Arbitrary File traversal in the back-end system of a chain business & Weak Password of a service affects a large amount of data and Solutions
Large quantity = 10 million
Home and Background Management System
Website: http://price.ziroom.com/
1. Read any local file
Http://price.ziroom.com /? _ P =.../../etc/passwd000000.jpg
2. Weak mysql password (artifact discovery)
The database month_bak is empty. Check the house_radar database information.
76 tables. I took a random table named z_58_data.
The SQL statement was executed for more than 40 seconds and I was too drunk. I saw million pieces of information (I did not count it wrong). I shook my hand.
The structure should be based on rental information. The above 76 tables involve the chain home on major platforms (anjuke, 58, ganji, soufun, sina ...) and the business data volume is huge, please handle it in time
3. Path Leakage
When the information is submitted, an error is reported and the page is redirected back to the logon page. I captured this figure with a high speed and I can see that the web directory is exposed, then select into outfile in mysql to write the shell, and the prompt is displayed.
ERROR 1 (HY000): Can't create/write to file '/data1/www/ziroom_admin/cache/tpl/l
ike.php' (Errcode: 2)
I guess I don't have the permission. I can't figure it out. I 've written it to the cache directory, but I still can't write it. Isn't it wrong?
Solution:
1. Change the weak mysql password
2. Directory Traversal is fixed, and the _ p parameter is strictly verified.
3. Blocking php error messages