The Rubik's Cube Network Camera System injection vulnerability and exploit-vulnerability warning-the black bar safety net

2011-12-14T00:00:00
ID MYHACK58:62201132593
Type myhack58
Reporter 佚名
Modified 2011-12-14T00:00:00

Description

The Rubik's Cube Network Camera System Injection point:/news. php? action=detail&id=[SQLi] Using the method, the first step through the injection point to obtain the administrator account and password, the password actually is plaintext

The second step, 后台地址为/admin.php,go in the admin backend trying to get webshell

The third step, through iis6 parsing vulnerability, upload. asp;. jpg word Trojan

The fourth step, directly connected sentence -_,