当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0119189

漏洞标题:当当网某处源码信息泄露涉及uc_key

相关厂商:当当网

漏洞作者: 紫霞仙子

提交时间:2015-06-09 10:26

修复时间:2015-07-24 16:24

公开时间:2015-07-24 16:24

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-09: 细节已通知厂商并且等待厂商处理中
2015-06-09: 厂商已经确认,细节仅向厂商公开
2015-06-19: 细节向核心白帽子及相关领域专家公开
2015-06-29: 细节向普通白帽子公开
2015-07-09: 细节向实习白帽子公开
2015-07-24: 细节向公众公开

简要描述:

233

详细说明:

http://e.dangdang.com/bbs/.git/

漏洞证明:

config/config_ucenter.php
dangdang/define_const.php
data/cache/logo.png
data/cache/style_1_css_diy.css
data/cache/style_1_css_space.css
dangdang/dangdang.php
data/cache/style_1_editor.css
data/cache/style_1_forum_index.css
data/cache/style_1_forum_post.css
data/cache/style_1_forum_moderator.css
data/cache/style_1_forum_guide.css
data/cache/style_1_home_space.css
data/cache/style_1_home_spacecp.css
data/cache/style_1_forum_forumdisplay.css
data/cache/style_1_common.css
data/cache/style_1_portal_portalcp.css
data/cache/style_1_group_index.css
data/cache/style_1_search_forum.css
data/cache/style_1_forum_viewthread.css
data/cache/style_1_widthauto.css
data/cache/style_1_wysiwyg.css
data/cache/style_1_module.css
data/images/logo.jpg
data/log/201504_cplog.php
data/template/1_1_common_header_forum_forumdisplay.tpl.php
data/template/1_1_common_header_forum_index.tpl.php
data/template/1_1_common_header_forum_guide.tpl.php
data/template/1_1_common_header_home_spacecp.tpl.php
data/template/1_1_common_header_forum_viewthread.tpl.php
data/template/1_1_common_header_forum_post.tpl.php
data/template/1_1_common_header_home_space.tpl.php
data/template/1_1_common_header_search_forum.tpl.php
data/template/1_1_common_header_portal_portalcp.tpl.php
data/template/1_1_forum_guide.tpl.php
data/template/1_1_forum_forumdisplay_fastpost.tpl.php
data/template/1_1_forum_post_forumselect.tpl.php
data/template/1_1_forum_post_infloat.tpl.php
data/template/1_1_member_login.tpl.php
data/template/1_1_member_login_simple.tpl.php
data/template/1_1_portal_portalcp_login.tpl.php
data/template/1_diy_home_space_poll.tpl.php
data/template/1_1_home_space_profile.tpl.php
data/template/1_1_member_register.tpl.php
data/template/1_1_search_forum.tpl.php
data/template/1_diy_forum_forumdisplay.tpl.php
data/template/1_1_portal_portalcp_portalblock.tpl.php
data/template/1_diy_forum_viewthread.tpl.php
member.php
source/class/class_member.php
data/template/1_1_common_header_member_logging.tpl.php
source/language/lang_space.php
test.php
uc_client/control/dduser.php
uc_client/data/cache/apps.php
uc_client/model/base.php
uc_client/model/dduser.php
uc_server/avatar.php
uc_server/data/cache/apps.php
uc_server/data/logs/201504.php


<?php
define('UC_CONNECT', 'mysql');
define('UC_DBHOST', 'localhost');
define('UC_DBUSER', 'root');
define('UC_DBPW', 'root');
define('UC_DBNAME', 'discuz');
define('UC_DBCHARSET', 'utf8');
define('UC_DBTABLEPRE', '`discuz`.tb_ucenter_');
define('UC_DBCONNECT', 0);
define('UC_CHARSET', 'utf-8');
define('UC_KEY', 'f177ZajdtbJ9ed3cj9p6z1X14fq3ke34y4Pb0bD9l0Cag6veueJ1s6Aby0z0J***');
define('UC_API', 'http://e.dangdang.com:8088/bbs/uc_server');
define('UC_APPID', '1');
define('UC_IP', '');
define('UC_PPP', 20);
?>

修复方案:

~~

版权声明:转载请注明来源 紫霞仙子@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-06-09 16:23

厂商回复:

感谢对当当安全的支持

最新状态:

暂无


漏洞评价:

评论

  1. 2015-06-09 10:27 | PgHook ( 普通白帽子 | Rank:964 漏洞数:115 | ...........................................)

    当当这是咋啦??