漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-085637
漏洞标题:Oray内部邮箱泄露
相关厂商:oray.com
漏洞作者: ThornBird
提交时间:2014-12-03 14:29
修复时间:2014-12-08 14:30
公开时间:2014-12-08 14:30
漏洞类型:账户体系控制不严
危害等级:低
自评Rank:1
漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-12-03: 细节已通知厂商并且等待厂商处理中
2014-12-08: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
虽然邮箱在2013年8月8日已经不再使用了,但是登录上去还是可以看到整个公司的邮箱,并且可以利用发送钓鱼邮件。本人未成年新手各位大神轻喷,想要一个乌云邀请码。
详细说明:
是在用手机购买免费壳域名时发现的,
<code>object(ArrayObject)#34 (1) {
["storage":"ArrayObject":private]=>
array(3) {
["exception"]=>
object(Zend_Session_Exception)#37 (8) {
["_previous":"Zend_Exception":private]=>
NULL
["message":protected]=>
string(242) "Zend_Session::start() - /www/library/Zend/Session.php(Line:469): Error #8 session_start() [function.session-start]: Server 119.145.138.197 (tcp 11311) failed with: Failed reading line from stream (0) Array"
["string":"Exception":private]=>
string(0) ""
["code":protected]=>
int(0)
["file":protected]=>
string(29) "/www/library/Zend/Session.php"
["line":protected]=>
int(482)
["trace":"Exception":private]=>
array(8) {
[0]=>
array(6) {
["file"]=>
string(39) "/www/library/Zend/Session/Namespace.php"
["line"]=>
int(143)
["function"]=>
string(5) "start"
["class"]=>
string(12) "Zend_Session"
["type"]=>
string(2) "::"
["args"]=>
array(1) {
[0]=>
bool(true)
}
}
[1]=>
array(6) {
["file"]=>
string(40) "/www/library/OrayX/Controller/Action.php"
["line"]=>
int(123)
["function"]=>
string(11) "__construct"
["class"]=>
string(22) "Zend_Session_Namespace"
["type"]=>
string(2) "->"
["args"]=>
array(2) {
[0]=>
string(7) "SESSION"
[1]=>
bool(true)
}
}
[2]=>
array(6) {
["file"]=>
string(39) "/www/library/Zend/Controller/Action.php"
["line"]=>
int(133)
["function"]=>
string(4) "init"
["class"]=>
string(23) "OrayX_Controller_Action"
["type"]=>
string(2) "->"
["args"]=>
array(0) {
}
}
[3]=>
array(6) {
["file"]=>
string(52) "/www/library/Zend/Controller/Dispatcher/Standard.php"
["line"]=>
int(268)
["function"]=>
string(11) "__construct"
["class"]=>
string(22) "Zend_Controller_Action"
["type"]=>
string(2) "->"
["args"]=>
array(3) {
[0]=>
object(Zend_Controller_Request_Http)#40 (15) {
["_paramSources":protected]=>
array(2) {
[0]=>
string(4) "_GET"
[1]=>
string(5) "_POST"
}
["_requestUri":protected]=>
string(41) "/buy/?serviceid=2004&account=thornbird-cn"
["_baseUrl":protected]=>
string(0) ""
["_basePath":protected]=>
NULL
["_pathInfo":protected]=>
string(5) "/buy/"
["_params":protected]=>
array(4) {
["controller"]=>
string(3) "buy"
["action"]=>
string(5) "index"
["module"]=>
string(7) "default"
["error_handler"]=>
*RECURSION*
}
["_rawBody":protected]=>
NULL
["_aliases":protected]=>
array(0) {
}
["_dispatched":protected]=>
bool(true)
["_module":protected]=>
string(7) "default"
["_moduleKey":protected]=>
string(6) "module"
["_controller":protected]=>
string(5) "error"
["_controllerKey":protected]=>
string(10) "controller"
["_action":protected]=>
string(5) "error"
["_actionKey":protected]=>
string(6) "action"
}
[1]=>
object(Zend_Controller_Response_Http)#41 (8) {
["_body":protected]=>
array(0) {
}
["_exceptions":protected]=>
