乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-01: 细节已通知厂商并且等待厂商处理中 2015-12-04: 厂商已经确认,细节仅向厂商公开 2015-12-14: 细节向核心白帽子及相关领域专家公开 2015-12-24: 细节向普通白帽子公开 2016-01-03: 细节向实习白帽子公开 2016-01-18: 细节向公众公开
妙计旅行(www.mioji.com)是国内首家基于人工智能技术的旅游路线个性化定制引擎。利用大数据和智能化技术为用户提供一键生成的出境游路线计划。妙计收集全球数十种语言的数亿旅行行业网页,通过语义理解技术挖掘出上亿信息节点的旅行结构化知识库,无论是飞机、火车、自驾,还是酒店、景点、餐厅都会完美涵盖。妙计还会根据你的需求,帮你定制最合理的线路安排,瞬间就帮你完成个性化的旅行线路,从此人人都是旅行达人。 妙计是完全客观中立的第三方,仅提供免费的旅游方案的设计服务,本身并不售卖任何旅行产品,也不收取任何中间费用,最终的产品购买均是是通过第三方的网站(携程,艺龙,priceline等知名OTA,航空公司官网,酒店官网等)来完成。
<?php$mainArr = array( 'basePath' => dirname(__FILE__) . DIRECTORY_SEPARATOR . '..', 'name' => '妙计旅行', 'defaultController' => 'home', 'language' => 'zh_cn', 'charset' => 'UTF-8', 'preload' => array('log'), 'import' => array( 'application.models.*', '**.**.**.**ponents.*', 'application.helpers.*', 'application.extensions.*', 'application.extensions.mioji.user.*', 'application.extensions.mioji.*', 'application.extensions.mioji.MError', 'application.extensions.image.*', 'application.vendor.*', 'application.extensions.mioji.order.*' ), 'components' => array( 'db' => array( 'connectionString' => 'mysql:host=***.**.50.122;dbname=mioji', 'username' => 'root', 'password' => 'm**w_3**2', 'charset' => 'utf8', 'tablePrefix' => 'mj_', 'enableParamLogging' => true, 'enableProfiling' => true, ), 'miojibbs' => array( 'class' => 'CDbConnection', 'connectionString' => 'mysql:host=***.**.50.122;dbname=miojibbs', 'emulatePrepare' => true, 'username' => 'root', 'password' => 'm**w_3**2', 'charset' => 'utf8', ), 'frontdb' => array( 'class' => 'CDbConnection', 'connectionString' => 'mysql:host=***.**.50.122;dbname=frontdb', 'username' => 'root', 'password' => 'm**w_3**2', 'charset' => 'utf8', 'emulatePrepare' => true, ), 'onlinedb' => array( 'class' => 'CDbConnection', 'connectionString' => 'mysql:host=***.**.50.122;dbname=onlinedb', 'username' => 'root', 'password' => 'm**w_3**2', 'emulatePrepare' => true, 'charset' => 'utf8', ), 'mioji_order' => array( 'class' => 'CDbConnection', 'connectionString' => 'mysql:host=***.***.191.124;dbname=mioji_order', 'emulatePrepare' => true, 'username' => 'or**r', 'password' => 'order***.*****', 'charset' => 'utf8', ), 'redis' => array( 'class' => 'application.extensions.redis.ARedisConnection', 'hostname' => '***.**.50.122', 'port' => 6379, 'database' => 0, 'prefix' => '' ), 'redis_api' => array( 'class' => 'application.extensions.redis.ARedisConnection', 'hostname' => '***.**.82.11', 'port' => 6379, 'database' => 0, 'prefix' => '' ), 'redis_cache' => array( 'class' => 'application.extensions.redis.ARedisConnection', 'hostname' => '***.