The Asia Pacific Daily website has the SQL Injection Vulnerability (sensitive information \ can enter the background Getshell)

Source: Internet
Author: User

The Asia Pacific Daily website has the SQL Injection Vulnerability (sensitive information \ can enter the background Getshell)

The Asia Pacific Daily News Agency is sponsored by the Asia Pacific General branch of Xinhua News Agency (Xinhua News Agency Hong Kong Branch) and is headquartered in Hong Kong, China. Its branches are located in South Pacific, South Asia, Southeast Asia, Northeast Asia, Hong Kong, Macao, Taiwan, and mainland China. The Chinese and English versions of the Asia Pacific Daily News Online can instantly spread all kinds of news in the Asia Pacific region, comment on major events in the region and the world, and offer a wide range of content of common interest.

Injection point:

http://**.**.**.**/templates/zt/gobyscv/citydetail.php?cityid=103018


10 databases


The apd_wdata database is a database of the **. ** website.
 


64 Administrator Account Information
 


The test showed that the account zhangyiming can log on to the website management background normally and has high permissions.

Asia Pacific Daily website management background logon Port:


Http: // **. **/index. php

 


The test found that the website background Advertisement Management Module has the Arbitrary File Upload Vulnerability. In the advertisement File Upload area, submit a php script Mu Ma getshell.
 

 


Sensitive database configuration information found in multiple directories on the website
 

 


The gmail mailbox information of O & M personnel searches for keywords and passwords to find that O & M personnel have registered multiple accounts using the gmail mailbox

For example, Netease mailbox Baidu xinnet V2EX community 12306 ticketing network, etc. If you reset these accounts through password retrieval, I believe more interesting things can be found.

 

 


Among the 10 databases, apd_bbs_data is the database of the Asia Pacific Daily Overseas Migration Forum **. **
 


Over 3600 sensitive Forum users

 

Solution:

Filter.


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.