简要描述：17173分站由于配置不当，导致源码泄露，包括数据库账号密码
详细说明：

漏洞证明：
<?php

 include_once("../include/config.php");

 include_once("../include/db.php");

 include_once("inc.php");

?>

<?php

 //读取指定数据

 $str    = filter($_REQUEST["str"]);

 $classStr = filter($_REQUEST["classStr"]);

 

 if(!empty($classStr)){

  $classStr = substr($classStr,0,-1);

  $classStr = split(",",$classStr);

 }

 

 if (!is_array($classStr)) {

  $classStr = array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10);

 }

 

 $conn = new MyAdodb($DbHost,$DbName,$DbUser,$DbPwd);

 $conn->OpenDB();

 

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />

<title>17173·天龙八部数据库</title>

<link href="css/master.css" rel="stylesheet" type="text/css" />

<SCRIPT LANGUAGE="JavaScript" src="js/ajax.js"></SCRIPT>

<SCRIPT LANGUAGE="JavaScript" src="js/tkl_pagelist.js"></SCRIPT>

<script type="text/javascript">

 function addBookmark(title,url) {

        if( document.all ) {

            window.external.AddFavorite( url, title);

        } else if (window.sidebar) {

            window.sidebar.addPanel(title, url,"");

        } else if( window.opera && window.print ) {

            return true;

        }

}

function setValue(){

 

 Obj = getObject("a");

 var i = 0;

 var strValue = "";

 for(var j = 0;j < Obj.length; j++){

  //alert(j+"|"+Obj[j].value+"|"+Obj[j].checked);

  if(true == Obj[j].checked ){

   i++;

   strValue += Obj[j].value+",";

  }

 }

 

 if (i < 1) {

  alert("请选择搜索分类！");

  return false;

 }

 

 document.form1.classStr.value = strValue;

 //alert(Obj.length+"|"+strValue);

}

 

/**检查表单**/

function checkForm(){

 setValue();

 Obj = document.form1;

 if (Obj.str.value.length < 2){

  alert("请输入2位以上的关键字！");

  Obj.str.focus();

  return false;

 }

 

}

 

//设置指定id的选项

function SetCheckBox(str){

 var tempStr,reg;

 var ObjectField_1 = getObject("a");

 var i=0,len;

 

 len = ObjectField_1.length;

  if (len == null) {

     len=1;

  }

 

  if (len == 1){

     reg = eval("/,"+ObjectField_1.value+",/g");

     tempStr = str.replace(reg,"");

     if (tempStr.length < str.length) {

      ObjectField_1.checked = true;

     }

   }else{

 

   for ( j = 0; j < len; j++){

      reg = eval("/,"+ObjectField_1[j].value+",/g");

      tempStr = str.replace(reg,"");

 

      if (tempStr.length < str.length) {

       ObjectField_1[j].checked = true;

    }

  }

 }

}

 

//读取对像

function getObject(objectId) {

   if (document.all && document.all(objectId)) {

    return document.all(objectId);

   }else if(document.getElementById && document.getElementById(objectId)) {

    return document.getElementById(objectId);

   }else if(document.getElementsByName && document.getElementsByName(objectId)) {

    return document.getElementsByName(objectId);

   }else {

    return false;

   }

}

</script>

</head>

<body>

<div id="wrapper">

  <div id="wrapperLeft">

    <div id="innerWrapperLeft">

      <div id="panelSearch">

        <div id="panelSearchTop"><?php include("header.html"); ?></div>

        <div id="panelSearchContent">

        <table width="95%" border="0" align="center" cellpadding="0" cellspacing="0">

         <form name="form1" method="get" action="search.php" onsubmit="return checkForm();">

          <tr>

            <td align="center">

              综合搜索：

                <input name="str" type="text" id="str" style="width:200px;" value=""/>

                <input type="hidden" value="" name="classStr">

                <input type="image" name="imageField" id="imageField"src="/uploads/allimg/c150417/142925125411950-5254J.jpg" style="width:49px; height:20px; border:none;"/>

            </td>

          </tr>

          <tr>

              <td style="padding-bottom:10px; text-align:center;">

                <input type="checkbox" name="a" value="1" checked  style="width: 20px;"/> 装备

                <input type="checkbox" name="a" value="2" checked style="width: 20px;"/> 套装

                <input type="checkbox" name="a" value="3" checked style="width: 20px;"/> 珍兽

                <input type="checkbox" name="a" value="4" checked style="width: 20px;"/> 技能

                <input type="checkbox" name="a" value="5" checked style="width: 20px;"/> 元宝

                <input type="checkbox" name="a" value="6" checked style="width: 20px;"/> 任务

                <input type="checkbox" name="a" value="7" checked style="width: 20px;"/> 地图

                <input type="checkbox" name="a" value="8" checked style="width: 20px;"/> 怪物

                <input type="checkbox" name="a" value="9" checked style="width: 20px;"/> NPC

                <input type="checkbox" name="a" value="10" checked style="width: 20px;"/> 物品

              </td>

   </tr>

          </form>

        </table>

        </div>

        <div class="clear"></div>

      </div>

      <?php if(!empty($classStr)){?>

      <div id="dh">

      <?php

   for ($j = 0; $j < count($classStr);