Title: Common entry points for penetration of Spinach Website (APP)

Posted April 10Apr 10

I made a lot of qp (chess and cards), and BC penetrated. I spent 2 nights all night and drank a few plates. I briefly talked about the process and summarized it.

Let me first talk about qp. Taking my penetration success case as an example, first of all, information collection is essential. What are the characteristics of qp?

His background will be set up in different ports behind the server domain name, as shown in the figure:

You can find the basics about the port.

Point of entry:

Find the location of SQL injection or feedback in the app, XSS

There is a situation where the packet capture shows 127.0.0.1 and the packet cannot be caught. This situation is more than that of the large plate, and it does not necessarily follow the TCP UDP protocol. You can refer to the Proxifier global proxy mentioned by T-ice

After you have the background, you can fuzz it. Some administrators will have the habit of backup and may make new discoveries.

Relatively speaking, qp is quite simple.

Let’s talk about BC and see the case of penetration last night.

Basically, large BC plates are equipped with various protection + cdn standard. After all, others don’t care about this little device money after making so much money.

I registered an account and found that there was no place to call XSS. Stop

Because this kind of large-scale service is generally quite good, the cards are very generous in every aspect, such as navigation and points mall.

There should be a messy one. On a VIP query page of its main site, it is a sql injection, and it is a thinkphp framework.

Thinkphp3.2.3, because there is a CDN that doesn't know the real IP, the background is a very troublesome thing. I originally wanted to see if there is any discovery in the log in the database.