The getshell vulnerability exists due to improper verification by a domain name vendor (information such as + member account and password is leaked)

Source: Internet
Author: User
Tags email account

The getshell vulnerability exists due to improper verification by a domain name vendor (information such as + member account and password is leaked)

Posanaka!
Leakage of a large amount of user information # Control of 18658 domain name resolution # leakage of over Member account and password, filing, payment, personal and other sensitive information # modification of user order, recharge and withdrawal amount # you can sell and resolve others' domain names at will.

After the management review, add a thick mosaic!



Problem domain: http://jinmi8.com

Register an account and upload the ID card to capture packets in the template authentication area.
 



Shell address: http://img.jinmi8.com/jmimg/logopic/T.asp;201612701926742.jpg

Password: xiaojiege
 



The image server and the main site are not the same server! Flip the code to an email account
 

uname="[email protected]"pwd="jmHl862613"atoumail="[email protected]"



It was a surprise to log on to your mailbox!
 



You can also directly transfer the domain name of another user.
 


 



It is also a proxy for various domain name vendors !! I feel something is wrong.

Then I went back to the source code and found another request.
 

loginurl="https://www.dnspod.cn/Auth/Login"logindata="email=linliangemail%40qq.com&password=jmHl862613&remember=1"loginck=winhttp_html(loginurl,logindata,"POST","gb2312","https://www.dnspod.cn",1,"nullcc")



Try to log on

Result: 12369 domain names are directly controlled and 9 hosts are monitored.
 



Domain name resolution and other operations
 



Check the email box and you will find that you have registered an agent or member account in multiple domain name vendors and have bound multiple mailboxes.
 



Reset the Proxy account of Western Digital via email
 

Dear jinmi8! Because you have lost the login password of the user account jinmi8, the system automatically generates a new temporary password for you: yyckegbc (the password is case sensitive) please change your password to your own immediately and keep your account password safe (the temporary password is not displayed in clear text in the email, please change it immediately). Thank you! Tel: 028-86263960



6281 domain names can be directly controlled...
 



Available for sale and resolution
 



It was found that the main site server was also purchased in the western region directly on the server 3389, and then uploaded a sentence on the main site for easy operation.
 



Shell address: http://www.jinmi8.com/bs.asp password: t0133
 



1.8 of database users leak various information
 


 



To verify that the database is real and randomly selected, two accounts are used to log on.

A common account

One is the administrator account



Member with id: 18026

Domain name resolution and other operations
 



Personal Information
 





Administrator Account:

Amount: 111212. I can pay for it and withdraw it.
 


 



All 290 + domain names under the Administrator account
 



Another administrator has more than 900 domain names.
 



All domain names can be resolved and opened at will.
 


 



In addition, you can recharge your account and withdraw the order amount or change the amount of your account.

Administrator amount comparison chart
 



I didn't try to recharge myself or modify the amount involved to avoid trouble.

 




 

 

Solution:

--

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.