Author: L4nk0r [cn_lgz@126.com]
Recently, I helped a computer repair website. The teacher gave me a domain name and I checked server security with curiosity.
My website was written in asp. I tried a connection and tested it. I found that simple SQL injection is filtered out. I know that the website has many functions and does not start with the target site.
So under whios, wow, there are hundreds of websites, so I took a look at a site and it seems very familiar. he also obtained the password and account in the background, and found that the commercial version of the enterprise management system is excellent. [The Unregistered version has very few functions]. He thought it was very simple. After reading it for a long time, he did not know where to use the shell, so I downloaded a set of similar versions. The version is different from this site. I found that the SouthidcEditor in the background is actually an ewebeditor. after reading the source code, I know that this is definitely not in the background, so I thought of an article I have read before. I want to modify the style and try again.
Direct submission;
Http: // url/admin/SouthidcEditor/admin_style.asp? Action = s_newssystem & id = 23
It's too early to come out, but don't be happy. If you want to modify a style, you 'd better modify the last soutdic (style used by the system) and add the Image Upload to allow cer. OK to submit.
You can submit the file and prompt that the style is successfully modified. Of course, you cannot use it if you do not have the permission to modify it. After the modification, I want to know how to do it.