乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-01-18: 积极联系厂商并且等待厂商认领中,细节不对外公开 2013-03-04: 厂商已经主动忽略漏洞,细节向公众公开
由于网站列目录,并且存在FCK,可以直接获取webshell,并可渗透同段主机
shell地址:
config.php:
<?php// database type$db_type = "mysql";// database host$db_host = "localhost";// database name$db_name = "kongzhong_shequ";// database username$db_user = "root";// database password$db_pass = 'pwd@mysql@root';$timezone = "Asia/Chongqing";$cookie_path = "/";$cookie_domain = "";$session = "1440";$upload_pic_dir="upload/temppic";$html_dir = "html";$data_dir = "data";$if_html = 1;$shtml_cache_time ="2";$config['BASE_URL']="http://shequ.kongzhong.com";$config['now_time'] =time();$config['cookie_path'] ="/";$config['cookie_domain']="";$config['atturl']='/ATTACHMENT/fck/';$config['attdir']=$_SERVER['DOCUMENT_ROOT'].$config['atturl'];$config['cacheurl']='/data/cache/';$config['cachedir']=$_SERVER['DOCUMENT_ROOT'].$config['cacheurl'];// table prefix$prefix = "w3c_";$table_admin =$prefix."admin";$table_ads =$prefix."ads";$table_ads_position =$prefix."ads_position";$table_activity =$prefix."activity";$table_activity_mm =$prefix."activity_mm";$table_mmm_pic =$prefix."mmm_pic";$table_comment =$prefix."comment";$table_config =$prefix."config";$table_icate =$prefix."icate";$table_goods =$prefix."goods";$table_goods_pic =$prefix."goods_pic";$table_city =$prefix."city";$table_area =$prefix."area";$table_website =$prefix."website";$table_rating =$prefix."rating";$table_article =$prefix."article";$table_articles =$prefix."articles";$table_article_poll =$prefix."article_poll";$table_category =$prefix."category";$table_weblinks =$prefix."weblinks";$table_member =$prefix."member";$table_netshop =$prefix."netshop";$table_video =$prefix."video";$table_dl =$prefix."dl";$table_dl_attachment =$prefix."dl_attachment";$table_brand =$prefix."brand";$table_case =$prefix."case";$table_knowledge =$prefix."knowledge";$table_special =$prefix."special";$table_designer =$prefix."designer";$table_tower=$prefix."tower";$table_tower_home=$prefix."tower_home";$table_tower_pic=$prefix."tower_pic";$table_shop=$prefix."shop";$table_freeinfo=$prefix."freeinfo";$table_game=$prefix."game";$table_award=$prefix."award";$table_award_record=$prefix."award_record";$table_award_code=$prefix."award_code";$table_credit_record=$prefix."credit_record";$table_poll =$prefix."poll";$table_poll_option =$prefix."poll_option";$table_gift=$prefix."gift";$table_mmm_gift_record=$prefix."mmm_gift_record";$table_feed=$prefix."feed";$table_login_log=$prefix."login_log";$table_lottery_log=$prefix."lottery_log";$table_faces=$prefix."faces";//print_r($arr_gcolor);//奖项分类$arr_award_category=array( 1=>array('id'=>'1','name'=>'实物奖品'), 2=>array('id'=>'2','name'=>'虚拟奖品'));//兑奖来源$arr_awardfrom=array( 1=>array('id'=>'1','name'=>'奖品兑换'), 2=>array('id'=>'2','name'=>'积分抽奖'));//积分记录方式$arr_creditMethod=array( 11=>array('id'=>'11','name'=>'登录奖励积分'), 12=>array('id'=>'12','name'=>'小游戏奖励积分'), 13=>array('id'=>'13','name'=>'留言奖励积分'), 21=>array('id'=>'21','name'=>'兑奖扣除积分'), 22=>array('id'=>'22','name'=>'抽奖扣除积分'),);?>
1、禁止列目录2、修复FCK
未能联系到厂商或者厂商积极拒绝