Detailed explanation of the steps for Oday to escalate privileges and obtain root permissions of the mall server in batches

This time I will bring you a detailed explanation of the steps for Oday to escalate privileges and obtain the root permissions of the mall server in batches. What are the precautions for Oday to escalate privileges and obtain root permissions of the mall server in batches. The following is a practical case. Let’s take a look.

Severity: Special

Solution: 1. Determine the identity of the user when accessing the vulnerability page; 2. Verify the file extension name of the uploaded .

After participating in the sports meeting held by the company on May 19, I was very excited when I returned home. It was almost 1 o'clock in the morning and I still couldn't sleep, so I opened my laptop to try out a mall Oday vulnerability I had seen before and wanted to test it. Check whether your mall has been shot. Since the computer at home is usually only used for listening to music and only has a Chr#ome browser installed, so at this time I will penetrate my own mall as an attacker who has no knowledge of my company. test. Try typing the Oday location into your browser from memory.

Through years of web development experience and previous penetration knowledge, it is obvious: the vulnerability is still there! So I found a .jpg picture on Baidu, and bundled the picture with the one-sentence Trojan through the cmd merge command. Then I wrote a simple form:

Everything is ready, upload:

Returned the successfully uploaded picture Path address, proof: Xiaoma is ok~

Hurry up and use the Swiss Army Knife of the web penetration industry to try to connect:

This is very embarrassing. , wasn’t the upload successful? What's going on? ! ! At this time, the directory has been loaded, but the file cannot be loaded. Intuition and experience tell me: the problem lies at the moment when the Trojan is connected. For the specific reason, you need to open the browser to check the situation of the Trojan:

"This website cannot be accessed" and "The connection has been reset". At this time, when visiting any page of the website, it is found that the same response is returned: "This website cannot be accessed" and "The connection has been reset". Needless to say, my IP has been blocked by the server's firewall, which is very embarrassing now.

But for a novice like us who has entered web development through penetration, is this a problem? You look down on us so much!

~~~~~~~~~~~~~~~~~~~~

Omit 1 minute here...

The connection is successful~

However, another problem arises at this time. Xiaoma has insufficient permissions and is particularly easy to be killed. It is also particularly easy to cause the tester’s IP to be blocked. , and my own IP is very precious, and I can't afford to spend too much money to buy a proxy, so I thought of a perfect solution: pass a passable encryption horse through the permission policy.

~~~~~~~~~~咚咚咚~~~~~~~~~~

Omit 2 minutes here...

I just searched Baidu and uploaded it (the manager shared it).

On the way, due to Alibaba Cloud's security policy and other reasons, my IP was blocked several times, but I finally succeeded.

(This picture is a screenshot of Malaysia)

Enter the password and successfully enter the Malaysia management interface.

I simply flipped through and accidentally entered the root directory. As for what functions Malaysia has, what ultimate operations can we do at this time? It’s worth saying: whatever you can think of, you can do. As for the details, I won’t share them. After all, this operation is only allowed for testing. Do not use this method to attack other people’s servers! Reminder: There is no mercy!

Okay, this test is over. I wrote this article just because I encountered it. By the way, I recorded it to remind my friends around me: the security of the server is really important! ! ! Regarding how to escalate privileges in Windows, if I have the chance to encounter it, I will take the initiative to share it with you, so don’t worry.

I believe you have mastered the method after reading the case in this article. For more exciting information, please pay attention to the php Chinese website Other related articles!

Recommended reading:

Detailed explanation of the steps to use the front-end testing pyramid

How to handle the MySQL database access denial

The above is the detailed content of Detailed explanation of the steps for Oday to escalate privileges and obtain root permissions of the mall server in batches. For more information, please follow other related articles on the PHP Chinese website!