乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-01-24: 细节已通知厂商并且等待厂商处理中 2014-01-26: 厂商已经确认,细节仅向厂商公开 2014-02-05: 细节向核心白帽子及相关领域专家公开 2014-02-15: 细节向普通白帽子公开 2014-02-25: 细节向实习白帽子公开 2014-03-10: 细节向公众公开
顺丰速运某分站信息泄露
顺丰速运官方论坛:
http://bbs.sf-express.com/portal.php
敏感信息泄露:http://bbs.sf-express.com/config/config_global.php.bak
文件内容:
<?php$_config = array();// ---------------------------- CONFIG DB ----------------------------- //$_config['db']['1']['dbhost'] = '10.78.50.223';$_config['db']['1']['dbuser'] = 'discuz';$_config['db']['1']['dbpw'] = 'discuz';$_config['db']['1']['dbcharset'] = 'utf8';$_config['db']['1']['pconnect'] = '0';$_config['db']['1']['dbname'] = 'discuz-72';$_config['db']['1']['tablepre'] = 'cdb_utf_';$_config['db']['common']['slave_except_table'] = '';// -------------------------- CONFIG MEMORY --------------------------- //$_config['memory']['prefix'] = 'BAksXg_';$_config['memory']['eaccelerator'] = 1;$_config['memory']['xcache'] = 1;$_config['memory']['memcache']['server'] = '';$_config['memory']['memcache']['port'] = 11211;$_config['memory']['memcache']['pconnect'] = 1;$_config['memory']['memcache']['timeout'] = 1;$_config['memory']['apc'] = 1;// -------------------------- CONFIG SERVER --------------------------- //$_config['server']['id'] = 1;// ------------------------- CONFIG DOWNLOAD -------------------------- //$_config['download']['readmod'] = 2;$_config['download']['xsendfile']['type'] = '0';$_config['download']['xsendfile']['dir'] = '/down/';// --------------------------- CONFIG CACHE --------------------------- //$_config['cache']['type'] = 'sql';// -------------------------- CONFIG OUTPUT --------------------------- //$_config['output']['charset'] = 'utf-8';$_config['output']['forceheader'] = 1;$_config['output']['gzip'] = '0';$_config['output']['tplrefresh'] = 1;$_config['output']['language'] = 'zh_cn';$_config['output']['staticurl'] = 'static/';$_config['output']['ajaxvalidate'] = '0';$_config['output']['iecompatible'] = '0';// -------------------------- CONFIG COOKIE --------------------------- //$_config['cookie']['cookiepre'] = 'pG5U_';$_config['cookie']['cookiedomain'] = '';$_config['cookie']['cookiepath'] = '/';// ------------------------- CONFIG SECURITY -------------------------- //$_config['security']['authkey'] = '86db65nc4CqVpRHo';$_config['security']['urlxssdefend'] = 1;$_config['security']['attackevasive'] = '0';$_config['security']['querysafe']['status'] = 1;$_config['security']['querysafe']['dfunction']['0'] = 'load_file';$_config['security']['querysafe']['dfunction']['1'] = 'hex';$_config['security']['querysafe']['dfunction']['2'] = 'substring';$_config['security']['querysafe']['dfunction']['3'] = 'if';$_config['security']['querysafe']['dfunction']['4'] = 'ord';$_config['security']['querysafe']['dfunction']['5'] = 'char';$_config['security']['querysafe']['daction']['0'] = 'intooutfile';$_config['security']['querysafe']['daction']['1'] = 'intodumpfile';$_config['security']['querysafe']['daction']['2'] = 'unionselect';$_config['security']['querysafe']['daction']['3'] = '(select';$_config['security']['querysafe']['daction']['4'] = 'unionall';$_config['security']['querysafe']['daction']['5'] = 'uniondistinct';$_config['security']['querysafe']['dnote']['0'] = '/*';$_config['security']['querysafe']['dnote']['1'] = '*/';$_config['security']['querysafe']['dnote']['2'] = '#';$_config['security']['querysafe']['dnote']['3'] = '--';$_config['security']['querysafe']['dnote']['4'] = '"';$_config['security']['querysafe']['dlikehex'] = 1;$_config['security']['querysafe']['afullnote'] = 1;// -------------------------- CONFIG ADMINCP -------------------------- //// -------- Founders: $_config['admincp']['founder'] = '1,2,3'; --------- //$_config['admincp']['founder'] = '1';$_config['admincp']['forcesecques'] = '0';$_config['admincp']['checkip'] = 1;$_config['admincp']['runquery'] = 1;$_config['admincp']['dbimport'] = 1;// -------------------------- CONFIG REMOTE --------------------------- //$_config['remote']['on'] = '0';$_config['remote']['dir'] = 'remote';$_config['remote']['appkey'] = '62cf0b3c3e6a4c9468e7216839721d8e';$_config['remote']['cron'] = '0';// ------------------- THE END -------------------- //?>
见详细说明
删除备份文件。配置服务器设置。
危害等级:中
漏洞Rank:8
确认时间:2014-01-26 11:58
感谢提醒,提前祝您新年快乐,马年好运。
暂无
