当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0130673

漏洞标题:车猫网多个漏洞大礼包(涉及大量内部敏感信息)

相关厂商:dongdalou.com

漏洞作者: 路人甲

提交时间:2015-08-13 15:29

修复时间:2015-09-27 15:38

公开时间:2015-09-27 15:38

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-13: 细节已通知厂商并且等待厂商处理中
2015-08-13: 厂商已经确认,细节仅向厂商公开
2015-08-23: 细节向核心白帽子及相关领域专家公开
2015-09-02: 细节向普通白帽子公开
2015-09-12: 细节向实习白帽子公开
2015-09-27: 细节向公众公开

简要描述:

4个漏洞打包提交!
车猫致力于建立中国最大的二手车交易平台,为消费者提供二手车交易的顾问服务、金融贷款服务和售后保障产品,车猫秉承着“让买卖二手车更简单”的理念,不断完善产品体验,设计提供更加简单便捷交易的产品为用户提供独一无二的消费体验,让消费者体验安全、保障、舒适和放心的购车经历,其中包括:全国覆盖面最广车源最多的线上二手车商城,降低消费门槛、提升购车体验的专业购车顾问团队,杜绝欺诈、保障二手车品质的车猫认证与质保服务,快速便捷的贷款、抵押等金融服务,以及完善一站式体验的各种汽车后市场服务等。

详细说明:

1.车猫网邮箱弱口令
system@dongdalou.com
fcwl1234
打码

admin.png


2.车猫网ftp弱口令包含敏感信息
cert.chemao.com.cn=112.124.20.137
ftpuser
fcwl1234

c.png

漏洞证明:

3.车猫网某分站敏感信息泄漏
http://bc.chemao.com.cn/.svn/entries

mysql.png


<?php
//车猫合作商管理平台
$db['default']['hostname'] = '127.0.0.1';
$db['default']['username'] = 'fcwl';//'root';
$db['default']['password'] = 'fcwl123';
$db['default']['database'] = 'business_online';
$db['default']['dbdriver'] = 'mysql';
$db['default']['dbprefix'] = '';
$db['default']['pconnect'] = false;
$db['default']['db_debug'] = TRUE;
$db['default']['cache_on'] = FALSE;
$db['default']['cachedir'] = '';
$db['default']['char_set'] = 'gbk';
$db['default']['dbcollat'] = 'gbk_chinese_ci';
$db['default']['swap_pre'] = '';
$db['default']['autoinit'] = TRUE;
$db['default']['stricton'] = FALSE;
$db['default']['port'] = 3306;
//车猫ERP管理平台
$db['erp']['hostname'] = '127.0.0.1';
$db['erp']['username'] = 'fcwl';//'root';
$db['erp']['password'] = 'fcwl123';
$db['erp']['database'] = 'erp_online';
$db['erp']['dbdriver'] = 'mysql';
$db['erp']['dbprefix'] = '';
$db['erp']['pconnect'] = false;
$db['erp']['db_debug'] = TRUE;
$db['erp']['cache_on'] = FALSE;
$db['erp']['cachedir'] = '';
$db['erp']['char_set'] = 'gbk';
$db['erp']['dbcollat'] = 'gbk_chinese_ci';
$db['erp']['swap_pre'] = '';
$db['erp']['autoinit'] = TRUE;
$db['erp']['stricton'] = FALSE;
$db['erp']['port'] = 3306;
//车猫数据库配置
$db['dongdalou']['hostname'] = '127.0.0.1';
$db['dongdalou']['username'] = 'fcwl';//'root';
$db['dongdalou']['password'] = 'fcwl123';
$db['dongdalou']['database'] = '365eche_online';
$db['dongdalou']['dbdriver'] = 'mysql';
$db['dongdalou']['dbprefix'] = '';
$db['dongdalou']['pconnect'] = false;
$db['dongdalou']['db_debug'] = TRUE;
$db['dongdalou']['cache_on'] = FALSE;
$db['dongdalou']['cachedir'] = '';
$db['dongdalou']['char_set'] = 'gbk';
$db['dongdalou']['dbcollat'] = 'gbk_chinese_ci';
$db['dongdalou']['swap_pre'] = '';
$db['dongdalou']['autoinit'] = TRUE;
$db['dongdalou']['stricton'] = FALSE;
$db['dongdalou']['port'] = 3306;
//认证项目数据库配置文件
$db['cert']['hostname'] = '127.0.0.1';
$db['cert']['username'] = 'fcwl';//'root';
$db['cert']['password'] = 'fcwl123';
$db['cert']['database'] = 'cert_online';
$db['cert']['dbdriver'] = 'mysql';
$db['cert']['dbprefix'] = '';
$db['cert']['pconnect'] = false;
$db['cert']['db_debug'] = TRUE;
$db['cert']['cache_on'] = FALSE;
$db['cert']['cachedir'] = '';
$db['cert']['char_set'] = 'gbk';
$db['cert']['dbcollat'] = 'gbk_chinese_ci';
$db['cert']['swap_pre'] = '';
$db['cert']['autoinit'] = TRUE;
$db['cert']['stricton'] = FALSE;
$db['cert']['port'] = 3306;