array(1) {
[0]=>
*RECURSION*
}
["_headers":protected]=>
array(0) {
}
["_headersRaw":protected]=>
array(0) {
}
["_httpResponseCode":protected]=>
int(200)
["_isRedirect":protected]=>
bool(false)
["_renderExceptions":protected]=>
bool(false)
["headersSentThrowsException"]=>
bool(true)
}
[2]=>
array(2) {
["displayExceptions"]=>
string(1) "0"
["bootstrap"]=>
object(Bootstrap)#3 (13) {
["_appNamespace":protected]=>
bool(false)
["_resourceLoader":protected]=>
NULL
["_application":protected]=>
object(Zend_Application)#1 (5) {
["_autoloader":protected]=>
object(Zend_Loader_Autoloader)#2 (8) {
["_autoloaders":protected]=>
array(0) {
}
["_defaultAutoloader":protected]=>
array(2) {
[0]=>
string(11) "Zend_Loader"
[1]=>
string(9) "loadClass"
}
["_fallbackAutoloader":protected]=>
bool(false)
["_internalAutoloader":protected]=>
array(2) {
[0]=>
*RECURSION*
[1]=>
string(9) "_autoload"
}
["_namespaces":protected]=>
array(6) {
["Zend_"]=>
bool(true)
["ZendX_"]=>
bool(true)
["Oray_"]=>
bool(true)
["OrayX_"]=>
bool(true)
["Dao_"]=>
bool(true)
["Model_"]=>
bool(true)
}
["_namespaceAutoloaders":protected]=>
array(0) {
}
["_suppressNotFoundWarnings":protected]=>
bool(false)
["_zfPath":protected]=>
NULL
}
["_bootstrap":protected]=>
*RECURSION*
["_environment":protected]=>
string(10) "production"
["_optionKeys":protected]=>
array(21) {
[0]=>
string(11) "phpsettings"
[1]=>
string(9) "bootstrap"
[2]=>
string(20) "autoloadernamespaces"
[3]=>
string(11) "pluginpaths"
[4]=>
string(9) "resources"
[5]=>
string(8) "coremail"
[6]=>
string(5) "cndns"
[7]=>
string(3) "dns"
[8]=>
string(7) "httpsqs"
[9]=>
string(9) "registrar"
[10]=>
string(6) "smarty"
[11]=>
string(7) "dbnames"
[12]=>
string(4) "path"
[13]=>
string(5) "sites"
[14]=>
string(7) "cookies"
[15]=>
string(5) "whois"
[16]=>
string(7) "hosting"
[17]=>
string(5) "cnnic"
[18]=>
string(8) "mailaddr"
[19]=>
string(5) "mails"
[20]=>
string(5) "admin"
}
["_options":protected]=>
array(21) {
["phpSettings"]=>
array(3) {
["error_reporting"]=>
string(5) "30719"
["display_errors"]=>
string(1) "0"
["error_log"]=>
string(19) "/www/logs/error.log"
}
["bootstrap"]=>
array(2) {
["path"]=>
string(50) "/www/htdocs/buy.oray.com/application/Bootstrap.php"
["class"]=>
string(9) "Bootstrap"
}
["autoloaderNamespaces"]=>
array(4) {
[0]=>
string(5) "Oray_"
[1]=>
string(6) "OrayX_"
[2]=>
string(4) "Dao_"
[3]=>
string(6) "Model_"
}
["pluginpaths"]=>
array(1) {
["Oray_Application_Resource"]=>
string(25) "Oray/Application/Resource"
}
["resources"]=>
array(7) {
["frontController"]=>
array(2) {
["controllerDirectory"]=>
array(2) {
["default"]=>
string(48) "/www/htdocs/buy.oray.com/application/controllers"
["partner"]=>
string(64) "/www/htdocs/buy.oray.com/application/modules/partner/controllers"
}
["params"]=>
array(1) {
["displayExceptions"]=>
string(1) "0"
}
}
["multidb"]=>
array(6) {
["peanut"]=>
array(8) {
["adapter"]=>
string(9) "pdo_mssql"
["default"]=>
string(1) "1"
["pdoType"]=>
string(5) "dblib"
["charset"]=>
string(4) "utf8"
["host"]=>
string(15) "oraydb.oray.net"
["username"]=>
string(7) "OrayWeb"
["password"]=>
string(18) "upDate20)&OrayWeb."
