From one upload to Maxthon within the network-vulnerability warning-the black bar safety net

2015-01-13T00:00:00
ID MYHACK58:62201557958
Type myhack58
Reporter 佚名
Modified 2015-01-13T00:00:00

Description

From one upload to Maxthon within the network

The first is to find a sub-domain name of the upload

custom. maxthon. cn

In the upload icon when only verifies the content-type is not on file after the judgment

! 1532ed2be1f9d7260dd9085f527ba9e0. png

Simple modification packages to get to the shell

! d57e70ec59f41084d0c6864c438a71d1. png

Found some configuration information

?

|

1

2

3

4

5

6

7

8

9

1 0

1 1

1 2

1 3

1 4

1 5

1 6

1 7

1 8

1 9

2 0

2 1

2 2

2 3

2 4

2 5

2 6

2 7

2 8

2 9

3 0

3 1

3 2

3 3

3 4

3 5

3 6

3 7

3 8

3 9

4 0

4 1

4 2

4 3

4 4

4 5

4 6

4 7

4 8

4 9

5 0

5 1

5 2

5 3

5 4

5 5

5 6

5 7

5 8

5 9

6 0

6 1

6 2

6 3

6 4

6 5

6 6

6 7

6 8

6 9

7 0

7 1

7 2

7 3

|

$_Database_Config = array('dbhost' => '10.0.8.48',

'dbuser' => 'm_backend_cn',

'dbpass' => 'aoOJ1beLIDApfJC',

'dbname' => 'adbrw_admin',

'charset' => 'utf8',

'pconnect' => '0',

'environments' => 'production'

'mail. maxthon. cn',

'port' => '2 5',

'auth' => 'true',

'user' => 'zhaohongfeng@maxthon.cn',

'pass' => '@2 0 1 0'

/*$_Database_Config = array( 'dbhost' => 'localhost',

'dbuser' => 'root',

'dbpass' => '1 2 3 4 5 6',

'dbname' => 'adbmac_admin',

'charset' => 'utf8',

'pconnect' => '0'

);*/

//? Version. You.?? WA? String together boast?

$_Database_Config = array( 'dbhost' => '10.0.8.48',

'dbuser' => 'odbmac_admin',

'dbpass' => 'BvYinxtAiS9P05P',

'dbname' => 'odbmac_admin',

'charset' => 'utf8',

'pconnect' => '0'

$_Database_Config = array( 'dbhost' => '10.0.8.48',

'dbuser' => 'odbmac_admin',

'dbpass' => 'BvYinxtAiS9P05P',

'dbname' => 'odbmac_admin',

'charset' => 'utf8',

'pconnect' => '0'

'dbuser' => 'm_mad_cn',

'dbpass' => 'zLXM5NoF107bS8l',

'dbname' => 'adbrw_mad',

'charset' => 'utf8',

'pconnect' => '0'

$_Database_Config = array( 'dbhost' => '10.0.8.48',

'dbuser' => 'm_plugins_cn',

'dbpass' => 'MD2xPBtiyrf0z0Y',

'dbname' => 'adbrw_plugins',

'charset' => 'utf8',

'pconnect' => '0'

$_Database_Config = array( 'dbhost' => '10.0.8.48',

'dbuser' => 'm_feedback_cn',

'dbpass' => 'Th8K6k7vw6g2eZy',

'dbname' => 'feedback',

'charset' => 'utf8',

'pconnect' => '0'

$_Database_Config = array( 'dbhost' => '10.0.8.48',

'dbuser' => 'adbrw_project',

'dbpass' => '1q@W3e$R',

'dbname' => 'adbrw_channel',

'charset' => 'utf8',

'pconnect' => '0'

$_Database_Config = array( 'dbhost' => '10.0.8.48',

'dbuser' => 'm_backendwp_cn',

'dbpass' => 'GrW651KCwDByFdH',

'dbname' => 'wp_admin',

'charset' => 'utf8',

'pconnect' => '0',

'environments' => 'development'

'dbuser' => 'm_webapp_cn',

'dbpass' => '63KlZYVG',

'dbname' => 'adbrw_webapp',

'charset' => 'utf8',

'pconnect' => '0'

smtp_main_send( array('zhaohongfeng@maxthon.net','cuiwei@maxthon.net','linhongbin@maxthon.net')

$mail->Host = "mail.maxthon.net";

$mail->Username = "Maxthon-MM@maxthon.net";

$mail->Password = "1qaz2wsx";

---|---

[1] [2] [3] next