乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-21: 细节已通知厂商并且等待厂商处理中 2015-07-21: 厂商已经确认,细节仅向厂商公开 2015-07-31: 细节向核心白帽子及相关领域专家公开 2015-08-10: 细节向普通白帽子公开 2015-08-20: 细节向实习白帽子公开 2015-09-04: 细节向公众公开
安全意识不足。。。
源码包泄露地址:
http://bbs.ehang.com/uc_server.zip
配置信息
<?php$_config = array();// ---------------------------- CONFIG DB ----------------------------- //$_config['db']['1']['dbhost'] = 'localhost';$_config['db']['1']['dbuser'] = 'root';$_config['db']['1']['dbpw'] = 'ehang2014';$_config['db']['1']['dbcharset'] = 'utf8';$_config['db']['1']['pconnect'] = '0';$_config['db']['1']['dbname'] = 'bbs_ehang';$_config['db']['1']['tablepre'] = 'pre_';$_config['db']['slave'] = '';$_config['db']['common']['slave_except_table'] = '';// -------------------------- CONFIG MEMORY --------------------------- //$_config['memory']['prefix'] = 'jpW8xj_';$_config['memory']['redis']['server'] = '';$_config['memory']['redis']['port'] = 6379;$_config['memory']['redis']['pconnect'] = 1;$_config['memory']['redis']['timeout'] = '0';$_config['memory']['redis']['requirepass'] = '';$_config['memory']['redis']['serializer'] = 1;$_config['memory']['memcache']['server'] = '';$_config['memory']['memcache']['port'] = 11211;$_config['memory']['memcache']['pconnect'] = 1;$_config['memory']['memcache']['timeout'] = 1;$_config['memory']['apc'] = 1;$_config['memory']['xcache'] = 1;$_config['memory']['eaccelerator'] = 1;$_config['memory']['wincache'] = 1;// -------------------------- CONFIG SERVER --------------------------- //$_config['server']['id'] = 1;// ------------------------- CONFIG DOWNLOAD -------------------------- //$_config['download']['readmod'] = 2;$_config['download']['xsendfile']['type'] = '0';$_config['download']['xsendfile']['dir'] = '/down/';// -------------------------- CONFIG OUTPUT --------------------------- //$_config['output']['charset'] = 'utf-8';$_config['output']['forceheader'] = 1;$_config['output']['gzip'] = '0';$_config['output']['tplrefresh'] = 1;$_config['output']['language'] = 'zh_cn';$_config['output']['staticurl'] = 'static/';$_config['output']['ajaxvalidate'] = '0';$_config['output']['iecompatible'] = '0';// -------------------------- CONFIG COOKIE --------------------------- //$_config['cookie']['cookiepre'] = 'kuUn_';$_config['cookie']['cookiedomain'] = '';$_config['cookie']['cookiepath'] = '/';// ------------------------- CONFIG SECURITY -------------------------- //$_config['security']['authkey'] = 'c16166FiNAF2HARV';$_config['security']['urlxssdefend'] = 1;$_config['security']['attackevasive'] = '0';$_config['security']['querysafe']['status'] = 1;$_config['security']['querysafe']['dfunction']['0'] = 'load_file';$_config['security']['querysafe']['dfunction']['1'] = 'hex';$_config['security']['querysafe']['dfunction']['2'] = 'substring';$_config['security']['querysafe']['dfunction']['3'] = 'if';$_config['security']['querysafe']['dfunction']['4'] = 'ord';$_config['security']['querysafe']['dfunction']['5'] = 'char';$_config['security']['querysafe']['daction']['0'] = '@';$_config['security']['querysafe']['daction']['1'] = 'intooutfile';$_config['security']['querysafe']['daction']['2'] = 'intodumpfile';$_config['security']['querysafe']['daction']['3'] = 'unionselect';$_config['security']['querysafe']['daction']['4'] = '(select';$_config['security']['querysafe']['daction']['5'] = 'unionall';$_config['security']['querysafe']['daction']['6'] = 'uniondistinct';$_config['security']['querysafe']['dnote']['0'] = '/*';$_config['security']['querysafe']['dnote']['1'] = '*/';$_config['security']['querysafe']['dnote']['2'] = '#';$_config['security']['querysafe']['dnote']['3'] = '--';$_config['security']['querysafe']['dnote']['4'] = '"';$_config['security']['querysafe']['dlikehex'] = 1;$_config['security']['querysafe']['afullnote'] = '0';// -------------------------- CONFIG ADMINCP -------------------------- //// -------- Founders: $_config['admincp']['founder'] = '1,2,3'; --------- //$_config['admincp']['founder'] = '1';$_config['admincp']['forcesecques'] = '0';$_config['admincp']['checkip'] = 1;$_config['admincp']['runquery'] = '0';$_config['admincp']['dbimport'] = 1;// -------------------------- CONFIG REMOTE --------------------------- //$_config['remote']['on'] = '0';$_config['remote']['dir'] = 'remote';$_config['remote']['appkey'] = '62cf0b3c3e6a4c9468e7216839721d8e';$_config['remote']['cron'] = '0';// --------------------------- CONFIG INPUT --------------------------- //$_config['input']['compatible'] = 1;// ------------------- THE END -------------------- //?>
uc_key:
<?phpdefine('UC_CONNECT', 'mysql');define('UC_DBHOST', 'localhost');define('UC_DBUSER', 'root');define('UC_DBPW', 'ehang2014');define('UC_DBNAME', 'bbs_ehang');define('UC_DBCHARSET', 'utf8');define('UC_DBTABLEPRE', '`bbs_ehang`.pre_ucenter_');define('UC_DBCONNECT', 0);define('UC_CHARSET', 'utf-8');define('UC_KEY', '6aXcE6H0Hau7I528ofZ3L6Y7k9D6Zfu9MeT9R8Jczd1bW0v4D688c1teGcG3gcw2');define('UC_API', 'http://bbs.ehang.com/uc_server');define('UC_APPID', '1');define('UC_IP', '');define('UC_PPP', 20);?>
ucenter弱口令:
ehang2014
危害等级:高
漏洞Rank:15
确认时间:2015-07-21 10:29
已经确认,谢谢!
暂无
