER["SERVER_PROTOCOL"] HTTP/1.1_SERVER["GATEWAY_INTERFACE"] CGI/1.1_SERVER["SERVER_SOFTWARE"] nginx/1.0.0_SERVER["REMOTE_ADDR"] 175.152.1.241_SERVER["REMOTE_PORT"] 1122_SERVER["SERVER_ADDR"] 10.102.36.171_SERVER["SERVER_PORT"] 80_SERVER["SERVER_NAME"] api2.t.com_SERVER["WWW_URL"] http://www.t.com_SERVER["HOME_URL"] http://home.t.com_SERVER["PASSPORT_URL"] http://passport.t.com_SERVER["CAS_URL"] https://10.102.34.116:8443_SERVER["I_URL"] http://i.t.com_SERVER["P_URL"] http://p.t.com_SERVER["IMG01_URL"] http://img.t.com_SERVER["P01_URL"] http://p01.t.com_SERVER["P02_URL"] http://p02.t.com_SERVER["P03_URL"] http://p03.t.com_SERVER["ANDROID_URL"] http://android.t.com_SERVER["IMG_URL"] http://img01.t.com_SERVER["CORP_URL"] http://corp.t.com_SERVER["WULIU_URL"] http://wuliu.t.com_SERVER["JSMS_URL"] http://ms.t.com:8880_SERVER["MC_URL"] mc.t.com_SERVER["MC1_URL"] mc1.t.com_SERVER["DBM_URL"] IDC-T-sfbest_SERVER["DBS_URL"] dbs.t.com_SERVER["DBS_URL_CART"] dbs.t.com_SERVER["API_URL"] api.t.com_SERVER["API2_URL"] 59.151.22.134_SERVER["PIC_URL"] http://pic.t.com_SERVER["DEBUG"] 1_SERVER["SERVER_DOMAIN"] t.com_SERVER["SEARCH_URL"] http://search.t.com_SERVER["SEARCH_ADDR_URL"] http://searchaddr.t.com_SERVER["LOG_SERVER"] 10.102.36.171:8081_SERVER["LOG_VIEW_SERVER"] 10.102.36.171:8080_SERVER["GWEBORDER_HOST"] orderdb.t.com_SERVER["GWEBORDER_NAME"] sf_weborder_all_SERVER["GWEBORDER_PWD"] s28CbxSHrh9d_SERVER["SEARCH1_URL"] search1.t.com_SERVER["GWMS_URL"] 10.0.44.92_SERVER["GWMS_DBNAME"] oms-platform_SERVER["GWMS_NAME"] oms_SERVER["GWMS_PWD"] SF!@_oms_SERVER["WMSCOMPANY"] 58773096-8_SERVER["MODU_RELIABLEIPS"] 127.0.0.1|10.102.105.*|10.103.14.*|10.102.106.*|10.102.102.*|10.103.3.*|10.103.16.*|10.103.11.*|10.103.9.*|10.102.36.173_SERVER["API_RELIABLEIPS"] 127.0.0.1|10.90.100.37|10.90.100.3|10.90.100.12|10.0.38.41|10.103.20.42|10.103.16.*|10.103.11.*|10.103.11.32|10.103.9.178_SERVER["GCACHE_NAME"] sf_best_soa_SERVER["GCACHE_PWD"] MXgpOIDZfTuw_SERVER["GCACHEM_URL"] 10.102.36.130_SERVER["GCACHES_URL"] 10.102.36.130_SERVER["SFV_URL"] http://sfvweb.sf-express.com/index.php?app=yxservicesoap&action=require_action_SERVER["REDIRECT_STATUS"] 200_SERVER["MAIL_HOST"] mail.sfbest.cn_SERVER["MAIL_PORT"] 25_SERVER["MAIL_USERNAME"] [email