I wonder if you agree with the cloud? Does Cloud security cause a lot of problems? It is worth pondering...
Detailed Description: first, I applied for a trial account and checked it in the background to see if there were any security problems.
Http://www.800app.com/
After a brief look, I found that some SQL injection attacks have been prevented, but they can be bypassed simply ..
Then we can see that we can directly upload any file (only aspx is filtered in the test later )...
The uploaded path is hidden. Although any file can be uploaded, the path is hidden. But do you think that images generally have the preview function? Can I find addresses from them?
So I uploaded an image. The preview address is:
Https://cn838.800app.com/edit/crm_filepreview.aspx? Fileid = xxx & flg = 1
Check the source code. The path appears ..
Okay, upload the asmx horse directly. ashx is probably processed globally.
Directly win webshell
Link to the database to see if Xiaomi is there? Haha ..
I was disappointed to find that I was not there. It was not that simple.
Https://cn838.800app.com/
Https://cn01.800app.com/
In the past, there were differentiated servers. Should I test the servers?
But I thought for a moment, will the database password be the same?
So try
10.0.71.6
Then, query it. Haha .. It's all here ..
It is not important for me to go deeper and drag databases. I'm just curious about cloud security and whether Xiaomi is actually used as advertised .. It's proof, huh, huh ..
Solution:
Understand!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