["dbname"]=>
string(6) "Peanut"
}
["forward"]=>
array(6) {
["adapter"]=>
string(9) "pdo_mysql"
["charset"]=>
string(4) "utf8"
["host"]=>
string(11) "80.oray.net"
["username"]=>
string(6) "peanut"
["password"]=>
string(20) "dIn0Te9tbhcm14ffxMUf"
["dbname"]=>
string(6) "peanut"
}
["forwardRead"]=>
array(7) {
["adapter"]=>
string(9) "pdo_mysql"
["charset"]=>
string(4) "utf8"
["host"]=>
string(14) "202.105.21.232"
["port"]=>
string(4) "3307"
["username"]=>
string(6) "peanut"
["password"]=>
string(20) "dIn0Te9tbhcm14ffxMUf"
["dbname"]=>
string(6) "peanut"
}
["phpweb"]=>
array(6) {
["adapter"]=>
string(9) "pdo_mysql"
["charset"]=>
string(4) "utf8"
["host"]=>
string(14) "202.105.21.197"
["username"]=>
string(6) "phpweb"
["password"]=>
string(20) "nZ0ZrinKc4RZ8AMfybtU"
["dbname"]=>
string(6) "phpweb"
}
["coremail"]=>
array(7) {
["adapter"]=>
string(9) "pdo_mysql"
["charset"]=>
string(4) "utf8"
["host"]=>
string(14) "120.31.129.140"
["port"]=>
string(4) "3308"
["username"]=>
string(4) "oray"
["password"]=>
string(13) "Oray_database"
["dbname"]=>
string(8) "coremail"
}
["phforward"]=>
array(7) {
["adapter"]=>
string(9) "pdo_mysql"
["charset"]=>
string(4) "utf8"
["host"]=>
string(16) "newphdb.oray.net"
["port"]=>
string(4) "3306"
["username"]=>
string(8) "newphweb"
["password"]=>
string(20) "127X8zo6bsLbGklkPY87"
["dbname"]=>
string(10) "newph_fw_v"
}
}
["multicache"]=>
array(1) {
["site"]=>
array(4) {
["adapter"]=>
string(8) "memcache"
["host"]=>
string(15) "119.145.138.197"
["port"]=>
string(5) "11311"
["default"]=>
string(1) "1"
}
}
["session"]=>
array(3) {
["name"]=>
string(6) "_s_id_"
["cookie_domain"]=>
string(8) "oray.com"
["cookie_path"]=>
string(1) "/"
}
["dns"]=>
array(3) {
["server"]=>
string(15) "119.145.138.202"
["api"]=>
string(52) "http://dnscgi-linux.oray.net:8080/cgi-bin/dnscgi.cgi"
["db"]=>
array(7) {
["adapter"]=>
string(9) "pdo_mssql"
["pdoType"]=>
string(5) "dblib"
["charset"]=>
string(4) "utf8"
["host"]=>
string(15) "oraydb.oray.net"
["username"]=>
string(7) "OrayWeb"
["password"]=>
string(18) "upDate20)&OrayWeb."
