当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-095422

漏洞标题:YOHO!有货某站SVN配置不挡(泄露大量数据库密码)

相关厂商:YOHO!有货

漏洞作者: 牛肉包子

提交时间:2015-02-03 15:40

修复时间:2015-02-08 15:42

公开时间:2015-02-08 15:42

漏洞类型:重要敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-02-03: 细节已通知厂商并且等待厂商处理中
2015-02-08: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

新厂商

详细说明:

随便一扫,就发现个泄露

http://upload.yohobuy.com/.svn/entries


QQ截图20150203145243.png


漏洞证明:

通过上面的脚本,进入了缓存管理。看到了大量数据库密码泄露

QQ截图20150203151724.png


QQ截图20150203151736.png


ArrayObject::__set_state(array(
'config' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config_Ini',
'_nestSeparator' => '.',
'_sectionSeparator' => ':',
'_skipExtends' => false,
'_allowModifications' => false,
'_index' => 0,
'_count' => 27,
'_data' =>
array (
'q_pay' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_orders',
'password' => 'yh***********1234',
'writers' => '192.168.100.213:3306',
'readers' => '192.168.100.213:3306,192.168.100.214:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_shops' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_shops',
'password' => 'yh***********1234',
'writers' => '192.168.100.215:3306',
'readers' => '192.168.100.215:3306,192.168.100.216:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_inbox' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yoho_passport',
'password' => 'yoho***********1234',
'writers' => '192.168.100.211:3306',
'readers' => '192.168.100.212:3306,192.168.100.211:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_comments' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_cms',
'password' => 'yh***********234',
'writers' => '192.168.100.203:3306',
'readers' => '192.168.100.204:3306,192.168.100.203:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_lottery' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_cms',
'password' => 'yh***********34',
'writers' => '192.168.100.203:3306',
'readers' => '192.168.100.204:3306,192.168.100.203:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_orders' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_orders',
'password' => 'yh***********34',
'writers' => '192.168.100.213:3306',
'readers' => '192.168.100.213:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_logistics' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_orders',
'password' => 'yh***********234',
'writers' => '192.168.100.213:3306',
'readers' => '192.168.100.213:3306,192.168.100.214:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_passport' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yoho_passport',
'password' => 'y***********34',
'writers' => '192.168.100.211:3306',
'readers' => '192.168.100.212:3306,192.168.100.211:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yoho_passport' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yoho_passport',
'password' => 'yo***********234',
'writers' => '192.168.100.211:3306',
'readers' => '192.168.100.212:3306,192.168.100.211:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_cms' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_cms',
'password' => 'y***********34',
'writers' => '192.168.100.203:3306',
'readers' => '192.168.100.203:3306,192.168.100.204:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_apps' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_cms',
'password' => 'y***********234',
'writers' => '192.168.100.203:3306',
'readers' => '192.168.100.203:3306,192.168.100.204:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_operations' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_cms',
'password' => 'y***********34',
'writers' => '192.168.100.203:3306',
'readers' => '192.168.100.203:3306,192.168.100.204:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'q_msg_system' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yoho_passport',
'password' => 'y***********234',
'writers' => '192.168.100.211:3306',
'readers' => '192.168.100.211:3306,192.168.100.212:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_stat' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_cms',
'password' => 'yh***********34',
'writers' => '192.168.100.203:3306',
'readers' => '192.168.100.203:3306,192.168.100.204:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_unions' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_cms',
'password' => 'yh***********34',
'writers' => '192.168.100.203:3306',
'readers' => '192.168.100.203:3306,192.168.100.204:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_subscribe' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_cms',
'password' => 'y***********34',
'writers' => '192.168.100.203:3306',
'readers' => '192.168.100.203:3306,192.168.100.204:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_mobile' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_cms',
'password' => 'y***********234',
'writers' => '192.168.100.203:3306',
'readers' => '192.168.100.203:3306,192.168.100.204:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yhb_promotion' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_orders',
'password' => 'y***********234',
'writers' => '192.168.100.213:3306',
'readers' => '192.168.100.213:3306,192.168.100.214:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_gallery' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_cms',
'password' => 'yh***********4',
'writers' => '192.168.100.203:3306',
'readers' => '192.168.100.203:3306,192.168.100.204:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'erp_orders' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'erp_root',
'password' => '***********',
'writers' => '192.168.200.204:3306',
'readers' => '192.168.200.204:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_search' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_cms',
'password' => 'y***********',
'writers' => '192.168.100.203:3306',
'readers' => '192.168.100.203:3306,192.168.100.204:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_coupons' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_orders',
'password' => 'y***********',
'writers' => '192.168.100.213:3306',
'readers' => '192.168.100.213:3306,192.168.100.214:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yoho_sms' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yoho_passport',
'password' => 'y***********4',
'writers' => '192.168.100.211:3306',
'readers' => '192.168.100.211:3306,192.168.100.212:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_setting' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_cms',
'password' => 'y***********',
'writers' => '192.168.100.203:3306',
'readers' => '192.168.100.203:3306,192.168.100.204:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_comment' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_cms',
'password' => 'yh***********',
'writers' => '192.168.100.203:3306',
'readers' => '192.168.100.203:3306,192.168.100.204:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yh_special' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_cms',
'password' => 'yh_***********34',
'writers' => '192.168.100.203:3306',
'readers' => '192.168.100.203:3306,192.168.100.204:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'yohood' =>
__PHP_Incomplete_Class::__set_state(array(
'__PHP_Incomplete_Class_Name' => 'Zend_Config',
'_allowModifications' => false,
'_index' => 0,
'_count' => 4,
'_data' =>
array (
'username' => 'yh_orders',
'password' => 'yh_***********1234',
'writers' => '192.168.100.213:3306',
'readers' => '192.168.100.213:3306,192.168.100.214:3306',
),
'_skipNextIteration' => NULL,
'_loadedSection' => NULL,
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
),
'_skipNextIteration' => NULL,
'_loadedSection' =>
array (
0 => 'mysql',
),
'_extends' =>
array (
),
'_loadFileErrorStr' => NULL,
)),
'lastModified' => 1422943823,
))

修复方案:

运维应该懂吧

版权声明:转载请注明来源 牛肉包子@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-02-08 15:42

厂商回复:

最新状态:

暂无


漏洞评价:

评论

  1. 2015-02-04 15:04 | roker ( 普通白帽子 | Rank:357 漏洞数:108 )

    给爷爷 跪了。爷爷 big diao。

  2. 2015-02-12 16:14 | %270x5c ( 实习白帽子 | Rank:64 漏洞数:23 | 乌拉拉)

    好屌。表示看不懂。

  3. 2015-02-12 16:22 | 牛肉包子 ( 普通白帽子 | Rank:254 漏洞数:64 )

    @YOHO!有货 为啥忽略

  4. 2015-02-12 16:35 | %270x5c ( 实习白帽子 | Rank:64 漏洞数:23 | 乌拉拉)

    @牛肉包子 因为爷爷太屌了。。