I found the background by hand, tried various weak passwords, and continued to see the title siteserver cms. Then I went to Baidu to find the latest website system, it seems that I have never been dug for a vulnerability. I am not familiar with digging holes, so I will not be ugly. When the scanner is scanning, I scanned the compressed package and decompressed it. The database is mdb, then I opened it and looked at it. The account is apex, And the password seems to be base64 encoded, but the decryption is garbled. It is incorrect. It is estimated that the base64 + custom hybrid algorithm is used, I won't worry about it here. When I go through the database, I go to question and answer. It is the question and answer. I will retrieve the password directly. Now I will go in. However, the tragedy is that I searched for the whole site and changed the upload suffix n times, that is, I couldn't get in, but I had to study it slowly. After an hour, I came to the conclusion that some software was doing something strange, because normal images can be imported, they cannot be imported immediately, and then go to the template, and add a single page where the custom template is located, the idea of how to break through this unknown software has already been mentioned.