Community

Learn

Tools Library

AI Tools

Leisure

English

Home > Backend Development > PHP Tutorial > 多玩某GM系统敏感信息泄漏

多玩某GM系统敏感信息泄漏

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Release： 2016-06-23 13:20:14

Original

961 people have browsed it

首先是svn泄漏，

http://qa.tank.duowan.com/manage/.svn/entries

但是发现svn查看不了什么文件，但是可以知道大概目录，直接访问久暴露了源码http://qa.tank.duowan.com/manage/sql/dbcfg.py

HOST = '127.0.0.1'

USER = 'tkgame'

PAWD = 'tkgame'

PORT = 0

DBNAME = 'tkt_manage'

#

EXECUTETYPE = 'update'

BUILDSQL = 'table_defines.sql'

UPDATELOG = 'update.ini'

UPDATETABLE = '_db_update_log'

BUILDUPDATESQL = '_db_update_log.sql'

BACKUPSQLPREFIX = 'bk_'

http://qa.tank.duowan.com/manage/sql/table_defines.sql

INSERT INTO `user` (`user_id`, `user_name`, `user_password`, `user_level`, `user_created`) VALUES

(1, 'sixcube', '6511383c766f89361b27f1d0d4f25956', 2, 1338946866);

http://qa.tank.duowan.com/manage/i18n/config.sh

ROOT_PATH=/var/www/wwwroot/tkt/manage

I18N_PATH=$ROOT_PATH/i18n

I18N_DOMAIN=tkt_manage

LANG_LIST=(`/usr/bin/php -q getLangList.php`);

LEN_OF_LANG_LIST=${#LANG_LIST[@]}

首先是svn泄漏，

http://qa.tank.duowan.com/manage/.svn/entries

但是发现svn查看不了什么文件，但是可以知道大概目录，直接访问久暴露了源码http://qa.tank.duowan.com/manage/sql/dbcfg.py

HOST = '127.0.0.1'

USER = 'tkgame'

PAWD = 'tkgame'

PORT = 0

DBNAME = 'tkt_manage'

#

EXECUTETYPE = 'update'

BUILDSQL = 'table_defines.sql'

UPDATELOG = 'update.ini'

UPDATETABLE = '_db_update_log'

BUILDUPDATESQL = '_db_update_log.sql'

BACKUPSQLPREFIX = 'bk_'

漏洞证明：

http://qa.tank.duowan.com/manage/sql/table_defines.sql

INSERT INTO `user` (`user_id`, `user_name`, `user_password`, `user_level`, `user_created`) VALUES

(1, 'sixcube', '6511383c766f89361b27f1d0d4f25956', 2, 1338946866);

http://qa.tank.duowan.com/manage/i18n/config.sh

ROOT_PATH=/var/www/wwwroot/tkt/manage

I18N_PATH=$ROOT_PATH/i18n

I18N_DOMAIN=tkt_manage

LANG_LIST=(`/usr/bin/php -q getLangList.php`);

LEN_OF_LANG_LIST=${#LANG_LIST[@]}

Related labels：

多玩某GM系统敏感信息泄漏

Previous article：Googbye 2015 & Hello 2016 Next article：PHP 设计模式系列 -- 注册模式（Registry）

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Latest Articles by Author

Stop spending so much money on streaming services

2025-02-24 12:11:09
Stop talking to your phone: How to use Type to Siri

2025-02-24 12:06:10
How to use Amazon Lockers to save time and beat porch pirates

2025-02-24 12:04:13
How to read text from images on Windows

2025-02-24 12:03:10
9 useful apps that plug into Spotify

2025-02-24 12:02:09
How to use tasks and reminders inside ChatGPT

2025-02-24 12:01:10
How to use Apple Intelligence to sort your emails

2025-02-24 12:00:16
How to set up the new theft detection features on Android

2025-02-24 11:59:10
How to get Gemini to remember (or forget) everything you’ve said

2025-02-24 11:58:14
Where to find Meta AI in Facebook, WhatsApp, and Instagram—and what you can do with it

2025-02-24 11:55:09

Latest Issues

Team collaboration - What should I do if someone needs the feature I wrote as a dependency in git flow?

From 1970-01-01 08:00:00

0

0

0

Objective-c - Constraints for iOS a warning issue

From 1970-01-01 08:00:00

0

0

0

Confusion about using gitlab's fork&pull request mode within the team

From 1970-01-01 08:00:00

0

0

0

Objective-c - In iOS development, Instagram cannot be authorized after logging in. Instagram does not jump back to the application. How to get the callback address?

From 1970-01-01 08:00:00

0

0

0

Version Control - About the use of SVN and GIT in company projects?

From 1970-01-01 08:00:00

0

0

0

Related Topics

More>

Popular Recommendations

Popular Tutorials

More>

Related Tutorials

Popular Recommendations

Latest courses

Latest Downloads

More>

Web Effects

Website Source Code

Website Materials

Front End Template