["dbname"]=>
string(6) "Peanut"
}
}
["mail"]=>
array(2) {
["transport"]=>
array(5) {
["type"]=>
string(4) "smtp"
["host"]=>
string(22) "vip.smtp.olivemail.net"
["auth"]=>
string(5) "login"
["username"]=>
string(12) "[email protected]"
["password"]=>
string(16) "peanuttest123!@#"
}
["defaultFrom"]=>
array(2) {
["email"]=>
string(12) "[email protected]"
["name"]=>
string(12) "Oray Service"
}
}
["log"]=>
array(1) {
["db"]=>
array(2) {
["writerName"]=>
string(2) "Db"
["writerParams"]=>
array(3) {
["db"]=>
array(7) {
["adapter"]=>
string(9) "pdo_mssql"
["pdoType"]=>
string(5) "dblib"
["charset"]=>
string(4) "utf8"
["host"]=>
string(15) "oraydb.oray.net"
["username"]=>
string(7) "OrayLog"
["password"]=>
string(20) "m72dXa9btKRxLbly17fn"
["dbname"]=>
string(7) "OrayLog"
}
["table"]=>
string(7) "LOG_Web"
["columnMap"]=>
array(4) {
["class"]=>
string(5) "class"
["severity"]=>
string(12) "priorityName"
["message"]=>
string(7) "message"
["createtime"]=>
string(9) "timestamp"
}
}
}
}
}
["coremail"]=>
array(4) {
["wsdl"]=>
string(54) "http://oray.icoremail.net:9900/apiws/services/API?wsdl"
["options"]=>
array(2) {
["encoding"]=>
string(5) "UTF-8"
["trace"]=>
string(1) "1"
}
["providerId"]=>
string(4) "oray"
["cosIdAlias"]=>
string(1) "3"
}
["cndns"]=>
array(4) {
["api"]=>
string(21) "http://api.cndns.com/"
["username"]=>
string(4) "oray"
["password"]=>
string(32) "dfee2c43b0eeac109c29cdf329a12ba6"
["email"]=>
string(14) "[email protected]"
}
["dns"]=>
array(2) {
["free"]=>
array(4) {
["billboard"]=>
string(11) "bb.oray.net"
["ns1"]=>
string(15) "ns1.dnsoray.net"
["ns2"]=>
string(15) "ns2.dnsoray.net"
["ns"]=>
array(2) {
[0]=>
string(15) "ns1.dnsoray.net"
[1]=>
string(15) "ns2.dnsoray.net"
}
}
["vip"]=>
array(4) {
["billboard"]=>
string(18) "billboard.oray.net"
["ns1"]=>
string(12) "ns1.oray.net"
["ns2"]=>
string(12) "ns2.oray.net"
["ns"]=>
array(2) {
[0]=>
string(12) "ns1.oray.net"
[1]=>
string(12) "ns2.oray.net"
}
}
}
["httpsqs"]=>
array(4) {
["host"]=>
string(15) "119.145.138.202"
["port"]=>
string(5) "12181"
["chartset"]=>
string(5) "utf-8"
["names"]=>
array(3) {
["peanuthull"]=>
string(10) "peanuthull"
["hosting"]=>
string(7) "hosting"
["sunlogin"]=>
string(2) "rc"
}
}
["registrar"]=>
array(2) {
["dnbiz"]=>
array(3) {
["host"]=>
string(21) "http://open.yumi.com/"
["key"]=>
string(4) "oray"
["secret"]=>
string(32) "DDIKK92DURNV8JLLUWHKVMNDHY07JD86"
}
["oray"]=>
array(3) {
["api"]=>
string(19) "http://api.oray.com"
["clid"]=>
string(7) "6683271"
["password"]=>
string(32) "48abb5eb136fd8106b929366e319d55b"
}
}
["smarty"]=>
array(4) {
["template_dir"]=>
string(52) "/www/htdocs/buy.oray.com/application/views/templates"
["compile_dir"]=>
string(24) "/www/caches/buy.oray.com"
["left_delimiter"]=>
string(2) "{{"
["right_delimiter"]=>
string(2) "}}"
}
["dbnames"]=>
array(5) {
["peanut"]=>
string(6) "Peanut"
["newpeanut"]=>
string(9) "NewPeanut"
["project"]=>
string(10) "NewProject"
["domainsystem"]=>
string(12) "DomainSystem"
["orayonline"]=>
string(10) "OrayOnline"
}
["path"]=>
array(3) {
["configs"]=>
string(12) "/www/configs"
["data"]=>
string(9) "/www/data"
["caches"]=>
string(11) "/www/caches"
}
["sites"]=>
array(14) {
["static"]=>
string(25) "http://static.orayimg.com"
["oray"]=>
string(19) "http://www.oray.com"
["console"]=>
string(24) "https://console.oray.com"
["ask"]=>
string(19) "http://ask.oray.com"
["store"]=>
