Yesterday, I sent it today. Will I tell you I forgot ?, Let's get down to the truth. I can't find the injection point. I usually see whether there is any injection point for such sites, but I still picked up the tool and ran the directory, if you see that 200 is returned for many directories, you can see that:
I flipped through the Directory and found the backup that looks like a management data table. , Open it, decrypt it, and find the background to log on successfully:
The background has the SQL Execution function and the file upload function. It is reasonable to say that it is okay to use shell. Unfortunately, it is still not done. The SQL export shell has no permission. Although no suffix is detected for uploading files, however, this directory cannot be executed, and the directory where the upload path can be modified cannot be captured. It is reasonable to say that shell cannot be obtained in the background, but there is a problem with the column directory, continue to flip it over and find this:
I did not know what it was, nor did I find any google-related information. I couldn't try some common passwords. It seems that it was useless. I finally found something familiar with it:
Default password: 123456. shell is obtained successfully.
Summary:
This server is amazing. The executable permission of the upload path is forbidden, and the mysql user restricts the export. Unfortunately, it is defeated in the column directory.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
