乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-07: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-06-21: 厂商已经主动忽略漏洞,细节向公众公开
鲁中网某漏洞导致敏感信息泄漏
http://bbs.lznews.cn//config/config_global.php.bak 数据库备份文件可下载
数据库信息泄漏:
// ---------------------------- CONFIG DB ----------------------------- //$_config['db']['1']['dbhost'] = 'localhost';$_config['db']['1']['dbuser'] = 'bbs';$_config['db']['1']['dbpw'] = 'bbs#%*6757';$_config['db']['1']['dbcharset'] = 'utf8';$_config['db']['1']['pconnect'] = '0';$_config['db']['1']['dbname'] = 'ultrax';$_config['db']['1']['tablepre'] = 'cdb_';$_config['db']['common']['slave_except_table'] = ''
删除bak备份文件
未能联系到厂商或者厂商积极拒绝