An old system in Qijia, GETSHELL, to the Intranet

Source: Internet
Author: User

An old system in Qijia, GETSHELL, to the Intranet

No highlights

Access:

Http://chajian.jia.com/kaoshi/

I don't know what the system is.

Then open

Http://chajian.jia.com/kaoshi/admin/

Admin-> admin

Fruitless.

Later I looked at Qijia's vulnerability and found that no attempt was made for weak passwords of 123456. Then I tried it.

The logon is successful.

Because at first I didn't know that this system was something of QIBoCMS, and its function was very simple.
 



An injection vulnerability was found in the background and the QIbo CMS was found only after the file was read.

During this period, the upload vulnerability was attempted because it could not be put into single quotes and all would not be able to get WEBSHELL through MYSQL.

Obtain the Database user table information:
 



After you build the same system, you can find that the function file is hidden and not deleted. You can directly call the URL for direct access.

GETSHELL method:

Http://chajian.jia.com/kaoshi/admin/index.php? Lfj = alonepage & job = list

Use assert () when writing Shell, because eval will be replaced with eva l, resulting in failure.
 

Proof of vulnerability:

SHELL address:

Http://chajian.jia.com/kaoshi/cache/xx.php


 


 


 


 

 

Solution:

Security is a whole. to ensure security, it is not how powerful a powerful place is, but where a really weak place is.

Update version and modify Weak Password

MYSQL permissions need to be downgraded

Relatively biased applications should focus on taking care

Go offline if not required
 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.