Sunny Navigation System cms the background filter is not strict vulnerability-vulnerability warning-the black bar safety net

2012-10-25T00:00:00
ID MYHACK58:62201235295
Type myhack58
Reporter 佚名
Modified 2012-10-25T00:00:00

Description

BY: madmen

From 1 6 3 Micro Forum

Test URL

http://www.xxx.com/admin/log/dispcont.asp

admin/log/dispcont. asp

View administrator login records where the filter is not strict lead to can view the login record of success

Although success is cmd5 encryption, but a large part can be cracked

Tasteless is you must first find the admin directory before you can view

Keywords: about us Site Map feedback forum for the exchange of free included traditional display

Get the webshell method is very simple

Down here be sure to use IE to get the shell

Tangled a bit lower

!

/admin163. asp;. html written like this and then click on the automatically created save

!

!

Click Save

Then find

http://www.xxx.net/admin163.asp;. html

Password admin163