当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0116863

漏洞标题:七匹狼分站- 敏感信息泄露 源码泄漏 目录遍历 内部敏感信息泄漏

相关厂商:七匹狼

漏洞作者: susp

提交时间:2015-05-29 14:27

修复时间:2015-07-13 14:28

公开时间:2015-07-13 14:28

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:5

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-05-29: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-07-13: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

七匹狼配置不当分站数据库配置泄露+源码打包

详细说明:

http://ipos.septwolves.com/

1.png


2.png


3.jpg


4.png


<?php
/**
* ipos配置文件
*/
// ipos mysql 数据库配置
$db_server = "mysql";
$db_host = "10.7.78.10";
$db_name = "ipos";
$db_user = "ipos2";
$db_pass = "ipos!@#QAZ";
/*
* 调试模式,开启后会在logs下生成执行过的sql语句的日志,生产环境会产生大量日志,降低系统性能,不建议长时间开启
*/
define('DEBUG_MODE', 0);//调试模式,0不开启,1开启
//ipos_mysql 读写分离配置
$GLOBALS['dxfl'] = 0;//是否开启读写分离(0为未开启,1为开启)
//读写分离(读)服务器配置
$read_db_cfg = array('dbhost'=>'10.7.78.12','dbuser'=>'iposcx','dbname'=>'ipos','dbpw'=>'iposcx@123',);
$GLOBALS['fkfb'] = 0;//是否开启分库分表(0为未开启,1为开启)
$GLOBALS['aliyun_qtsy'] = 0;//是否开启阿里云收银模式(云上仅收银)默认0关闭,1云下系统,2云系统
$GLOBALS['local_urls'] = 'http://localhost/ipos';//阿里云收银模式(2云系统)时有效
$GLOBALS['aliyun_node_number'] = 0;//阿里云节点数,即切分库数(开启分库分表和阿里云收银模式(2云系统)时此参数才生效)
$GLOBALS['aliyun_data_days'] = 0;//阿里云数据有效天数配置,阿里云收银模式(2云系统)时此参数才生效,0为永
$GLOBALS['o2o']=1; // O2O 开启
$prefix = "";
$timezone = "Asia/Shanghai";
$cookie_path = "/";
$cookie_domain = "";
$admin_dir = "admin";
$session = "1440";
$filesync_host = "http://localhost/sources";
$GLOBALS['manage_tpl'] = 'web/templates/manage'; // manger 模版路径
$GLOBALS['shop_tpl'] = 'web/templates/shop'; // shop 模版路径
$GLOBALS['public_tpl'] = 'web/templates'; // 公共 模版路径
$GLOBALS['cfg_session_time'] = '864000';// session 时间
$GLOBALS['cfg_session_domain'] = '';// 作用域
$GLOBALS['cfg_apache_port'] = 80;// apache_port(端口号)
$GLOBALS['cfg_mem_on'] = '0';// memcache 开启 1 关闭 0
$GLOBALS['cfg_memcache_host'] = 'localhost';// mem memcache_host
$GLOBALS['cfg_memcache_port'] = '11211';// memcache_port
$GLOBALS['MEMCACHE_COMPRESSED'] = 'MEMCACHE_COMPRESSED';
/**
* 多库位配置参数
*/
$GLOBALS['dkw'] = '1'; //默认情况下为0,即不启用多库位,为1时才是启用多库位
$GLOBALS['MAC'] = 0;//终端注册时只检测MAC地址(0为未开启,1为开启)
/**
* 商品规格配置参数
*/
$GLOBALS['ggpz'] = '0'; //0-不启用规格配置,1-正向规格配置,2-负项规格配置
/**
*帐套数据
*/
$GLOBALS['licenseServer'] = '10.7.9.24';
$GLOBALS['LicensePort'] = '2018';
//$GLOBALS['ZTCompany'] = '1';
