优酷某分站敏感信息泄露账号密码

编号63589
Urlhttp://www.wooyun.org/bug.php?action=view&id=63589
漏洞状态厂商已经确认
漏洞标题优酷某分站敏感信息泄露账号密码
漏洞类型敏感信息泄露
厂商优酷
白帽子kobin97
提交日期2014-06-04 22:55:00
公开日期2014-07-23 20:44:00
修复时间(not set)
确认时间2014-06-05 00:00:00
Confirm Spend1
漏洞标签敏感信息泄露
关注数0
收藏数0
白帽评级
白帽自评rank8
厂商评级
厂商评rank10
漏洞简介
优酷某分站敏感信息泄露
漏洞细节

http://player.lstat.youku.com/config.php.bak

POC

<?php
define('VERSION',1);
define('USE_MAIN_MAP',false);
define('NEW_LOG_TIME',false);
//class path define
$class_path = dirname(__FILE__);
define('INCLUDE_PATH',$class_path);
//class path define
/**原始log目录,该目录内log文件由log.php产生,每10分钟一个文件,
* 处理完该目录内log文件后要将文件转移到按日期的目录内
*/
define('SRC_LOG_PATH','/opt/1verge/logCron/logs/src');
//备份原始log目录,目录内结构为 bak/yyyy-mm-dd
define('BAK_LOG_PATH','/opt/1verge/logCron/logs/bak');
//以天为单位的LOG,目录内文件格式为: yyyy-mm-dd.log
define('DAY_LOG_PATH','/opt/1verge/logCron/logs/day');
//error log path
define('ERROR_LOG_PATH','/opt/1verge/logCron/logs/error');
//area click log path
define('AREA_LOG_PATH','/opt/1verge/logCron/logs/area');
//area click log path bak
define('AREA_BAK_LOG_PATH','/opt/1verge/logCron/logs/area_bak');
//log step minute,记录log文件时间步长,可以为10分钟,20分钟,30分钟,60分钟,120分钟,1天
define('LOG_STEP_MIN',10);
//IP-Area database file
define('IP_DATA_FILE',INCLUDE_PATH.'/IPArea.csv');
//db define
define('DSN','mysql:host=1******;dbname=s****');
define('DBUSER','root');
define('DBPASS','y********');
/**
* log格式配置文件字段名
*/
$cfg_field_maps = array(
'ver', //version
'act', //user action/ check point (yact)
'uuid', //uuid
'uid', //user id
'cp', //cooperator
'ip', //user ip address
'ft', //first visit time
'lt', //last visit time
'at', //access time
'nv', //number visitor
'pv', //page view
'rv', //return view
'lang', //user language
'java', //java enabled
'sr', //screen resolution
'sc', //screen color
'page', //url page file
'ref', //referer
'hash', //hash, fragment
'guu', //google uniq uid
'cnv', //count NV of each user
'npv', //PV of each NV
'uupv', //total pv of each UU
'gate', //track porint,跟踪转换点--
'other',
);
//2007/2/3
//if(NEW_LOG_TIME && time()>=NEW_LOG_TIME){
// array_push($cfg_field_maps,'');
//}
//client user info field maps define
$cfg_client_maps = array(
'lang', //user language
'ua', //user agent
'sr', //screen resolution
'sc', //screen color
'java', //java enabled
'flash', //flash version
'other', //other
);
$cfg_jobs = array(
//'UV',
//'PV',
'NV',
'UV',
'UU',
'ACTION',
'PATTERN',
);
//目标转换定义
$def_arr_target_matches = array(
1=>'http://www.youku.com/my/index/first/1',//用户注册
2=>'/v_show/id_', //观看视频
3=>'http://www.youku.com/my/v/vid/', //上载视频
4=>'http://www.youku.com/search_video/q_', //使用搜索
);
//cooperator definition
$cooperator_array = array(
array('regexp'=>'/from=smarttrade&channelid=(\d+)$/','fk_cooperator'=>2032),
array('regexp'=>'/from=xtoo.cn&channelid=(\d+)$/','fk_cooperator'=>2033),
array('regexp'=>'/from=youku&channelid=(\d+)$/','fk_cooperator'=>2033),
);
?>

修复方案

这个不用我说了。。

状态信息 2014-06-04: 细节已通知厂商并且等待厂商处理中
2014-06-05: 厂商已经确认,细节仅向厂商公开
2014-06-15: 细节向核心白帽子及相关领域专家公开
2014-06-25: 细节向普通白帽子公开
2014-07-05: 细节向实习白帽子公开
2014-07-23: 细节向公众公开
厂商回复多谢提醒
回应信息危害等级:中漏洞Rank:10 确认时间:2014-06-05 06:49
Showing 1-3 of 3 items.
评论内容评论人点赞数评论时间

已经通过其它渠道XX,正在修复 谢谢提醒 2RANK

mramydnei02014-06-04 23:19:00

吊炸天

Chora02014-06-04 23:13:00

厉害 ._.

超威蓝猫02014-06-04 23:00:00