An upload vulnerability exists in a travel website sub-site and the server has been taken down

Others 2021-01-12 14:18:04 views: null

Article Directory

Preface

Suddenly I found that this article was only published on my personal blog , and I forgot to publish it on CSDN. I hereby add it.

Last article: A travel website sql injection led to the disclosure of information of more than 20,000 people . The sql injection point has been found and the database has been found, but the shell is still not available. After exploration, I found the upload point on a sub-station.

Uploaded successfully and got the server

but! ! !

I uploaded a Trojan to the server because I was inexperienced, but the Trojan was deleted the next day, and the Trojan upload page was also forbidden to access, so it was confiscated.

download

Keke, for the reason of learning, I wrote this article (a high risk just slipped away, crying.jpg)

Vulnerability description

Sub-site http://cs.xxxxxx.cn One customer service management system can register customer service users at will, the chat page can upload shells, and the server has been taken.

Vulnerability details

The registration page is found in the source code of the http://cs.xxxxx.cn page, and if the registered user 1 successfully registers, he will give a dedicated chat link http://cs.xxxxx.cn/index.php/Index/admin?kf =149806532

The open link is a chat page, there is no option to upload files, but pictures can be uploaded

Upload pictures on the chat interface, change the image/jpeg to php, base64 encoding the one sentence Trojan successfully uploaded

img

Connect shell successfully connected

4

1

Download and modify files at will, and execute mysql commands

Write at the end

If you happen to read this article, it is recommended that if you upload the Trojan and then test it, you can immediately delete the Trojan and clean up all traces (asked by a group of big guys).

After cleaning up the traces, it is not so easy for them to find Trojan horses, and the patching audit is really not generally slow (two weeks). After they receive your vulnerability, they will test it again. If the test fails, the audit will not pass. , So it is better to hide the Trojan horse for insurance.

Fortunately, an arbitrary user login vulnerability was included, and it was at risk.

Clean up the traces, the lesson of blood! ! !

Guess you like

Origin blog.csdn.net/zss192/article/details/109085435
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com