It indicates a vulnerability detected on a website one day.
It looks like an enterprise management system.
The name is unclear. But it seems to be developed by a network company.
Analysis and utilization of Holes
First, the filtering is lax. You can simply find an article or directly guess it with a tool!
For exampleHttp://www.hackqing.com/viewproduct.asp? Id = 71
After you have guessed the password, you can log on to the background.
It doesn't matter if md5 cannot be cracked,
Due to insufficient admin/left.htm permissions, you can directly access the navigation bar.
Upload the image pony to obtain the path.
The next step is to back up the database.
However, the path on the backup page is stuck and cannot be modified directly.
Want to break through? Very simple. There are two ideas here.
1. Capture packets from winscok and obtain the path information. After modification, modify the length and submit the packet with NC (Port 20480 is generally used)
However, this method is sometimes not easy to use. It is troublesome and not recommended.
2. Save the backup page to the local directory as htm, edit the code, change the relative path to the absolute path, and then modify the backup path to the original image horse. Save and open the backup.
This method has been tried and tested.
Bytes
I noticed the website. As a result, many sites are built using this system (a lot of JJ is added to the kitchen knife)
Form: f4tb0y
Fixed: Filter + modify backup database function