A complete security test on the ICKey component search platform (discovering many security risks) and Solutions

Source: Internet
Author: User

A complete security test on the ICKey component search platform (discovering many security risks) and Solutions

A complete penetration test of ickey. Attackers can obtain the main site shell and affect the Intranet and all database information.

After several tests on white hats, we found that the ickey Security improved a lot.

In this test, each interface of the main station is tested systematically.

After a long period of testing, we found that sensitive url: http://www.ickey.cn/box/www/

Input http://www.ickey.cn/box/www/admin

Found to be the background of OpenX Advertising Management System
 



The default password admin/admin is successfully logged on.
 



For this OpenX advertising management system, you can use the plug-in upload function to getshell.

It may be because of the version, but it is not successful.

Next, let's find another path.

In the http://www.ickey.cn/box/www/admin/account-settings-database.php is the database settings for the System

Use the review element function to view the current Database Password
 



So far, we have an important breakthrough.



In the previous information collection phase, we found that the IP address of the ickey is 210.14.78.200-210.14.78.220.

In addition, most ports 3306 are open to the outside world.
 

Port 210.14.78.211 3306 open port 210.14.78.210 3306 open port 210.14.78.213 3306 open port 210.14.78.212 3306 open port 210.14.78.214 3306 open



Log on to the test with the obtained Database Password. log on to 210.14.78.211 successfully.
 



In the figure, the name of the master site database is circled.

The following describes how to use shell with passion.

The administrator password is stored in td_admin.
 



The verification code at the background Logon of the main station is invisible outside. It is equivalent to a second password.
 



In the login_code section of the database td_admin, the personal verification codes of all administrators are saved.

At this point, the main site background is successfully entered.
 



With rich background functions, shell is successfully won.
 




 

In subsequent tests, port 22 is enabled for most servers.
 

Port 210.14.78.201 22 open port 210.14.78.213 22 open port 210.14.78.210 22 open port 210.14.78.214 22 open port 210.14.78.212 open port 210.14.78.209 22 open port 210.14.78.209 22



Successfully guessed and logged on

210.14.78.211

Root

Zls ****** 7391 [same as the Database Password]

This server is an ickey database server.

All sensitive information is displayed at a glance after root. No longer.

Intranet penetration, not to mention



The following database information obtained during penetration [For proof only]
 

"192.168.1.2","root","zls*******7391""103.31.240.175","root","f70008ada8ca28*****0918a9ed9c0f""192.168.1.4:4040","root","f70008ada8ca28*****0918a9ed9c0f""localhost","root","yunh*****key"


 



All ickey databases.

All member information. Password, personal Receiving address, name, mobile phone number, etc.

Http://www.ickey.cn/log/NewFile.txt
 


 

Solution:

Strictly check weak passwords

The verification code strength of the main site background is too low. We recommend that you replace it with four or six digits.

Disable ports 22 and 3306.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.