The corporate website is black universal vulnerability-the vulnerability warning-the black bar safety net

2010-01-13T00:00:00
ID MYHACK58:62201025910
Type myhack58
Reporter 佚名
Modified 2010-01-13T00:00:00

Description

The corporate website is black universal vulnerability Webmasters runaway revenge only in this document to each enterprise network administrator, I hope for your help - The runaway revenge 1, The default account and password General network company for the enterprises to do the website or the online download the program the initial ID and password is usually Account: admin password: admin Account: admin password: admin888 Account: admin password: 1 2 3 4 5 6 Some administrators in order to figure easy website disclosure after the operation is also not to be modified, which is a major threat. 2, The default database Many network companies as a business do website the default database path is data/database. mdb or database/database. mdb, etc. similar, the intruder can guess the solution tools such as: bright kid domain or. D just sweep it out., another enterprise in the online download the program the default database must be modified. 3, Online editor vulnerability Almost six percent of the Seventy of the sites are there ewebeditor directory, in particular the network of the company help companies to develop, that development than to do more than is online download of program hard cover, Oh, this is a fact, why? First of all, the online editor for customers with Office software like word with a very convenient, and secondly for the network company programmer to reduce a lot of technique to live, but many web companies only know money the customer is simply not responsible, and even can be said that the existing network of the company doesn't understand network security, I also don't want to say more, members of the network company of the big cow you yourself reflect it, below I will vulnerability patch out: ewebeditor/admin_login. asp, editor/admin_login. asp or edit/admin_login. asp Default account: admin Default password: admin888 Light modifications to the default account and password or not, you can also download the database ewebeditor/db/ewebeditor. mdb 4, injection, upload Injection vulnerability and upload vulnerabilities now have been very little, basically a network company to do or download online The have been does not exist, unless the network company programmer too dish up! This article comes from: runaway revenge http://www.cqzh.cn/