ESHOP wangshangbao mall 1.0 GetWebshell

When I got up late one day, I got up and found a leaflet on the ground.
 
I saw an online store.
 
So I want to see what program I used and find it (see html comments, css comments, and file names ). ESHOP online shopping mall is found.
 
Google vulnerabilities, eshop vulnerabilities found, tested, wrong. However, an error is reported. Other online shop systems are found to be ESHOP.
 
Put it for two days, and then remember to test the injection again. It has the filtering code. After reading the source code. The select keyword is not filtered out.
 
In the front-end search area, the price ranges from where to find a digital injection point.
 
In combination with the Administrator table name and column name found in the Code. Then you can get rid of it.
 
Http://xxxx.com/p_list.aspx? Keyword = % & amp; maxPrice = 0 & amp; minPrice = 0 and (select top 1 admin from admin)> 0
 
// The Login Name of the first Administrator
 
The http://www.bkjia.com/p_list.aspx? Keyword = % & amp; maxPrice = 0 & amp; minPrice = 0 and (select top 1 password from admin)> 0
 
// Password. Standard md5.
 
The place where the injection is put is not filtered for update. So the password cannot be retrieved. You can update it. Another point is that this filtering Code only filters out the get method.
 
Enter the background. Product System-> product content-> List pictures where the aspx file can be directly transferred. The path cannot be displayed when the path is directly uploaded to aspx. Therefore, you can directly upload jpg files to get the path, and then upload the image to KO.
 
Close the job.
 
PS: monitoring, no damage.

Author http://www.90sec.org/thread-2156-1-1.html