4.车猫网某站敏感信息泄漏/包含支付各大任意接口id号
http://a.chemao.com.cn//.svn/entries

<?php
/**
 * 支付方式--财付通--配置信息
 * @author tangm
 */
return array(
    'code'      => 'tenpay',
    'name'      => Lang::get('tenpay'),
    'desc'      => Lang::get('tenpay_desc'),
    'website'   => 'https://www.tenpay.com/v2/',
    'version'   => '1.0',
	/*签约信息*/
    'tenpay_account'  => '自助商户测试帐户',//账号(商户名称)
    'tenpay_key'  => 'e82573dc7e6136ba414f2e2affbe39fa',//密钥(安全检验码)
    'tenpay_partner'  => '1900000113',//合作者身份ID(商户号)
    'tenpay_trade_mode'  => '1',//交易类型 -- 1 即时到账  2 中介担保 3 后台选择
    'test_host'  => 'http://dev.365eche.com:8080/',//测试url,因为通知需要外网可访问的url,上线时务必置空!
	/*支付显示信息*/
    'company'  => '杭州车猫网络科技有限公司',//公司信息
    'payment_desc'  => '车猫--财付通支付',//支付信息
);
?>


<?php
//数据库配置文件
$db['default']['hostname'] = '10.135.14.136';
$db['default']['username'] = 'fcwl';
$db['default']['password'] = 'fcwl123';
$db['default']['database'] = '365eche_online';
$db['default']['dbdriver'] = 'mysql';
$db['default']['dbprefix'] = '';
$db['default']['pconnect'] = false;
$db['default']['db_debug'] = TRUE;
$db['default']['cache_on'] = FALSE;
$db['default']['cachedir'] = '';
$db['default']['char_set'] = 'gbk';
$db['default']['dbcollat'] = 'gbk_chinese_ci';
$db['default']['swap_pre'] = '';
$db['default']['autoinit'] = TRUE;
$db['default']['stricton'] = FALSE;
$db['default']['port'] = 3306;
// 从机配置
$db['default']['slave'][0]['hostname'] = '10.168.170.152';
$db['default']['slave'][0]['username'] = 'slave';
$db['default']['slave'][0]['password'] = 'fcwl123';
$db['default']['slave'][0]['database'] = '365eche_online';
$db['default']['slave'][0]['dbdriver'] = 'mysql';
$db['default']['slave'][0]['dbprefix'] = '';
$db['default']['slave'][0]['pconnect'] = false;
$db['default']['slave'][0]['db_debug'] = TRUE;
$db['default']['slave'][0]['cache_on'] = FALSE;
$db['default']['slave'][0]['cachedir'] = '';
$db['default']['slave'][0]['char_set'] = 'gbk';
$db['default']['slave'][0]['dbcollat'] = 'gbk_chinese_ci';
$db['default']['slave'][0]['swap_pre'] = '';
$db['default']['slave'][0]['autoinit'] = TRUE;
$db['default']['slave'][0]['stricton'] = FALSE;
$db['default']['slave'][0]['port'] = 3306;
$db['default']['slave'][0]['weight'] = 70; //查询负载比重
$db['operation']['hostname'] = '10.160.26.243';
$db['operation']['username'] = 'fcwl';
$db['operation']['password'] = 'fcwl123$';
$db['operation']['database'] = 'operation_online';
$db['operation']['dbdriver'] = 'mysql';
$db['operation']['dbprefix'] = '';
$db['operation']['pconnect'] = false;
$db['operation']['db_debug'] = TRUE;
$db['operation']['cache_on'] = FALSE;
$db['operation']['cachedir'] = '';
$db['operation']['char_set'] = 'gbk';
