Zhuo Xun intelligent site management system ,official website:http://www. emte. com. cn/
Google:technical support:Zhuo information technology the default background:/main/login. asp //directly into the backstage to see the copyright is not EmteEasy system
Exploit:the default address database can be downloaded /db/%23EMTE^@DATABASE. MDB
After downloading open directly see the AdminUser table
See column AName2 and Apass2 view administrator plaintext account password
PS:(the account number in front is the md5 encryption behind it out the plaintext for? Puzzled him what it was thinking)
Editor upload vulnerability http://127.0.0.1/! Emte%5E=. Editor/adminlogin. asp
Default account password: admin admin
Use: directly into ewebeditor AdminCP-style Manager-set-add aaspsp format you can break the filter upload
sql injectionvulnerabilities, just add a’it will burst vulnerabilities, directly to the. D to the injection
Add Table: adminuser column account: aname2 password apsss2
Into the background some version supports database backup directly with opera to see the source code to modify the backup address into your picture script of the address.
Some versions have no database backup that kind of tragedy,you can try to use the editor vulnerability to get a shell to!