45 programs that can obtain webshell

1: Google, search for some keywords, Edit. asp? South Korea has many bots, most of which are MSSQL databases! 2. Go to Google, site: cq.cn inurl: ASP 3. Use a zombie and an ASP Trojan. The file name is login. asp. ...... Path group is/manage/ Keyword: went. asp Use 'or' = 'or' to log on 4. This should have been done by more than N people .. Keywords: CO net MIB ver 1.0 website background management system The account password is 'or' = 'or' 5. Dynamic Shopping System. Think of James Inurl: Help. asp login, if not registered as a member! You can select either upload_bm1.asp or upload_c1.asp. Generally, administrators ignore these two vulnerabilities. 6. Default database address blogdata/acblog. asa Keyword: acblog 7. Baidu/htdocs You can directly upload the ASA file during registration! 8./database/# newasp. MDB Keywords: newasp sitemanagesystem version 9. Excavator Keyword: powered by webboy Page:/upfile. asp 10. Search for ver5.0 build 0519 in Baidu (Upload vulnerability exists) 11. upfile_article.asp BBS/upfile. asp Keyword: powered by mypower, What is the upload vulnerability? There are also many users. You can use the tool mingkiddie. 12. inurl: winnt \ system32 \ inetsrv \ Enter this in Google to find many websites. 13. Now Google searches for the keyword intitle: Website Assistant inurl: ASP 14. Keywords: homepage latest news newbie guide dance music download center classic article gamer elegance equipment purchase station rumor friendship connection station Forum Add setup. asp to the keyword 15. VBulletin Forum Database Default database address! /Shortdes/functions. php Tools: 1. Web site HUNTER: Baidu Google! 2. Google Keywords: Powered by: VBulletin version 3.0.1 Powered by: VBulletin version 3.0.2 Powered by: VBulletin version 3.0.3 One of them is enough. 16 1. Open Baidu or Google search and enter powered by comersus ASP shopping cart Open source. This is a mall system. 2. There is a comersus open technologies LC at the bottom of the website. Open it and check it ~~ Comersus system ~ Guess, comersus. MDB. Is the Database Name All databases are placed after the database, So database/comersus. MDB Comersus_listcategoriestree.asp is replaced by database/comersus. mdb, which cannot be downloaded. Remove the previous ''store/'', and add database/comersus. MDB. All are default database addresses 17. Carefree legend Official Site program. 1. backend management address: http: // your domain name/msmiradmin/ Or http: // your domain name/admin. asp 2. Default background management account: msmir 3. Default background management password: msmirmsmir or msmir The database file is http: // your domain name/msmirdata/msmirarticle. MDB Or http: // your domain name/msmirdata/msmirarticle. asa The database connection file is **********/Conn. asp. It is also the default database address. This is the legend of 4f. Well, I just got it' 18. Enter/skins/default/in Baidu/ 19. using excavators Key servers: power by discuz Path:/wish. php Cooperation: Discuz! Wish. php Remote Vulnerability in Forum ...... 20. Upload Vulnerability. Tool: Of course, it's still James. The web site hunter or zombie. Keyword: powered by mypower Insert upfile_photo.asp to the detected page or file There are also n users .. 21. New cloud Vulnerabilities This vulnerability is available for both access and SQL. Google searches for keywords "about this site-website help-advertising cooperation-download Declaration-friendship connection-website map-Management Record" Put Flash/downfile. asp? Url = uploadfile/.../../Conn. asp submitted to the website root directory. You can download conn. asp Most download sites, such as source code and software. We often encounter a problem where the database is in front or in the middle + # You can replace it with % 23 to download it. \ Database \ % 23newasp. MDB For example: # Change xzws. mdb to % 23xzws. MDB Collected. I have never tried... --! 