检测到目标源码中可能存在用户名或者密码信息泄露
URL http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js
请求方式 GET
问题参数
判断标准 根据原始请求的响应内容进行判断,如果响应内容中出现疑似用户名或者密码相关的信息,则认为存在漏洞。
判断详情 1、请求URL: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js
2、在响应头及响应内容中匹配到 passwd = passwd_form
请求&响应 GET /phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/index.php

URL http://202.201.39.48/phpmyadmin/js/functions.js
请求方式 GET
问题参数
判断标准 根据原始请求的响应内容进行判断,如果响应内容中出现疑似用户名或者密码相关的信息,则认为存在漏洞。
判断详情 1、请求URL: http://202.201.39.48/phpmyadmin/js/functions.js
2、在响应头及响应内容中匹配到 passwd = passwd_form
请求&响应 GET /phpmyadmin/js/functions.js HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/js/get_scripts.js.php?scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=jquery/jquery.menuResizer-1.0.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/mysql/mysql.js

URL http://202.201.39.48/phpmyadmin/doc/html/_static/jquery.js
请求方式 GET
问题参数
判断标准 根据原始请求的响应内容进行判断,如果响应内容中出现疑似用户名或者密码相关的信息,则认为存在漏洞。
判断详情 1、请求URL: http://202.201.39.48/phpmyadmin/doc/html/_static/jquery.js
2、在响应头及响应内容中匹配到 username: null
请求&响应 GET /phpmyadmin/doc/html/_static/jquery.js HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/doc/html/index.html

URL http://202.201.39.48/phpmyadmin/doc/html/_sources/faq.txt
请求方式 GET
问题参数
判断标准 根据原始请求的响应内容进行判断,如果响应内容中出现疑似用户名或者密码相关的信息,则认为存在漏洞。
判断详情 1、请求URL: http://202.201.39.48/phpmyadmin/doc/html/_sources/faq.txt
2、在响应头及响应内容中匹配到 password: YES
请求&响应 GET /phpmyadmin/doc/html/_sources/faq.txt HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/doc/html/faq.html