Sensitive Information Leakage of a GM System
First, svn leakage,
http://qa.tank.duowan.com/manage/.svn/entries
However, I found that svn could not view any files, but I can know the approximate directory and directly access the source code exposed for a long time.
Http://qa.tank.duowan.com/manage/ SQL /dbcfg.py
HOST = '127.0.0.1'USER = 'tkgame'PAWD = 'tkgame'PORT = 0DBNAME = 'tkt_manage'#EXECUTETYPE = 'update'BUILDSQL = 'table_defines.sql'UPDATELOG = 'update.ini'UPDATETABLE = '_db_update_log'BUILDUPDATESQL = '_db_update_log.sql'BACKUPSQLPREFIX = 'bk_'
Http://qa.tank.duowan.com/manage/ SQL /table_defines. SQL
INSERT INTO `user` (`user_id`, `user_name`, `user_password`, `user_level`, `user_created`) VALUES(1, 'sixcube', '6511383c766f89361b27f1d0d4f25956', 2, 1338946866);
Http://qa.tank.duowan.com/manage/i18n/config.sh
ROOT_PATH=/var/www/wwwroot/tkt/manageI18N_PATH=$ROOT_PATH/i18nI18N_DOMAIN=tkt_manageLANG_LIST=(`/usr/bin/php -q getLangList.php`);LEN_OF_LANG_LIST=${#LANG_LIST[@]}