$GLOBALS['ZTName'] = $db_host.'-'.$db_name;
$GLOBALS['ZTDBName'] = $db_name;
/**
*网络订单前台收银配置 及 OPENSHOP的vip对接
*/
$web = 0;//是否启用
$GLOBALS['opvip'] = 0;//是否使用线上使用线下vip 1:启用 0:关闭
$OP['url'] = 'http://192.168.175.79:8012/?app_act=API/';
$OP['api_name'] = 'api_user';
$OP['api_key'] = '1315922587';
$OP['api_token'] = 'a8d3bbc5cf84f91d39c4bd054a67c642';
/**
* 短信发送对接系统[暂时放置这里,可考虑增加系统参数]
**/
$sendsys = 1; // 1.Isms短信平台 2.SQ_sms短息发送服务 3.移动短信接口平台(九牧王用)
/**
*
* 发生短信配置
*/
$start_msg = 1;
$sendConf['IP'] = '192.168.175.55';
$sendConf['PORT'] = '9011';
/**
* 发送彩信服务配置 或 SQ_SMS 短信发送服务配置
*/
$sendConf['smsurl'] = "http://192.168.158.151:8888/sms/"; //服务[注:用于SQ_SMS短息发送或Isms的彩信发送] 去掉发送短信调用的方法具体逻辑在PHP中实现
$sendConf['ipos_key'] = 'BS01_ps_6_vCreyExVWK_243'; //产品锁[注:用于SQ_SMS]
$sendConf['ipos_secret'] = '47a41eedc41ee6257740983105003346'; //密钥[注:用于SQ_SMS]
$sendConf['sms_sub_account_id'] = '255'; //子帐号[注:用于SQ_SMS]
$sendConf['app_version'] = '2'; //版本号[注:用于SQ_SMS]
/*
* 上传图片服务器ip和存放的路径
*/
$GLOBALS['uploadServer'] = ''; //图片服务器,待开发
$GLOBALS['uploadPath'] = '../uploads/'; //文件路径,事先创建并可写
$GLOBALS['upload_max_filesize'] = '1048576'; //同时修改php.ini的upload_max_filesize值
/***********************************erp图片服务器地址设置,用于erp图片下载***********/
$GLOBALS['erp_tp_down'] = 0;//是否开启图片下载
$GLOBALS['erp_tp_ip'] = "192.168.175.250";//服务器IP
$GLOBALS['erp_tp_port'] = "3030";//服务器端口
/**
* 定义出错处理
*/
define('SYS_LOG_ALL', 0);
define('SYS_LOG_NOTICE', 1);
define('SYS_LOG_WARNING', 2);
define('SYS_LOG_ERROR', 3);
define('SYS_LANG', 'zh_cn');
define('OS_CHARSET','utf-8');
define('MAX_CONTROLLER',50);
define('SYS_LOG_LEVEL', 2);//0 all, 1: notice, 2: warning, 3: error
/**
* ERP数据库配置
*/
$erp_config = array(
'db_server'=>'10.7.9.201',
'db_name'=>'qpl',//iPOS_Business1213',
'db_user'=>'ipos_user',
'db_pass'=>'zyiposO0O0202'
);
/**
* BStyle数据库配置
*/
$erp_tyle = array(
'db_server'=>'192.168.176.160',
'db_name'=>'yq_bstyle_bus',//iPOS_Business1213',
'db_user'=>'sa',
'db_pass'=>'baison'
);
//启用总部的机器注册控制
$GLOBALS['manage_register'] = 0;
/**
* BStyle_new接口配置
*/
$bsConf['url'] = "http://192.168.147.43:4321/bapweb/api/"; //BStyle_new配置地址
$bsConf['key'] = 'IPOSAPI'; //产品锁[注:用于BStyle_new]
$bsConf['secret'] = '612dc980b56a3ca6092c9738c18339f5'; //密钥[注:用于BStyle_new]
$bsConf['dbcode'] = 'DEV'; //[注:用于BStyle_new]
$bsConf['version'] = '1.0'; //版本号[注:用于BStyle_new]
$bsConf['name'] = 'xp.hua';
$bsConf['password']= 'test';


