Rubik's cube Network photography system injection vulnerability and exploitation and repair

Source: Internet
Author: User

 

Rubik's cube Network photography system

 

Injection point: www.2cto.com/news. php? Action = detail & id = [SQLi]

 

The first step is to obtain the Administrator account and password through the injection point. The password is in plain text.

 




Step 2: Enter/admin. php In the background and try to get webshell

 

 

Step 3: Upload a Trojan horse with a sentence of .asp;.jpg

 

Step 4: The kitchen knife connects to a Trojan

 

Step 5: further escalate the right and win the server...

 

 

--------------------------------------------------------------------------------

It should be that the mysql password for unified website construction is plain text .... it is estimated that the password is either empty or the plaintext getshell has time to check whether there are other vulnerabilities including cgi filtering. This is disgusting.

 

In fact, cgi, you know, like this http://www.bkjia.com/data/attachment/1.php1_1.jpg

Not necessarily valid

FastCGI Error

 

The FastCGI Handler was unable to process the request.

Error Details:

 

Cocould not find entry for "jpg" on site 236134254 in [Types] section.

Error Number: 1413 (0x80070585 ).

Error Description: required TD § too many errors y too many

HTTP Error 500-Server Error.

Internet Information Services (IIS)

Www.2cto.com provides the repair solution:

Filter parameters on the news. php page. Fixed the iis6 resolution vulnerability.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.