22. All shopping malls + power upload Systems Tool used: Xiaoji V1.1 mingxiao Mall intrusion: Keywords: purchase-> Add to shopping cart-> go to cashier-> confirm Recipient Information-> select payment method-> select delivery method-> online payment or remittance after order-> remittance confirmation-> delivery-> complete Vulnerability page: Upload. asp Upfile_flash.asp Or Upload Vulnerability webshell 23. Injection Vulnerability Baidu search ioj's blog 24 ease of operation Column directory Admin_articlerecyclebin.asp Inurl: admin_articlerecyclebin.asp 25. Tool: web site hunter Keywords: inurl: went. asp Suffix: Manage/login. asp Password: 'or' = 'or' This software is not very familiar. -- 26. Intrusion into Warcraft private server Required tool: ASP Trojan --! Nonsense. Mingkido Keyword: All right reserved design: Game Alliance Background address: admin/login. asp Database address: chngame/# chngame. MDB All are default. You can decrypt the database by yourself. 27. The vulnerability is caused by an error in the IIS settings of the Administrator. The Baidu keyword is a rare Script Name. Dynamic Network: reloadforumcache. asp Leadbbs: makealltopanc. asp Bbsxp: admin_fso.asp Ease of use: admin_articlerecyclebin.asp It seems that this is not quite clear .. 28. Database explosion vulnerability on foreign sites Keyword: Sad Raven's Guestbook Password address:/passwd. dat Background address:/admin. php 29. Discuz 4.1.0 cross-site Vulnerability Tools used: 1. WAP browser 2. WAP encoding Converter Keyword: "intextiscuz! 4.1.0" WAP browser ..............................!! 30. Keyword: sunnex Background path/system/manage. asp Directly upload an ASP Trojan Go to the excavator .. --! 31. Tools 1: web site hunter 2: DAMA Keywords: Do not disable cookies; otherwise, you will not be able to log on Insert DIY. asp 32. Keywords: team5 studio All Rights Reserved Default Database: Data/team. MDB The rest is self-built. Not much. 33. Tool: excavator auxiliary database Reader Keywords: Enterprise Profile product display product list Suffix:/database/myszw. MDB Background address: admin/login. asp All are default. Same. When the database goes off, unlock the password. That's all .. -- 34. Key sub-xxx inurl: nclass. asp ...... Write a trojan in "system settings. Will be saved to config. asp. 35. Use webshell without entering the background Data. asp? Action = backupdata default path for Online Database Backup I have never tried... I don't know. 36. Tool: webshell Keyword: inurl: went. asp Suffix: Manage/login. asp Weak Password: 'or' = 'or' I have never tried it. ...... 37. Keyword owered bycdn_news Scan the article and add a 'to test the injection points. Background address: admin_index.asp I won't say anything about the tool ......... 38. Intrude into leichi News Publishing System Keyword: leichinews Remove the values after leichinews. MARK: admin/uploadpic. asp? Actiontype = mod & picname = xuanran. asp Upload the trojan again ..... Access uppic anran. asp to log on to the Trojan. ---- No. Sweat, collected. 39. The tool excavator is enough. Keyword: ower system of article management ver 3.0 Build 20030628 Default Database: Database \ yiuwekdsodksldfslwifds. MDB Background address: scan by yourself! Tool. --! Why is it him. MD5 solution ......... (Nnd: a lot. You can try it ..) 40. 1. Search for a large number of injection points through Google Keyword: asp? Id = 1 gov.jp/asp? Id = Page: 100 Language: Enter the language of the country you want to intrude. 42 Keyword: powered by: 94 kkbbs 2005 Retrieve admin Using password retrieval Q: ddddd answer: ddddd 42. Keyword: inurl: went. asp The background is manage/login. asp. Background password: 'or' = 'or' Default database address: atabase/Datashop. MDB 43. Keyword: ***** inurl: readnews. asp Change the last/to % 5c, perform database brute-force attacks, view the password, and go to the background. Add a piece of news and enter a trojan in the title. 44. Tool: one-sentence Trojan Bbsxp 5.0 SP1 administrator Interpreter Keywords: powered by bbsxp5.00 Back up a sentence in the background! 45. Keywords: Program core: bjxshop online shop expert Background:/admin