Grand 180-day penetration documentary Chapter 2. gold miners (leakage of source code and sensitive database information due to a vulnerability)

Source: Internet
Author: User

Said back on: Shanda mall found a small vulnerability: http://www.bkjia.com/Article/201303/198619.html. Tips: · due to a long period of time, some vulnerabilities may have been changed or fixed, so in some scenarios, you can only restore the event environment in the past. · This penetration may involve some data, but it has never been removed from the database and declined to cross-provincial o (I believe Shanda is not such a vendor ~) Detailed Description: after passing the grand mall test, there seems to be no clue... The IP segment is also scanned, and common vulnerabilities are also found. Is it in a dead end ..? One day on the cloud game wooyun platform, see the Grand manufacturer. Wondering if there is anything missing ..? Or you can find some information from the vulnerability history ..? As a result, you can review the Shanda network and Shanda online vulnerability history .. At this time, a place attracted me. In the x0ers friends: Shanda Network Substation source code leakage caused by sensitive information leakage, found an address. From the picture, it looks like a Game Information Server. After opening it, we found it was a grand billing business management system. Let's take a look. It's a demonstration page. There are some links, one of which is the link to download the demo package. The following file is found during the download process: download. jsp has caught attention. Open the source file and check it. Intuition tells me that this program has a vulnerability, at least at the download level. But I have never learned java, so I threw it into wvs. Wvs scan results confirm this guess. As a result, various traversal operations are in progress .... Ten minutes later, I found the source code package for the station and downloaded it.



The database connection information is found. (Oracle Database) because the Oracle database has no instances connected to the network and the address is in the Intranet, the = but the database password of the billing business management system is exposed, it seems that I am also paying attention to it...
Solution:

· Modify the Database Password in this example · Delete the unicode folder under support.billing.snda.com

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.