A password management database may be leaked due to improper configuration of sogou.

A password management database may be leaked due to improper configuration of sogou.

A password management database may be leaked due to improper configuration of sogou.

Phpmyadmin has a setup. If the configuration is incorrect, you can directly view the database account and password. Refer to my steps:

Http://sbs.m.sogou.com/phpmyadmin/setup/index.php
 

 

 

The database address and account password are obtained as follows:

Address main. tcm. rds. sogou user name pfms password pfms12345678

Use the Account Login look, http://sbs.m.sogou.com/phpmyadmin/index.php
 

This account has low permissions, so it won't be ugly to getshell. It also comes with a few small vulnerabilities.

Http://sbs.m.sogou.com/index.php/site/login wireless Side-by-side System

Username guest password 123456



Http://sbs.m.sogou.com/f/ Directory Traversal

Several sensitive files with database connection information are found, as shown below:

Http://sbs.m.sogou.com/f/code/main.py
 

db = MySQLdb.connect("search04.mysql.db.sogou-op.org", "vrfront", "sbsSafety", "VR_SBS", charset='utf8')#db = MySQLdb.connect("localhost", "root", "", "VR_SBS2", charset='utf8')

Http://sbs.m.sogou.com/f/code/iptest.py
 

db = MySQLdb.connect("search04.mysql.db.sogou-op.org", "frontoms", "frontoms", "sogou_oms", charset='utf8')#db = MySQLdb.connect("localhost", "root", "", "VR_SBS2", charset='utf8')

Http://sbs.m.sogou.com/f/newcode/db.py
 

HOST = "search04.mysql.db.sogou-op.org"USERNAME = "vrfront"PASSWORD = "sbsSafety"DATABASE = "VR_SBS"CHARSET = "utf8"# HOST = "10.11.195.224"# USERNAME = "root"# PASSWORD = ""# DATABASE = "sbs"# CHARSET = "utf8"

 

Solution:

1. Delete setup

2. directory traversal: Environment configuration and permissions.