Sunny Navigation System cms the background filter is not strict vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201235295
Type myhack58
Reporter 佚名
Modified 2012-10-25T00:00:00


BY: madmen

From 1 6 3 Micro Forum

Test URL

admin/log/dispcont. asp

View administrator login records where the filter is not strict lead to can view the login record of success

Although success is cmd5 encryption, but a large part can be cracked

Tasteless is you must first find the admin directory before you can view

Keywords: about us Site Map feedback forum for the exchange of free included traditional display

Get the webshell method is very simple

Down here be sure to use IE to get the shell

Tangled a bit lower


/admin163. asp;. html written like this and then click on the automatically created save



Click Save

Then find;. html

Password admin163