欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  网络运营

中兴某分站多处敏感信息泄露

程序员文章站 2022-06-22 20:18:25
中兴某分站多处敏感信息泄露 http://foundation.zte.com.cn/phpsso_server/caches/configs/database.php~ http://f...

中兴某分站多处敏感信息泄露

http://foundation.zte.com.cn/phpsso_server/caches/configs/database.php~

http://foundation.zte.com.cn/phpsso_server/caches/configs/system.php~

http://foundation.zte.com.cn/caches/configs/database.php~

http://foundation.zte.com.cn/caches/configs/system.php~

return array (

'default' => array (

'hostname' => '192.168.176.156',

'database' => 'phpcms_new',

'username' => 'root',

'password' => 'ZTE(ehome)&123456987',

'tablepre' => 'v9_',

'charset' => 'utf8',

'type' => 'mysql',

'debug' => true,

'pconnect' => 0,

'autoconnect' => 0

),

);

?>

return array (

'default' => array (

'hostname' => '192.168.176.156',

'database' => 'phpcms_new',

'username' => 'root',

'password' => 'zteIT248&',

'tablepre' => 'v9_sso_',

'charset' => 'utf8',

'type' => 'mysql',

'debug' => true,

'pconnect' => 0,

'autoconnect' => 0

)

);

?>

return array(

//网站路径

'web_path' => '/',

//Session配置

'session_storage' => 'mysql',

'session_ttl' => 1800,

'session_savepath' => CACHE_PATH.'sessions/',

'session_n' => 0,

//Cookie配置

'cookie_domain' => '', //Cookie 作用域

'cookie_path' => '', //Cookie 作用路径

'cookie_pre' => 'QHTcI_', //Cookie 前缀,同一域名下安装多套系统时,请修改Cookie前缀

'cookie_ttl' => 0, //Cookie 生命周期,0 表示随浏览器进程

//模板相关配置

'tpl_root' => 'templates/', //模板保存物理路径

'tpl_name' => 'default', //当前模板方案目录

'tpl_css' => 'default', //当前样式目录

'tpl_referesh' => 1,

'tpl_edit'=>1,//是否允许在线编辑模板

//附件相关配置

'upload_path' => PHPCMS_PATH.'uploadfile/',

'upload_url' => 'http://ztefoundation.org/uploadfile/', //附件路径

'attachment_stat' => '1',//是否记录附件使用状态 0 统计 1 统计, 注意: 本功能会加重服务器负担

'js_path' => 'http://ztefoundation.org/statics/js/', //CDN JS

'css_path' => 'http://ztefoundation.org/statics/css/', //CDN CSS

'img_path' => 'http://ztefoundation.org/statics/images/', //CDN img

'app_path' => 'http://ztefoundation.org/',//动态域名配置地址

'charset' => 'utf-8', //网站字符集

'timezone' => 'Etc/GMT-8', //网站时区(只对php 5.1以上版本有效),Etc/GMT-8 实际表示的是 GMT+8

'debug' => 1, //是否显示调试信息

'admin_log' => 0, //是否记录后台操作日志

'errorlog' => 1, //1、保存错误日志到 cache/error_log.php | 0、在页面直接显示

'gzip' => 1, //是否Gzip压缩后输出

'auth_key' => '62YFHHZawZRf8Ieyt9C2', //密钥

'lang' => 'zh-cn', //网站语言包

'lock_ex' => '1', //写入缓存时是否建立文件互斥锁定(如果使用nfs建议关闭)

'admin_founders' => '1', //网站创始人ID,多个ID逗号分隔

'execution_sql' => 0, //EXECUTION_SQL

'phpsso' => '1',//是否使用phpsso

'phpsso_appid' => '1',//应用id

'phpsso_api_url' => 'http://ztefoundation.org/phpsso_server/',//接口地址

'phpsso_auth_key' => '16ntyr6nowo9kdtzi8la8fprgcj3bzyg', //加密密钥

'phpsso_version' => '1', //phpsso版本

'html_root' => '/html',//生成静态文件路径

'safe_card'=>'1',//是否启用口令卡

'connect_enable' => '1',//是否开启外部通行证

'sina_akey' => '',//sina AKEY

'sina_skey' => '',//sina SKEY

'snda_akey' => '',//盛大通行证 akey

'snda_skey' => '',//盛大通行证 skey

'qq_akey' => '',//qq skey

'qq_skey' => '',//qq skey

'qq_appkey' => '',//QQ号码登录 appkey

'qq_appid' => '',//QQ号码登录 appid

'qq_callback' => '',//QQ号码登录 callback

'plugin_debug' => '0',//插件测试

'admin_url' => '',//允许访问后台的域名

);

?>

解决方案:

# 删除泄露的文件