Web Front-endJS TutorialDetailed explanation of the steps for Oday to escalate privileges and obtain root permissions of the mall server in batchesDetailed explanation of the steps for Oday to escalate privileges and obtain root permissions of the mall server in batches
This time I will bring you a detailed explanation of the steps for Oday to escalate privileges and obtain the root permissions of the mall server in batches. What are the precautions for Oday to escalate privileges and obtain root permissions of the mall server in batches. The following is a practical case. Let’s take a look.
Severity: Special
Solution: 1. Determine the identity of the user when accessing the vulnerability page; 2. Verify the file extension name of the uploaded .
After participating in the sports meeting held by the company on May 19, I was very excited when I returned home. It was almost 1 o'clock in the morning and I still couldn't sleep, so I opened my laptop to try out a mall Oday vulnerability I had seen before and wanted to test it. Check whether your mall has been shot. Since the computer at home is usually only used for listening to music and only has a Chr#ome browser installed, so at this time I will penetrate my own mall as an attacker who has no knowledge of my company. test. Try typing the Oday location into your browser from memory.
Through years of web development experience and previous penetration knowledge, it is obvious: the vulnerability is still there! So I found a .jpg picture on Baidu, and bundled the picture with the one-sentence Trojan through the cmd merge command. Then I wrote a simple form:
Everything is ready, upload:
Returned the successfully uploaded picture Path address, proof: Xiaoma is ok~
Hurry up and use the Swiss Army Knife of the web penetration industry to try to connect:
This is very embarrassing. , wasn’t the upload successful? What's going on? ! ! At this time, the directory has been loaded, but the file cannot be loaded. Intuition and experience tell me: the problem lies at the moment when the Trojan is connected. For the specific reason, you need to open the browser to check the situation of the Trojan:
"This website cannot be accessed" and "The connection has been reset". At this time, when visiting any page of the website, it is found that the same response is returned: "This website cannot be accessed" and "The connection has been reset". Needless to say, my IP has been blocked by the server's firewall, which is very embarrassing now.
But for a novice like us who has entered web development through penetration, is this a problem? You look down on us so much!
~~~~~~~~~~~~~~~~~~~~
Omit 1 minute here...
The connection is successful~
However, another problem arises at this time. Xiaoma has insufficient permissions and is particularly easy to be killed. It is also particularly easy to cause the tester’s IP to be blocked. , and my own IP is very precious, and I can't afford to spend too much money to buy a proxy, so I thought of a perfect solution: pass a passable encryption horse through the permission policy.
~~~~~~~~~~咚咚咚~~~~~~~~~~
Omit 2 minutes here...
I just searched Baidu and uploaded it (the manager shared it).
On the way, due to Alibaba Cloud's security policy and other reasons, my IP was blocked several times, but I finally succeeded.
(This picture is a screenshot of Malaysia)
Enter the password and successfully enter the Malaysia management interface.
I simply flipped through and accidentally entered the root directory. As for what functions Malaysia has, what ultimate operations can we do at this time? It’s worth saying: whatever you can think of, you can do. As for the details, I won’t share them. After all, this operation is only allowed for testing. Do not use this method to attack other people’s servers! Reminder: There is no mercy!
Okay, this test is over. I wrote this article just because I encountered it. By the way, I recorded it to remind my friends around me: the security of the server is really important! ! ! Regarding how to escalate privileges in Windows, if I have the chance to encounter it, I will take the initiative to share it with you, so don’t worry.
I believe you have mastered the method after reading the case in this article. For more exciting information, please pay attention to the php Chinese website Other related articles!
Recommended reading:
Detailed explanation of the steps to use the front-end testing pyramid
How to handle the MySQL database access denial
The above is the detailed content of Detailed explanation of the steps for Oday to escalate privileges and obtain root permissions of the mall server in batches. For more information, please follow other related articles on the PHP Chinese website!
From Websites to Apps: The Diverse Applications of JavaScriptApr 22, 2025 am 12:02 AMJavaScript is widely used in websites, mobile applications, desktop applications and server-side programming. 1) In website development, JavaScript operates DOM together with HTML and CSS to achieve dynamic effects and supports frameworks such as jQuery and React. 2) Through ReactNative and Ionic, JavaScript is used to develop cross-platform mobile applications. 3) The Electron framework enables JavaScript to build desktop applications. 4) Node.js allows JavaScript to run on the server side and supports high concurrent requests.
Python vs. JavaScript: Use Cases and Applications ComparedApr 21, 2025 am 12:01 AMPython is more suitable for data science and automation, while JavaScript is more suitable for front-end and full-stack development. 1. Python performs well in data science and machine learning, using libraries such as NumPy and Pandas for data processing and modeling. 2. Python is concise and efficient in automation and scripting. 3. JavaScript is indispensable in front-end development and is used to build dynamic web pages and single-page applications. 4. JavaScript plays a role in back-end development through Node.js and supports full-stack development.
The Role of C/C in JavaScript Interpreters and CompilersApr 20, 2025 am 12:01 AMC and C play a vital role in the JavaScript engine, mainly used to implement interpreters and JIT compilers. 1) C is used to parse JavaScript source code and generate an abstract syntax tree. 2) C is responsible for generating and executing bytecode. 3) C implements the JIT compiler, optimizes and compiles hot-spot code at runtime, and significantly improves the execution efficiency of JavaScript.
JavaScript in Action: Real-World Examples and ProjectsApr 19, 2025 am 12:13 AMJavaScript's application in the real world includes front-end and back-end development. 1) Display front-end applications by building a TODO list application, involving DOM operations and event processing. 2) Build RESTfulAPI through Node.js and Express to demonstrate back-end applications.
JavaScript and the Web: Core Functionality and Use CasesApr 18, 2025 am 12:19 AMThe main uses of JavaScript in web development include client interaction, form verification and asynchronous communication. 1) Dynamic content update and user interaction through DOM operations; 2) Client verification is carried out before the user submits data to improve the user experience; 3) Refreshless communication with the server is achieved through AJAX technology.
Understanding the JavaScript Engine: Implementation DetailsApr 17, 2025 am 12:05 AMUnderstanding how JavaScript engine works internally is important to developers because it helps write more efficient code and understand performance bottlenecks and optimization strategies. 1) The engine's workflow includes three stages: parsing, compiling and execution; 2) During the execution process, the engine will perform dynamic optimization, such as inline cache and hidden classes; 3) Best practices include avoiding global variables, optimizing loops, using const and lets, and avoiding excessive use of closures.
Python vs. JavaScript: The Learning Curve and Ease of UseApr 16, 2025 am 12:12 AMPython is more suitable for beginners, with a smooth learning curve and concise syntax; JavaScript is suitable for front-end development, with a steep learning curve and flexible syntax. 1. Python syntax is intuitive and suitable for data science and back-end development. 2. JavaScript is flexible and widely used in front-end and server-side programming.
Python vs. JavaScript: Community, Libraries, and ResourcesApr 15, 2025 am 12:16 AMPython and JavaScript have their own advantages and disadvantages in terms of community, libraries and resources. 1) The Python community is friendly and suitable for beginners, but the front-end development resources are not as rich as JavaScript. 2) Python is powerful in data science and machine learning libraries, while JavaScript is better in front-end development libraries and frameworks. 3) Both have rich learning resources, but Python is suitable for starting with official documents, while JavaScript is better with MDNWebDocs. The choice should be based on project needs and personal interests.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
Dreamweaver Mac version
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
WebStorm Mac version
Useful JavaScript development tools
