Set up discuz forum and break the stolen database

One 、 Quickly build discuz Forum

Attack ideas

Want to take down a host A Authority ：

（1） Take a look at this server ： port , Server version , Operating system version . Look for loopholes .

（2） Get it right A Identity with certain authority . If the other party is a WEB The server , Just exploit the vulnerability of the other party's website application , Upload webshell Then raise the right

（3） Pass it on , obtain apache User general permission , Then raise the right root

Quickly build the experimental environment

Building a LAMP Environmental Science . Deploy with vulnerabilities discuz Forum

1、 Summary of vulnerability ：

This vulnerability appears in a DZ X Inside the series' own conversion tool .

Vulnerability path ：utility/convert/data/config.inc.php

The cause of the vulnerability is ：config.inc.php This file was hacked through post When writing , No filter detection , So hackers can pass post Way to config.inc.php Write Trojan horse program .

Trigger vulnerability process ：

a、 Access and open in the browser