protected]_SERVER["MAIL_PASSWORD"] bJsF!WLB888_SERVER["SF_HR_URL"] http://10.103.16.18_SERVER["CHK_KEY"] sfsfslkjlsdjfkslfjf_SERVER["BIRE_DBM_URL"] 10.103.16.199_SERVER["BIRE_NAME"] sfr_php_rmf_SERVER["BIRE_PWD"] sf-express.com_SERVER["CRMAPI_SIGN"] 123456_SERVER["P_IMG"] 001.timg.cn|002.timg.cn|003.timg.cn|004.timg.cn|005.timg.cn|006.timg.cn|007.timg.cn|008.timg.cn|009.timg.cn|010.timg.cn|011.timg.cn|012.timg.cn|013.timg.cn|014.timg.cn|015.timg.cn|016.timg.cn|017.timg.cn|018.timg.cn|019.timg.cn|020.timg.cn_SERVER["P02_IMG"] 201.timg.cn|202.timg.cn|203.timg.cn|204.timg.cn|205.timg.cn|206.timg.cn|207.timg.cn|208.timg.cn|209.timg.cn|210.timg.cn_SERVER["P01_IMG"] 101.timg.cn|102.timg.cn|103.timg.cn|104.timg.cn|105.timg.cn_SERVER["P03_IMG"] 301.timg.cn_SERVER["SEO_MONGO_URL"] 10.103.16.89_SERVER["SEO_MONGO_USER"] pseo_SERVER["SEO_MONGO_PWD"] 2w4r6y8i0p_SERVER["SEO_MONGO_PORT"] 27017_SERVER["GCOLLECT_DBM_URL"] IDC-T-sfbest_SERVER["GCOLLECT_DBS_URL"] dbs.t.com_SERVER["GCOLLECT_NAME"] sf_best_all_SERVER["GCOLLECT_PWD"] gUpohxX9Gx67_SERVER["MONGODB_USER"] sf_jsms_SERVER["MONGODB_PWD"] M.Jsms#2012_SERVER["MONGODB_HOST"] 10.102.36.137_SERVER["MASTER_SLAVE_SWITCH"] true_SERVER["CACHE_SERVERS"] 10.102.36.152:11211,10.102.36.152:11212_SERVER["GUSER_NAME"] sf_best_all_SERVER["GUSER_PWD"] gUpohxX9Gx67_SERVER["GWEB_NAME"] sf_best_all_SERVER["GWEB_PWD"] gUpohxX9Gx67_SERVER["GSHOP_NAME"] sf_best_all_SERVER["GSHOP_PWD"] gUpohxX9Gx67_SERVER["GLOG_NAME"] sf_best_all_SERVER["GLOG_PWD"] gUpohxX9Gx67_SERVER["GQUEUE_NAME"] sf_best_all_SERVER["GQUEUE_PWD"] gUpohxX9Gx67_SERVER["GSFV_NAME"] sf_best_all_SERVER["GSFV_PWD"] gUpohxX9Gx67_SERVER["GREPORT_NAME"] sf_best_all_SERVER["GREPORT_PWD"] gUpohxX9Gx67_SERVER["GLOGIS_NAME"] sf_best_all_SERVER["GLOGIS_PWD"] gUpohxX9Gx67_SERVER["ADDR_NAME"] sf_best_all_SERVER["ADDR_PWD"] gUpohxX9Gx67_SERVER["GTMALL_NAME"] sf_best_all_SERVER["GTMALL_PWD"] gUpohxX9Gx67_SERVER["AJAX_PRICE_LOCAL"] 