A server of Tucson may leak dozens of Gbit/s of source code and dozens of Gbit/s of data due to improper configuration.

A server of Tucson may leak dozens of Gbit/s of source code and dozens of Gbit/s of data due to improper configuration.

Due to improper configuration at a certain place, the network has unauthorized access, resulting in leakage of dozens of GB code and dozens of GB database.

Disclaimer: Download the content only to verify the vulnerability and check whether there are more high-risk vulnerabilities. Helpless, the amount is too large, and there is no energy to go further. After the vulnerability is submitted, the source code and data will be deleted (the hard disk is insufficient, which occupies too much storage space ).

The vulnerability details are as follows:

Two servers have the rsync vulnerability and two servers.

58.68.000059

58.68.232.215

The leaked information of the two servers may be from July 15, 2013 or earlier. But there are also some of the latest source code for 2015.

However, a lot of information has been leaked, including some programs deployed by touniu, website configuration programs, and data for 2013.

Some database passwords are leaked. 1 and 2 are listed here. I will not list more.

You should know what content these servers have. I won't say much about it.
 

 

 

Needless to say, let's take a look!

58.68.232.215.
 

 

 

 

58.68.000059 I cannot connect to this server for proof. However, for some analysis, the Code has been downloaded. As follows:
 

 

 

Solution:

Increase the password.