Detect my own blog (PJBlog3 vulnerability and repair methods)

For some of the following sensitive information about me, please read this information. Do not use my blog for testing, or try not to download my database to crack my account and password. Since I have after the publication, please pay attention to the following questions: the PJBlog3 vulnerability is so painful today. My blog told me yesterday that there was a vulnerability and told me how to find it. It was originally fixed today. I went to bed if I couldn't find it. as a result, my friends in the group called me and said that my blog was detected by another member in the group. At that time, I also said that the main site is not busy. I didn't expect him to know the vulnerability. I am very depressed. Write an article today and I will tell you a simple solution. The default PJBlog database is: blogDB/PBLog3.asp I entered the default database after the blog address, OK, open, see the figure

After the database is downloaded, the encryption method is sha1. It is difficult to decrypt 40 bits. So let's use another method. See the figure below: the username www.2cto.com is a sentence in the database: the entire number of connected databases was written by others, and then directly connected to the database, the password is a, so this program is very broken, and a registration vulnerability causes the blog to fall down easily.Solution:

Find this file register. asp and change it to <blog closed registration> modifying the database path and calling file is too troublesome.