1_SERVER["DBS_URL_02"] dbs.t.com_SERVER["CART_URL"] http://cart.t.com_SERVER["GCART_HOST"] IDC-T-sfbest_SERVER["GCART_NAME"] sf_best_all_SERVER["GCART_PWD"] gUpohxX9Gx67_SERVER["BI_NAME"] sf_best_all_SERVER["BI_PWD"] gUpohxX9Gx67_SERVER["BI_DBM_URL"] IDC-T-sfbest_SERVER["BI_DBS_URL"] dbs.t.com_SERVER["GMAPP_NAME"] sf_best_all_SERVER["GMAPP_PWD"] gUpohxX9Gx67_SERVER["JD_DBM_URL"] IDC-T-sfbest_SERVER["JD_DBS_URL"] IDC-T-sfbest_SERVER["GJD_NAME"] sf_best_all_SERVER["GJD_PWD"] gUpohxX9Gx67_SERVER["GDC_DBM_URL"] IDC-T-sfbest_SERVER["GDC_DBS_URL"] dbs.t.com_SERVER["GDC_NAME"] sf_best_all_SERVER["GDC_PWD"] gUpohxX9Gx67_SERVER["WWW_FILECACHE_OPEN"] false_SERVER["WWW_FILECACHE_TIME"] 160_SERVER["CART_FILECACHE_OPEN"] false_SERVER["CART_FILECACHE_TIME"] 160_SERVER["Recommend_SERVICE_URL"] http://10.102.36.175:8081_SERVER["SHUNFEN_SERVICE_URL"] http://10.102.34.113:8080_SERVER["USERS_LOG_DBM_URL"] IDC-T-sfbest_SERVER["USERS_LOG_DBS_URL_02"] dbs.t.com_SERVER["GUSERS_LOG_NAME"] sf_best_all_SERVER["GUSERS_LOG_PWD"] gUpohxX9Gx67_SERVER["CERT_DIR"] /sfbest/code/key_SERVER["GACTIVE_DBM_URL"] IDC-T-sfbest_SERVER["GACTIVE_DBS_URL"] dbs.t.com_SERVER["GACTIVE_NAME"] sf_best_all_SERVER["GACTIVE_PWD"] gUpohxX9Gx67_SERVER["GFD_DBM_URL"] IDC-T-sfbest_SERVER["GFD_DBS_URL"] dbs.t.com_SERVER["GFD_NAME"] sf_best_all_SERVER["GFD_PWD"] gUpohxX9Gx67_SERVER["DOMAIN"] T_SERVER["PINFO_GSHOP_NAME"] sfr_pinfo_gshop_SERVER["PINFO_GSHOP_PWD"] ItKTW]&@RA_SERVER["銆€M_URL"] http://m.sfbest.com_SERVER["PL_MERCHANT_DB_MURL"] IDC-T-sfbest_SERVER["PL_MERCHANT_DB_SURL"] IDC-T-sfbest_SERVER["PL_MERCHANT_NAME"] sf_best_all_SERVER["PL_MERCHANT_PWD"] gUpohxX9Gx67_SERVER["PL_CONTRACT_DB_MURL"] IDC-T-sfbest_SERVER["PL_CONTRACT_DB_SURL"] IDC-T-sfbest_SERVER["PL_CONTRACT_NAME"] sf_best_all_SERVER["PL_CONTRACT_PWD"] gUpohxX9Gx67_SERVER["FD_DOMAIN"] http://fd.t.com/_SERVER["PL_ORDER_DB_MURL"] IDC-T-sfbest_SERVER["PL_ORDER_DB_SURL"] IDC-T-sfbest_SERVER["PL_ORDER_NAME"] sf_best_all_SERVER["PL_ORDER_PWD"] gUpohxX9Gx67_SERVER["WEBLOG_NAME"] sf_best_all_SERVER["WEBLOG_PWD"] gUpohxX9Gx67_SERVER["QUALIFICATION_URL"] qualification.t.com_SERVER["VENDOR_DBM_URL"] IDC-T-sfbest_SERVER["VENDOR_DBS_URL"] dbs.t.com_SERVER["VENDOR_NAME"] sf_best_all_SERVER["VENDOR_PWD"] gUpohxX9Gx67_SERVER["SHOWAT1111"] no_SERVER["SAP_GDC_DBM_URL"] IDC-T-sfbest_SERVER["SAP_GDC_DBS_URL"] dbs.t.com_SERVER["SAP_GDC_NAME"] sf_best_all_SERVER["SAP_GDC_PWD"] gUpohxX9Gx67_SERVER["SAP_DBM_URL"] IDC-T-sfbest_SERVER["SAP_DBS_URL"] dbs.t.com_SERVER["SAP_GUSER_NAME"] sf_best_all_SERVER["SAP_GUSER_PWD"] gUpohxX9Gx67_SERVER["GFS_DBM_URL"] IDC-T-sfbest_SERVER["GFS_DBS_URL"] dbs.t.com_SERVER["GFS_NAME"] sf_best_all_SERVER["GFS_PWD"] gUpohxX9Gx67_SERVER["GORDERLOG_DBM_URL"] IDC-T-sfbest_SERVER["GORDERLOG_DBS_URL"] dbs.t.com_SERVER["GORDERLOG_NAME"] sf_best_all_SERVER["GORDERLOG_PWD"] gUpohxX9Gx67_SERVER["STOCK_SERVICE_URL"] http://stockservice.t.com_SERVER["ACTIVITY_SERVICE_URL"] http://activityservice.t.com_SERVER["ORDER_SERVICE_URL"] http://orderapi.t.com:8080_SERVER["DELIVERY_SERVICE_URL"] http://10.102.36.151:8080_SERVER["PRODUCT_CHANNEL_URL"] http://10.102.36.151:8088_SERVER["ERCHANT_DBM_URL"] dbm.t.com_SERVER["MERCHANT_DBS_URL"] dbs.t.com_SERVER["MERCHANT_NAME"] sf_best_all_SERVER["MERCHANT_PWD"] gUpohxX9Gx67_SERVER["STORE_DBM_URL"] dbm.t.com_SERVER["STORE_DBS_URL"] dbs.t.com_SERVER["STORE_NAME"] sf_best_all_SERVER["STORE_PWD"] gUpohxX9Gx67_SERVER["GSALE_DBM_URL"] dbm.t.com_SERVER["GSALE_DBS_URL"] dbs.t.com_SERVER["GSALE_NAME"] sf_best_all_SERVER["GSALE_PWD"] gUpohxX9Gx67_SERVER["CAS_LOGIN"] 1_SERVER["GMAPP_DBM_URL"] IDC-T-sfbest_SERVER["GMAPP_DBS_URL"] IDC-T-sfbest_SERVER["GROUP_BUY_SERVICE_URL"] http://10.102.36.151:8058_SERVER["CHANNEL_SERVICE_URL"] http://10.103.16.104:8010_SERVER["CANCEL_ORDER_STORE_SERVICE_URL"] http://10.102.36.183:8080_SERVER["HTTP_HOST"] 59.151.22.134_SERVER["HTTP_USER_AGENT"] Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0_SERVER["HTTP_ACCEPT"] text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8_SERVER["HTTP_ACCEPT_LANGUAGE"] zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3_SERVER["HTTP_ACCEPT_ENCODING"] gzip, deflate_SERVER["HTTP_CONNECTION"] keep-alive_SERVER["PHP_SELF"] /i.php_SERVER["REQUEST_TIME"] 1459611175
phpinfo泄露大量敏感信息!
//↓↓↓↓↓↓↓↓↓↓请在这里配置您的基本信息↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓//合作身份者id,以2088开头的16位纯数字$aliapy_config['partner'] = '2088011868358875';//安全检验码,以数字和字母组成的32位字符$aliapy_config['key'] = 'o49vf4jxuwmfymox0y5gtlz8xun1klgt';//签约支付宝账号或卖家支付宝帐户//$aliapy_config['seller_email'] = '[email protected]';$aliapy_config['seller_email'] = '[email protected]';//↑↑↑↑↑↑↑↑↑↑请在这里配置您的基本信息↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑
其他看截图了。
当然还包括网站普通源码。
你懂的
危害等级:高
漏洞Rank:15
确认时间:2016-04-05 09:28
感谢提交,立刻修复。
暂无