The Kingsoft UED center once again cracked down on chrysanthemum, causing the Administrator to kill

There are several problems:
1) cookie drift, get some management permissions of bbs
When Kingsoft UED users complained that the backend had missed a detail for the first time, they found that many cookies were planted in the .iciba.com domain. What does this mean? Some Cookies may be shared by other Kingsoft terms to achieve cookie drift and obtain permissions for other products! After testing, we found that the problem exists and obtained the moderator permission on bbs.
 
2) SQL injection in the background. The administrator has an md5 nest.
There is a post injection in the background, which can be union, and the following form is constructed to run out all administrator password hash.
 
3) wordpress penetration
Kingsoft ued uses wordpress. Many people think that wordpress is a hard nut to crack, which is actually a little tricky.
Many wordpress vulnerabilities depend on the editor or other non-administrative permissions. You can exploit this vulnerability by trying to guess the password on the wp of multiple users or obtaining a similar permission. If you can guess the admin, that's even better!
In addition, wp also has a penetration tips plug-in. You can organize a list of exploit rounds by yourself, which may surprise you. This makes it hard to ensure the security of wp.
 
Wordpress seems to have an injection vulnerability that few people know about 3.0.1 and earlier versions. However, due to the need for editor permissions, It is a chicken fault. If we don't have editor permissions, we can find it and change it to chicken! This is not the case. A weak password for an editor privilege is disclosed! The vulnerability was also successfully exploited.
Vulnerability proof: 1) cookie drift
 
 
 
 
 
 
 
2) Administrator Password
 
+ ------- + ------------ + ---------------------------------- + --------------- +
| Auths | auths_desc | password | username |
+ ------- + ------------ + ---------------------------------- + --------------- +
| None | 65ce55c3e464028375d2dafba960c1e4 | admin |
| 1 | node management | 1f3870be274f6c49b3e31a0c6728957f | test |
| None | 863a8f53d67237e848a9508a6d151e63 | quheng |
| None | f7967d2d3127d30d313847ba99b8c5ce | wangxiaoran |
| None | f5183ac2bb1c7f8297a9bf44e2bbcf2c | liuwen |
| 1 | node management | e10adc3949ba59abbe56e057f20f883e | zhuxiaoming |
| 1, 2 | node management and user management | f7967d2d31_d30d313847ba99b8c5ce | liuyuanyuan |
| None | 2950446c4588493424e3a900af3df1c4 | ouning |
| None | fa246d0262c3925617b0c72bb20eeb1d | Shen lingqing |
| None | 3b87652ba0916c03c634d5db8558d494 | Chen Qiong |
| None | 38a1af5bbfea2af7329437791b22481c | caimao |
| None | 184ff021f2a07483d4db9b722d6910d7 | hejia |
| None | a7dd37dbb3a2c648d76774d64b10fdae | liuxiaochao |
| None | e10adc3949ba59abbe56e057f20f883e | zhujianfeng |
| None | 04cedecd2dce1e3c9c1392e6f48ccd1d | meiyajuan |
| None | 276b1d8fda-ebc2522e0e63bdf6a36a0 | liyue |
| None | afefa43a91fb535cfd08664526c24b54 | wuna |
| None | d9eac9415e821547a173194ff307573f | huangjin |
| None | b3ef3b83af40990686b5f6920efe94d9 | duanshaozhen |
| None | e10adc3949ba59abbe56e057f20f883e | wangyanfei |
| None | 60b5a35b5f398fa4e56f2f4ec8dacd7e | duanjing |
| None | f7967d2d3127d30d313847ba99b8c5ce | duanjing |
| None | 670b14728ad9902aecba32e22fa4f6bd | duanjing |
| None | 532c28d1_dd75bf975fb951c740a30 | duanguangming |
| None | 40d3d709bcff2b0d2b94bbfec4fe115f | Wen Jing |
| None | e10adc3949ba59abbe56e057f20f883e | diaoweizhuo |
| None | e10adc3949ba59abbe56e057f20f883e | wangweilin |
| None | fcea920f7412b5da7be0cf42b8c93759 | zoufan |
+ ------- + ------------ + ---------------------------------- + --------------- +
 
3) wordpress
 
 




 
Solution:

I can't help you. Let's just think about it. It's so detailed ..