In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
In the process of *, it is necessary to rely on some tool software, such as Mingxiao and Ah D, both belong to relatively old software with limited functions, while Pangolin and Havij are two relatively powerful softwares. This article will introduce their basic usage. The experimental environment is built by NMPServer, using the first website.
There is an obvious injection vulnerability in the http://192.168.80.129/info_show.php?info_id=142 of the website page. We first use the bright boy to inject. In the first few steps, we have no problem guessing the table name and column name, but failed in the final key step of guessing the user name and password.
Let's use Pangolin injection, first detect the URL, if it can be injected, then we can list some sensitive information that we care about. From this information, we can know that the server uses the Windows system, the database uses version 5.1 of MySQL, the current database is govcn, the current user is root, and the path of the database can also be obtained.
Because the target website is relatively simple, you can get the administrator account and password directly in the "Accounts" section here. For some more complex websites, you can click "get data" below to further reveal the user name and password.
In the following interface, you also follow the steps of getting tables-> getting columns-> getting data.
Finally, we will inject it with Havij. Enter URL into the Target bar, click the Analyze button, and then click the "Info" button to see the sensitive information detected by the software. From these information, we can know that the server software uses nginx 0.7.63, the dynamic program uses PHP 5.2.11, and the current database is govcn.
Continue to click the Tables button to expose the library. The user name and password are also exposed in the order of Get Tables (get table)-> Get Columns (get column)-> Get Data (get data).
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
Findpass http://www.xfocus.net/tools/200307/445.html
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