5.png


-- ----------------------------
-- Table structure for `admin_user`
-- ----------------------------
CREATE TABLE `admin_user` (
`user_id` smallint(5) NOT NULL AUTO_INCREMENT,
`user_code` varchar(20) NOT NULL DEFAULT '',
`user_name` varchar(50) NOT NULL DEFAULT '',
`user_name2` varchar(30) DEFAULT NULL,
`password` varchar(50) NOT NULL DEFAULT '',
`xb` smallint(6) NOT NULL DEFAULT '0',
`email` varchar(255) NOT NULL DEFAULT '',
`add_time` int(11) DEFAULT NULL,
`last_login` int(11) DEFAULT NULL,
`last_ip` varchar(50) NOT NULL DEFAULT '',
`action_list` text,
`lang_type` varchar(50) NOT NULL DEFAULT '',
`dp_id` int(11) DEFAULT '0',
`sd_id` int(11) DEFAULT '0',
`is_admin` tinyint(3) DEFAULT '0',
`favorites_menu` varchar(50) DEFAULT NULL,
PRIMARY KEY (`user_id`)
) ENGINE=InnoDB AUTO_INCREMENT=43 DEFAULT CHARSET=utf8 AVG_ROW_LENGTH=1170;
-- ----------------------------
-- Records of admin_user
-- ----------------------------
INSERT INTO `admin_user` VALUES ('1', '000', 'admin', '系统管理员', 'cf79ae6addba60ad018347359bd144d2', '0', 'admin', null, '1294443989', '0.0.0.0', 'all', '', '-1', '3', '0', null);
INSERT INTO `admin_user` VALUES ('10', 'hjf', 'hjf', '锦凤', 'ad1485cab68667d54af96dd1aa597e0e', '0', '', null, '1286825380', '192.168.1.3', '', '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('11', 'hj', 'hj', '佳', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286835386', '192.168.1.136', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('12', 'lyw', 'lyw', '亚文', 'b59c67bf196a4758191e42f76670ceba', '0', '', null, '1286834148', '192.168.1.12', '', '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('13', 'hyh', 'hyh', '元华', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1282457134', '192.168.1.22', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('14', 'zhuangxueying', 'zhuangxueying', '学英', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286437463', '192.168.1.15', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('28', 'ck_lyr', 'ck_lyr', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286831461', '59.56.254.106', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('29', 'ck_clp', 'ck_clp', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286728853', '59.56.254.106', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('30', 'ck_lxl', 'ck_lxl', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286833630', '59.56.254.106', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('31', 'ck_lcq', 'ck_lcq', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, null, '', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('32', 'ck_hlm', 'ck_hlm', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286831562', '59.56.254.106', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('33', 'gzl', 'gzl', '志兰', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286835018', '192.168.1.13', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('34', 'zfxdd', 'zfxdd', '下载分销订单', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286833384', '192.168.1.134', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('35', 'zzydd', 'zzydd', '下载直营订单', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286838667', '192.168.1.22', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('37', 'ttt', 'ttt', '测试用户', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1283885559', '192.168.1.126', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('38', 'shirley', 'shirley', '志红', 'ac45069e1398f2115abb1f581e86eb4c', '0', '', null, '1285999022', '120.34.66.115', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('39', 'wxh', 'wxh', '小花', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286784647', '192.168.1.9', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('40', 'wmg', 'wmg', '总', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1281145367', '192.168.1.126', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('41', 'wln', 'wln', '丽娜', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286782907', '192.168.1.7', null, '', '0', '0', '0', null);

漏洞证明:

