Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:6220066520
HistoryJan 20, 2006 - 12:00 a.m.

xinnet. com China new network Web Mail system has a serious vulnerability-a vulnerability warning-the black bar safety net

2006-01-2000:00:00
佚名
www.myhack58.com
19
JSON

Long time no Post garbage come up, this also is not prepared to contribute, to the octal friend. First good luck to all octal friends a Happy New Year. Everyone knows China’s famous New cafe, new network virtual host in a stable and secure known. Business users very much, I also bought a new network virtual host work with and some of the small garbage. Recently I once landed in China a new Web Mmail system found that the company’s products there is a serious vulnerability. You can get a webshell, Oh. The following figure is a new network Web Mail login interface.
See Figure a

!
With the new web mail people are familiar with. log in there find a file Manager, this is something I want to be a network U disk function is PHP written. See here you should think not is upload vulnerability right, cut!·¥# Upload vulnerability I will not continue to write. You honest while looking down. The following figure is the file management interface.
See Figure II

!
I create a new ZiHuan folder, then go into this folder, right click—Properties, the content is:
the. See http://mail. XXXX. cn/igenus/file. php? Cmd=list&path=/zihuan this address after I generated the idea. We put the address change becomes http://mail. xxxx. cn/igenus/file. php? Cmd=list&path=…/input to IE. I believe we all understand it. This is a jump to the parent directory of meaning. Looking at the results in the figure below.
Look at Figure three

!
The new network sucks. Directly see the parent directory of the file. Next is to Go directly to a web directory. Specifically how to find I will not write. Is…/…/…/then one by one test. Finally found
http://mail.xxx.cn/igenus/file.php?Cmd=list&path=../../../../../home/igenus see the following figure
See Figure four

!
You see? The entire web document exposed. Next to also delete it. The entire a new network card php Trojan:)
The next step is to upload the shell. The new network has been ready for us to upload, I don’t need a lot. take a look:
Look at Figure five

!
Funny enough. First to a php Trojan.

See Figure six

!
Hey. This is the new network. Do not make comments. Smart you’ll think of. Now the thing to do is what? To find the database. New network user not less.
See Figure VII

!
Halo. There is a weak password!··#¥¥%¥%% Then use the password to connect to a mysql BACKUP DATABASE.
Look at Figure eight

!
Write here I’m a little the palm of the hand cold. The new network data for all users are here. I at down to write just doesn’t make sense. The next thing you against everyone free to play. But don’t go too far Oh. After my long-term test to discover a lot of websites and mail systems have similar vulnerabilities. Domestic portal sites also exist. Specific is that Station I will not say. Depend on all your own mining.

PS: I baidu a bit. With this system the station quite a bit, his full name is iGENUS webmail latest version are the presence of this vulnerability.

JSON