Error in the interface design of the House pushing artifact, remote login to tens of thousands of sellers, information exposure/tens of millions of rental information, outbound merchant account information
Don't worry. Let's take a look at their tutorials.
Http://jingyan.baidu.com/article/77b8dc7fedaa0f6175eab674.html
I don't know how much wb will wooyun give me. I guess there are ten?
Http: // 222.76.211.92: 8090/linxuan_API.svc? Wsdl
This interface can execute any SQL statement
Because it is SQL server, then I add the Administrator
Log on to the operating system of the backend database:
222.76.211.90
After logging in, I found that the newly added user permissions were restricted. I took out the mimikatz artifact and obtained the Administrator's password.
Start the local SQL server
Tens of millions of rental information is here
First view quantity:
Quality
Find the user table:
Log on to one of the following directories:
Log onto the market
Log onto: soufangbang
The following websites can be easily logged on:
365 taofang
515 real estate network
58. Same city
596 Properties
917 Properties
Anjuke
People Network
Beihai 365
City real estate network
Dibao Network
First time
Fangmi Network
Fengxian Network
Fufang
Ganji
Guilin life Network
Jinan real estate network
Jiading real estate network
Jiangmen House Network
Lanfang
Leju Network
Associated Network
Quanzhou real estate network
Soufun
Thai boring
Taizhou Real Estate Information Network
Wenzhou Real Estate Network
Wuyi real estate network
Ainemo
Pig network
Sina second-hand house
Xinghua Real Estate Information Network
Yickoff
Chinacloud.com
Solution:
Design password on the query interface
Database permission reduction