By 163.net serious security loophole |http://www.cshu.net




                               About us 
                               Commercial cooperation 
                               Copyright declaration 
                               Contacts with us 



            Returns to the home pageArticle browsingOther columnsLands the forum


            |   The absolute &#21019;   |   |   hacker file   |   |   is newest 
            dynamically   |   
                  |  The hacker file>>invasion analysis>> discusses the 163.net 
                  serious security loophole  Printing

            By 163.net serious security loophole
            Www.cshu.net  2002-8-21  fog rain village 

              How invades a website, only is puts out own some experiences and 
              everybody shares together. Simultaneously when you saw this 
              article time showed you already had the certain jurisdiction, 
              hoped you the loophole which involves with under do not attack any 
              website. 
              Web invades me to think more will invade along with the network 
              interactive application possibly in a big way, some large-scale 
              websites all used the formidable interactive function, ASP, PHP, 
              the PERL big station safe all have generally done quite are good, 
              the firewall, the physical room partition, the specialist safely 
              protected, and so on. But really is they imagines is such safe? 
              Does not want to comment the Chinese gateway stand in here me the 
              security, only wants to tell above you 90% data to have the basis. 

              Very many websites like taking the free script to change, but the 
              free thing very few processes specialized security testing, the 
              appraisal, this without doubt has left behind very many questions. 

              I put out Chinese a well-known stand to make a solid row analysis. 

              163.net has a sub- station to be called the interest group 
              Http://my.cn.tom.com/iGroup/ 
              Only was sketchy looked at, his script was rewrites with a free 
              php filing system becomes, pitiful procedure rewriting even linked 
              the document famous metropolis to change not with enough time. But 
              this procedure in the usual practice knew is an existence serious 
              security problem procedure. 

              You may pass on any document in the interest group by anonymous or 
              the non- anonymous form transmission in, but this procedure 
              mistake lies in the document which he establishes to have the 
              execution the right, on passes on a document to any interest 
              group, then chooses this group the shared file, you can discover 
              on you passes on document already in inside. 
              Let on us pass on phpshell to have a look, what to discover? 
              The day, the script has been carried out (the nobody jurisdiction) 

              Http://my.cn.tom.com/userpic/store/6/1428_phpshell.php 
              Note: Because stochastically produces the document the name 
              (therefore clicks on on page connection not to) 
              The handwork changes, had a look us to see any 
              Http://my.cn.tom.com/userpic/store/6/1428_phpshell.php? 
              Work_dir=/etc&command=cat 
              Passwd 
              In order to conveniently uses us to change own this filename 
              Http://my.cn.tom.com/userpic/store/6/1428_phpshell.php? 
              Work_dir=. /etc&command=mv 1428_phpshell.php phpshell.php 
              Now lets us connect looked, all is normal 
              Http://my.cn.tom.com/userpic/store/6/phpshell.php 
              Receives us to have to enter his database host server 
              The cat related document finds out his database file password and 
              database server 
              Host:mydb 
              User:**** 
              Pass:**** 
              Then... 
              In order to facilitate me not to use netcat to extract shell on to 
              be direct passes on to manage mysql with php the database filing 
              system PHPMYSQLADMIN to transfer to the corresponding table of 
              contents to give a name **** 
              Puts to under the www table of contents which may visit 
              Http://my.cn.tom.com/iGroup/****/ (sorry, I have shielded place of 
              the this dangerous) 
              The 163.net all databases data 11 lists 
              This time I do not have any surprisedly with the accident, like 
              this easily, like this collapsing at the first blow, some is only 
              to a China network security present situation sorrow. 
              If 163 network managements saw this article time did not know what 
              feelings they are? 



              Original author: Unknown 
              Origin: Unknown 
              Altogether has 138 readers to read this article 

              [Tells friend] 
            Previous article:All phenomena on earth network management explains 
            the method! 

            Next article:Apache performance optimization skill 

            - this week popular article - related article 
            Will Office2003 postpone goes on the market must change Office2004?
            The new loophole exists to in homepage browser Opera7 many editions
            The Internet whole because the non- standard results in the lucky 
            internet bar to be under the biggest impact
            The CIH virus only harms to 36 people of five big reasons lets the 
            network long breathe sigh of relief
            Acrobat 6.0 comprehensively strengthens the electronic documents 
            security performance
            In front of the festival pulls the sound virus warning black wooden 
            horse to cause the local area network undefended
            The QQ user must guard against the inseparable unit deceitful trick 
            "to murder with a borrowed knife" is most sinister 



      CSHU 
