2015-08-10: 细节已通知厂商并且等待厂商处理中 2015-08-10: 厂商已经确认,细节仅向厂商公开 2015-08-20: 细节向核心白帽子及相关领域专家公开 2015-08-30: 细节向普通白帽子公开 2015-09-09: 细节向实习白帽子公开 2015-09-24: 细节向公众公开
带头大哥:我承认都是月亮惹的祸 那样的月色太美你太温柔 才会在刹那之间只想和你一起到白头爱丽姐:???
个人观点:所涉及敏感内容基本都点到为止!希望爱丽姐重视。丽姐:重视!!!爱丽-办公
http://bangong.aili.com/www.rar
整站程序泄露。许多厂商不重视备份的文件或者网站程序泄露。今天证明之。。
随便整理了下相关文档,粗略的整理结果如下,未细看,影响广与深你们自己懂得:
跨境管理系统:http://121.41.167.78/index.php?g=admin&m=public&a=login客户关系管理系统:http://kw9.nbark.com:8888/Index.aspx账号:xibeiwangkw9 密码:dswqp03qq_app_id:101161092qq_key:ee34ad64749133d757f43795f3156c06sina_app_id:1130637882sina_key:156a3db3d93a47e2847c3017caa0be90wx_app_id:wxdf1d6c5da3b7b598wx_key:2c0918a02a2b48b88768df2f2d1f302atb_appkey:2088411800612568tb_appsecret:4e92b1lhl3607mu9dzztqixwz1l0coy1service@seabuy.com seabuy4007878
继续看:
<?php /*生产环境*/// $config['dbhost'] = '192.168.211.2'; //数据库所在IP地址// $config['dbuser'] = 'seabuy_user'; //数据库用户// $config['dbpass'] = '4OOh4DTx1I'; //数据库密码// $config['dbname'] = 'seabuy'; //数据库名 /*测试服*/ // $config['dbhost'] = '183.136.146.110'; //数据库所在IP地址 // $config['dbuser'] = 'seabuy_user'; //数据库用户 // $config['dbpass'] = 'seabuy2014'; //数据库密码 // $config['dbname'] = 'mallbuilder'; //数据库名 /*本地*/ $config['dbhost'] = 'localhost'; //数据库所在IP地址 $config['dbuser'] = 'root'; //数据库用户 $config['dbpass'] = ''; //数据库密码 $config['dbname'] = 'wenjinew'; //数据库名 $config['dbport'] = '3306'; //数据库端口 $config['table_pre']='mb_'; //数据库表前缀 $config['authkey']='28e6803a4efc821657f07a72af68b90c'; //数据库表前缀 $config['loginbackpath'] = 'dlq9J15DshW5f'; //后台管理路径 by xiaogu // 注意文件路径 if(is_file($_SERVER['DOCUMENT_ROOT'] .'/360safe/360webscan.php')) { require_once($_SERVER['DOCUMENT_ROOT'] .'/360safe/360webscan.php'); }?>
继续:
<?phpinclude '../config/config.inc.php';include '../config/web_config.php';include '../config/wechat_config.php';return array( //'配置项'=>'配置值' //'配置项'=>'配置值' 'DB_TYPE' => 'mysql', /* 'DB_HOST' => '115.238.169.134', 'DB_USER' => 'seabuy_user', 'DB_PWD' => 'seabuy2014', */ 'DB_HOST' => $config['dbhost'], 'DB_USER' => $config['dbuser'], 'DB_PWD' => $config['dbpass'], 'site_url' => $config['weburl'] . '/wx', 'site_name' => '微信第三方公众平台', 'copyright' => '2013-2014 宁波微乎网络 版权所有', 'site_email' => '127930@qq.com', 'ipc' => '浙ICP备14006385号', 'DB_NAME' => $config['dbname'], 'DB_PORT' => '3306', 'DB_PREFIX' => 'wx_', 'DB_CHARSET' => 'utf8', 'DB_DEPLOY_TYPE' => 0, // 数据库部署方式:0 集中式(单一服务器),1 分布式(主从服务器) 'DB_RW_SEPARATE' => false, // 数据库读写是否分离 主从式有效 'APP_GROUP_LIST' => 'Home,Admin,User,Wap,Wsite,Chat', //模块分组 'DEFAULT_GROUP' => 'Home', //默认分组 'DEFAULT_MODULE' => 'Index', 'DEFAULT_ACTION' => 'index', 'EXCEPT_ACTION' => array('checkLog', 'login', 'verify'), 'DB_FIELDTYPE_CHECK' => true, /* 模板引擎设置 */ 'TMPL_L_DELIM' => '{', // 模板引擎普通标签开始标记 'TMPL_R_DELIM' => '}', // 模板引擎普通标签结束标记 'LANG_SWITCH_ON' => true, //开启语言包 