Use apmserv to build a site and use the default configuration to win server Permissions

Use apmserv to build a site and use the default configuration to win server Permissions

The default configuration of apmserv is incorrect. If it is light, the directory content is exposed and the database is viewed. If it is heavy, the upload shell directly obtains the server 3389 permission and Baidu searches for "Index of Apache/2.2.9 (APMServ) mod_ssl/2.2.9 OpenSSL/0.9.8h PHP/5.2.6"

Many websites can be found, but not all webmasters are too stupid to directly use the mysql root Password...

I can find a lot in one day. Use this site to describe:

Http://shop.np5.com/

By default, apmserv lists directories. If there is no index file, for example:

Followed by phpmyadmin

Http://shop.np5.com/phpmyadmin/

 

 

With a blank password, you can log on directly to all databases at a glance. The next thing is to get the server permissions.



Upload the shell first. You need to know the installation directory of apmserv. This depends on the character. If the Administrator has not changed anything, the default configuration is used. That's easy,

Ping shop.np5.com

PING shop.np5.com (58.64.163.118): 56 data bytes

Ip Address: 58.64.163.118 open:

 

 

Then execute SQL in phpmyadmin to generate a sentence




 

After the execution is complete, 1234.php is generated.

 

What should I do later.

 

Http://shop.np5.com/phpmyadmin

Log on directly

Solution:

Solution: The administrator needs to learn more about the solution.