A complete security test on the ICKey component search platform (discovering many security risks) and Solutions

A complete security test on the ICKey component search platform (discovering many security risks) and Solutions

A complete penetration test of ickey. Attackers can obtain the main site shell and affect the Intranet and all database information.

After several tests on white hats, we found that the ickey Security improved a lot.

In this test, each interface of the main station is tested systematically.

After a long period of testing, we found that sensitive url: http://www.ickey.cn/box/www/

Input http://www.ickey.cn/box/www/admin

Found to be the background of OpenX Advertising Management System
 

The default password admin/admin is successfully logged on.
 

For this OpenX advertising management system, you can use the plug-in upload function to getshell.

It may be because of the version, but it is not successful.

Next, let's find another path.

In the http://www.ickey.cn/box/www/admin/account-settings-database.php is the database settings for the System

Use the review element function to view the current Database Password
 

So far, we have an important breakthrough.



In the previous information collection phase, we found that the IP address of the ickey is 210.14.78.200-210.14.78.220.

In addition, most ports 3306 are open to the outside world.
 

Port 210.14.78.211 3306 open port 210.14.78.210 3306 open port 210.14.78.213 3306 open port 210.14.78.212 3306 open port 210.14.78.214 3306 open

Log on to the test with the obtained Database Password. log on to 210.14.78.211 successfully.
 

In the figure, the name of the master site database is circled.

The following describes how to use shell with passion.

The administrator password is stored in td_admin.
 

The verification code at the background Logon of the main station is invisible outside. It is equivalent to a second password.
 

In the login_code section of the database td_admin, the personal verification codes of all administrators are saved.

At this point, the main site background is successfully entered.
 

With rich background functions, shell is successfully won.
 

 

In subsequent tests, port 22 is enabled for most servers.
 

Port 210.14.78.201 22 open port 210.14.78.213 22 open port 210.14.78.210 22 open port 210.14.78.214 22 open port 210.14.78.212 open port 210.14.78.209 22 open port 210.14.78.209 22

Successfully guessed and logged on

210.14.78.211

Root

Zls ****** 7391 [same as the Database Password]

This server is an ickey database server.

All sensitive information is displayed at a glance after root. No longer.

Intranet penetration, not to mention



The following database information obtained during penetration [For proof only]
 

"192.168.1.2","root","zls*******7391""103.31.240.175","root","f70008ada8ca28*****0918a9ed9c0f""192.168.1.4:4040","root","f70008ada8ca28*****0918a9ed9c0f""localhost","root","yunh*****key"

 

All ickey databases.

All member information. Password, personal Receiving address, name, mobile phone number, etc.

Http://www.ickey.cn/log/NewFile.txt
 

 

Solution:

Strictly check weak passwords

The verification code strength of the main site background is too low. We recommend that you replace it with four or six digits.

Disable ports 22 and 3306.