Rubik's cube Network photography system
Injection point: www.2cto.com/news. php? Action = detail & id = [SQLi]
The first step is to obtain the Administrator account and password through the injection point. The password is in plain text.
Step 2: Enter/admin. php In the background and try to get webshell
Step 3: Upload a Trojan horse with a sentence of .asp;.jpg
Step 4: The kitchen knife connects to a Trojan
Step 5: further escalate the right and win the server...
--------------------------------------------------------------------------------
It should be that the mysql password for unified website construction is plain text .... it is estimated that the password is either empty or the plaintext getshell has time to check whether there are other vulnerabilities including cgi filtering. This is disgusting.
In fact, cgi, you know, like this http://www.bkjia.com/data/attachment/1.php1_1.jpg
Not necessarily valid
FastCGI Error
The FastCGI Handler was unable to process the request.
Error Details:
Cocould not find entry for "jpg" on site 236134254 in [Types] section.
Error Number: 1413 (0x80070585 ).
Error Description: required TD § too many errors y too many
HTTP Error 500-Server Error.
Internet Information Services (IIS)
Www.2cto.com provides the repair solution:
Filter parameters on the news. php page. Fixed the iis6 resolution vulnerability.