Hearing when the vulnerability of a summary-vulnerability warning-the black bar safety net

ID MYHACK58:62201026940
Type myhack58
Reporter 佚名
Modified 2010-05-16T00:00:00


In online there are also what news when the three tricks of the article..but I personally think that sometimes by that of three or invasion of the not as version of the update

The following article summarized from the Black anti-last year the 9th issue of the magazine on the content...

先 说 一 个 注入 吧 :upload/2010/5/201005152203240557.jpg" href="http://www.nhs8.com/upload/2010/5/201005152203254227.jpg" src="http://www.nhs8.com/upload/2010/5/201005152203253222.jpg" />

So that you easily can get the administrative user name and password..here md5 can get it to crack. But now Safety awareness.

Password complicated..very difficult to break out..then we can later cookies tricked into it

javascript:alert(document. cookie="adminuser="+escape("username")); javascript:alert(document. cookie="adminpass="+escape("md5 value")); javascript:alert(document. cookie="admindj="+escape("1"));

Then here there will be a case of..if the background cannot be found??? Below is a vulnerability to allow you to more easily achieve the effect you want:

Because of the noise when combined with the ewebeditor program..and it is not in the process overlooked ewebeditor have a listed directory vulnerability

It is to do the validation..but hearing most didn't do a good place is to verify..we can through the cookie trick to bypass the validation. Which can

Visit this page to list the directory..the steps are as follows:

javascript:alert(document. cookie="admindj=1")

Such a total station directory can look up..to find the back catalogue..go in..

Then into the background how to get the shell from?? Upload--backup ok..

Then sometimes some manage to do in background function when the backup page removed...and his present machine where the backup page is still there..

This I have come across a..you can via the column directory to achieve..

javascript:alert(document. cookie="admindj=1")

-------------------Summary the completion of---------------------

It should be said that basically can take care of it......