Machine front-end SQL injection vulnerability Packaging
When I scan the IP address of an Apsara stack website, I find that many sub-sites are on one IP address. Therefore, I infer that the backend of Apsara Stack may be on a port of an IP address: 117.79.80.15 to perform a full port scan, and many ports are open. First, some directory vulnerabilities are discovered.
Http: // 117.79.80.15: 8088/
Http: // 117.79.80.15: 18880/
Ftp: // 117.79.80.15: 16521/the password has not been cracked yet
Http: // 117.79.80.15: 16580/This is a tag background
The weak password will not be tried, because the password can be used directly.
Directly go to admin 'or '1' = '1 to enter the background
But at this time, I want to inject it and see what data is there.
However, the problem is that I have a universal password and cannot inject it directly. But I found that I can add users, so I just added an account for injection.
OK, run it on WebCruiser.
Solution: Filter