關於discuz的漏洞整理

---恢復內容開始---

 

http://tita.qq.com/bbs/config/config_global.php.bak

http://tita.qq.com/bbs/config/config_global.php~

http://tita.qq.com/bbs/config/config_ucenter.php~

http://tita.qq.com/bbs/config/config_ucenter.php.bak 

http://bbsuc.duba.net/data/config.inc.php.bak

http://bbsuc.duba.net/config.inc.php.bak

 

匹配特徵：

<?php

$_config = array();

// ---------------------------- CONFIG DB ----------------------------- //

$_config['db']['1']['dbhost'] = 'localhost';

$_config['db']['1']['dbuser'] = 'root';

$_config['db']['1']['dbpw'] = '62***29';

$_config['db']['1']['dbcharset'] = 'gbk';

$_config['db']['1']['pconnect'] = '0';

$_config['db']['1']['dbname'] = 'bbs_iappsafe';

$_config['db']['1']['tablepre'] = 'safe_';

$_config['db']['common']['slave_except_table'] = '';


code 區域
<?php

define('UC_CONNECT', 'mysql');

define('UC_DBHOST', '114.112.**.***');

define('UC_DBUSER', 'root');

define('UC_DBPW', 'kingsoft***11');

define('UC_DBNAME', 'dybiduba');

define('UC_DBCHARSET', 'gbk');

define('UC_DBTABLEPRE', '`dybiduba`.cdb_uc_');

define('UC_DBCONNECT', 0);

define('UC_CHARSET', 'gbk');

define('UC_KEY', 'q8c8X96253G0d8*****************aB4H8G2k1Gbb0GbA589mc');

define('UC_API', 'http://bbs.duba.net/uc_server');

define('UC_APPID', '1');

define('UC_IP', '114.112.36.184');

define('UC_PPP', 20);

 2.產品名：Discuz!應用開發助手

安裝量較高，此處分析此產品可getshell的一個部分。

http://www.wooyun.org/bugs/wooyun-2010-081178

利用方法：http://www.wooyun.org/bugs/wooyun-2014-079343