2014-06-09:细节已通知厂商并且等待厂商处理中
2014-06-09:厂商已经确认,细节仅向厂商公开
2014-06-19:细节向核心白帽子及相关领域专家公开
2014-06-29:细节向普通白帽子公开
2014-07-09:细节向实习白帽子公开
2014-07-24:细节向公众公开
唉
详细说明:https://github.com/youkugems/m-cms-for-tudou-tv/blob/4d2093ed698c94b25d71e1eb50521a9fffd836d5/config/settings.yml.example
notifier:
email_username: "notifier-of-push-ops"
email_password: 'bigbigTREE123'
full_email: "Notifier <notifier-of-push-ops@youku.com>"
address: 'smtp.youku.com'
port: 25
authentication: 'login'
tudou:
https://github.com/youkugems/m-cms-for-tudou-tv/blob/4d2093ed698c94b25d71e1eb50521a9fffd836d5/config/deploy.rb
set :deploy_via, :copy
SERVER_TEST_32 = "10.103.13.32"
SERVER_TEST_103 = "10.103.13.103"
SERVER_PRODUCTION_121 = "10.103.13.121"
SERVER_PRODUCTION_11 = "10.103.13.11"
SERVER_PRODUCTION_73 = "10.103.13.73"
SERVER_PRODUCTION_74 = "10.103.13.74"
set(:server_type) {
puts "== 测试服务器是: test103 (.32 已经废弃,不过有需要的话仍然可以上去)"
puts "== 正式服务器是: 73, 74 "
Capistrano::CLI.ui.ask("== which server do you want to deploy to? (test103/test32/73/74)? ")
}
case server_type.chomp
when 'test32'
server = SERVER_TEST_32
password = 'Q7sKxQhifoM8'
when 'test103'
server = SERVER_TEST_103
password = 'v6piiz9cXU8x'
when '11'
server = SERVER_PRODUCTION_11
password = 'no need for password'
when '121'
server = SERVER_PRODUCTION_121
password = 'YopmwUHUECgn'
when '73'
server = SERVER_PRODUCTION_73
password = 'avCNz7QUqgv6'
when '74'
server = SERVER_PRODUCTION_74
password = 'N0NYxtVllZCo'
end
https://github.com/hhwwmm/script/blob/4e358a13bd9db4dbe6a1b6dd34f67cb85ed78611/util/mail_socket.py
def my_send_mail(to_list,sub,content):
mail_host="smtp.163.com"
mail_user="smart_tv_service"
mail_pass="youku123456"
mail_postfix="163.com"
me=mail_user+"<"+mail_user+"@"+mail_postfix+">"
msg = MIMEText(content, <code>_subtype='html', _charset='utf8')
msg['Subject'] = sub
msg['From'] = me
msg['To'] = ";".join(to_list)
try:漏洞证明:
修复方案:
版权声明:转载请注明来源 鸟云厂商@乌云
漏洞回应 厂商回应:
危害等级:高
漏洞Rank:20
确认时间:2014-06-09 17:37
厂商回复:多谢提醒,赶紧修复。
最新状态:暂无