TIPS: get a database of a Baidu Forum (millions of users)

TIPS: get a database of a Baidu Forum (millions of users)

TIPS: get a database of a Baidu Forum

Http://bbs. OS .baidu.com/forum.php

Baidu cloud OS Forum

Http://bbs. OS .baidu.com/uc_server/ ucserver has set access restrictions

However, based on the uc features, we can remotely call the api to obtain the uc configuration.

Based on normal people's thinking, since there are restrictions on the background, it is very likely that hackers will be lazy in password protection.

So we guess the weak password to call the api to obtain the specific configuration.

Sure enough, the Founder's password is 123.

First, download a dz forum.

In step 2, select the second one and enter the address of the baidu forum and the weak password 123.
 

Click Next. If the password is correct, the database settings page is displayed.



Now go to the local machine to view conf/config_ucenter.php

<?phpdefine('UC_CONNECT', '');define('UC_DBHOST', 'svrid4cct4nd1id.mysql.duapp.com:10103');define('UC_DBUSER', 'bae');define('UC_DBPW', 'VIxXAqfbIDI4pSst6XBhnirlljGxUC9u');define('UC_DBNAME', 'svrid4cct4nd1id');define('UC_DBCHARSET', 'utf8');define('UC_DBTABLEPRE', '`svrid4cct4nd1id`.dz_ucenter_');define('UC_DBCONNECT', 0);define('UC_CHARSET', 'utf-8');define('UC_KEY', 'a605V7e4c8WageS8edr8w4F88cRdc0Y1f2deP4U7Oce6Rb26acmfJ3X7z3Z8xec4');define('UC_API', 'http://bbs.os.baidu.com/uc_server');define('UC_APPID', '4');define('UC_IP', '119.75.219.53');define('UC_PPP', 20);?>

OK Database User Password is available, and it is just in bae. In theory, all the information on the bae can be linked from the Intranet.

Apply for a bae, upload a sentence, and connect it with a kitchen knife.
 

Connection successful.


 

 

Solution:

Filter