The process of shell elevation in the Qihoo background

Indicates that the website was accidentally discovered. It is customary to add an admin to jump out of the background login interface ~

Habitually Try weak passwords ~ Admin Login ~ The Administrator has poor security awareness ~

It indicates that the background is very good .... Really Nima is concise...
Find the upload page ~ However, after uploading the file, you can find that the file is renamed ~
Then go to the backend (although there is no function, you can refer to it for details)
Then I found out something about it ~

I found the eWebEditor editor. Unfortunately, I am so lucky ~ Weak passwords are entered in the background. It is estimated that the editor has not been castrated, and then the editor's background is determined.



Familiar interface ~ When my character breaks out, I need this effect.
Decisive. The default value is admin ~ Then I added a style and added a tool. Oh, I don't know much about it. Everyone knows it. The editor uses shell.


A sentence is uploaded ~ This is the wonderful background shell ~



This article was written after I took the shell. I haven't uploaded the shell yet. I am not sure about the server information. I don't know if there will be any problems with Elevation of Privilege, let's write and raise it ~



Habitually look at the formation, WS Delete ....
Then I tested the script and supported ASPX, indicating that the confidence was coming back ~



It indicates that aspx is unavailable, and it hurts a lot ~
I scanned the port and quannima was a good port.



Failed to try severu ~
Su failure ~
PcAnywhere indicates that data can be read and written, and other methods for elevation of permission have not been tried yet,
But because of time issues, I will write this article when I get off work. I will try again later.