Shulou(Shulou.com)06/01 Report--

1.1 A penetration of a website

1.1.1 background person weak password login system

1. Log in to the CMS backend

Because the target website has been arranged in the early stage, and the test account number admin/123456 of the target website similar to the demonstration system has been obtained, so log in directly in the target website http://c*****.t*****.com/m.php, as shown in figure 1, successfully log in to the CMS system. The CMS website has a certain sense of security and changed admin.php to m.php. Although the admin.php page exists, it does not work.

Figure 1 Log in to the CMS backend

two。 Analyze and study the functions of the background one by one

Log in to the background to view the system settings, file upload, data backup, project management, order management, member management, planning tasks, mobile platform and so on, and analyze whether the system is developed independently or using open template development. Through the analysis of the system, it is found that the system is developed independently, there is no open source code on the Internet, and the source code can not be audited.

1.1.2 preliminary excavation of vulnerabilities

1. Analysis of file upload module

(1) all upload modules of the system use the same upload editor Kindeditor. After actual testing, all the loopholes and related methods of file upload are invalid.

(2) File upload module uses Kindeditor editor, by looking for pictures or file upload place, as shown in figure 2, select "pictures on the network", and then click Browse to view the upload folder on the server where the CMS is located.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.