The Asia Pacific Daily website has the SQL Injection Vulnerability (sensitive information \ can enter the background Getshell)
The Asia Pacific Daily News Agency is sponsored by the Asia Pacific General branch of Xinhua News Agency (Xinhua News Agency Hong Kong Branch) and is headquartered in Hong Kong, China. Its branches are located in South Pacific, South Asia, Southeast Asia, Northeast Asia, Hong Kong, Macao, Taiwan, and mainland China. The Chinese and English versions of the Asia Pacific Daily News Online can instantly spread all kinds of news in the Asia Pacific region, comment on major events in the region and the world, and offer a wide range of content of common interest.
Injection point:
http://**.**.**.**/templates/zt/gobyscv/citydetail.php?cityid=103018
10 databases
The apd_wdata database is a database of the **. ** website.
64 Administrator Account Information
The test showed that the account zhangyiming can log on to the website management background normally and has high permissions.
Asia Pacific Daily website management background logon Port:
Http: // **. **/index. php
The test found that the website background Advertisement Management Module has the Arbitrary File Upload Vulnerability. In the advertisement File Upload area, submit a php script Mu Ma getshell.
Sensitive database configuration information found in multiple directories on the website
The gmail mailbox information of O & M personnel searches for keywords and passwords to find that O & M personnel have registered multiple accounts using the gmail mailbox
For example, Netease mailbox Baidu xinnet V2EX community 12306 ticketing network, etc. If you reset these accounts through password retrieval, I believe more interesting things can be found.
Among the 10 databases, apd_bbs_data is the database of the Asia Pacific Daily Overseas Migration Forum **. **
Over 3600 sensitive Forum users
Solution:
Filter.