By: Red snow
Ver: asp Enterprise version, the background structure is substantially a touch of the same.
Large cattle bypass, this no technical content, just speak from experience, guys don't yell at me for. （Thank you Allen upx8 invitation code
Nothing else, open the website you see a company advertising sites, the operation started out as a business partner（mouse）for itssecurity testing.
Just one look, the background path is http://www. xxxx. net/psadmin/ （background name substantially uniform）
Habitual use admin admin to get in this is the human nature of laziness）
To Tinker a lot to see is ew2. 8. 0 version of the database mdb was changed to asa.
Look under upload vulnerability does not, it really can be its own structure, put the jpg into asp OK, I tried a few, some to background privileges, and some can bypass the background directly upload.
EXP: the http://www.xxxx.net/psadmin/inc/sctp.asp?formname=form1&editname=proPic&uppath=upfile/products&filelx=asp|[soar://www. xxxx. net/psadmin/inc/sctp. asp? formname=form1&editname=proPic&uppath=upfile/products&filelx=asp|aspx&enFileSize=1 0 4 8 5 7 6