话说phpmyadmin有个setup的东东，如果配置不当，可以直接看到数据库账号密码，看我截图步骤：
http://sbs.m.sogou.com/phpmyadmin/setup/index.php

由此，得数据库地址及账号密码分别如下：
地址：main.tcm.rds.sogou
用户名：pfms
密码：pfms12345678

用上面的账号登陆看看，http://sbs.m.sogou.com/phpmyadmin/index.php

该账号权限偏低，就不getshell献丑了，同时附赠几个小漏洞吧~

http://sbs.m.sogou.com/index.php/site/login 无线Side-by-side系统
用户名：guest
密码：123456

http://sbs.m.sogou.com/f/ 目录遍历
找出了几个敏感文件，内有数据库连接信息，如下：

http://sbs.m.sogou.com/f/code/main.py

db = MySQLdb.connect("search04.mysql.db.sogou-op.org", "vrfront", "sbsSafety", "VR_SBS", charset='utf8')
#db = MySQLdb.connect("localhost", "root", "", "VR_SBS2", charset='utf8')

http://sbs.m.sogou.com/f/code/iptest.py

db = MySQLdb.connect("search04.mysql.db.sogou-op.org", "frontoms", "frontoms", "sogou_oms", charset='utf8')
#db = MySQLdb.connect("localhost", "root", "", "VR_SBS2", charset='utf8')

http://sbs.m.sogou.com/f/newcode/db.py

HOST = "search04.mysql.db.sogou-op.org"
USERNAME = "vrfront"
PASSWORD = "sbsSafety"
DATABASE = "VR_SBS"
CHARSET = "utf8"
# HOST = "10.11.195.224"
# USERNAME = "root"
# PASSWORD = ""
# DATABASE = "sbs"
# CHARSET = "utf8"