乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2012-06-19: 积极联系厂商并且等待厂商认领中,细节不对外公开 2012-08-03: 厂商已经主动忽略漏洞,细节向公众公开
几个一起发。综合起来可利用度极高.!!!!!
商城目录遍历数据库密码泄露服务器信息泄露
商城目录遍历
数据库密码泄露db_host = pudongdb_user = ocj_userdb_password = j83f8udb_name = ocj_shopping服务器信息泄露
Server Version: Apache/2.2.17 (Unix) mod_fcgid/2.3.5Server Built: Mar 25 2011 14:41:17Server loaded APR Version: 1.4.2Compiled with APR Version: 1.4.2Server loaded APU Version: 1.3.10Compiled with APU Version: 1.3.10Module Magic Number: 20051115:25Hostname/port: wap.ocj.com.cn:80Timeouts: connection: 300 keep-alive: 5MPM Name: WorkerMPM Information: Max Daemons: 3 Threaded: yes Forked: yesServer Architecture: 64-bitServer Root: /usr/local/apache-2.2.17Config File: /usr/project/apache_eth0/http_80/conf/httpd.confServer Built With: -D APACHE_MPM_DIR="server/mpm/worker" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D HTTPD_ROOT="/usr/local/apache-2.2.17" -D SUEXEC_BIN="/usr/local/apache-2.2.17/bin/suexec" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf"
你们比哥专业!
未能联系到厂商或者厂商积极拒绝