**.82.11', 'port' => 6379, 'database' => 1, 'prefix' => '' ), 'user' => array( 'stateKeyPrefix' => 'user', //前台session前缀 'allowAutoLogin' => true, 'loginUrl' => array('/home/') ), 'urlManager' => array( 'urlFormat' => 'path', 'showScriptName' => false, 'rules' => array( '<controller:\w+>/<id:\d+>' => '<controller>/view', '<controller:\w+>/<action:\w+>/<id:\d+>' => '<controller>/<action>', '<controller:\w+>/<action:\w+>' => '<controller>/<action>', ), ), 'session' => array( 'class' => 'CCacheHttpSession', ), 'cache' => array( 'class' => 'system.caching.CApcCache', ), 'errorHandler' => array( 'errorAction' => 'about/error', ), 'log' => array( 'class' => 'CLogRouter', 'routes' => array( array( 'class' => 'CFileLogRoute', 'levels' => 'error, warning', ), array( 'class' => 'CFileLogRoute', 'levels' => 'info', 'categories' => 'user.*', 'logPath' => getLogPath('userLog'), /* 把用户LOG放入userLog文件夹中 */ 'logFile' => 'user.log.' . date('YmdH') /* 按日期存储 */ ), array( 'class' => 'CFileLogRoute', 'levels' => 'info', 'categories' => 'mjapi.*', 'logPath' => getLogPath('mjapiLog'), /* 把用户LOG放入userLog文件夹中 */ 'logFile' => 'mjapi.log.' . date('YmdH') /* 按日期存储 */ ), array( 'class' => 'CFileLogRoute', 'levels' => 'info', 'categories' => 'mjapi.request.exception.*', 'logPath' => getLogPath('mjapiLog'), /* 把用户LOG放入userLog文件夹中 */ 'logFile' => 'mjapi.request.exception.log.' . date('YmdH') /* 按日期存储 */ ), ), ), 'mailer' => array( 'class' => 'application.extensions.mailer.EMailer', 'pathViews' => 'application.views.email', 'pathLayouts' => 'application.views.email.layouts' ) ), 'params' => include('params.php'),);$config = $mainArr;if (IS_LOCAL_SITE) { $config = CMap::mergeArray( $mainArr, require(dirname(__FILE__) . '/local.php') );} elseif (IS_DEV_SITE) { $config = CMap::mergeArray( $mainArr, require(dirname(__FILE__) . '/dev.php') );} elseif (IS_TEST_SITE) { $config = CMap::mergeArray( $mainArr, require(dirname(__FILE__) . '/test.php') );} elseif (IS_ONLINE_SITE) { $config = CMap::mergeArray( $mainArr, require(dirname(__FILE__) . '/online.php') );}/** * ucenter配置信息; */define('UC_CONNECT', 'mysql');define('UC_DBHOST', $config['params']['bbs_db_host']);define('UC_DBNAME', $config['params']['bbs_db_name']);define('UC_DBUSER', $config['params']['bbs_db_user']);define('UC_DBPW', $config['params']['bbs_db_pw']);define('UC_DBCHARSET', 'utf8');define('UC_DBCONNECT', '0');define('UC_KEY', '40d*****I3/****4xJg**K/W/ogo5*****+K**s');define('UC_API', 'http://**.**.**.**/uc_server');define('UC_CHARSET', 'utf-8');define('UC_IP', '');define('UC_APPID', '2');define('UC_PPP', '20');// 原密码加后缀 UC_ALPWMD5 表示跨过第一层MD5, UC_ALPWMD5为全局随机唯一数,用在ucenter修改密码用(uc_client/model/user.php/ [edit_user])define('UC_ALPWMD5', uniqid(rand()));define('UC_DBTABLEPRE', '`' . $config['params']['bbs_db_name'] . '`.mjbbs_ucenter_');define('ORDER_INVALIDTIME', $config['params']['order_invalidtime']); /* 订单过期时间 */return $config;// 获取用户 userlog路径function getLogPath($path){ $path = dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'runtime' . DIRECTORY_SEPARATOR . $path . DIRECTORY_SEPARATOR . date('Ymd'); if (!is_dir($path)) { @mkdir($path, 0777, true); } return $path;}
删除.git文件夹,修改数据uc_key
危害等级:中
漏洞Rank:10
确认时间:2015-12-04 11:47
CNVD确认并复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。
暂无