string(21) "http://store.oray.com"
["service"]=>
string(23) "http://service.oray.com"
["domain"]=>
string(22) "http://domain.oray.com"
["diy"]=>
string(19) "http://diy.oray.com"
["tudu"]=>
string(20) "http://tudu.oray.com"
["buy"]=>
string(19) "http://buy.oray.com"
["sunlogin"]=>
string(24) "http://sunlogin.oray.com"
["registrar"]=>
string(25) "http://registrar.oray.com"
["shop"]=>
string(20) "http://shop.oray.com"
["peanuthull"]=>
string(19) "http://hsk.oray.com"
}
["cookies"]=>
array(3) {
["account"]=>
string(9) "_account_"
["userid"]=>
string(5) "_uid_"
["track"]=>
string(4) "_tk_"
}
["whois"]=>
array(1) {
["api"]=>
array(2) {
[0]=>
string(39) "http://whois116.oray.net:8080/whois.cgi"
[1]=>
string(39) "http://whois217.oray.net:8080/whois.cgi"
}
}
["hosting"]=>
array(6) {
["control"]=>
string(36) "http://yicp.net/control/default.aspx"
["url"]=>
string(32) "http://yicp.net/api/default.aspx"
["userid"]=>
string(8) "31471783"
["password"]=>
string(12) "BestOray2013"
["email"]=>
string(12) "[email protected]"
["servers"]=>
array(1) {
[0]=>
string(10) "whzg010695"
}
}
["cnnic"]=>
array(1) {
["api"]=>
array(3) {
["wsdl"]=>
string(37) "http://api.cnnic.cn/cnnicAPI/services"
["user"]=>
string(4) "shbr"
["password"]=>
string(16) "59574a6a4d54497a"
}
}
["mailaddr"]=>
array(3) {
["domain"]=>
string(20) "[email protected]"
["olivemail"]=>
string(42) "[email protected],[email protected]"
["hosting"]=>
string(14) "[email protected]"
}
["mails"]=>
array(1) {
["domain"]=>
array(1) {
["register"]=>
string(19) "[email protected]"
}
}
["admin"]=>
array(1) {
["emails"]=>
string(74) "[email protected],[email protected],[email protected],[email protected],[email protected]"
}
}
}
["_classResources":protected]=>
array(3) {
["view"]=>
string(9) "_initView"
["session"]=>
string(12) "_initSession"
["application"]=>
string(16) "_initApplication"
}
["_container":protected]=>
object(Zend_Registry)#55 (1) {
["storage":"ArrayObject":private]=>
array(4) {
["frontcontroller"]=>
object(Zend_Controller_Front)#58 (11) {
["_baseUrl":protected]=>
NULL
["_controllerDir":protected]=>
NULL
["_dispatcher":protected]=>
object(Zend_Controller_Dispatcher_Standard)#54 (11) {
["_curDirectory":protected]=>
string(48) "/www/htdocs/buy.oray.com/application/controllers"
["_curModule":protected]=>
string(7) "default"
["_controllerDirectory":protected]=>
array(2) {
["default"]=>
string(48) "/www/htdocs/buy.oray.com/application/controllers"
["partner"]=>
string(64) "/www/htdocs/buy.oray.com/application/modules/partner/controllers"
}
["_defaultAction":protected]=>
string(5) "index"
["_defaultController":protected]=>
string(5) "index"
["_defaultModule":protected]=>
string(7) "default"
["_frontController":protected]=>
NULL
["_invokeParams":protected]=>
array(2) {
["displayExceptions"]=>
string(1) "0"
["bootstrap"]=>
*RECURSION*
}
["_pathDelimiter":protected]=>
string(1) "_"
["_response":protected]=>
object(Zend_Controller_Response_Http)#41 (8) {
["_body":protected]=>
array(0) {
}
["_exceptions":protected]=>
array(1) {
[0]=>
*RECURSION*
}
["_headers":protected]=>
array(0) {
}
["_headersRaw":protected]=>
array(0) {
}
["_httpResponseCode":protected]=>
int(200)
["_isRedirect":protected]=>
bool(false)
["_renderExceptions":protected]=>
bool(false)
["headersSentThrowsException"]=>
bool(true)
}
["_wordDelimiter":protected]=>
array(2) {
[0]=>
string(1) "-"
[1]=>
string(1) "."
