乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-12-29: 细节已通知厂商并且等待厂商处理中 2014-12-29: 厂商已经确认,细节仅向厂商公开 2015-01-08: 细节向核心白帽子及相关领域专家公开 2015-01-18: 细节向普通白帽子公开 2015-01-28: 细节向实习白帽子公开 2015-02-12: 细节向公众公开
完美时空某rsync未授权访问泄露大量游戏数据备份
rsync 58.215.52.26::backup/drwxr-xr-x 4096 2014/10/13 15:24:18 .-rw-r--r-- 12270178 2014/09/30 10:13:21 862-598.log-rw-r--r-- 85325 2014/09/30 09:59:29 abstractroles.598-rw-r--r-- 147653 2014/09/30 09:59:18 abstractroles.862drwxr-xr-x 32 2014/09/30 08:34:28 centraldb-rw-r--r-- 1382727739 2014/09/30 09:54:02 centraldb.tar.gz-rw-r--r-- 1382724687 2014/09/30 10:19:08 centraldb_21.243.tar.gz-rw-r--r-- 1445107860 2014/09/30 08:27:25 db_21.1.tar.gz-rw-r--r-- 849604379 2014/09/30 08:26:42 db_22.133.tar.gzdrwxr-xr-x 32 2014/09/30 08:23:32 dbhomewdbdrwxr-xr-x 32 2014/09/30 08:23:29 dbhomewdb.862-rwxr-xr-x 1604840 2014/10/13 15:24:19 dbview-rwxr-xr-x 62084020 2014/09/30 09:54:22 gamedbd-rw-r--r-- 2477 2014/09/30 09:54:11 gamesys.conf-rwxr-xr-x 123128 2014/09/30 09:19:29 itemid.txt-rwxr-xr-x 2658 2014/09/30 09:19:32 m_a.pl-rw-r--r-- 3342 2014/09/30 08:24:55 md5_21.133-rw-r--r-- 3342 2014/09/30 10:28:16 md5_centraldb-rwxr-xr-x 537 2014/09/30 09:58:59 merge.sh-rw------- 113 2014/09/30 09:59:02 nohup.out-rwxr-xr-x 540 2014/09/30 09:18:15 start_rsync.shdrwxr-xr-x 66 2014/10/13 15:17:19 youshuangdrwxr-xr-x 62 2014/10/13 15:21:51 ys
查看gamesys.conf
[storage]homedir = ./dbhomedatadir = dbdatalogdir = dblogsbackupdir = ./backupcachesize = 16777216errpfx = Storagecheckpoint_interval = 60backup_lockfile = /tmp/.lockgamedbdquit_lockfile = /tmp/.quitgamedbdcompress = 1[storagewdb]homedir = ./dbhomewdbdatadir = dbdatalogdir = dblogsbackupdir = ./backupcheckpoint_interval = 60times_incbackup = 1tables = auction,clsconfig,faction,factionname,inventory,messages,storehouse,top,user,base,config,friends,mailbox,rolename,status,task,waitdel,order,shoplog,gtask,family,familyname,citystore,syslog,sect,commondata,snsplayerinfo,snsmessage,clrrole,base2,referral,hometown,achievement,uniqueauction,circle,consign,finished_consign,gtactivate,friendcallback,award,dropcounter,rolenamehis,topflower,kingdom,operationcmd,weborder,factionbase,crssvrteams,crssvrteamsname,challengefinal,challengeaward,uniqueuser,uniquerole,annualpkpromotecache_high_default = 8000cache_low_default = 7500base_cache_high = 50000base_cache_low = 45000status_cache_high = 50000status_cache_low = 45000inventory_cache_high = 50000inventory_cache_low = 45000task_cache_high = 50000task_cache_low = 45000backup_lockfile = /tmp/.lockgamedbdquit_lockfile = /tmp/.quitgamedbd[gamedbd]noimportclsconfig = 0;rolenameprefix = Arolenamesuffix = B;factionnameprefix = Afactionnamesuffix = B;familynameprefix = Afamilynamesuffix = Ballow_modify_inventory=0
这里应该是游戏各个数据字段的备份
rsync 58.215.52.26::backup/dbhomewdb/dbdata/drwxr-xr-x 4096 2014/09/30 10:13:19 .-rw------- 1776893952 2014/09/30 10:13:21 achievement-rw------- 12288 2014/09/30 10:13:21 annualpkpromote-rw------- 8192 2014/09/30 10:13:21 auction-rw------- 134750208 2014/09/30 10:13:21 award-rw------- 582098944 2014/09/30 10:13:21 base-rw------- 214130688 2014/09/30 10:13:21 base2-rw------- 12288 2014/09/30 10:13:21 challengeaward-rw------- 12288 2014/09/30 10:13:21 challengefinal-rw------- 8192 2014/09/30 10:13:21 circle-rw------- 8192 2014/09/30 10:13:21 citystore-rw------- 8192 2014/09/30 10:13:21 clrrole-rw------- 8192 2014/09/30 10:13:21 clsconfig-rw------- 12288 2014/09/30 10:13:21 commondata
加入授权
危害等级:中
漏洞Rank:10
确认时间:2014-12-29 18:14
感谢洞主对完美世界的关注,我们将尽快修补漏洞。
暂无