$db['operation']['dbcollat'] = 'gbk_chinese_ci';
$db['operation']['swap_pre'] = '';
$db['operation']['autoinit'] = TRUE;
$db['operation']['stricton'] = FALSE;
$db['operation']['port'] = 3306;
$db['behavior']['hostname'] = '10.117.31.29';
$db['behavior']['username'] = 'fcwl';
$db['behavior']['password'] = 'fcwl123$';
$db['behavior']['database'] = 'behavior_online';
$db['behavior']['dbdriver'] = 'mysql';
$db['behavior']['dbprefix'] = '';
$db['behavior']['pconnect'] = false;
$db['behavior']['db_debug'] = TRUE;
$db['behavior']['cache_on'] = FALSE;
$db['behavior']['cachedir'] = '';
$db['behavior']['char_set'] = 'gbk';
$db['behavior']['dbcollat'] = 'gbk_chinese_ci';
$db['behavior']['swap_pre'] = '';
$db['behavior']['autoinit'] = TRUE;
$db['behavior']['stricton'] = FALSE;
$db['behavior']['port'] = 3306;
$db['erp']['hostname'] = '10.160.26.243';
$db['erp']['username'] = 'fcwl';
$db['erp']['password'] = 'fcwl123$';
$db['erp']['database'] = 'erp_online';
$db['erp']['dbdriver'] = 'mysql';
$db['erp']['dbprefix'] = '';
$db['erp']['pconnect'] = false;
$db['erp']['db_debug'] = TRUE;
$db['erp']['cache_on'] = FALSE;
$db['erp']['cachedir'] = '';
$db['erp']['char_set'] = 'gbk';
$db['erp']['dbcollat'] = 'gbk_chinese_ci';
$db['erp']['swap_pre'] = '';
$db['erp']['autoinit'] = TRUE;
$db['erp']['stricton'] = FALSE;
$db['erp']['port'] = 3306;
$db['hx2car']['hostname'] = '10.160.26.243';
$db['hx2car']['username'] = 'fcwl';
$db['hx2car']['password'] = 'fcwl123$';
$db['hx2car']['database'] = 'hx2car_online';
$db['hx2car']['dbdriver'] = 'mysql';
$db['hx2car']['dbprefix'] = '';
$db['hx2car']['pconnect'] = false;
$db['hx2car']['db_debug'] = TRUE;
$db['hx2car']['cache_on'] = FALSE;
$db['hx2car']['cachedir'] = '';
$db['hx2car']['char_set'] = 'gbk';
$db['hx2car']['dbcollat'] = 'gbk_chinese_ci';
$db['hx2car']['swap_pre'] = '';
$db['hx2car']['autoinit'] = TRUE;
$db['hx2car']['stricton'] = FALSE;
$db['hx2car']['port'] = 3306;
$db['cert']['hostname'] = '10.160.26.243';
$db['cert']['username'] = 'fcwl';
$db['cert']['password'] = 'fcwl123$';
$db['cert']['database'] = 'cert_online';
$db['cert']['dbdriver'] = 'mysql';
$db['cert']['dbprefix'] = '';
$db['cert']['pconnect'] = false;
$db['cert']['db_debug'] = TRUE;
$db['cert']['cache_on'] = FALSE;
$db['cert']['cachedir'] = '';
$db['cert']['char_set'] = 'gbk';
$db['cert']['dbcollat'] = 'gbk_chinese_ci';
$db['cert']['swap_pre'] = '';
$db['cert']['autoinit'] = TRUE;
$db['cert']['stricton'] = FALSE;
$db['cert']['port'] = 3306;


c1.png

修复方案:

。。。

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:7

确认时间:2015-08-13 15:37

厂商回复:

确实泄露了我们的一些重要信息,多谢发现并及时提醒。后续我们会在细节处更加注意安全。

最新状态:

暂无

漏洞评价:

评论