One time, Oday raises the right to obtain the root permission of the mall server in batches

Time:2021-11-28

This problem has a huge impact, involving all the shopping malls developed through niushop. I hope this article can attract everyone’s attention. (Note: the mall used in the demonstration has fixed this vulnerability)

Severity: super grade

Solution: 1. Judge the user’s identity when accessing the vulnerability page; 2. Verify the uploaded file suffix.

After attending the sports meeting held by the company on May 19, I was always excited when I came home. I couldn’t sleep near 1 a.m., so I opened my notebook to try a mall today vulnerability I saw before, and wanted to test whether my mall was shot. Since the computer at home is usually only used to listen to songs and only a Chrome browser is installed, at this time, I will conduct a penetration test on my mall as an attacker who doesn’t know my company at all. Try typing the location of today in the browser with memory.

One time, Oday raises the right to obtain the root permission of the mall server in batches

Through years of web development experience and previous penetration common sense, it is obvious that the vulnerability is still there! So I found a. JPG picture on Baidu and tied the picture with a one sentence Trojan horse through the CMD merge command. Then I wrote a simple form:

One time, Oday raises the right to obtain the root permission of the mall server in batches

Ready to upload:

One time, Oday raises the right to obtain the root permission of the mall server in batches

The path address of the successfully uploaded picture is returned, which proves that the pony is OK ~

Use the Swiss Army knife of Web penetration to connect:

One time, Oday raises the right to obtain the root permission of the mall server in batches

It’s embarrassing. Didn’t you upload it successfully? What’s going on?!! At this time, the directory has been loaded, but the file cannot be loaded. My intuition and experience tell me that the problem lies in the moment when the Trojan horse is connected. For the specific reason, I need to open the browser to check the Trojan horse:

One time, Oday raises the right to obtain the root permission of the mall server in batches

“Unable to access this website” “connection has been reset”. When visiting any page of the website, I find that the same response is returned: “unable to access this website” “connection has been reset”. Needless to say, my IP has been blocked by the firewall of the server, which is very embarrassing.

But is this a problem for rookies like us who play penetration into web development! Look down on us!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Omit 1 minute here

One time, Oday raises the right to obtain the root permission of the mall server in batches

Successfully connected ~

However, there is another problem at this time. The pony has insufficient permissions and is particularly easy to be killed. It is also particularly easy to cause the tester’s IP to be blocked. However, his own IP is very precious and can’t afford too much money to buy an agent, so he thought of a perfect solution: pass a dog passing encrypted horse through the permission policy.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong Dong

2 minutes are omitted here

Pick up laziness and directly search a dog and horse in Baidu and pass it on (managers share it).

On the way, due to Alibaba cloud’s security policy and other reasons, my IP was blocked several times, but finally succeeded.

One time, Oday raises the right to obtain the root permission of the mall server in batches

(this picture is a screenshot of Malaysia)

Enter the password and successfully enter the Malaysia management interface.

One time, Oday raises the right to obtain the root permission of the mall server in batches

Simply flip through and accidentally enter the root directory. As for what functions Malaysia has, what ultimate operations can we do at this time? It’s worth saying that you can do what you can think of. As for the details, we won’t share them. After all, this operation is only allowed to be used as a test. Don’t use this method to attack other people’s servers! Reminder: law is beyond love!

OK, this test is over. I wrote this article just because I met. By the way, I recorded it to remind my friends: the security of the server is really important!!! On how to raise rights in windows, if I have the opportunity, I will take the initiative to share with you. Don’t worry.

Finally, thank fingertip security users for providing this test vulnerability.Portal, please click me!

Articles are allowed to be reproduced.