看我直连高顿www主站数据库(github泄露28库/两百万用户数据含密码)
RT 安全无小事
#1 github泄露:
https://github.com/zhangxiaocenfoxmail/Python_MySQLd/blob/39edcf37ecd9db38d2b36bff5dcabc3c98b2c256/select.py #!/bin/env python # -*- coding:-*- import MySQLdb import re q=re.compile(r'(?<=T).(?![^\d])') try: conn_src=MySQLdb.connect(host="115.29.228.53",user="root", passwd="2Ls56VwEK2wUuYDV",port=4453,db="gaodun",charset="utf8" ) except MySQLdb.Error as e: print('connect fails!{}'.format(e)) conn_src.set_character_set('utf8') cursor = conn_src.cursor() id_sql="select id from gd_card_code where card_id=108" cursor.execute(id_sql) ids=cursor.fetchall() content_sql="select num from gd_card_code where card_id = 108" cursor.execute(content_sql) contents=cursor.fetchall() for connect in contents: c=connect[0] numd=q.sub('2',c) update_sql="update gd_card_code set num ='%s',prefix='T254' where card_id = 108" % (numd) cursor.execute(update_sql) cursor.execute('commit') print(update_sql) conn_src.close()
用户名:root
密码:2Ls56VwEK2wUuYDV
IP地址:115.29.228.53 端口:4453
#2 IP反查
#3 连接成功
#4 28个库
#5 192万用户
#6 root权限不再深入
#1 github泄露:
https://github.com/zhangxiaocenfoxmail/Python_MySQLd/blob/39edcf37ecd9db38d2b36bff5dcabc3c98b2c256/select.py #!/bin/env python # -*- coding:-*- import MySQLdb import re q=re.compile(r'(?<=T).(?![^\d])') try: conn_src=MySQLdb.connect(host="115.29.228.53",user="root", passwd="2Ls56VwEK2wUuYDV",port=4453,db="gaodun",charset="utf8" ) except MySQLdb.Error as e: print('connect fails!{}'.format(e)) conn_src.set_character_set('utf8') cursor = conn_src.cursor() id_sql="select id from gd_card_code where card_id=108" cursor.execute(id_sql) ids=cursor.fetchall() content_sql="select num from gd_card_code where card_id = 108" cursor.execute(content_sql) contents=cursor.fetchall() for connect in contents: c=connect[0] numd=q.sub('2',c) update_sql="update gd_card_code set num ='%s',prefix='T254' where card_id = 108" % (numd) cursor.execute(update_sql) cursor.execute('commit') print(update_sql) conn_src.close()
用户名:root
密码:2Ls56VwEK2wUuYDV
IP地址:115.29.228.53 端口:4453
#2 IP反查
#3 连接成功
#4 28个库
#5 192万用户
select count(*) from `gd_members`
1999559
#6 root权限不再深入
解决方案:
#1 内部自查
#2 穷孩子买不起网课,求送~