The Kingsoft UED center once again cracked down on chrysanthemum, causing the Administrator to kill

Source: Internet
Author: User

There are several problems:
1) cookie drift, get some management permissions of bbs
When Kingsoft UED users complained that the backend had missed a detail for the first time, they found that many cookies were planted in the .iciba.com domain. What does this mean? Some Cookies may be shared by other Kingsoft terms to achieve cookie drift and obtain permissions for other products! After testing, we found that the problem exists and obtained the moderator permission on bbs.
 
2) SQL injection in the background. The administrator has an md5 nest.
There is a post injection in the background, which can be union, and the following form is constructed to run out all administrator password hash.
 
3) wordpress penetration
Kingsoft ued uses wordpress. Many people think that wordpress is a hard nut to crack, which is actually a little tricky.
Many wordpress vulnerabilities depend on the editor or other non-administrative permissions. You can exploit this vulnerability by trying to guess the password on the wp of multiple users or obtaining a similar permission. If you can guess the admin, that's even better!
In addition, wp also has a penetration tips plug-in. You can organize a list of exploit rounds by yourself, which may surprise you. This makes it hard to ensure the security of wp.
 
Wordpress seems to have an injection vulnerability that few people know about 3.0.1 and earlier versions. However, due to the need for editor permissions, It is a chicken fault. If we don't have editor permissions, we can find it and change it to chicken! This is not the case. A weak password for an editor privilege is disclosed! The vulnerability was also successfully exploited.
Vulnerability proof: 1) cookie drift
 
 
 
 
 
 
 
2) Administrator Password
 
+ ------- + ------------ + ---------------------------------- + --------------- +
| Auths | auths_desc | password | username |
+ ------- + ------------ + ---------------------------------- + --------------- +
| None | 65ce55c3e464028375d2dafba960c1e4 | admin |
| 1 | node management | 1f3870be274f6c49b3e31a0c6728957f | test |
| None | 863a8f53d67237e848a9508a6d151e63 | quheng |
| None | f7967d2d3127d30d313847ba99b8c5ce | wangxiaoran |
| None | f5183ac2bb1c7f8297a9bf44e2bbcf2c | liuwen |
| 1 | node management | e10adc3949ba59abbe56e057f20f883e | zhuxiaoming |
| 1, 2 | node management and user management | f7967d2d31_d30d313847ba99b8c5ce | liuyuanyuan |
| None | 2950446c4588493424e3a900af3df1c4 | ouning |
| None | fa246d0262c3925617b0c72bb20eeb1d | Shen lingqing |
| None | 3b87652ba0916c03c634d5db8558d494 | Chen Qiong |
| None | 38a1af5bbfea2af7329437791b22481c | caimao |
| None | 184ff021f2a07483d4db9b722d6910d7 | hejia |
| None | a7dd37dbb3a2c648d76774d64b10fdae | liuxiaochao |
| None | e10adc3949ba59abbe56e057f20f883e | zhujianfeng |
| None | 04cedecd2dce1e3c9c1392e6f48ccd1d | meiyajuan |
| None | 276b1d8fda-ebc2522e0e63bdf6a36a0 | liyue |
| None | afefa43a91fb535cfd08664526c24b54 | wuna |
| None | d9eac9415e821547a173194ff307573f | huangjin |
| None | b3ef3b83af40990686b5f6920efe94d9 | duanshaozhen |
| None | e10adc3949ba59abbe56e057f20f883e | wangyanfei |
| None | 60b5a35b5f398fa4e56f2f4ec8dacd7e | duanjing |
| None | f7967d2d3127d30d313847ba99b8c5ce | duanjing |
| None | 670b14728ad9902aecba32e22fa4f6bd | duanjing |
| None | 532c28d1_dd75bf975fb951c740a30 | duanguangming |
| None | 40d3d709bcff2b0d2b94bbfec4fe115f | Wen Jing |
| None | e10adc3949ba59abbe56e057f20f883e | diaoweizhuo |
| None | e10adc3949ba59abbe56e057f20f883e | wangweilin |
| None | fcea920f7412b5da7be0cf42b8c93759 | zoufan |
+ ------- + ------------ + ---------------------------------- + --------------- +
 
3) wordpress
 
 




 
Solution:

I can't help you. Let's just think about it. It's so detailed ..

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.