Zhuo Xun EmteEasySite vulnerability + webshell Method

Source: Internet
Author: User
Zhuo Xun intelligent website management system EmteEasySite official website: http: www.emte.com.cn Baidu search: technical support: Zhuo Xun technology directly into the background to see if the copyright is EmteEasy system mainlogin. asp Vulnerability exploitation: the default database address can be used to download db % 23EMTE ^ @ DATEBASE. after the MDB is downloaded, open the AName2 column in The AdminUser table.

Zhuo Xun intelligent website management system EmteEasySite

Official Website: http://www.emte.com.cn/

Baidu search: technical support: Zhuo Xun Technology

Go directly to the background to check if copyright is an EmteEasy system.

/Main/login. asp

Vulnerability exploitation:

Default database address downloadable
/Db/% 23EMTE ^ @ DATEBASE. MDB

Open the AdminUser table after the download.

View AName2 and Apass2 in the column to view the Administrator's plaintext account and password

PS: (is the account followed by md5 encryption but plaintext? What is his thinking)

Editor Upload Vulnerability

Http://www.xxoo.com /! Emte % 5E =. Editor/adminlogin. asp

Admin

Directly press ewebEdFilter Upload by adding aaspsp format to itor background-style management-settings

SQL Injection Vulnerability
Simply add a ''to expose the vulnerability.

You can hand it over to ah d for injection.

Table adminuser

Column account: aname2 password apsss2

Some versions in the background support database backup and use opera to view the source code and change the backup address to the address of your image script.

Some versions do not have the tragedy of database backup. You can try to use the editor vulnerability to get shell!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.