}
}
["_invokeParams":protected]=>
array(2) {
["displayExceptions"]=>
string(1) "0"
["bootstrap"]=>
*RECURSION*
}
["_moduleControllerDirectoryName":protected]=>
string(11) "controllers"
["_plugins":protected]=>
object(Zend_Controller_Plugin_Broker)#56 (3) {
["_plugins":protected]=>
array(1) {
[100]=>
object(Zend_Controller_Plugin_ErrorHandler)#43 (7) {
["_errorModule":protected]=>
string(7) "default"
["_errorController":protected]=>
string(5) "error"
["_errorAction":protected]=>
string(5) "error"
["_isInsideErrorHandlerLoop":protected]=>
bool(true)
["_exceptionCountAtFirstEncounter":protected]=>
int(1)
["_request":protected]=>
object(Zend_Controller_Request_Http)#40 (15) {
["_paramSources":protected]=>
array(2) {
[0]=>
string(4) "_GET"
[1]=>
string(5) "_POST"
}
["_requestUri":protected]=>
string(41) "/buy/?serviceid=2004&account=thornbird-cn"
["_baseUrl":protected]=>
string(0) ""
["_basePath":protected]=>
NULL
["_pathInfo":protected]=>
string(5) "/buy/"
["_params":protected]=>
array(4) {
["controller"]=>
string(3) "buy"
["action"]=>
string(5) "index"
["module"]=>
string(7) "default"
["error_handler"]=>
*RECURSION*
}
["_rawBody":protected]=>
NULL
["_aliases":protected]=>
array(0) {
}
["_dispatched":protected]=>
bool(true)
["_module":protected]=>
string(7) "default"
["_moduleKey":protected]=>
string(6) "module"
["_controller":protected]=>
string(5) "error"
["_controllerKey":protected]=>
string(10) "controller"
["_action":protected]=>
string(5) "error"
["_actionKey":protected]=>
string(6) "action"
}
["_response":protected]=>
object(Zend_Controller_Response_Http)#41 (8) {
["_body":protected]=>
array(0) {
}
["_exceptions":protected]=>
array(1) {
[0]=>
*RECURSION*
}
["_headers":protected]=>
array(0) {
}
["_headersRaw":protected]=>
array(0) {
}
["_httpResponseCode":protected]=>
int(200)
["_isRedirect":protected]=>
bool(false)
["_renderExceptions":protected]=>
bool(false)
["headersSentThrowsException"]=>
bool(true)
}
}
}
["_request":protected]=>
object(Zend_Controller_Request_Http)#40 (15) {
["_paramSources":protected]=>
array(2) {
[0]=>
string(4) "_GET"
[1]=>
string(5) "_POST"
}
["_requestUri":protected]=>
string(41) "/buy/?serviceid=2004&account=thornbird-cn"
["_baseUrl":protected]=>
string(0) ""
["_basePath":protected]=>
NULL
["_pathInfo":protected]=>
string(5) "/buy/"
["_params":protected]=>
array(4) {
["controller"]=>
string(3) "buy"
["action"]=>
string(5) "index"
["module"]=>
string(7) "default"
["error_handler"]=>
*RECURSION*
}
["_rawBody":protected]=>
NULL
["_aliases":protected]=>
array(0) {
}
["_dispatched":protected]=>
bool(true)
["_module":protected]=>
string(7) "default"
["_moduleKey":protected]=>
string(6) "module"
["_controller":protected]=>
string(5) "error"
["_controllerKey":protected]=>
string(10) "controller"
["_action":protected]=>
string(5) "error"
["_actionKey":protected]=>
string(6) "action"
}
["_response":protected]=>
object(Zend_Controller_Response_Http)#41 (8) {
["_body":protected]=>
array(0) {
}
["_exceptions":protected]=>
array(1) {
[0]=>
*RECURSION*
}
["_headers":protected]=>
array(0) {
}
["_headersRaw":protected]=>
array(0) {
}
["_httpResponseCode":protected]=>
int(200)
["_isRedirect":protected]=>
bool(false)
["_renderExceptions":protected]=>
bool(false)
["headersSentThrowsException"]=>
bool(true)
}
}
["_request":protected]=>
