A weak password in haidilao background causes Getshell to involve full-site user data with a password.

A weak password in haidilao background causes Getshell to involve full-site user data with a password.

A weak password in haidilao background causes Getshell to involve full-site user data with a password.

Haidilao forum administrator Weak Password
 

http://bbs.haidilao.com/portal.php?mod=list&catid=1user:adminpass:123456

This forum should be an internal knowledge education forum. Some intranet information is leaked.
 

Shell
 

 

http://bbs.haidilao.com/data/dzapp_haodai_config.php

System permission ~
 

Then all kinds of lcx htran files cannot be connected.

So I matched the user registered at @ haidilao.com in the Forum database to try my luck ~
 

I tried to log on to the vpn and mailbox, but I did not try the password. It's a bit expensive: P

Fortunately, I found several other weak passwords.
 

http://cater.haidilao.com/Cater/telephoneLogin/gotoTelLoginPage.actionuser:wangzh&pass:123456http://cx.haidilao.comuserAccount=yangxl&userPassword=123456userAccount=qil&userPassword=123456

 

 

 

Solution:

:)