Record an edusrc vulnerability mining

0x00 Preface

Listen to your words , surpass ten years of reading Last night, after listening to my cousin Caicai speak , Find yourself really lazy , others 18 You can take it at any age 10k 了 , But I still have this lost salary , Not willing to . I always feel very busy , It's actually fun , Don't squeeze out time for study . I can see that cousin Cai really wants to teach , Last night, I also said the task , Dig one edusrc The invitation code of , Make it simple , in order to RMB!!!

0x01 Set goals

Open it directly edusrc Find a victim , Let me come to Kangkang, who is the lucky one （ Manual formation ） I am from Shandong , Just find one from Shandong Province .

0x02 information gathering

Good information collection , I'm not afraid there's no hole to dig fofa Search the university directly

Have a look fofa Li's station , The main station doesn't make much sense , There is no need to waste time on the main station , Mainly pay attention to stand by 、C paragraph , The older you stand, the better , Here is where they were found C It's a paragraph , Directly scan the tool C paragraph .

Browse around , None of them has a head , Just when I was about to give up , the last one IP I found the loophole successfully .

0x03 Exploit

When you encounter this login box , The loopholes are nothing more than those , Mainly test weak password and injection . Don't want to waste time , Weak passwords are simply measured by hand . see url There is index.aspx, Just need to go to the bathroom , Why don't you grab a bag and run . I am also very lucky , When I came back from the bathroom , It was really injected .

Nice, I went here and gave my cousin Cai a look , With years of experience, cousin Caicai can judge at a glance that osshell, Absolute God , I really can osshell（ Want to learn how to look ）

Can take shell 了 , But I don't seem to be very good at , but , I'd better run the contents of the database .QAQ, It's no use , I tried to log in , The cracked password is not quite right .

alas , Ask cousin CAI for help , Cousin is also a drag , Direct four big characters , Universal password . ye , I never thought of it , It's too inflexible to use your own brain , We all know that there is sql Yes , Don't think about the universal password .

Browse around , See if there are any points available . ok , Look around or just find sql Yes , The front desk injects the same , boring .

All right , Let's dig here first , Throw it directly to my cousin getshell, I'll hand it in edusrc, Yes, I handed in one sql Inject , I should be able to go through the trial , Hee hee

Today's task is finished , Not in vain , What experience have you gained this time , It's persistence . Really? , Don't give up , Don't give up until the last minute , My loophole this time is the last one C paragraph ip Dug up , This station was going to try the weak password , No, just give up , But I suddenly want to run sql Inject , It really came out , Happy . Make sure you stick to it ！！！！！！！！！！！