'LANG_AUTO_DETECT' => true, //自动选择语言 'DEFAULT_LANG' => 'zh-cn', 'LANG_LIST' => 'zh-cn', 'VAR_LANGUAGE' => 'l', //默认语言切换变量 'DEFAULT_FILTER' => 'htmlspecialchars', 'URL_ROUTER_ON' => true, //开启路由 'URL_ROUTE_RULES' => array(//定义路由规则 'api/:token' => 'Home/Weixin/index', 'show/:token' => 'Home/Adma/index', ), 'LOG_RECORD' => false, // 开启日志记录 'token' => $wechat_config['wechat'], 'appid' => $wechat_config['AppID'], 'appsecret' => $wechat_config['AppSecret'], 'redirect' => $config['weburl'], //'TMPL_ENGINE_TYPE' =>'PHP');?>
再继续:
<?phpset_time_limit(0); header("Content-Type: text/html; charset=GBK"); /** * 定义程序绝对路径 */ define('SCRIPT_ROOT', dirname(__FILE__).'/'); require_once SCRIPT_ROOT.'include/Client.php'; include_once("$config[webroot]/config/sms_config.php"); /** * 网关地址 */ $gwUrl = 'http://sdk4report.eucp.b2m.cn:8080/sdk/SDKService';/** * 序列号,请通过亿美销售人员获取 *///$serialNumber = '6SDK-EMY-6688-KDWTL';$serialNumber = $sms_config['sms_account'];/** * 密码,请通过亿美销售人员获取 *///$password = '970644';$password = $sms_config['sms_pass'];/** * 登录后所持有的SESSION KEY,即可通过login方法时创建 *///$sessionKey = '556552';$sessionKey = $sms_config['sms_key'];/** * 连接超时时间,单位为秒 */$connectTimeOut = 2;/** * 远程信息读取超时时间,单位为秒 */ $readTimeOut = 10;/** $proxyhost 可选,代理服务器地址,默认为 false ,则不使用代理服务器 $proxyport 可选,代理服务器端口,默认为 false $proxyusername 可选,代理服务器用户名,默认为 false $proxypassword 可选,代理服务器密码,默认为 false*/ $proxyhost = false; $proxyport = false; $proxyusername = false; $proxypassword = false; $client = new Client($gwUrl,$serialNumber,$password,$sessionKey,$proxyhost,$proxyport,$proxyusername,$proxypassword,$connectTimeOut,$readTimeOut);/** * 发送向服务端的编码,如果本页面的编码为GBK,请使用GBK */$client->setOutgoingEncoding("UTF-8");// login(); //激活序列号// updatePassword(); //修改密码// logout(); //注销序列号 // registDetailInfo();//注册企业信息// getEachFee(); //得到单价 // getMO(); //接收短信// getVersion(); //得到版本号 // sendSMS(); //发送短信// getBalance(); //得到余额// chargeUp(); //充值//----------------------------------------------------------------------// 注: // 1. 下面是各接口的使用用例,Client.php 还有每一个接口更详细的参数说明// 2. 凡是返回 $statusCode 的, 都是相关操作的状态码// 3. 由于php是弱类型语言,当服务端没返回时,也会等同认为 $statusCode=='0', 所以在判断时应该使用 if ($statusCode!=null && $statusCode==0) //----------------------------------------------------------------------/** * 接口调用错误查看 用例 */function chkError(){ global $client; $err = $client->getError(); if ($err) { /** * 调用出错,可能是网络原因,接口版本原因 等非业务上错误的问题导致的错误 * 可在每个方法调用后查看,用于开发人员调试 */ echo $err; } }/** * 登录 用例 */function login(){ global $client; /** * 下面的操作是产生随机6位数 session key * 注意: 如果要更换新的session key,则必须要求先成功执行 logout(注销操作)后才能更换 * 我们建议 sesson key不用常变 */ //$sessionKey = $client->generateKey(); //$statusCode = $client->login($sessionKey); $statusCode = $client->login(); echo "处理状态码:".$statusCode."<br/>"; if ($statusCode!