This app security is not very good, but one of the replace（）function to write well, but did not find is how to write, and the injection of“space, select,%2 0, a+number, and/**/, etc. filter is empty. In searching out the loopholes in the statements a lot of trouble, I also do not write, directly to a drastic method to directly get the password of the account soon.
Keywords: technical support: shop363.net
Database: Data_Shop363/Date_Shop363_shop. mdb Database decryption tool: AccessUnLock.exe Hack the account: admin password: actionshop363?
Standby database: Data_Shop363/Date_Shop363_shop. mdb is the default database bbs/data/#sjyshop363. mdb Forum database
Home retrieve password at the injection vulnerability to get a Shell not much use, but can broke some user name password direct access to ‘union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41 from shop363_user
The display is 7
Turn change for username password
You can also use the backend default password: action first The second Group: admin admin888 Third Group: admin admin（9 0% can directly into the background）