Www.2cto.com: to prevent damages, the website has been replaced by www.2cto.com.
The day before yesterday, I had no intention of entering the linux security net when I was searching for something on the internet. I had the urge to intrude into the linux security net when I was idle. In fact, most people felt that these sites were difficult to intrude into, especially when the webmaster was a great guy.
Even the Red Bull in our tears said that, in fact, as long as you have patience, I will try it!
OK. Let's take a look at the website program!
To put a few more words, we need to first collect some information when penetrating a website, such as the server type, website program, and website background... I can search in the search box on the right.
Http://2cto.com/plus/search.php? Kwtype = 0 & searchtype = titlekeyword & q = test. I can see the URL. It's dededecms.
The dedecms and phpcms programs are similar to the ones built on the website. They all generate html. If it is difficult to distinguish between the two, you can simply submit characters for search.
Then look at the URL, such as this URL
Http://v9.demo.phpcms.cn/index.php? M = search & c = index & a = init & typeid = 53 & siteid = 1 & q = test is the feature of phpcms.
Know the website program and go online to 0-day. Isn't the injection of 0-day in the dream explosion recently!
On EXP burst chrysanthemum: http://2cto.com/plus/search.php? Keyword = as & typeArr [111% 3D @ % 60 \ '% 60) + UnIon + seleCt +, 18, 19, 20, 21, 24, 25, 26, pwd, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37,
60%, 39, 60%, 42 + from + % 23 @__ admin % 23 @ % 60 \ '% 60 +] =
Then we were excited to run with MD5, and all three managed passwords ran out! Finally, I went to the backend and found a few awesome friends who didn't even run out of the backend. I was depressed.
Then you can check the website on the server.
There are only three stations on this http://cnc.2cto.com/no day under only find a phpinfo but also get some information...
At first, I thought the server was built with a one-click environment installation package. I couldn't open the access to 2cto.com: 8080. Finally, I went to bed when I got stuck at half past three AM!
Day 2
I got up early in the morning and went on to check my friends who had not scanned the background. Then I checked the servers and found that there were several more servers on the server.
I found that 2cto.com and www.2cto.com are not on the same server!
Then I open this station http://www.luyouqi.net/the same is dedecms I broke the account password to access the http://www.luyouqi.net/dede
Go to the background and upload the Trojan!
Surprisingly, it can be read and written across directories. What about linux .????
I found the background directory in shell and logged on to 2cto.com with the account and password!
As a result, I am very happy to see that there is no malicious intrusion. I hope the Webmaster will forgive me!
Security suggestions:
1. Pay attention to program upgrades and patches. 2. Set high-strength passwords. Even if MD5 is disclosed, it may not be solved. 3. Destroy search. php 4. Set directory permissions.
5. Change the remote login port (I tried to log on to SSH with the website management password, but the password couldn't be killed, huh, huh !)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
