2015-10-10: 细节已通知厂商并且等待厂商处理中 2015-10-10: 厂商已经确认,细节仅向厂商公开 2015-10-20: 细节向核心白帽子及相关领域专家公开 2015-10-30: 细节向普通白帽子公开 2015-11-09: 细节向实习白帽子公开 2015-11-24: 细节向公众公开
侧漏源码与一打数据库
http://scan.safe.baidu.com/.svn/entries
[db]db_port = 3306db_user = rootdb_host = 127.0.0.1db_pass = admindb_dbname = nssdb_charset = utf8[redis]redis_host = 127.0.0.1redis_port = 6379redis_pass = b8HJ9k56tY1Xza7uTba7612alpw3[bk]bk_host = 127.0.0.1bk_port = 11300[download]dl_path = /data/downloadsample_rul = http://dbl-seclab-back14.dbl01:8080/resource/apps/[sampleredis]sample_host = 127.0.0.1sample_port = 6380sample_pass = bslfng[virusResultRedis]virusRet_host = 127.0.0.1virusRet_port = 6379virusRet_pass = b8HJ9k56tY1Xza7uTba7612alpw3REDIS_HOST = '10.212.106.42'REDIS_PORT = 6379REDIS_PASS = 'b8HJ9k56tY1Xza7uTba7612alpw3'DB_HOST = '10.212.106.41'DB_USER = 'root'DB_PASSWD = '3db7401e'DB_NAME = 'nss'redis.Redis(host='10.40.67.20', password='bslfng', port=6379, db=0)creator=MySQLdb,host='10.212.106.41',user='root',passwd='3db7401e',db='nss',port=8306,creator = MySQLdb, host = '10.212.106.45', port = 3306, user = 'root', passwd = '3db7401e', db = 'nss',#Email info#SMTP_SERVER = 'smtp.mail.yahoo.com:587'SMTP_SERVER = 'smtp.qq.com'#SENDER = 'bdseclabauto@yahoo.com'SENDER = 'bdseclabauto@qq.com'RECVER = ['wanglei20@baidu.com', 'shimin02@baidu.com', 'zhangzhigui@baidu.com', \'fengyajie@baidu.com', 'jiyanyan@baidu.com', 'liukai15@baidu.com', 'liuboyan@baidu.com']#RECVER = ['jiyanyan@baidu.com', 'liukai15@baidu.com', 'zhangzhigui@baidu.com']SUBJECT = "[Monitor]: Baidu Cloud Security Platform monitoring report"#USR = 'bdseclabauto@yahoo.com'USR = '2759026024'#PASSWD = 'trustgoer2015'PASSWD = '=bm125'tgautonotification@gmail.com trustgoer 'baidu': {'id': 1, 'key': '905f333d0cce7f58ed452f8a825c2f0cb96a4c71'},'appchina': {'id': 2, 'key': '3dd697812da9960a1e72429cb017e97c4a535c83'},'crossmo': {'id': 3, 'key': '72d67561c2c0dff2d59080796d0d4f698eded10b'},'4399': {'id': 4, 'key': '9fc50a8a4741a718a849fe7049c3341dab916ee0'},'cncert': {'id': 5, 'key': 'c903889bd890d59e64ac9e9dd116e7170bdcf738'},'hisense': {'id': 6, 'key': 'c99c3292c57b7bc3867f62a5126a2ac1a6d5cd81'},api_keys = { '905f333d0cce7f58ed452f8a825c2f0cb96a4c71': 'baidu', '3dd697812da9960a1e72429cb017e97c4a535c83': 'appchina', '92a1ce5e0032530391edae8c79336c9929f15296': 'lenovomm', 'f508ac57765b7beaad9141f4c00039467f08a302': 'bpit', 'b701b3525bcc274d4eae80d181b85f2664096e4f': 'gionee', '8fc547cdda7cc69be41169a05b4a8937dd05e175': 'pixiu', '3ef39aec47565a783de750b0bebdbfb72cb12ab4': 'vsearch', 'b701b3525bcc274d4eae80d181b85f2664096e4f': 'gionee', 'xh5fkulj2dvhtu9apbyzrevb8yf3ixdwcq6joeol': 'bsltest', '39aff70c29cb063cc28928326ea0f40fd03d5b9c': 'testin', 'c347265fc2e41812da52a816ad7f1122ec344f9f': 'musi', '296c61378753442c7a9fffb3087eba1bea977076': 'musi_test',}
危害等级:中
漏洞Rank:10
确认时间:2015-10-10 10:00
感谢提交
暂无
mark一下