多玩某GM系统敏感信息泄漏

首先是svn泄漏，

http://qa.tank.duowan.com/manage/.svn/entries

但是发现svn查看不了什么文件，但是可以知道大概目录，直接访问久暴露了源码http://qa.tank.duowan.com/manage/sql/dbcfg.py

HOST = '127.0.0.1'

USER = 'tkgame'

PAWD = 'tkgame'

PORT = 0

DBNAME = 'tkt_manage'

#

EXECUTETYPE = 'update'

BUILDSQL = 'table_defines.sql'

UPDATELOG = 'update.ini'

UPDATETABLE = '_db_update_log'

BUILDUPDATESQL = '_db_update_log.sql'

BACKUPSQLPREFIX = 'bk_'

http://qa.tank.duowan.com/manage/sql/table_defines.sql

INSERT INTO `user` (`user_id`, `user_name`, `user_password`, `user_level`, `user_created`) VALUES

(1, 'sixcube', '6511383c766f89361b27f1d0d4f25956', 2, 1338946866);

http://qa.tank.duowan.com/manage/i18n/config.sh

ROOT_PATH=/var/www/wwwroot/tkt/manage

I18N_PATH=$ROOT_PATH/i18n

I18N_DOMAIN=tkt_manage

LANG_LIST=(`/usr/bin/php -q getLangList.php`);

LEN_OF_LANG_LIST=${#LANG_LIST[@]}

首先是svn泄漏，

http://qa.tank.duowan.com/manage/.svn/entries

但是发现svn查看不了什么文件，但是可以知道大概目录，直接访问久暴露了源码http://qa.tank.duowan.com/manage/sql/dbcfg.py

HOST = '127.0.0.1'

USER = 'tkgame'

PAWD = 'tkgame'

PORT = 0

DBNAME = 'tkt_manage'

#

EXECUTETYPE = 'update'

BUILDSQL = 'table_defines.sql'

UPDATELOG = 'update.ini'

UPDATETABLE = '_db_update_log'

BUILDUPDATESQL = '_db_update_log.sql'

BACKUPSQLPREFIX = 'bk_'

漏洞证明：

http://qa.tank.duowan.com/manage/sql/table_defines.sql

INSERT INTO `user` (`user_id`, `user_name`, `user_password`, `user_level`, `user_created`) VALUES

(1, 'sixcube', '6511383c766f89361b27f1d0d4f25956', 2, 1338946866);

http://qa.tank.duowan.com/manage/i18n/config.sh

ROOT_PATH=/var/www/wwwroot/tkt/manage

I18N_PATH=$ROOT_PATH/i18n

I18N_DOMAIN=tkt_manage

LANG_LIST=(`/usr/bin/php -q getLangList.php`);

LEN_OF_LANG_LIST=${#LANG_LIST[@]}