Some time ago, the public security department cracked a case where a program of a network company was stolen and analyzed that the main problem was the URL Vulnerability.
Test whether the program has a URL Vulnerability. The simplest method is to add a ', such as show. asp, to Request. QueryString? Id = 1, changed to show. asp? Id = 1'. Open "show friendly HTTP Error message" in the IE advanced option to see if there are unclosed quotation marks before "string "?
If the database is SQLSERVER, run the following command in the query Analyzer: exec master. dbo. xp_mongoshell dir c:
Hackers can use exec master. dbo. xp_mongoshell does everything, so it is easy to use this command to create the user exec master in your system. dbo. xp_mongoshell 'net user cc/add'; exec master. dbo. xp_mongoshell 'net localhost administrators cc/add' will be unknown in the future.