=null && $statusCode=="0") { //登录成功,并且做保存 $sessionKey 的操作,用于以后相关操作的使用 echo "登录成功, session key:".$client->getSessionKey()."<br/>"; }else{ //登录失败处理 echo "登录失败,返回:".$statusCode; } }/** * 注销登录 用例 */function logout(){ global $client; $statusCode = $client->logout(); echo "处理状态码:".$statusCode;}/** * 获取版本号 用例 */function getVersion(){ global $client; echo "版本:". $client->getVersion(); } /** * 取消短信转发 用例 */ function cancelMOForward(){ global $client; $statusCode = $client->cancelMOForward(); echo "处理状态码:".$statusCode;}/** * 短信充值 用例 */function chargeUp(){ global $client; /** * $cardId [充值卡卡号] * $cardPass [密码] * * 请通过亿美销售人员获取 [充值卡卡号]长度为20内 [密码]长度为6 * */ $cardId = 'EMY01200810231542008'; $cardPass = '123456'; $statusCode = $client->chargeUp($cardId,$cardPass); echo "处理状态码:".$statusCode;}/** * 查询单条费用 用例 */function getEachFee(){ global $client; $fee = $client->getEachFee(); echo "费用:".$fee;}/** * 企业注册 用例 */function registDetailInfo(){ global $client; $eName = "嘻呗网"; $linkMan = "俞峰"; $phoneNum = "0574-89076116"; $mobile = "13586913115"; $email = "yufeng365@qq.com"; $fax = "0574-89076199"; $address = "宁波保税区兴业一路5号1幢1111-4号"; $postcode = "315800"; /** * 企业注册 [邮政编码]长度为6 其它参数长度为20以内 * * @param string $eName 企业名称 * @param string $linkMan 联系人姓名 * @param string $phoneNum 联系电话 * @param string $mobile 联系手机号码 * @param string $email 联系电子邮件 * @param string $fax 传真号码 * @param string $address 联系地址 * @param string $postcode 邮政编码 * * @return int 操作结果状态码 * */ $statusCode = $client->registDetailInfo($eName,$linkMan,$phoneNum,$mobile,$email,$fax,$address,$postcode); echo "处理状态码:".$statusCode; }/** * 更新密码 用例 */function updatePassword(){ global $client; /** * [密码]长度为6 * * 如下面的例子是将密码修改成: 654321 */ $statusCode = $client->updatePassword('654321'); echo "处理状态码:".$statusCode;}/** * 短信转发 用例 */function setMOForward(){ global $client; /** * 向 159xxxxxxxx 进行转发短信 */ $statusCode = $client->setMOForward('159xxxxxxxx'); echo "处理状态码:".$statusCode;}/** * 得到上行短信 用例 */function getMO(){ global $client; $moResult = $client->getMO(); echo "返回数量:".count($moResult); foreach($moResult as $mo) { //$mo 是位于 Client.php 里的 Mo 对象 // 实例代码为直接输出 echo "发送者附加码:".$mo->getAddSerial(); echo "接收者附加码:".$mo->getAddSerialRev(); echo "通道号:".$mo->getChannelnumber(); echo "手机号:".$mo->getMobileNumber(); echo "发送时间:".$mo->getSentTime(); /** * 由于服务端返回的编码是UTF-8,所以需要进行编码转换 */ echo "短信内容:".iconv("UTF-8","GBK",$mo->getSmsContent()); // 上行短信务必要保存,加入业务逻辑代码,如:保存数据库,写文件等等 } }/** * 短信发送 用例 * $type int 默认为0 若为1时 标示淘宝账户发送短信信息。 * $tel array or int 可以群发 也可以单个发送(手机号) * $red 密码或验证码 */function sendSMS($tel="",$red="",$type='0'){ global $client; /** * 下面的代码将发送内容为 test 给 159xxxxxxxx 和 159xxxxxxxx * $client->sendSMS还有更多可用参数,请参考 Client.php */ if($type){ // $text="【嘻呗网】欢迎您在嘻呗网淘宝店进行购物,您购买商品为跨境商品,海关需验证身份信息,我们通过嘻呗网平台为您进行注册并在跨境平台实名备案.您在嘻呗网用户名: ".$_COOKIE['USER']." 密码:".