Weak penetration-penetration into VIP toll forums

I have always wanted to share some technical articles with you, but I am very busy recently. It is also eager to expand blog posts. Therefore, the process of penetration is recorded at ordinary times, and we hope to bring you some benefits.

Enter the subject, the following are all translated by Baidu, and have nothing to do with Yu Yi himself.

Very early, there was a joint purchase site, good. Focuses on programming, the content is very comprehensive. However, for poor eggs like me, the money for VIP purchase is definitely not enough. So ........

No home, no linux penetration environment, so I had to come up with my very old toolkit and my laptop.

This is a wonderful site. Why is it a wonderful site? Some of the bypass tools cannot be found on the same server site. But it turns out there are.

After finding the site to be noticed, follow my usual style to pick up soft persimmons (in fact, there is only one site to be noticed ). This is the only station I see.

Site. However, the version program is ASPCMS2. there is no solution for various injections. Scanned the sensitive file directory. A data. asp file is found. After the download, change the extension name to MDB. Find the admin account password. But this is a trap. No.

So I remembered that ASPCMS had a cookie spoofing. Start.

First, I registered an account named admin123.

Use google's cookie to modify the plug-in.

The value is changed to admin www.2cto.com.

The value is changed to 1.

After modification, you can change the admin password.

Go to the background smoothly. Find the template generation. Because the method for directly inserting a horse has been over.

He made some modifications to the template and can only generate css, html, and js

We change the form. Ma. asp;. js exploits the IIS6 Parsing Vulnerability.

Successfully connected to shell

However, you can also see that the permission is poor, upload a Trojan.

A disgusting thing happened, and the server clearly configured the filter.

All kinds of horses are powerless, and they finally come up with their favorite horses to succeed.

DAMA can only obtain some information. It is also very powerless. Found when browsing the Directory

7i24. Out-of-the-Stars! But I found out afterwards.

Check the environment. Supports aspx. As we all know. The permission of aspx is relatively large.

With considerable permissions, we can directly cross-directory. Go to the opposite forum to read the database configuration file.

Drag the database

I found a lot of database theft scripts. The server has a filter. A lot of database theft scripts do not work.

Decrypt it... Listen 5 charges .... It's really good to decrypt it with 80 sec. Decrypted.

Log on to the background to give yourself a VIP

From: http://www.yuyi.me /? P = 215