A small guess about the intrusion of the Ministry of Education Website

The Internet said that the Ministry of Education Website was hacked. Report please see: http://www.bkjia.com/News/201203/122623.html

According to the information obtained from the directory, the file is successfully uploaded using a vulnerability, and no other permissions or deeper information is obtained.

The Ministry of Education's website uses sofprogecslive kep. Sofprogecslive has many vulnerabilities.

Last year, a similar problem was raised. I don't know if helen is using this vulnerability, or is it new or similar.

Last year's vulnerability details:

Vulnerability title: Sofpro e-government platform: online interview feature Arbitrary File Upload Vulnerability
Submission time: 2011-11-14 public time: 2011-11-19
Vulnerability Type: Arbitrary Code Execution Hazard Caused by File Upload level: Self-Assessment Rank: 8 vulnerability status: Submitted by a third-party vendor

 

Brief description:

The Sofpro e-government platform's "online interview" function allows you to bypass File Upload verification methods.

Detailed description:

Vulnerability files:
/Sofprogecslive/live/uploadfile. jsp
/Sofprogecsinterview/interview/uploadfile. jsp
In the upload, the file type is verified by client js. Disable js locally and directly upload the jsp script.

 

 

Solution:

We recommend that you add server-side java verification;
Dynamic script execution is prohibited in the file storage directory;
The platform has clear system permissions. Some key background files are prohibited from unauthorized access.

 

I don't know if the website of the Department of Education has deployed a webpage tamper-proofing system or WAF? During a major meeting, there should be a dedicated person on duty...

In March 9, I continued to receive new news. According to the QQ number signed by helen, the website of the Ministry of Education of the People's Republic of China was infiltrated and had nothing to do with me. It was framed by others, the event has been shut down, and Gao suspended!" Suspected planting.

It is said that this gentleman has a bad reputation .. Baidu: hackers installed HELEN to force her to be attacked.

 

 

 

 

 

March 9 message:

CNCERT also received a report around yesterday, saying the website was hacked. However, the website or the tamper-proofing system has been deployed, and Real-Time Authentication cannot access the webpage.

Previously, qiushui and stabbed others to submit information on the Ministry of Education's website being tampered with and the Microsoft Pro E-government platform's file upload vulnerability. CNCERT informed students of the Ministry of Education of the relevant information. According to the verification results last night, the related file upload page has been configured with an ACL.

It is estimated that this event may be caused by a backdoor.

This article is from the blog "Journey collection-Xiaoxia Tang Feifei"