The TCL vulnerability package can successfully enter the Intranet.

The TCL vulnerability package can successfully enter the Intranet.

#1. Injection

 

Http://battery.tcl.com/read_news.php? Http://lighting.tcl.com/cn/about.aspx? Id = 69 http://ehr.tcl.com/ehr POST injection http://magazine.tcl.com/manager/login.aspx POST injection http://oa.king.tcl.com/management/Regeist/Region.aspx POST injection

 

 

 

 

If the rest of the documents have been submitted, they will not be mentioned.

#2. iis write permission

Http://jck.tcl.com/
 

 

 

10.0.0.50 admin admin123

#3. Enter the Intranet
 

 

 

 

 

 

 

 

 

Financial Accounts
 

 

 

Add the following username to SQL Server: mrpii_user password: s0meth9ng (second digit: Zero, seventh digit: Number 9)

 

 

 

10.0.0.71 rainbow$ byrainbow10.0.0.7 rainbow$ byrainbow10.0.0.50 admin admin12310.0.0.65 rainbow$ byrainbow administrator tclgroup100#10.0.0.71 hash:Administrator:500:C42AB4FDD2E5209873946B1E7B905DD7:75B6FE7933203A61E9411B65BB699540:::Guest:501:NO PASSWORD*********************:NO PASSWORD*********************:::SUPPORT_388945a0:1001:NO PASSWORD*********************:E01C66FBAD728559C0B7D2E8A2748DDC:::IUSR_TCL-HQWEBAPP:1003:75ED74016B24CE3B0D672C5B9753E5FD:915F3C84BF7DEAC005BA89C7BE26F4BC:::IWAM_TCL-HQWEBAPP:1004:558D4251AB2847BE2903B96741F01C95:CEEEE45E12B17A7CAEE2C607BC04907F:::ASPNET:1007:82C09D009D6309CF14C1D8C7226E090D:20AC2CF35AFB2AA03935E74252D53CA4::10.0.0.50 hash:admin:500:AC804745EE68EBEA1AA818381E4E281B:3008C87294511142799DCA1191E69A0F:::Guest:501:NO PASSWORD*********************:NO PASSWORD*********************:::SUPPORT_388945a0:1001:NO PASSWORD*********************:F39A4F428731EE8A18C64B497EB8750B:::IUSR_TCLSERVER:1003:10705772B4D5E9EF199BD5A21B374EA0:C31009FAA50B3337C76B861182A8BC48:::IWAM_TCLSERVER:1004:C8886D6FD1415516E93046121C6BA266:FF849EB0D6958930D8AEFEB6AB6AA9EF:::ASPNET:1006:98DBF730AC25D742142032B99129F178:84ED04D9271C7126DC82140CA518D019:::netadmin:1017:1410B4B87965F7AB1D71060D896B7A46:3089B72DD05CC1070BC7385B16A48A19:::10.0.0.7 hash:Administrator:500:E663B236496F5F70AAD3B435B51404EE:D396761730E964E7C5A1A7332969BB4E:::Guest:501:NO PASSWORD*********************:NO PASSWORD*********************:::SUPPORT_388945a0:1001:NO PASSWORD*********************:F5727899A90D988E4CFCA9FE8CE1824E:::ASPNET:1006:455BEBC5ABFB5EBBB3C620E095A0553F:73E97B16BA9B531F3514FEEB4D11B61C:::10.0.0.65 hash:cwadmin:500:F29DF31EC20786E6E0DC13374F13212C:237422F9A6BA3C21DEC6A059A5929809:::Guest-kd:501:NO PASSWORD*********************:NO PASSWORD*********************:::SUPPORT_388945a0:1001:NO PASSWORD*********************:2F6729C6FA829BFFD2B2CD4946262724:::jl:1003:EB82BF920660E3EB76236DE4B033B02F:A45146DD7B44D5EAF7F81E1282DC42EF:::SQLDebugger:1004:NO PASSWORD*********************:9236B5F718DE0B6D3D70AF237662510E:::qv:1005:0F03044B42851184AAD3B435B51404EE:ADB4A292D127F8D787943155D235E35C:::IUSR_TCLCWYJ:1006:CACA693A162D1DF5BB5F9FAEEEF48269:BFC96FA6CB3EAA4BD25CF61D0FB31332:::IWAM_TCLCWYJ:1007:543B7DC4F6A8F424D2B06FF25FD0BC1C:A08990D20F04DEEECFF7BDCAE2B86EF2:::IQVS_TCLCWYJ:1009:NO PASSWORD*********************:05EEA5482710D16E8BA445C9BE40DF7A:::clg:1011:B333CEFDB5DDC4C9AAD3B435B51404EE:1295FEC6245F5A646F6A0EC2042C902F:::qv2:1012:D28CE024A35D524BAAD3B435B51404EE:3DEE165BFBA1D7FBFF80E412D5A570B7:::ASPNET:1013:821A48BC293D2BED49467691C74538A0:7F6A09CF1F4BD4EBFF5C0EE884804ACF:::yaobin:1014:F171EAC38D498E1DD619446AD90C226D:E01CE226330A89424891F4B16CBB081E:::synUser:1016:ACE79C1349CE71D991E643486F98795F:D1A670F93253316FDD232CEA7E317997:::kingdee:1017:141D0CB7FDE2A2281B00588A6A3BF94C:70A5A2CCFA01FF90F9E01C35726F8774:::admin:1018:AC804745EE68EBEAA8EED815A197BD87:8F909FDB472D0B85CDDB3E36669A9B07:::

The last figure is shown below:
 

 

Solution:

PS: Don't go deep, just like this.