乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-27: 细节已通知厂商并且等待厂商处理中 2015-05-01: 厂商已经确认,细节仅向厂商公开 2015-05-11: 细节向核心白帽子及相关领域专家公开 2015-05-21: 细节向普通白帽子公开 2015-05-31: 细节向实习白帽子公开 2015-06-15: 细节向公众公开
筑龙网多个数据库信息一览无余。
涉及网站为:s.zhulong.com(筑龙搜索)http://s.zhulong.com//.svn/entries 可以用svn源码泄漏利用工具查看整站源代码
//数据库配置$_config['s']['dbname'] = 'zhulong';$_config['s']['tablepre'] = '';$_config['s']['dbhost'] = '192.168.0.25'; //192.168.0.25$_config['s']['dbuser'] = 'zhulongManage'; //zhulongManage$_config['s']['dbpw'] = 'alw092lwlas45e8'; //alw092lwlas45e8$_config['s']['dbcharset'] = 'utf8';$_config['s']['pconnect'] = '1';//数据库配置(连接统计数据库)$_config['stat']['dbname'] = 'statistics'; $_config['stat']['tablepre'] = ''; // $_config['stat']['dbhost'] = '192.168.0.25'; //192.168.0.25$_config['stat']['dbuser'] = 'statisticsManage'; //statisticsManage$_config['stat']['dbpw'] = 'al0d124wgyw092'; //al0d124wgyw092 $_config['stat']['dbcharset'] = 'utf8';$_config['stat']['pconnect'] = '1';
因为是内网ip,所以就不找对应外网ip连接进一步渗透了,太复杂,尽快修复吧!
http://s.zhulong.com//.svn/entries 可以用svn源码泄漏利用工具查看整站源代码
删除文件,修改数据库密码
危害等级:中
漏洞Rank:10
确认时间:2015-05-01 23:20
部署服务器疏忽,非常感谢崔超杰的提醒
暂无