Zhuo Xun intelligent site management system EmteEasySite vulnerability+get webshell method-vulnerability warning-the black bar safety net

2011-07-10T00:00:00
ID MYHACK58:62201131198
Type myhack58
Reporter 佚名
Modified 2011-07-10T00:00:00

Description

Zhuo Xun intelligent site management system EmteEasySite

Official website:http://www. emte. com. cn/

Baidu search:

Technical support:Zhuo Information Technology

Directly into the background to see the copyright is not EmteEasy system

/main/login. asp

Exploit:

The default database address can be downloaded

/db/%23EMTE^@DATABASE. MDB

After downloading open directly see the AdminUser table

See column AName2 and Apass2 view administrator plaintext account password

PS:(the account number in front is the md5 encryption behind it out the plaintext for? Puzzled him what it was thinking)

Editor upload vulnerability

http://www.xxoo.com/! Emte%5E=. Editor/adminlogin. asp

admin admin

Directly press ewebeditor AdminCP-style Manager-set-add aaspsp format you can break the filter upload

sql injectionvulnerability

Just add a’it will burst vulnerability.

Readily available to. D to the injection.

Table adminuser

Column account: aname2 password apsss2

Into the background some version supports database backup directly with opera to see the source code to modify the backup address into your picture script of the address.

Some versions have no database backup that kind of tragedy,you can try to use the editor vulnerability to get a shell to!