当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-099463

漏洞标题:WiFi万能钥匙某服务器svn未授权访问导致源码泄漏

相关厂商:WiFi万能钥匙

漏洞作者: redrain有节操

提交时间:2015-03-04 15:28

修复时间:2015-04-18 15:30

公开时间:2015-04-18 15:30

漏洞类型:系统/服务运维配置不当

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-03-04: 细节已通知厂商并且等待厂商处理中
2015-03-06: 厂商已经确认,细节仅向厂商公开
2015-03-16: 细节向核心白帽子及相关领域专家公开
2015-03-26: 细节向普通白帽子公开
2015-04-05: 细节向实习白帽子公开
2015-04-18: 细节向公众公开

简要描述:

毕竟5e用户,安全要做好啊,等审计一下源码的其他漏洞~

详细说明:

http://gmdata.lianwifi.com/.svn/all-wcprops
http://gmdata.lianwifi.com/.svn/entries

屏幕快照 2015-03-04 下午3.21.55.png

漏洞证明:

define('DB_DRIVE', 'Zero_Db_Pdo');
define('DB_DEBUG', true);
$config['db_cfg_rows'] = array(
'master'=> array(
'base' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'root',
'password' => '111111',
'database' => 'box',
'charset' => 'UTF8'
)
),
'data' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'root',
'password' => '111111',
'database' => 'box',
'charset' => 'UTF8'
)
),
'data_ext' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'root',
'password' => '111111',
'database' => 'box',
'charset' => 'UTF8'
)
),
'data_time' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'qin',
'password' => 'sjRu&Kd36',
'database' => 'qin_data_time',
'charset' => 'UTF8'
)
),
'log' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'qin',
'password' => 'sjRu&Kd36',
'database' => 'qin_log',
'charset' => 'UTF8'
)
),
'box' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'gmdata',
'password' => 'gmdata@123..',
'database' => 'gmdata',
'charset' => 'UTF8'
)
),
'user_00' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'box',
'password' => 'box123',
'database' => 'user_00',
'charset' => 'UTF8'
)
),
'user_01' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'box',
'password' => 'box123',
'database' => 'user_01',
'charset' => 'UTF8'
)
),
'user_02' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'box',
'password' => 'box123',
'database' => 'user_02',
'charset' => 'UTF8'
)
),
'user_03' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'box',
'password' => 'box123',
'database' => 'user_03',
'charset' => 'UTF8'
)
),
'user_04' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'box',
'password' => 'box123',
'database' => 'user_04',
'charset' => 'UTF8'
)
),
'user_05' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'box',
'password' => 'box123',
'database' => 'user_05',
'charset' => 'UTF8'
)
),
'user_06' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'box',
'password' => 'box123',
'database' => 'user_06',
'charset' => 'UTF8'
)
),
'user_07' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'box',
'password' => 'box123',
'database' => 'user_07',
'charset' => 'UTF8'
)
),
'user_08' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'box',
'password' => 'box123',
'database' => 'user_08',
'charset' => 'UTF8'
)
),
'user_09' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'box',
'password' => 'box123',
'database' => 'user_09',
'charset' => 'UTF8'
)
),
'user_10' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'box',
'password' => 'box123',
'database' => 'user_10',
'charset' => 'UTF8'
)
),
'user_11' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'box',
'password' => 'box123',
'database' => 'user_11',
'charset' => 'UTF8'
)
),
'user_12' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'box',
'password' => 'box123',
'database' => 'user_12',
'charset' => 'UTF8'
)
),
'user_13' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'box',
'password' => 'box123',
'database' => 'user_13',
'charset' => 'UTF8'
)
),
'user_14' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'box',
'password' => 'box123',
'database' => 'user_14',
'charset' => 'UTF8'
)
),
'user_15' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'box',
'password' => 'box123',
'database' => 'user_15',
'charset' => 'UTF8'
)
),
),
'slave'=> array(
'base' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'qin',
'password' => 'sjRu&Kd36',
'database' => 'qin_base',
'charset' => 'UTF8'
)
),
'data' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'qin',
'password' => 'sjRu&Kd36',
'database' => 'qin_data',
'charset' => 'UTF8'
)
),
'log' => array(
array(
'host' => '10.10.18.106',
'port' => '3306',
'user' => 'qin',
'password' => 'sjRu&Kd36',
'database' => 'qin_log',
'charset' => 'UTF8'
)
)
)
);

修复方案:

么么哒

版权声明:转载请注明来源 redrain有节操@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:2

确认时间:2015-03-06 12:58

厂商回复:

感谢您的关注,已将问题转交至相关团队。

最新状态:

暂无


漏洞评价:

评论

  1. 2015-03-04 17:57 | 小花猫 ( 路人 | Rank:10 漏洞数:1 | 为中国互联网安全奋斗)

    前排!!!

  2. 2015-03-04 22:29 | sky ( 实习白帽子 | Rank:94 漏洞数:33 | 有一天,我带着儿子@jeary 去@园长 的园长...)

    233333333333333333333333333333333333~~啪啪啪

  3. 2015-03-06 14:47 | 浅蓝 ( 普通白帽子 | Rank:274 漏洞数:109 | 爱安全:www.ixsec.orgXsec社区:zone.ixse...)

    http://iclick.lianwifi.com/1.php

  4. 2015-03-06 18:18 | 明月影 ( 路人 | Rank:12 漏洞数:8 | 学姿势,学思路。)

    我去。看准万能钥匙不放了