$red." 网址:http://".$_SERVER['HTTP_HOST']." 请及时登录修改密码。"; $text="【嘻呗网】欢迎您在嘻呗全球购进行购物,您购买的商品为跨境商品,海关需验证身份信息,我们已经通过嘻呗网为您实时注册并在跨境购平台实名备案,您在嘻呗网用户名:".$_COOKIE['USER']." 密码:".$red." 网址:http://".$_SERVER['HTTP_HOST']." 请及时登录修改密码。"; }else{ $text = '【嘻呗网】你好, 验证码是:'.$red.',请尽快完成注册'; } $statusCode = $client->sendSMS(array($tel),$text); echo 1;}/** * 余额查询 用例 */function getBalance(){ global $client; $balance = $client->getBalance(); echo "余额:".$balance;}/** * 短信转发扩展 用例 */function setMOForwardEx(){ global $client; /** * 向多个号码进行转发短信 * * 以数组形式填写手机号码 */ $statusCode = $client->setMOForwardEx( array('159xxxxxxxx','159xxxxxxxx','159xxxxxxxx') ); echo "处理状态码:".$statusCode;}?>
看下敏感配置:
<?phpdefine("ACCOUNTS",$config['table_pre']."payment_banks"); //银行帐号信息define("CASHFLOW",$config['table_pre']."payment_cashflow"); //流水帐表define("CASHPICKUP",$config['table_pre']."payment_cashpickup"); //提现申请define("PAYMENT",$config['table_pre']."payment_type"); //支付方式表define("PUSER",$config['table_pre']."payment_member"); //支付中心会员表define("PAYCARD",$config['table_pre']."payment_card"); //支付中心会员表define("FEE",$config['table_pre']."payment_service_fee"); ////define("BRAND",$config['table_pre']."payment_brand"); //define("BRAND",$config['table_pre']."brand");?><?php//=====================管理员后台$mem['pay'][1][]=array( '', array( 'module_config.php,1,payment,支付中心设置', 'payment.php,1,payment', 'member.php,1,payment,支付会员管理', 'verify.php,1,payment,实名认证', 'withdraw.php,1,payment,提现申请', 'paymentmod.php,0,payment', /*'payment_user.php,1,payment,支付账户管理', 'pickuplist.php,1,payment', 'bank_account.php,1,payment',*/ 'cards.php,1,payment,充值卡管理', 'cashflow.php,1,payment,资金明细', /*'member_charge.php,1,payment',*/ 'static.php,1,payment,系统资金总览', /* 'admin_commission.php,1,payment,佣金收入明细',*/ 'service_fee.php,1,payment,服务费配置', ));?>
看了那么多信息,随便测试两处:1、短信验证平台:http://kw9.nbark.com:8888/Index.aspx账号:xibeiwangkw9 密码:dswqp03
2、微信数据库:
谁说Log没有用,看用户信息:
2015-06-29 08:27:052015-06-29 08:27:592015-06-29 08:27:59 <Message> <Body> <OrderFrom>0000</OrderFrom> <Idnum>362432198909270057</Idnum> <Name>肖晨</Name> <Account>seabuy_13777279710</Account> <Phone>13777279710</Phone> <Email>ngxc@163.com</Email> </Body> </Message>2015-06-29 08:27:59 2015-06-29 08:29:58 <Message> <Header> <CustomsCode>3302461606</CustomsCode> <OrgName>宁波井贝电子商务有限公司</OrgName> <OrderNo>201506290828555093</OrderNo> </Header> </Message>2015-06-29 08:30:02 2015-06-29 09:13:58 <Message> <Header> <CustomsCode>3302461606</CustomsCode> <OrgName>宁波井贝电子商务有限公司</OrgName> <OrderNo>201506270816414123</OrderNo> </Header> </Message>2015-06-29 09:14:04 2015-06-29 09:15:51 <Message> <Header> <CustomsCode>3302461606</CustomsCode> <OrgName>宁波井贝电子商务有限公司</OrgName> <OrderNo>201506241100573288</OrderNo> </Header> </Message>2015-06-29 09:15:51 2015-06-29 09:40:20 <Message> <Header> <CustomsCode>3302461606</CustomsCode> <OrgName>宁波井贝电子商务有限公司</OrgName> <OrderNo>201506201049489655</OrderNo> </Header> </Message>2015-06-29 09:40:25 <Message> <Header> <CustomsCode>3302461606</CustomsCode> <OrgName>宁波井贝电子商务有限公司</OrgName> <OrderNo>201506201049489655</OrderNo> </Header> </Message>2015-06-29 09:40:27 2015-06-29 09:40:29 2015-06-29 10:34:212015-06-29 10:34:342015-06-29 10:34:34 <Message> <Body> <OrderFrom>0000</OrderFrom> <Idnum>330183198202275010</Idnum> <Name>邱栋</Name> <Account>seabuy_15857122480</Account> <Phone>15857122480</Phone> <Email>26278424@qq.com</Email> </Body> </Message>2015-06-29 10:34:34 2015-06-29 10:34:522015-06-29 10:34:52 <Message> <Body> <OrderFrom>0000</OrderFrom> <Idnum>330183198202275010</Idnum> <Name>邱栋</Name> <Account>seabuy_15857122480</Account> <Phone>15857122480</Phone> <Email>26278424@qq.com</Email> </Body> </Message>2015-06-29 10:34:52 2015-06-29 10:39:26 <Message> <Header> <CustomsCode>3302461606</CustomsCode> <OrgName>宁波井贝电子商务有限公司</OrgName> <OrderNo>201506291036258195</OrderNo> </Header> </Message>2015-06-29 10:39:28 2015-06-29 13:27:032015-06-29 13:27:322015-06-29 13:27:32 <Message> <Body> <OrderFrom>0000</OrderFrom> <Idnum>440421198902158168</Idnum> <Name>吴燕妮</Name> <Account>seabuy_13532983733</Account> <Phone>13532983733</Phone> <Email>121642337@qq.com</Email> </Body> </Message>2015-06-29 13:27:32 2015-06-29 14:07:052015-06-29 14:07:232015-06-29 14:08:202015-06-29 14:08:20 <Message> <Body> <OrderFrom>0000</OrderFrom> <Idnum>330203198507241819</Idnum> <Name>柴泽辉</Name> <Account>seabuy_18667850961</Account> <Phone>18667850961</Phone> <Email>chaizehui@126.com</Email> </Body> </Message>2015-06-29 14:08:20 2015-06-29 14:11:47 <Message> <Header> <CustomsCode>3302461606</CustomsCode> <OrgName>宁波井贝电子商务有限公司</OrgName> <OrderNo>201506200845244515</OrderNo> </Header> </Message>2015-06-29 14:11:50 2015-06-29 16:32:21 <Message> <Header> <CustomsCode>3302461606</CustomsCode> <OrgName>宁波井贝电子商务有限公司</OrgName> <OrderNo>201506271025551162</OrderNo> </Header> </Message>2015-06-29 16:32:23 2015-06-29 16:50:22 <Message> <Header> <CustomsCode>3302461606</CustomsCode> <OrgName>宁波井贝电子商务有限公司</OrgName> <OrderNo>201506291648183193</OrderNo> </Header> </Message>2015-06-29 16:50:35 2015-06-29 16:52:56 <Message> <Header><OrderFrom>0000</OrderFrom> <Account>248978512@qq.com</Account> </Header> </Message>2015-06-29 16:52:57 <Message> <Header><OrderFrom>0000</OrderFrom> <Account>248978512@qq.com</Account> </Header> </Message>2015-06-29 16:52:59 2015-06-29 16:53:00 2015-06-29 16:54:11 <Message> <Header><OrderFrom>0000</OrderFrom> <Account>248978512@qq.com</Account> </Header> </Message>2015-06-29 16:54:12 <Message> <Header><OrderFrom>0000</OrderFrom> <Account>248978512@qq.com</Account> </Header> </Message>2015-06-29 16:54:13 