object(Zend_Controller_Request_Http)#40 (15) {
["_paramSources":protected]=>
array(2) {
[0]=>
string(4) "_GET"
[1]=>
string(5) "_POST"
}
["_requestUri":protected]=>
string(41) "/buy/?serviceid=2004&account=thornbird-cn"
["_baseUrl":protected]=>
string(0) ""
["_basePath":protected]=>
NULL
["_pathInfo":protected]=>
string(5) "/buy/"
["_params":protected]=>
array(4) {
["controller"]=>
string(3) "buy"
["action"]=>
string(5) "index"
["module"]=>
string(7) "default"
["error_handler"]=>
*RECURSION*
}
["_rawBody":protected]=>
NULL
["_aliases":protected]=>
array(0) {
}
["_dispatched":protected]=>
bool(true)
["_module":protected]=>
string(7) "default"
["_moduleKey":protected]=>
string(6) "module"
["_controller":protected]=>
string(5) "error"
["_controllerKey":protected]=>
string(10) "controller"
["_action":protected]=>
string(5) "error"
["_actionKey":protected]=>
string(6) "action"
}
["_response":protected]=>
object(Zend_Controller_Response_Http)#41 (8) {
["_body":protected]=>
array(0) {
}
["_exceptions":protected]=>
array(1) {
[0]=>
*RECURSION*
}
["_headers":protected]=>
array(0) {
}
["_headersRaw":protected]=>
array(0) {
}
["_httpResponseCode":protected]=>
int(200)
["_isRedirect":protected]=>
bool(false)
["_renderExceptions":protected]=>
bool(false)
["headersSentThrowsException"]=>
bool(true)
}
["_returnResponse":protected]=>
bool(false)
["_router":protected]=>
object(Zend_Controller_Router_Rewrite)#35 (8) {
["_useDefaultRoutes":protected]=>
bool(true)
["_routes":protected]=>
array(1) {
["default"]=>
object(Zend_Controller_Router_Route_Module)#38 (11) {
["_defaults":protected]=>
array(3) {
["controller"]=>
string(5) "index"
["action"]=>
string(5) "index"
["module"]=>
string(7) "default"
}
["_values":protected]=>
array(1) {
["controller"]=>
string(3) "buy"
}
["_moduleValid":protected]=>
bool(false)
["_keysSet":protected]=>
bool(true)
["_moduleKey":protected]=>
string(6) "module"
["_controllerKey":protected]=>
string(10) "controller"
["_actionKey":protected]=>
string(6) "action"
["_dispatcher":protected]=>
object(Zend_Controller_Dispatcher_Standard)#54 (11) {
["_curDirectory":protected]=>
string(48) "/www/htdocs/buy.oray.com/application/controllers"
["_curModule":protected]=>
string(7) "default"
["_controllerDirectory":protected]=>
array(2) {
["default"]=>
string(48) "/www/htdocs/buy.oray.com/application/controllers"
["partner"]=>
string(64) "/www/htdocs/buy.oray.com/application/modules/partner/controllers"
}
["_defaultAction":protected]=>
string(5) "index"
["_defaultController":protected]=>
string(5) "index"
["_defaultModule":protected]=>
string(7) "default"
["_frontController":protected]=>
NULL
["_invokeParams":protected]=>
array(2) {
["displayExceptions"]=>
string(1) "0"
["bootstrap"]=>
*RECURSION*
}
["_pathDelimiter":protected]=>
string(1) "_"
["_response":protected]=>
object(Zend_Controller_Response_Http)#41 (8) {
["_body":protected]=>
array(0) {
}
["_exceptions":protected]=>
array(1) {
[0]=>
*RECURSION*
}
["_headers":protected]=>
array(0) {
}
["_headersRaw":protected]=>
array(0) {
}
["_httpResponseCode":protected]=>
int(200)
["_isRedirect":protected]=>
bool(false)
["_renderExceptions":protected]=>
bool(false)
["headersSentThrowsException"]=>
bool(true)
}
["_wordDelimiter":protected]=>
array(2) {
[0]=>
string(1) "-"
[1]=>
string(1) "."
