漏洞概要 关注数(24) 关注此漏洞
>
漏洞详情
披露状态:
2012-04-02: 细节已通知厂商并且等待厂商处理中
2012-04-02: 厂商已经确认,细节仅向厂商公开
2012-04-12: 细节向核心白帽子及相关领域专家公开
2012-04-22: 细节向普通白帽子公开
2012-05-02: 细节向实习白帽子公开
2012-05-17: 细节向公众公开
简要描述:
搜狐某站数据库报错致敏感信息泄露
新浪,搜狐,亲,你们都是肿么了。
老大,我还是建议批量上图,不然太慢了。卡卡卡。
详细说明:
http://vip.club.sohu.com/wenwang/question/index.php
Warning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on '192.168.103.24' (110) 亲地址暴露了喔。
in /opt/Sites/vip.club.sohu.com/wenwang/question/include/dsn.php on line 2
无法连接到数据库!
Warning: mysql_query() expects parameter 2 to be resource, boolean given in /opt/Sites/vip.club.sohu.com/wenwang/question/include/dsn.php on line 14
Warning: mysql_fetch_array() expects parameter 1 to be resource, null given in /opt/Sites/vip.club.sohu.com/wenwang/question/include/dsn.php on line 15
Warning: mysql_query() expects parameter 2 to be resource, boolean given in /opt/Sites/vip.club.sohu.com/wenwang/question/include/dsn.php on line 27
Warning: mysql_num_rows() expects parameter 1 to be resource, null given in /opt/Sites/vip.club.sohu.com/wenwang/question/include/dsn.php on line 28
Warning: mysql_query() expects parameter 2 to be resource, boolean given in /opt/Sites/vip.club.sohu.com/wenwang/question/index.php on line 31
Warning: mysql_num_rows() expects parameter 1 to be resource, null given in /opt/Sites/vip.club.sohu.com/wenwang/question/index.php on line 32
Warning: mysql_query() expects parameter 2 to be resource, boolean given in /opt/Sites/vip.club.sohu.com/wenwang/question/index.php on line 128
漏洞证明:
修复方案:
你们都懂的
===》QQ2036234
继续关注。
版权声明:转载请注明来源 zeracker@乌云
>
漏洞回应
厂商回应:
危害等级:低
漏洞Rank:5
确认时间:2012-04-02 21:32
厂商回复:
3q3q
最新状态:
暂无