N many problems: 1. there are SQL injection points 2. there are cross-site 3. phpmyadmin can be accessed. 4. no error mechanism. Burst Path 5. finally, we got the root permission for webshell6. actually the same network segment as the Shanda main site 7. too many problems ...... 1. injection point: http://market.sdo.com/snda_market_0.2/detail.php? Id = 2304% 20and % 201 = 2% 20 union % 20 select % ,,2, user % 28% 28% 28%, database % 29, version %, 7, 8, @ basedir, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 24, 25, 26, 27, @ datadir, 29,30 -- 2.PMA: http://market.sdo.com/phpmyadmin/ 1. injection point: 2. server Configuration: 3. explosion mysql user: With this http://market.sdo.com/phpmyadmin/ know what can do 4. explosive path: 5. load_file read source code to find mysql password (plaintext): 6. administrator Explosion (unknown ):
The back-end portal was not found. 7. The cross-site website was sure that magic_quote_gpc was not enabled, and the quotation marks were not filtered and translated. 8. load_file, its daughter-in-law outfile, output a sentence and got webshell 9. It was root.
10. Click it to finish. Fix it and find that it is in the same network segment as the main site.Solution:You are more professional than me. You know.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
