Two days ago a group of friends, in the group said he used the TP framework to write a voting system, and in the group said who can pojie his voting system willing to pay 50 yuan pay
Is digging XSS, in fact, would like to wait for her to issue a domain name, directly engage his server, the result he said there is a bug has not changed ... Do not deploy to server first
Waited for him for half an hour. This guy finally released the domain name. He used to map the peanut shells to the outer network directly in the local environment.
So phpmyadmin weak password into his database, and then execute SQL command @ @basedir get the path is e:/wamp/bin/mysql. A look is wampserver integrated LANMP environment, directly using SQL to write a word trojan to his www directory, and then use the kitchen knife link ~ ~
The kitchen knife link after his computer completely exposed ... See a Diploma in the folder to go in and download a card to send to the group.
phpMyAdmin The most commonly used, and sqlbuddy1.3.3 and webgrind1.0. He did not delete, Webgrind has a vulnerability to read arbitrary files
with a link to his computer yesterday, using the
eventually finds the latest database password in the config.php file under an item
They were chatting in the crowd. I live with another group of friends on the invasion process.
Wampserver penetration of personal computers
