Arbitrary File traversal & amp; a weak password of a service affects a large amount of data and Solutions

Arbitrary File traversal in the back-end system of a chain business & Weak Password of a service affects a large amount of data and Solutions

Large quantity = 10 million

Home and Background Management System

Website: http://price.ziroom.com/

1. Read any local file

Http://price.ziroom.com /? _ P =.../../etc/passwd000000.jpg
 

2. Weak mysql password (artifact discovery)
 

 

 

The database month_bak is empty. Check the house_radar database information.
 

76 tables. I took a random table named z_58_data.
 

The SQL statement was executed for more than 40 seconds and I was too drunk. I saw million pieces of information (I did not count it wrong). I shook my hand.
 

The structure should be based on rental information. The above 76 tables involve the chain home on major platforms (anjuke, 58, ganji, soufun, sina ...) and the business data volume is huge, please handle it in time

3. Path Leakage

When the information is submitted, an error is reported and the page is redirected back to the logon page. I captured this figure with a high speed and I can see that the web directory is exposed, then select into outfile in mysql to write the shell, and the prompt is displayed.

ERROR 1 (HY000): Can't create/write to file '/data1/www/ziroom_admin/cache/tpl/l

ike.php' (Errcode: 2)

I guess I don't have the permission. I can't figure it out. I 've written it to the cache directory, but I still can't write it. Isn't it wrong?
 

Solution:

1. Change the weak mysql password

2. Directory Traversal is fixed, and the _ p parameter is strictly verified.

3. Blocking php error messages