2015-06-29 16:54:27 2015-06-29 17:04:47 <Message> <Header> <CustomsCode>3302461606</CustomsCode> <OrgName>宁波井贝电子商务有限公司</OrgName> <OrderNo>201506290828555093</OrderNo> </Header> </Message>2015-06-29 17:04:49 2015-06-29 17:05:00 <Message> <Header> <CustomsCode>3302461606</CustomsCode> <OrgName>宁波井贝电子商务有限公司</OrgName> <OrderNo>201506290828555093</OrderNo> </Header> </Message>2015-06-29 17:05:03 2015-06-29 17:25:162015-06-29 17:25:342015-06-29 17:25:34 <Message> <Body> <OrderFrom>0000</OrderFrom> <Idnum>330283198811252717</Idnum> <Name>阮鹏波</Name> <Account>seabuy_18757419127</Account> <Phone>18757419127</Phone> <Email>stevenrpb@qq.com</Email> </Body> </Message>2015-06-29 17:25:34 2015-06-29 17:38:232015-06-29 17:38:592015-06-29 17:38:59 <Message> <Body> <OrderFrom>0000</OrderFrom> <Idnum>33010619820927152X</Idnum> <Name>沈翌</Name> <Account>seabuy_15990014927</Account> <Phone>15990014927</Phone> <Email>shenyii@vip.126.com</Email> </Body> </Message>2015-06-29 17:38:59 2015-06-29 17:42:082015-06-29 17:42:08 <Message> <Body> <OrderFrom>0000</OrderFrom> <Idnum>33010619820927152X</Idnum> <Name>沈翌</Name> <Account>seabuy_15990014927</Account> <Phone>15990014927</Phone> <Email>shenyii@vip.126.com</Email> </Body> </Message>2015-06-29 17:42:08 2015-06-29 18:06:50 <Message> <Header> <CustomsCode>3302461606</CustomsCode> <OrgName>宁波井贝电子商务有限公司</OrgName> <OrderNo>201506181721343004</OrderNo> </Header> </Message>2015-06-29 18:07:05 2015-06-29 18:11:382015-06-29 18:11:38 <Message> <Body> <OrderFrom>0000</OrderFrom> <Idnum>330283198811252717</Idnum> <Name>阮鹏波</Name> <Account>seabuy_18757419127</Account> <Phone>18757419127</Phone> <Email>stevenrpb@qq.com</Email> </Body> </Message>2015-06-29 18:11:38 2015-06-29 18:11:48 <Message> <Header><OrderFrom>0000</OrderFrom> <Account>seabuy_18757419127</Account> </Header> </Message>2015-06-29 18:11:49 <Message> <Header><OrderFrom>0000</OrderFrom> <Account>seabuy_18757419127</Account> </Header> </Message>2015-06-29 18:11:50 2015-06-29 18:11:51 2015-06-29 21:45:442015-06-29 21:46:252015-06-29 21:46:25 <Message> <Body> <OrderFrom>0000</OrderFrom> <Idnum>320111198311185248</Idnum> <Name>张黎</Name> <Account>seabuy_13951717238</Account> <Phone>13951717238</Phone> <Email>153539920@qq.com</Email> </Body> </Message>2015-06-29 21:46:25 2015-06-29 22:00:41 <Message> <Header><OrderFrom>0000</OrderFrom> <Account>seabuy_15968037878</Account> </Header> </Message>2015-06-29 22:00:45 2015-06-29 22:00:46 <Message> <Header><OrderFrom>0000</OrderFrom> <Account>seabuy_15968037878</Account> </Header> </Message>2015-06-29 22:00:50 2015-06-29 23:15:28
* 短信验证平台作为测试发送了WooYun字样,自行清理。未做任何破坏。整个平台涉及敏感地方运维自己懂得。包含了几个站的config/某文件夹包含多个支付接口的api等。。。自己解决
白帽子:爱丽姐,送女友个IPS独轮车可好?白帽子会不断挖挖挖!
危害等级:高
漏洞Rank:20
确认时间:2015-08-10 11:59
我们会将你的心愿跟上面反映的……
暂无
这个都不走大厂商?@疯狗