首页 > 安全 > 网站安全 >

看我直连高顿www主站数据库(github泄露28库/两百万用户数据含密码)

2016-03-19

RT 安全无小事 1 github泄露:https: github com zhangxiaocenfoxmail Python_MySQLd blob 39edcf37ecd9db38d2b36bff5dcabc3c98b2c256 select py ! bin env python -*- coding: -*-imp

RT 安全无小事



#1 github泄露:

https://github.com/zhangxiaocenfoxmail/Python_MySQLd/blob/39edcf37ecd9db38d2b36bff5dcabc3c98b2c256/select.py
#!/bin/env python
# -*- coding:  -*-
import MySQLdb
import re

q=re.compile(r&#39;(?<=T).(?![^\d])&#39;)

try:  
   conn_src=MySQLdb.connect(host="115.29.228.53",user="root", passwd="2Ls56VwEK2wUuYDV",port=4453,db="gaodun",charset="utf8" )
except MySQLdb.Error as e:  

  print(&#39;connect fails!{}&#39;.format(e))  

conn_src.set_character_set(&#39;utf8&#39;)

cursor = conn_src.cursor()
id_sql="select id from gd_card_code where card_id=108"
cursor.execute(id_sql)
ids=cursor.fetchall()


content_sql="select num from gd_card_code where card_id  = 108"
cursor.execute(content_sql)
contents=cursor.fetchall()

for  connect in contents:
 c=connect[0]
 numd=q.sub(&#39;2&#39;,c)
 update_sql="update gd_card_code set num =&#39;%s&#39;,prefix=&#39;T254&#39; where card_id = 108" % (numd)
 cursor.execute(update_sql)
 cursor.execute(&#39;commit&#39;)
 print(update_sql)


conn_src.close()



用户名:root

密码:2Ls56VwEK2wUuYDV

IP地址:115.29.228.53 端口:4453



#2 IP反查

IP反查.png





#3 连接成功

连接成功.png





#4 28个库

24个库.png





#5 192万用户

高顿192万.png





#6 root权限不再深入

#1 github泄露:

https://github.com/zhangxiaocenfoxmail/Python_MySQLd/blob/39edcf37ecd9db38d2b36bff5dcabc3c98b2c256/select.py
#!/bin/env python
# -*- coding:  -*-
import MySQLdb
import re

q=re.compile(r&#39;(?<=T).(?![^\d])&#39;)

try:  
   conn_src=MySQLdb.connect(host="115.29.228.53",user="root", passwd="2Ls56VwEK2wUuYDV",port=4453,db="gaodun",charset="utf8" )
except MySQLdb.Error as e:  

  print(&#39;connect fails!{}&#39;.format(e))  

conn_src.set_character_set(&#39;utf8&#39;)

cursor = conn_src.cursor()
id_sql="select id from gd_card_code where card_id=108"
cursor.execute(id_sql)
ids=cursor.fetchall()


content_sql="select num from gd_card_code where card_id  = 108"
cursor.execute(content_sql)
contents=cursor.fetchall()

for  connect in contents:
 c=connect[0]
 numd=q.sub(&#39;2&#39;,c)
 update_sql="update gd_card_code set num =&#39;%s&#39;,prefix=&#39;T254&#39; where card_id = 108" % (numd)
 cursor.execute(update_sql)
 cursor.execute(&#39;commit&#39;)
 print(update_sql)


conn_src.close()



用户名:root

密码:2Ls56VwEK2wUuYDV

IP地址:115.29.228.53 端口:4453



#2 IP反查

IP反查.png





#3 连接成功

连接成功.png





#4 28个库

24个库.png





#5 192万用户

高顿192万.png



select count(*) from `gd_members`

1999559

1.png



#6 root权限不再深入

解决方案:

#1 内部自查

#2 穷孩子买不起网课,求送~

相关文章
最新文章
热点推荐