http://ipos.septwolves.com/

1.png


2.png


3.jpg


4.png


<?php
/**
* ipos配置文件
*/
// ipos mysql 数据库配置
$db_server = "mysql";
$db_host = "10.7.78.10";
$db_name = "ipos";
$db_user = "ipos2";
$db_pass = "ipos!@#QAZ";
/*
* 调试模式,开启后会在logs下生成执行过的sql语句的日志,生产环境会产生大量日志,降低系统性能,不建议长时间开启
*/
define('DEBUG_MODE', 0);//调试模式,0不开启,1开启
//ipos_mysql 读写分离配置
$GLOBALS['dxfl'] = 0;//是否开启读写分离(0为未开启,1为开启)
//读写分离(读)服务器配置
$read_db_cfg = array('dbhost'=>'10.7.78.12','dbuser'=>'iposcx','dbname'=>'ipos','dbpw'=>'iposcx@123',);
$GLOBALS['fkfb'] = 0;//是否开启分库分表(0为未开启,1为开启)
$GLOBALS['aliyun_qtsy'] = 0;//是否开启阿里云收银模式(云上仅收银)默认0关闭,1云下系统,2云系统
$GLOBALS['local_urls'] = 'http://localhost/ipos';//阿里云收银模式(2云系统)时有效
$GLOBALS['aliyun_node_number'] = 0;//阿里云节点数,即切分库数(开启分库分表和阿里云收银模式(2云系统)时此参数才生效)
$GLOBALS['aliyun_data_days'] = 0;//阿里云数据有效天数配置,阿里云收银模式(2云系统)时此参数才生效,0为永
$GLOBALS['o2o']=1; // O2O 开启
$prefix = "";
$timezone = "Asia/Shanghai";
$cookie_path = "/";
$cookie_domain = "";
$admin_dir = "admin";
$session = "1440";
$filesync_host = "http://localhost/sources";
$GLOBALS['manage_tpl'] = 'web/templates/manage'; // manger 模版路径
$GLOBALS['shop_tpl'] = 'web/templates/shop'; // shop 模版路径
$GLOBALS['public_tpl'] = 'web/templates'; // 公共 模版路径
$GLOBALS['cfg_session_time'] = '864000';// session 时间
$GLOBALS['cfg_session_domain'] = '';// 作用域
$GLOBALS['cfg_apache_port'] = 80;// apache_port(端口号)
$GLOBALS['cfg_mem_on'] = '0';// memcache 开启 1 关闭 0
$GLOBALS['cfg_memcache_host'] = 'localhost';// mem memcache_host
$GLOBALS['cfg_memcache_port'] = '11211';// memcache_port
$GLOBALS['MEMCACHE_COMPRESSED'] = 'MEMCACHE_COMPRESSED';
/**
* 多库位配置参数
*/
$GLOBALS['dkw'] = '1'; //默认情况下为0,即不启用多库位,为1时才是启用多库位
$GLOBALS['MAC'] = 0;//终端注册时只检测MAC地址(0为未开启,1为开启)
/**
* 商品规格配置参数
*/
$GLOBALS['ggpz'] = '0'; //0-不启用规格配置,1-正向规格配置,2-负项规格配置
/**
*帐套数据
*/
$GLOBALS['licenseServer'] = '10.7.9.24';
$GLOBALS['LicensePort'] = '2018';
//$GLOBALS['ZTCompany'] = '1';
$GLOBALS['ZTName'] = $db_host.'-'.$db_name;
$GLOBALS['ZTDBName'] = $db_name;
/**
*网络订单前台收银配置 及 OPENSHOP的vip对接
*/
$web = 0;//是否启用
$GLOBALS['opvip'] = 0;//是否使用线上使用线下vip 1:启用 0:关闭
$OP['url'] = 'http://192.168.175.79:8012/?app_act=API/';
$OP['api_name'] = 'api_user';
$OP['api_key'] = '1315922587';
$OP['api_token'] = 'a8d3bbc5cf84f91d39c4bd054a67c642';
/**
* 短信发送对接系统[暂时放置这里,可考虑增加系统参数]
**/
$sendsys = 1; // 1.Isms短信平台 2.SQ_sms短息发送服务 3.移动短信接口平台(九牧王用)
/**
*
* 发生短信配置
*/
$start_msg = 1;
$sendConf['IP'] = '192.168.175.55';
$sendConf['PORT'] = '9011';
/**
* 发送彩信服务配置 或 SQ_SMS 短信发送服务配置
*/
$sendConf['smsurl'] = "http://192.168.158.151:8888/sms/"; //服务[注:用于SQ_SMS短息发送或Isms的彩信发送] 去掉发送短信调用的方法具体逻辑在PHP中实现
$sendConf['ipos_key'] = 'BS01_ps_6_vCreyExVWK_243'; //产品锁[注:用于SQ_SMS]
$sendConf['ipos_secret'] = '47a41eedc41ee6257740983105003346'; //密钥[注:用于SQ_SMS]
$sendConf['sms_sub_account_id'] = '255'; //子帐号[注:用于SQ_SMS]
$sendConf['app_version'] = '2'; //版本号[注:用于SQ_SMS]
/*
* 上传图片服务器ip和存放的路径
*/
$GLOBALS['uploadServer'] = ''; //图片服务器,待开发
$GLOBALS['uploadPath'] = '../uploads/'; //文件路径,事先创建并可写
$GLOBALS['upload_max_filesize'] = '1048576'; //同时修改php.ini的upload_max_filesize值
/***********************************erp图片服务器地址设置,用于erp图片下载***********/
$GLOBALS['erp_tp_down'] = 0;//是否开启图片下载
$GLOBALS['erp_tp_ip'] = "192.168.175.250";//服务器IP
$GLOBALS['erp_tp_port'] = "3030";//服务器端口
/**
* 定义出错处理
*/
define('SYS_LOG_ALL', 0);
define('SYS_LOG_NOTICE', 1);
define('SYS_LOG_WARNING', 2);
define('SYS_LOG_ERROR', 3);
define('SYS_LANG', 'zh_cn');
define('OS_CHARSET','utf-8');
define('MAX_CONTROLLER',50);
define('SYS_LOG_LEVEL', 2);//0 all, 1: notice, 2: warning, 3: error
/**
* ERP数据库配置
*/
$erp_config = array(
'db_server'=>'10.7.9.201',
'db_name'=>'qpl',//iPOS_Business1213',
'db_user'=>'ipos_user',
'db_pass'=>'zyiposO0O0202'
);
/**
* BStyle数据库配置
*/
$erp_tyle = array(
'db_server'=>'192.168.176.160',
'db_name'=>'yq_bstyle_bus',//iPOS_Business1213',
'db_user'=>'sa',
'db_pass'=>'baison'
);
//启用总部的机器注册控制
$GLOBALS['manage_register'] = 0;
/**
* BStyle_new接口配置
*/
$bsConf['url'] = "http://192.168.147.43:4321/bapweb/api/"; //BStyle_new配置地址
$bsConf['key'] = 'IPOSAPI'; //产品锁[注:用于BStyle_new]
$bsConf['secret'] = '612dc980b56a3ca6092c9738c18339f5'; //密钥[注:用于BStyle_new]
$bsConf['dbcode'] = 'DEV'; //[注:用于BStyle_new]
$bsConf['version'] = '1.0'; //版本号[注:用于BStyle_new]
$bsConf['name'] = 'xp.hua';
$bsConf['password']= 'test';