}
}
["_request":protected]=>
object(Zend_Controller_Request_Http)#40 (15) {
["_paramSources":protected]=>
array(2) {
[0]=>
string(4) "_GET"
[1]=>
string(5) "_POST"
}
["_requestUri":protected]=>
string(41) "/buy/?serviceid=2004&account=thornbird-cn"
["_baseUrl":protected]=>
string(0) ""
["_basePath":protected]=>
NULL
["_pathInfo":protected]=>
string(5) "/buy/"
["_params":protected]=>
array(4) {
["controller"]=>
string(3) "buy"
["action"]=>
string(5) "index"
["module"]=>
string(7) "default"
["error_handler"]=>
*RECURSION*
}
["_rawBody":protected]=>
NULL
["_aliases":protected]=>
array(0) {
}
["_dispatched":protected]=>
bool(true)
["_module":protected]=>
string(7) "default"
["_moduleKey":protected]=>
string(6) "module"
["_controller":protected]=>
string(5) "error"
["_controllerKey":protected]=>
string(10) "controller"
["_action":protected]=>
string(5) "error"
["_actionKey":protected]=>
string(6) "action"
}
["_isAbstract":protected]=>
bool(false)
["_matchedPath":protected]=>
NULL
}
}
["_currentRoute":protected]=>
string(7) "default"
["_globalParams":protected]=>
array(0) {
}
["_chainNameSeparator":protected]=>
string(1) "-"
["_useCurrentParamsAsGlobal":protected]=>
bool(false)
["_frontController":protected]=>
*RECURSION*
["_invokeParams":protected]=>
array(2) {
["displayExceptions"]=>
string(1) "0"
["bootstrap"]=>
*RECURSION*
}
}
["_throwExceptions":protected]=>
bool(false)
}
["multicache"]=>
object(Oray_Application_Resource_Multicache)#52 (5) {
["_caches":protected]=>
array(1) {
["site"]=>
object(Oray_Cache_Memcache)#53 (3) {
["_options":protected]=>
array(13) {
["host"]=>
string(15) "119.145.138.197"
["port"]=>
string(5) "11311"
["persistent"]=>
bool(true)
["weight"]=>
int(1)
["timeout"]=>
int(1)
["retry_interval"]=>
int(15)
["status"]=>
bool(true)
["failure_callback"]=>
NULL
["compression"]=>
bool(false)
["compatibility"]=>
bool(false)
["compress_threshold"]=>
int(20000)
["adapter"]=>
string(8) "memcache"
["default"]=>
string(1) "1"
}
["_haveZlib":"Oray_Cache_Memcache":private]=>
bool(true)
["_storage":protected]=>
object(Memcache)#50 (1) {
["connection"]=>
resource(36) of type (memcache connection)
}
}
}
["_defaultCache":protected]=>
object(Oray_Cache_
漏洞证明:
修复方案:
我也不怎么懂。
版权声明:转载请注明来源 ThornBird@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2014-12-08 14:30
厂商回复:
最新状态:
2015-06-23:您好,上述漏洞已修复处理,感谢您对oray业务安全的关注