当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0128845

漏洞标题:中搜某多个站点源码泄漏(数据库配置等敏感信息泄露泄漏)

相关厂商:中搜

漏洞作者: Expl0r3r

提交时间:2015-07-28 14:13

修复时间:2015-09-11 14:14

公开时间:2015-09-11 14:14

漏洞类型:重要敏感信息泄露

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-28: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-09-11: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RT. wb<5不能进入zone

详细说明:

1.m.zhongsou.com这么重要的站点
m.zhongsou.com/.svn/entries 存在svn源码泄漏

QQ截图20150724080402.png


数据库配置文件:

QQ截图20150724080554.png


QQ截图20150724080622.png


QQ截图20150724080633.png


QQ截图20150724080646.png


QQ截图20150724080654.png


整整10个数据库

QQ截图20150724080822.png


源码打包,数据字典等
呵呵,这安全做的
2.http://un.zhongsou.com/.svn/entries 存在SVN源代码泄露

QQ截图20150724081315.png


数据库配置文件:

QQ截图20150724081425.png


QQ截图20150724081502.png


QQ截图20150724081510.png


又是四个数据库

var $default = array(
'driver' => 'mysql',
'persistent' => false,
'host' => '103.29.135.94',
'login' => 'hemser',
'password' => 'heM&$Er',
'database' => 'ad_second',
'prefix' => 'adt_',
'encoding' => 'utf8',
);

var $adt_buss = array(
'driver' => 'mssql',
'persistent' => false,
'host' => '192.168.10.83',
'login' => 'searchsort',
'password' => 'test',
'database' => 'SearchSortFinal2',
'prefix' => '',
//'encoding' => 'utf8',
);
var $ad_union = array(
'driver' => 'mysql',
'persistent' => false,
'host' => '103.29.135.94',
'login' => 'hemser',
'password' => 'heM&$Er',
'database' => 'ad_union',
'prefix' => 'adt_',
'encoding' => 'utf8',
);
var $cma_db = array(
'driver' => 'mysql',
'persistent' => false,
'host' => '103.29.134.124',
'login' => 'd3ser',
'password' => 'd3ser',
'database' => 'cma',
'prefix' => 'cma_',
'encoding' => 'utf8',

漏洞证明:

3.http://adm.zhongsou.com/.svn/entries 存在SVN源代码泄露

QQ截图20150724081948.png


数据库配置信息:

QQ截图20150724082030.png


QQ截图20150724082049.png


QQ截图20150724082059.png


QQ截图20150724082109.png


整整8个数据库

var $default1 = array(
'driver' => 'mysql',
'persistent' => false,
'host' => '192.168.33.128',
'login' => 'root',
'password' => '',
'database' => 'adt_users',
'prefix' => 'adt_',
'encoding' => 'utf8',
);
var $default = array(
'driver' => 'mysql',
'persistent' => false,
'host' => '61.135.210.37',
'login' => 'ader',
'password' => 'D3MAdSG(^37&3',
'database' => 'ad_second',
'prefix' => 'adt_',
'encoding' => 'utf8',
);

var $adt_user = array(
'driver' => 'mysql',
'persistent' => false,
'host' => '192.168.33.246',
'login' => 'root',
'password' => '',
'database' => 'adt_users',
'prefix' => 'adt_',
'encoding' => 'utf8',
);
var $adt_buss = array(
'driver' => 'mssql',
'persistent' => false,
'host' => '61.135.210.140',
'login' => 'searchsort',
'password' => 'ZS@#searchsort',
'database' => 'SearchSortFinal',
'prefix' => '',
//'encoding' => 'utf8',
);
var $hems = array(
'driver' => 'mysql',
'persistent' => false,
'host' => '202.108.1.19',
'login' => 'hems_on',
'password' => 'hecM20$E!@rOn',
'database' => 'hems2_online',
'prefix' => '',
'encoding' => 'utf8',
);
var $hemsuser = array(
'driver' => 'mysql',
'persistent' => false,
'host' => '202.108.1.19',
'login' => 'hems_on',
'password' => 'hecM20$E!@rOn',
'database' => 'usercenter_online',
'prefix' => '',
'encoding' => 'utf8',
);
var $cma = array(
'driver' => 'mysql',
'persistent' => false,
'host' => '61.135.210.37',
'login' => 'ader',
'password' => 'D3MAdSG(^37&3',
'database' => 'cma',
'prefix' => '',
'encoding' => 'utf8',
);
/*
var $adt_buss = array(
'driver' => 'mssql',
'persistent' => false,
'host' => '192.168.10.83',
'login' => 'searchsort',
'password' => 'test',
'database' => 'SearchSortFinal2',
'prefix' => '',
//'encoding' => 'utf8',


4.http://b.zhongsou.com/b.zhongsou.com.rar

QQ截图20150724090225.png


QQ截图20150724090248.png


QQ截图20150724090329.png


QQ截图20150724090501.png


QQ截图20150724090455.png


日志信息等等
然而并没有什么卵用
5.http://monitor.zhongsou.com/.svn/entries 存在SVN源代码泄露

QQ截图20150724090915.png


数据库配置文件:

QQ截图20150724090926.png


QQ截图20150724091025.png


QQ截图20150724091039.png


QQ截图20150724091050.png


QQ截图20150724091101.png


QQ截图20150724091112.png


整整14个数据库
加上之前提交的有36个数据库了
呵呵

修复方案:

删除

版权声明:转载请注明来源 Expl0r3r@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评论

  1. 2015-09-11 14:17 | Expl0r3r ( 实习白帽子 | Rank:65 漏洞数:13 | 野心大过高潮)

    @xsser 为毛没wb