Drag pants: dragged out from the library! Hey finger off through various social means, technical means to illegally obtain sensitive information in the database; gradually into public view in around 2010, originating in 2011, media reported that a number of Internet sites the user database is publicly available on the website, follow-up It was made into a social library to publicly available personal information. Therefore be used to refer to the website was after, ** steal its database.
- drag pants steps:
(1) find and exploit vulnerabilities
dragging pants were scanning the target site, find its loopholes. Common vulnerabilities include sql injection, file upload vulnerability, the file containing the command is executed, the source code leak, cross-site trailer pants.
(2) obtain permission webshell and server
through a number of loopholes (1) referred to the use of technology acquisition webshell (website back door) on the site server, by providing the right webshell rights to the server.
(3) backup and download the database
using the system privileges direct link to the database, export to local backup, compression, and download the database.
(4) In special cases, you can get directly or through database download vulnerability point
, in some cases, lack of access webshell and server permissions, you can also get some data (--dump or --dump- database directly through software tools such as sqlmap -all)
If the target database server outside opened the port, and allows remote link via accounts and passwords, you can also export the database to the local database client such as through the program directly.
- drag pants harm
(1) account directly involved in games and other virtual property cash, the account will be the sale of game equipment, a transfer transaction.
(2) the identity of the account number and geographical information classification, company will sell this information to precision marketing, for example, selling properties, stocks, loans. Harassing phone calls.
(Three) the use of social workers dragging pants. Some specific target fraud, by collecting information, precise positioning, fraud.
(4) the use of other techniques. Such as gathering identity information and pictures ai automatic identification training, the registered user data into the user site "user" library, the site of the cost of living more than 5000w, cheat venture investment company.
Hit library: that by collecting Internet has leaked information, especially a registered user and password information, generate the corresponding dictionary table, attempt to bulk verification to automatically log on to other sites, you can get a series of live account login.