5.png


-- ----------------------------
-- Table structure for `admin_user`
-- ----------------------------
CREATE TABLE `admin_user` (
`user_id` smallint(5) NOT NULL AUTO_INCREMENT,
`user_code` varchar(20) NOT NULL DEFAULT '',
`user_name` varchar(50) NOT NULL DEFAULT '',
`user_name2` varchar(30) DEFAULT NULL,
`password` varchar(50) NOT NULL DEFAULT '',
`xb` smallint(6) NOT NULL DEFAULT '0',
`email` varchar(255) NOT NULL DEFAULT '',
`add_time` int(11) DEFAULT NULL,
`last_login` int(11) DEFAULT NULL,
`last_ip` varchar(50) NOT NULL DEFAULT '',
`action_list` text,
`lang_type` varchar(50) NOT NULL DEFAULT '',
`dp_id` int(11) DEFAULT '0',
`sd_id` int(11) DEFAULT '0',
`is_admin` tinyint(3) DEFAULT '0',
`favorites_menu` varchar(50) DEFAULT NULL,
PRIMARY KEY (`user_id`)
) ENGINE=InnoDB AUTO_INCREMENT=43 DEFAULT CHARSET=utf8 AVG_ROW_LENGTH=1170;
-- ----------------------------
-- Records of admin_user
-- ----------------------------
INSERT INTO `admin_user` VALUES ('1', '000', 'admin', '系统管理员', 'cf79ae6addba60ad018347359bd144d2', '0', 'admin', null, '1294443989', '0.0.0.0', 'all', '', '-1', '3', '0', null);
INSERT INTO `admin_user` VALUES ('10', 'hjf', 'hjf', '锦凤', 'ad1485cab68667d54af96dd1aa597e0e', '0', '', null, '1286825380', '192.168.1.3', '', '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('11', 'hj', 'hj', '佳', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286835386', '192.168.1.136', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('12', 'lyw', 'lyw', '亚文', 'b59c67bf196a4758191e42f76670ceba', '0', '', null, '1286834148', '192.168.1.12', '', '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('13', 'hyh', 'hyh', '元华', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1282457134', '192.168.1.22', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('14', 'zhuangxueying', 'zhuangxueying', '学英', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286437463', '192.168.1.15', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('28', 'ck_lyr', 'ck_lyr', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286831461', '59.56.254.106', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('29', 'ck_clp', 'ck_clp', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286728853', '59.56.254.106', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('30', 'ck_lxl', 'ck_lxl', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286833630', '59.56.254.106', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('31', 'ck_lcq', 'ck_lcq', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, null, '', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('32', 'ck_hlm', 'ck_hlm', null, 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286831562', '59.56.254.106', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('33', 'gzl', 'gzl', '志兰', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286835018', '192.168.1.13', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('34', 'zfxdd', 'zfxdd', '下载分销订单', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286833384', '192.168.1.134', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('35', 'zzydd', 'zzydd', '下载直营订单', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286838667', '192.168.1.22', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('37', 'ttt', 'ttt', '测试用户', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1283885559', '192.168.1.126', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('38', 'shirley', 'shirley', '志红', 'ac45069e1398f2115abb1f581e86eb4c', '0', '', null, '1285999022', '120.34.66.115', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('39', 'wxh', 'wxh', '小花', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286784647', '192.168.1.9', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('40', 'wmg', 'wmg', '总', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1281145367', '192.168.1.126', null, '', '0', '0', '0', null);
INSERT INTO `admin_user` VALUES ('41', 'wln', 'wln', '丽娜', 'cf79ae6addba60ad018347359bd144d2', '0', '', null, '1286782907', '192.168.1.7', null, '', '0', '0', '0', null);

修复方案:

俺小白不懂

版权声明:转载请注明来源 susp@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评论