-
This is a new idea of marginal notes When there is no available domain name in the same IP and C segments We should start with the domain name whois information Query other domain names registered by the same email Because many webmasters have Bad habit of using the same management background address, the same administrator account and password I hope the webmasters can get rid of this bad habit Correct usage: 1. Expand results For example: after getting a background and account password using the dedecms program, use the Admin Email of this software to marginally note the domain name, query the destination read the whole passage
-
Decryption: The dream weaving password is encrypted by cmd5, which is 20 bits. The first three bits and the last one are removed. Background: the default is dede/login.php 1. The file include/dialog/select_soft.php can be used to expose the background of DEDECMS. The former boss could have skipped login verification and directly accessed without management The new version of the member account has been directly transferred to the background 2. Include/dialog/config.php will display the background management path 3.include/dialog/select_soft.php? Activepath=/include/FCKeditor Jump directory 4.includ... read the whole passage
-
An injection of dedecms is more difficult. The vulnerability covered by the previous variable is too sensational, so it has not been issued. The latest version tested in May, but the current version should not be fixed The loophole needs members, so it's rather lame At the place where the article is published, the mtypesid of the post form can be injected /dedecmsnew/member/album_add.php POC: mtypesid=1 '), ("'", '0', '1367930810', 'p', '0' read the whole passage