Due to a product vulnerability in Iot era, Getshell needs to carefully check the source code (discover webshells)

Due to a product vulnerability in Iot era, Getshell needs to carefully check the source code (discover webshells)

Found the predecessor shell.

Source git information leakage:

http://vip.now.net.cn/.git

Download the source code found that there is a trojan: http://vip.now.net.cn/api/svn_host.php password: angel

The other two sites:

http://webmail.now.net.cn/api/svn_host.phphttp://webmail.now.cn/api/svn_host.php

Then scan the burp:
 

 

http://mx600.now.net.cn/api/svn_host.phphttp://mx601.now.net.cn/api/svn_host.phphttp://mx602.now.net.cn/api/svn_host.phphttp://mx603.now.net.cn/api/svn_host.phphttp://mx604.now.net.cn/api/svn_host.phphttp://mx605.now.net.cn/api/svn_host.phphttp://mx606.now.net.cn/api/svn_host.phphttp://mx621.now.net.cn/api/svn_host.phphttp://mx622.now.net.cn/api/svn_host.phphttp://mx623.now.net.cn/api/svn_host.phphttp://mx626.now.net.cn/api/svn_host.phphttp://mx629.now.net.cn/api/svn_host.php

Multiple servers are implanted with backdoors.

 

 

 

Solution:

From the time stamp of the backup source code, the shell has been in existence for a long time (at least 2 years ). Check the source code carefully.