Zhuo Xun EmteEasySite vulnerability + webshell Method

Zhuo Xun intelligent website management system EmteEasySite official website: http: www.emte.com.cn Baidu search: technical support: Zhuo Xun technology directly into the background to see if the copyright is EmteEasy system mainlogin. asp Vulnerability exploitation: the default database address can be used to download db % 23EMTE ^ @ DATEBASE. after the MDB is downloaded, open the AName2 column in The AdminUser table.

Zhuo Xun intelligent website management system EmteEasySite

Official Website: http://www.emte.com.cn/

Baidu search: technical support: Zhuo Xun Technology

Go directly to the background to check if copyright is an EmteEasy system.

/Main/login. asp

Vulnerability exploitation:

Default database address downloadable
/Db/% 23EMTE ^ @ DATEBASE. MDB

Open the AdminUser table after the download.

View AName2 and Apass2 in the column to view the Administrator's plaintext account and password

PS: (is the account followed by md5 encryption but plaintext? What is his thinking)

Editor Upload Vulnerability

Http://www.xxoo.com /! Emte % 5E =. Editor/adminlogin. asp

Admin

Directly press ewebEdFilter Upload by adding aaspsp format to itor background-style management-settings

SQL Injection Vulnerability
Simply add a ''to expose the vulnerability.

You can hand it over to ah d for injection.

Table adminuser

Column account: aname2 password apsss2

Some versions in the background support database backup and use opera to view the source code and change the backup address to the address of your image script.

Some versions do not have the tragedy of database backup. You can try to use the editor vulnerability to get shell!