Select Browser Mobile | Continue

Silic Group Froum Archive - Silic Security

 Forgot Password?
 Join Us
Search
Show: 3854|Reply: 66

[原创] 奇葩截断拿下网站权限

  [Copy URL]
冷尊 The user has been deleted
Posted 2016-8-13 17:29:58 | Show all replies |Read Mode
本帖最后由 冷尊 于 2016-8-14 18:28 编辑

之前因为家里网络的问题一直打不开习科,也是好久都没来习科来逛逛了

发一篇很早写的一篇文章来刷刷存在感。

咳咳 不扯淡了 开始正文

目标网站:
www.yrglass.com(就不打码了,大牛们轻点尝试)


拿到网站跟帐号密码 就准备去看看了,先看下后台感觉很熟悉
图片1.png
登陆一下,然后大概的浏览一下,发现也就一个编辑器
图片2.png
然后尝试先上传一个图片看看图片存的地址。
<p>
    <img src="http://www.yrglass.com/admin/baiduedit/asp/upload1/20160107/14521631028349958.gif" title="QQ图片20151220034658.gif"/>
</p>
看了一下就是在upload1这个目录
图片3.png
我在上传页面下面看到了上传目录,然后我就想到能否用burp截断一下,简单的看了一下网站系统服务器
图片4.png
图片5.png
Burp使用我就不多说了,跳转到Repeater栏目下点一下GO看返回信息
图片6.png
然后看到了这个上传目录
图片7.png
就是想能否在此截断一下呢
图片8.png
但是失败了,有尝试一下文件名截断神马的 都不行 然后我又看到了这个
图片9.png
我就想是不是控制文件名的后缀的呢 然后我就尝试删除一下这个文件 然后发现果然是控制文件名的
图片10.png
然后我就邪恶的试试在测试iis6.0的解析漏洞Sad.asp;1
图片11.png
upload1/20160107/Sad.asp;1.jpg
然后去网站访问一下
图片12.png
有狗。。但是我不服 我就试试了截断Sad.asp 截断了一下
图片13.png
upload1/20160107/Sad.asp
图片14.png
然后就成功了过掉了狗 我好无语。。。。

菜刀连接之
图片15.png
小白文章只求交流一起学习进步
大牛勿喷!!!!!

Rate

2

View all rate

chuyu The user has been deleted
Posted 2016-8-13 18:46:31 | Show all replies
冷尊大表锅
Posted 2016-8-14 00:43:43 | Show all replies
冷尊大表锅
冷尊 The user has been deleted
 Author| Posted 2016-8-14 03:11:22 | Show all replies

别闹 你是我哥
冷尊 The user has been deleted
 Author| Posted 2016-8-14 03:12:22 | Show all replies
Posted 2016-8-14 10:00:19 | Show all replies
我想问的是,你怎么拿到管理员密码的。
q329973692 The user has been deleted
Posted 2016-8-14 11:09:21 | Show all replies
话说截断是什么。
冷尊 The user has been deleted
 Author| Posted 2016-8-14 17:52:13 | Show all replies
zkj 发表于 2016-8-14 10:00
我想问的是,你怎么拿到管理员密码的。

朋友给我的一个站  我也没问~
xmsec The user has been deleted
Posted 2016-8-14 21:10:39 | Show all replies
我也遇到这个站了,但是拿不下
0xd7a3 The user has been deleted
Posted 2016-8-14 22:54:04 | Show all replies
这个后台好熟悉
Msl The user has been deleted
Posted 2016-8-15 00:11:24 | Show all replies
我擦我擦,你猜我是谁
0xd7a3 The user has been deleted
Posted 2016-8-15 01:35:07 | Show all replies
奇怪这站是怎么拿到帐号密码的啊是弱口令么还是什么东西啊

我找了半天也没找到注入找到个备份下载下来里面的密码是很久之前的解密出来登录不了

楼主能说说怎么拿到的密码的很好奇
0xd7a3 The user has been deleted
Posted 2016-8-15 01:43:25 | Show all replies
搞定了拿到了不用麻烦楼主了
南宫剑影 The user has been deleted
Posted 2016-8-15 08:11:39 | Show all replies
我就是来学习的啊
KingJohn The user has been deleted
Posted 2016-8-15 09:46:02 | Show all replies
,如何奇葩,看看呢
406094055 The user has been deleted
Posted 2016-8-15 11:04:18 | Show all replies
来看看  学习一下
MissError The user has been deleted
Posted 2016-8-15 13:53:23 | Show all replies
kankank。。。
毒赌撸 The user has been deleted
Posted 2016-8-15 14:36:50 | Show all replies
学习一下r大牛的思路
魂淡、 The user has been deleted
Posted 2016-8-15 19:37:26 | Show all replies
感谢分享~!
chenjingyes The user has been deleted
Posted 2016-8-16 01:14:50 | Show all replies
看着标题吸引人 学习一下
You need to login before reply! Login | Join Us

Credit Rules of This Forum

Close

公告Privious /1 Next

小黑屋|手机版|Archiver|Silic Security

GMT+8, 2017-8-23 21:40

© 2001-2014 Silic Corp.

Quick Reply Top Return List