中华保险分公司root权限注入直接写马泄漏大量用户信息可GetShell
root权限注入直接写马
啦啦啦啦啦啦啦
POST /index.php?g=Portal&m=home&a=lpcx HTTP/1.1 Host: 112.74.74.80:8084 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: https://112.74.74.80:8084/index.php?g=Portal&m=home&a=lpcx Cookie: V0jdX3_think_language=zh-CN; PHPSESSID=dp9rkcbjci0coqqop8tsqe3g47; thinkphp_show_page_trace=0|0 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 93 username=%E5%90%B4%E6%96%B0%E7%AB%A5&sfz=230227197903020084&stime=2016-01-02&etime=2016-01-04
得到root密码,扫描端口登陆phpmyadmin
发现大量数据
可GetShell
解决方案:
该补的都补吧!
—-想了解更多的企业安全相关处理怎么解决关注<计算机技术网(www.ctvol.com)!!>
本文来自网络收集,不代表计算机技术网立场,如涉及侵权请联系管理员删除。
ctvol管理联系方式QQ:251552304
本文章地址:https://www.ctvol.com/webstt/esecurity/99762.html